Protection domain ignored when enhancing+loading classes with ByteBuddy

Description

The issue was initially reported here: https://discourse.hibernate.org/t/securityexception-with-bytebuddy-and-signed-application-jars/816 .

At the moment, we use a static field ByteBuddyState#loadingStrategy which is defined as new ClassLoadingStrategy.ForUnsafeInjection().

See https://github.com/hibernate/hibernate-orm/blob/master/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java#L116 for an example of usage.

This doesn't work correctly if there is a protection domain for the original class as it gets totally ignored, whereas ByteBuddy provides a way to have a protection domain for the ClassLoadingStrategy.

For more details, Rafael provided us some hints about how to address it:

https://twitter.com/rafaelcodes/status/999028811692937216

https://twitter.com/rafaelcodes/status/999043409666019330

Activity

Fixed

Details
Assignee
Guillaume Smet
Reporter
Guillaume Smet
Components
Fix versions
5.3.1
Priority
Major

Created May 23, 2018 at 9:34 AM

Updated May 25, 2018 at 9:28 PM

Resolved May 24, 2018 at 12:13 PM

Protection domain ignored when enhancing+loading classes with ByteBuddy

Description

Activity

DetailsAssigneeGuillaume SmetGuillaume SmetReporterGuillaume SmetGuillaume SmetComponentsFix versions5.3.1PriorityMajor

Details

Assignee

Reporter

Components

Fix versions

Priority

Details
Assignee
Guillaume Smet
Reporter
Guillaume Smet
Components
Fix versions
5.3.1
Priority
Major