Thanks both Andy and Tim! As Tim pointed out we don't control the weaving, it happens during the app startup.
I could look into what Tim mentions here, to just use compile time weaving but I need to do some research. My original thought was to create an alternate factory and allow it to use it's getClass().getClassloader(). I mean that could be a fix. I didn't check the source it but how is the classloader handled at this line (ReflectionBasedReferenceTypeDelegateFactory.java:40) >at java.base/java.lang.Class.forName(Class.java:398) >at org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createDelegate (ReflectionBasedReferenceTypeDelegateFactory.java:40) Talking about sources, where is the repo ? I could create my own variant to see if I can bypass the issue. On Wed, 9 Jun 2021 at 15:05, <[email protected]> wrote: > I doubt you have any options here for runtime weaving. The classloader in > this case is controlled by Spring, and the security managers likely have a > tight multi-tenant designed security policy. > > The best bet, even with Spring is to change to compile-time weaving; this > was the answer for an app I developed in the same situation. > > Also, note that Java 11, and later versions of Spring all are getting > better at access control and fixing holes. Earlier versions of Spring used > to take advantage of the security holes in the JVM to work, many of these > security holes are getting closed off. > > You will also see more of these issues in the next LTS release (15 I think > is the number). > > > > > > Tim > > > > *From:* aspectj-users <[email protected]> *On Behalf Of *Andy > Clement > *Sent:* Wednesday, June 9, 2021 3:59 PM > *To:* [email protected] > *Subject:* Re: [aspectj-users] Openjdk11 and Security Manager > > > > Hey, > > > > I'm not an expert on Java Security unfortunately (you might find a few of > those folks if you ask this on Stack overflow?). > > > > With your reference to it working for one classloader and not another, how > feasible is it to set the context classloader to the one you find that > works? Or will that break something else? > (Thread.currentThread().setContextClassLoader(..)) > > > > It is possible some doPrivileged blocks are missing in the reflection area > but then I see the doPrivileged call deeper in the checkPackageAccess call, > so maybe raising up the privileged check will just make it fail sooner. > > > > cheers, > > Andy > > > > On Wed, 9 Jun 2021 at 10:00, Constantin Moisei < > [email protected]> wrote: > > Hello, > > > I am running into a weird exception on an open jdk 11 vm with a tight > security manager policy. > > What kind of control do I have to > ReflectionBasedReferenceTypeDelegateFactory ? > > In the past I had issues with how I get/handle the classloader but found a > way to bypass it. However it was my own code so I could deal with it. Now I > am facing a similar issue via the latest aspectj 1.9.6 > > //ClassLoader loader = Thread.currentThread().getContextClassLoader(); > //doesn't work > > ClassLoader loader = this.getClass().getClassLoader(); //<---- this works > > Note that granting the permission is not a viable solution. It will be > almost impossible to convince the vm owners to modify the policy. Has to be > a different way. > > Here's the full exception > > Caused by: java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.loader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:897) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) > at > java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1238) > at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:691) > at java.base/java.lang.ClassLoader$1.run(ClassLoader.java:689) > at > java.base/java.security.AccessController.doPrivileged(Native Method) > at > java.base/java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:689) > at java.base/java.lang.Class.forName0(Native Method) > at java.base/java.lang.Class.forName(Class.java:398) > at > org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createDelegate(ReflectionBasedReferenceTypeDelegateFactory.java:40) > at > org.aspectj.weaver.reflect.ReflectionWorld.resolveDelegate(ReflectionWorld.java:111) > at > org.aspectj.weaver.World.resolveToReferenceType(World.java:363) > at org.aspectj.weaver.World.resolve(World.java:258) > at org.aspectj.weaver.World.resolve(World.java:180) > at org.aspectj.weaver.World.resolve(World.java:326) > at > org.aspectj.weaver.reflect.ReflectionWorld.resolve(ReflectionWorld.java:103) > at > org.aspectj.weaver.reflect.ReflectionWorld.resolve(ReflectionWorld.java:93) > at > org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.toResolvedTypeArray(ReflectionBasedReferenceTypeDelegateFactory.java:214) > at > org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createResolvedMethod(ReflectionBasedReferenceTypeDelegateFactory.java:107) > at > org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegateFactory.createResolvedMember(ReflectionBasedReferenceTypeDelegateFactory.java:98) > at > org.aspectj.weaver.reflect.ReflectionBasedReferenceTypeDelegate.getDeclaredMethods(ReflectionBasedReferenceTypeDelegate.java:290) > at > org.aspectj.weaver.ReferenceType.getDeclaredMethods(ReferenceType.java:571) > at > org.aspectj.weaver.ResolvedType.addAndRecurse(ResolvedType.java:271) > at > org.aspectj.weaver.ResolvedType.getMethodsWithoutIterator(ResolvedType.java:265) > at > org.aspectj.weaver.ResolvedType.lookupResolvedMember(ResolvedType.java:420) > at > org.aspectj.weaver.JoinPointSignatureIterator.findSignaturesFromSupertypes(JoinPointSignatureIterator.java:178) > at > org.aspectj.weaver.JoinPointSignatureIterator.findSignaturesFromSupertypes(JoinPointSignatureIterator.java:202) > at > org.aspectj.weaver.JoinPointSignatureIterator.findSignaturesFromSupertypes(JoinPointSignatureIterator.java:202) > at > org.aspectj.weaver.JoinPointSignatureIterator.hasNext(JoinPointSignatureIterator.java:69) > at > org.aspectj.weaver.patterns.SignaturePattern.matches(SignaturePattern.java:298) > at > org.aspectj.weaver.patterns.KindedPointcut.matchInternal(KindedPointcut.java:106) > at > org.aspectj.weaver.patterns.Pointcut.match(Pointcut.java:146) > at > org.aspectj.weaver.patterns.OrPointcut.matchInternal(OrPointcut.java:51) > at > org.aspectj.weaver.patterns.Pointcut.match(Pointcut.java:146) > at > org.aspectj.weaver.internal.tools.PointcutExpressionImpl.getShadowMatch(PointcutExpressionImpl.java:235) > at > org.aspectj.weaver.internal.tools.PointcutExpressionImpl.matchesExecution(PointcutExpressionImpl.java:101) > at > org.aspectj.weaver.internal.tools.PointcutExpressionImpl.matchesMethodExecution(PointcutExpressionImpl.java:92) > at > org.springframework.aop.aspectj.AspectJExpressionPointcut.getShadowMatch(AspectJExpressionPointcut.java:408) > at > org.springframework.aop.aspectj.AspectJExpressionPointcut.matches(AspectJExpressionPointcut.java:266) > at > org.springframework.aop.support.AopUtils.canApply(AopUtils.java:223) > at > org.springframework.aop.support.AopUtils.canApply(AopUtils.java:262) > at > org.springframework.aop.support.AopUtils.findAdvisorsThatCanApply(AopUtils.java:294) > at > org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.findAdvisorsThatCanApply(AbstractAdvisorAutoProxyCreator.java:118) > at > org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.findEligibleAdvisors(AbstractAdvisorAutoProxyCreator.java:88) > at > org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.getAdvicesAndAdvisorsForBean(AbstractAdvisorAutoProxyCreator.java:69) > at > org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.wrapIfNecessary(AbstractAutoProxyCreator.java:361) > at > org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.postProcessAfterInitialization(AbstractAutoProxyCreator.java:324) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:409) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.postProcessObjectFromFactoryBean(AbstractAutowireCapableBeanFactory.java:1657) > at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:112) > ... 42 more > > > > > > > > _______________________________________________ > aspectj-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/aspectj-users > > > ------------------------------ > > > <https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > Scanned by McAfee > <https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > and confirmed virus-free. > > > _______________________________________________ > aspectj-users mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/aspectj-users >
_______________________________________________ aspectj-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/aspectj-users
