From e8fad19bc0f42b68a4ebad817bf6b7283ceed93f Mon Sep 17 00:00:00 2001 From: Mark Paluch Date: Tue, 5 Sep 2017 08:50:35 +0200 Subject: [PATCH] DATACMNS-1151 - Define generated PropertyAccessor classes with the entity protection domain. We now define generated PropertyAccessor classes using the entities' protection domain. Reusing the same protection domain preserves the same security and visibility rules as if the class was shipped within the source of the class loaded and prevents SecurityExceptions caused by signature certificate mismatch. Previously we uses the protection domain of the PersistentEntity class implementation. This mismatch caused SecurityExceptions if the JAR file of the PersistentEntity was signed but not the JAR file where the domain class resides. Original pull request: #240. --- .../model/ClassGeneratingPropertyAccessorFactory.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/springframework/data/mapping/model/ClassGeneratingPropertyAccessorFactory.java b/src/main/java/org/springframework/data/mapping/model/ClassGeneratingPropertyAccessorFactory.java index 402dd0a90..800e7e5db 100644 --- a/src/main/java/org/springframework/data/mapping/model/ClassGeneratingPropertyAccessorFactory.java +++ b/src/main/java/org/springframework/data/mapping/model/ClassGeneratingPropertyAccessorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 the original author or authors. + * Copyright 2016-2017 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -1469,15 +1469,15 @@ public class ClassGeneratingPropertyAccessorFactory implements PersistentPropert */ Class defineClass(String name, byte[] bytes, int offset, int len, PersistentEntity persistentEntity) { - ClassLoader classLoader = persistentEntity.getType().getClassLoader(); + Class entityType = persistentEntity.getType(); + ClassLoader classLoader = entityType.getClassLoader(); try { Method defineClass = getClassLoaderMethod(persistentEntity); defineClass.setAccessible(true); - return (Class) defineClass.invoke(classLoader, name, bytes, offset, len, - persistentEntity.getClass().getProtectionDomain()); + return (Class) defineClass.invoke(classLoader, name, bytes, offset, len, entityType.getProtectionDomain()); } catch (ReflectiveOperationException e) { throw new IllegalStateException(e);