javaassist does not setup the proper protection domain thus does not work with signed/secured deployments such as webstart

Description

Related to http://jira.jboss.com/jira/browse/JASSIST-23

However, other software that has been overriding toClass
(CtClass,ClassLoader) in ClassPool must be also updated. It must override
toClass(CtClass,ClassLoader,ProtectionDomain).

As for Hibernate, we must update one file org/hibernate/bytecode/
javassist/BulkAccessorFactory.java. A new BulkAccessorFacgtory.java is
available from:

http://www.csg.is.titech.ac.jp/~muga/temp/BulkAccessorFactory.java

A patch file for BulkAccessorFactory.java is from:

http://www.csg.is.titech.ac.jp/~muga/temp/BulkAccessorLog.txt

Environment

None

Activity

Show:
Max Rydahl Andersen
August 23, 2006, 8:16 AM

From Kabir in mailthread:

It can be found in http://repository.jboss.com/javassist/snapshot/lib/,
which is currently used by jboss-head.

Steve Ebersole
August 23, 2006, 2:22 PM

The repo also contains 3.3.0.GA which was uploaded in the same timeframe and also appears to contain said signature change. Why not use that one?

Steve Ebersole
August 23, 2006, 2:26 PM

Another thing I do not understand. You mention that http://www.csg.is.titech.ac.jp/~muga/temp/BulkAccessorFactory.java is the code we should use moving forward. However, that code does not use the ProtectionDomain:

beanClass = FactoryHelper.toClass( classfile, loader );
//beanClass = FactoryHelper.toClass( classfile, loader, getDomain() );

I just wanna make sure we are all on the same page here... The correct solution is to include the ProtectionDomain in the toClass() call, correct?

Max Rydahl Andersen
August 23, 2006, 3:09 PM

I just created this patch to not forget the mail thread, so if there since that time were an actual release that is most likely better to use.

the patch file uses the domain call.

we should bring Kabir and/or Chiba in since they are the one requesting the change.

Steve Ebersole
August 24, 2006, 12:43 AM

upgraded javassist to 3.3.0.GA; changed call to FactoryHelper.toClass() to include protection domain

Assignee

Steve Ebersole

Reporter

Max Rydahl Andersen

Fix versions

Labels

None

backPortable

None

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Components

Affects versions

Priority

Critical
Configure