| The issue was initially reported here: https://discourse.hibernate.org/t/securityexception-with-bytebuddy-and-signed-application-jars/816 . At the moment, we use a static field ByteBuddyState#loadingStrategy which is defined as new ClassLoadingStrategy.ForUnsafeInjection(). See https://github.com/hibernate/hibernate-orm/blob/master/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java#L116 for an example of usage. This doesn't work correctly if there is a protection domain for the original class as it gets totally ignored, whereas ByteBuddy provides a way to have a protection domain for the ClassLoadingStrategy. |
