We're updating the issue view to help you get more done. 

Protection domain ignored when enhancing+loading classes with ByteBuddy

Description

The issue was initially reported here: https://discourse.hibernate.org/t/securityexception-with-bytebuddy-and-signed-application-jars/816 .

At the moment, we use a static field ByteBuddyState#loadingStrategy which is defined as new ClassLoadingStrategy.ForUnsafeInjection().

See https://github.com/hibernate/hibernate-orm/blob/master/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java#L116 for an example of usage.

This doesn't work correctly if there is a protection domain for the original class as it gets totally ignored, whereas ByteBuddy provides a way to have a protection domain for the ClassLoadingStrategy.

For more details, Rafael provided us some hints about how to address it:

https://twitter.com/rafaelcodes/status/999028811692937216

https://twitter.com/rafaelcodes/status/999043409666019330

Environment

None

Status

Assignee

Guillaume Smet

Reporter

Guillaume Smet

Fix versions

Priority

Major