HibernateMethodLookupDispatcher - Issue with Security Manager

Description

I guess i found a little bug which was introduced by the usage of byte buddy as a byte code enhancer.
The issue can be fixed quite simply, but it's very crutial since hibernate does not work if a security manager is in place.

let me try to explain my discovery:

Within the class HibernateMethodLookupDispatcher is a static property authorizedClasses.
This is nice, since i see that all my Byte Buddy Enhanced Beans are in there.

ch.carnet.bo.xxx$HibernateProxy$KMjF1hvl
ch.carnet.bo.yyy$HibernateProxy$N7p0Y4Ea
ch.carnet.bo.zzz$HibernateProxy$f9HFlBtl
... (a lot more)

Later while processing, my debugger hit's the line 74:

1 2 3 if ( !authorizedClasses.contains( callerClass.getName() ) ) { throw new SecurityException( "Unauthorized call by class " + callerClass ); }

with that line all my beans can no longer be processed.
this is resulting in a missleading Error:

ERROR org.hibernate.proxy.pojo.bytebuddy.ByteBuddyProxyFactory - HHH000142: Bytecode enhancement failed: ch.carnet.bo.xxx

Since i do not know hibernate to the very last detail, i'm not sure if
1. the stacketrace index call from the line 178 is not always the same.

1 2 3 4 5 private static class SecurityActions extends SecurityManager { private Class<?> getCallerClass() { return getClassContext()[7]; } }

So my basic question here is now:
Can you imagine a case where the effective calling Class is not on Position 8?

in my case, the proxy was at position 8:

  • 0 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher$SecurityActions

  • 1 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher$SecurityActions

  • 2 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher$5

  • 3 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher$5

  • 4 class java.security.AccessController

  • 5 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher

  • 6 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher

  • 7 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher

  • 8 class ch.carnet.cfms.q2o.bo.Q2OCostCategoryValues$HibernateProxy$vzJDtOEj

  • 9 class java.lang.reflect.Constructor

I will check if the stacktrace is different sometimes and if so, why this would be the case.
Otherwise it's maybe just a small bug, since one did not think about the class java.security.AccessController on position 4 or something else.

Best Regards, Synto

Environment

hibernate 5.4.1.Final , Spring 5.1.5.RELEASE, Spring Data JPA 2.1.5.RELEASE, ByteBuddy 1.9.10, IBM jvm (Java 8)

Status

Assignee

Guillaume Smet

Reporter

Tobias Lanz

Fix versions

backPortable

None

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Worked in

5.3.7

Components

Affects versions

5.4.1

Priority

Major