After debugging the original problem of this bug I now understand why we did never run in this problem so far. The problem is that the injection point is an interface (org.eclipse.microprofile.config.Config) and then the variable "proxiedBeanType" in org.jboss.weld.bean.ProxyFactory is java.lang.Object.class. The method ProxyFactory.createProxyClass switches to ProtectionDomain to weld if proxiedBeanType is of type java.lang.Object. Weld obviously is not signed and therefore a SecurityException is thrown. In my opinion what we want here is the ProtectionDomain of the interface because the ProtectionDomain of the variable "proxiedBeanType" which is java.lang.Object would not work either. We don't run into this problem because "proxiedBeanType" is never java.lang.Object and I don't know how to trigger this state. I also don't understand what they try to archive with Typed and Vetoed implementation of the Config interface. TLDR: The problem only occurs if the variable "proxiedBeanType" of the Class org.jboss.weld.bean.ProxyFactory is java.lang.Object and therefore the current workaround is too harsh and breaks more then it fixes. |