I guess i found a little bug which was introduced by the usage of byte buddy as a byte code enhancer.
The issue can be fixed quite simply, but it's very crutial since hibernate does not work if a security manager is in place.
let me try to explain my discovery:
Within the class HibernateMethodLookupDispatcher is a static property authorizedClasses.
This is nice, since i see that all my Byte Buddy Enhanced Beans are in there.
{{ch.carnet.bo.xxx$HibernateProxy$KMjF1hvl}}
{{ch.carnet.bo.yyy$HibernateProxy$N7p0Y4Ea}}
{{ch.carnet.bo.zzz$HibernateProxy$f9HFlBtl}}
... (a lot more)
But. There's one crutial class missing:
org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher
Later while processing, my debugger hit's the line 74:
{code:java}
if ( !authorizedClasses.contains( callerClass.getName() ) ) {
throw new SecurityException( "Unauthorized call by class " + callerClass );
}
{code}
with that line all my beans can no longer be processed.
this is resulting in a missleading Error:
{{ERROR org.hibernate.proxy.pojo.bytebuddy.ByteBuddyProxyFactory - HHH000142: Bytecode enhancement failed: ch.carnet.bo.xxx}}
Since i do not know hibernate to the very last detail, i'm not sure if
#- this 1. the stacketrace index call by from the line 178 is not always the same.
{code:java}
private static class SecurityActions extends SecurityManager {
private Class<?> getCallerClass() {
return getClassContext()[7];
}
}
{code}
So my basic question here is now:
*Can you imagine a case where the effective calling Class is not on Position 8?*
in my case, the proxy was at position 8:
* 0 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher is correct- $SecurityActions
# or the call should not come from the * 1 class org.hibernate.bytecode.internal.bytebuddy. HibernateMethodLookupDispatcher itself $SecurityActions
* 2 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher$5
But assuming the call is made correctly by * 3 class org.hibernate.bytecode.internal.bytebuddy. HibernateMethodLookupDispatcher , i tested one simple thing $5
* 4 class java . security.AccessController
using my debuger in dev i added the * 5 class org.hibernate.bytecode.internal.bytebuddy. HibernateMethodLookupDispatcher to the authorizedClasses before line 73 was hit
* 6 class org . hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher
* 7 class org.hibernate.bytecode.internal.bytebuddy.HibernateMethodLookupDispatcher
After i did that, everything worked perfectly * 8 class ch . My beans are Processed, even though a Security Manager was active carnet . cfms.q2o.bo.Q2OCostCategoryValues$HibernateProxy$vzJDtOEj
So my basic question here is:
- * can you add HibernateMethodLookupDispatcher to authorizedClasses, so that the 9 class java.lang.reflect.Constructor
I will check if the stacktrace is allowed to call my bean methods different sometimes and if so , since that why this would be the case.
Otherwise it 's the main intention behind HibernateMethodLookupDispatcher after all maybe just a small bug , isn't it? =)*- since one did not think about the class java.security.AccessController on position 4 or something else.
Best Regards, Synto |
|
