frjaeger220 / google-guice

Automatically exported from code.google.com/p/google-guice
Apache License 2.0
0 stars 0 forks source link

Guice doesn't work with a Security Manager due to cglib #149

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
CGLib doesn't play nice when JARs are signed. It generates classes in the
same package as the class being enhanced. This results in a Security
Exception because the generated classes aren't signed but the rest of the
jars in the package are. The full exception text is:

java.lang.SecurityException: class
"test.dao.DaoImpl$$FastClassByGuice$$fbce6afa"'s signer information does
not match signer information of other classes in the same package

It would be good if we could make it possible to at least use the
Dependency Injection parts of GUICE without causing this problem. This
could be done by generating the classes in a different package (the
attached patch causes them to be generated in a package with $ prepended).

Alternatively a flag to turn off CGLib enhancement along with some of the
more advanced functionality (like method interceptor) would allow the basic
dependency injection functions to be used.

A third alternative would be to only generate the CGLib classes when
they're required by such advanced functionality, but I haven't investigated
the code base enough to know if this is feasible or not.

Original issue reported on code.google.com by edward.c...@orionhealth.com on 6 Sep 2007 at 3:42

Attachments:

GoogleCodeExporter commented 9 years ago
Generating in a separate package will break overriding package private methods 
for
method interceptors, etc.

We should just provide a version of Guice which doesn't use cglib.

Original comment by crazybob...@gmail.com on 9 Sep 2007 at 9:21

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by limpbizkit on 5 Jun 2008 at 6:46

GoogleCodeExporter commented 9 years ago
We'll handle this as part of issue 230.

Original comment by limpbizkit on 2 Nov 2008 at 9:07