CODEWITHSUNDEEP
javasecurityexceptionjavassist
Telcontar
Telcontar

Reputation: 4870

Javaassists and Java Web Start: class sign doesn't match the others classes sign is the same package

i'm using javaassists to modify the behaviour of a class in runtime. When i run the app in my computer all works fine.

But this app is launched by the users with Java Web Start, so that the .jar of the app must be signed. When the class is modified in runtime time by javaassists and loaded with the 

CtClass.toClass()

method a SecurityException is launched:

java.lang.SecurityException: class "com.sch.coberturas.db.CobDao"'s signer information does not match signer information of other classes in the same package

I can avoid it by isolating the modified class in a single class package, but this is a weird solution. Is there another workarround?

Upvotes: 0

Views: 652

Answers (2)

Paulo Rosa
Paulo Rosa

Reputation: 1

I'd just like to add, that if the class you're changing has more classes on the package it belongs it may throw a signer's information exception also. I fixed it by loading them and adding them in the same spot I changed my class.

Example:

ClassPool pool = ClassPool.getDefault();
pool.insertClassPath( new ClassClassPath( this.getClass() ));
ClassLoader loader = this.getClass().getClassLoader();
ProtectionDomain domain = this.getClass().getProtectionDomain();
CtClass class = pool.get("package1.myChangingClass");
// Here goes the code to change the class;
pool.toClass( class, loader, domain );
//
// Now insert code to pre-load other classes with same domain
CtClass otherClass1 = pool.get("package1.someOtherClass1"); // Gets
pool.toClass( otherClass1, loader, domain );                // Preloads
...
CtClass otherClassN = pool.get("package1.someOtherClassN");
pool.toClass( otherClassN, loader, domain );
//
// To be done for all other classes of the same package that throws
// the signer's information exception, after package1.myChangingClass
// is modified and built.

Kind regards.

Upvotes: 0

pabrantes
pabrantes

Reputation: 2181

Like OP requested I'm creating an answer regarding my comment.

When you are using a SecurityManager you must always provide the protected domain in use. With this information javassist will be able to be generate classes with the same signing information.

This means that instead of using CtClass.toClass() you should use ClassPool.toClass(CtClass ct, java.lang.ClassLoader loader, java.security.ProtectionDomain domain).

More information about this method in javassist javadoc

Upvotes: 1

Related Questions