[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [aspectj-users] SecurityException when LT weaving aspects in java.*
|
Hi Jochen and Luca,
there are a number of discussions on LTW of rt.jar classes, it is not
easily doable (I would say, not doable at all) because it is a chicken
and egg problem : AspectJ is Java, and cannot weave Java itself, it's
like a surgeon operating his own hands.
It can be done only statically, so that AspectJ "operates" another copy
of the JRE producing a weaved rt.jar, which can then be loaded in a
different JVM using -Xbootclasspath . Loading a different rt.jar in a
sub-classloader is not doable for the restrictions Luca is referring to,
and I don't know if there is a way to circumvent those checks, nor I'm
aware of anyone doing it.
A number of alternative solutions have been proposed, among which
creating and using a layer of subclasses (eventually dynamically
generated) of the java.* classes that needs weaving, and then weaving
that layer. For example, if you need to track what happens on HashMap,
you can :
public class MyHashMapProxy extends HashMap {
private HashMap delegate = new HashMap();
// delegate all method calls
}
// In your aspect
HashMap around() : call(* HashMap.new(..)) {
return new MyHashMapProxy();
}
after() : execution(* MyHashMapProxy.*(..)) {
logger.log("this and that");
}
Obviously this is limited :
- Instantiations of HashMap inside jre classes will not be tracked (but
internal calls from JRE classes to an HashMap instantiated by your
application will)
- You need a proxy class for each class you want to track (but cglib or
many other dynamic class creation frameworks can help)
- You cannot ITD public members, cause your code will still work on the
java.util.HashMap public interface
- You cannot apply it to final classes, like String
Hope this helps,
Simone
Luca Ferrari wrote:
On Wednesday 10 June 2009 11:21:49 am Jochen Wuttke's cat walking on the
keyboard wrote:
Hi all,
I just ran into an interesting problem:
I have an aspect java.util.aspects.HashTableAspect. The load-time
weaver fails to weave this aspect with a security exception, because
it uses URLClassLoader to load aspects, and this classloader
ultimately delegates to a java.security.SecureClassLoader, which does
not permit loading of classes in "java.*".
It has been a while I don't write a classloader, but as far as I remember no
one classloader can load a java.* class, or better, cannot define a class in
such package. java.* classes must always be delegated to the upper
classloader, that at least results in rt classloader. Isn't it? So it's not a
problem of URLClassloader or SecureClassLoader....
Luca
_______________________________________________
aspectj-users mailing list
aspectj-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/aspectj-users
--
Simone Gianni CEO Semeru s.r.l. Apache Committer
http://www.simonegianni.it/