This doesn't work correctly if there is a protection domain for the original class as it gets totally ignored, whereas ByteBuddy provides a way to have a protection domain for the ClassLoadingStrategy.
For more details, Rafael provided us some hints about how to address it:
Major
The issue was initially reported here: https://discourse.hibernate.org/t/securityexception-with-bytebuddy-and-signed-application-jars/816 .
At the moment, we use a static field
ByteBuddyState#loadingStrategywhich is defined asnew ClassLoadingStrategy.ForUnsafeInjection().See https://github.com/hibernate/hibernate-orm/blob/master/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java#L116 for an example of usage.
This doesn't work correctly if there is a protection domain for the original class as it gets totally ignored, whereas ByteBuddy provides a way to have a protection domain for the
ClassLoadingStrategy.For more details, Rafael provided us some hints about how to address it:
https://twitter.com/rafaelcodes/status/999028811692937216
https://twitter.com/rafaelcodes/status/999043409666019330