-
Enhancement
-
Resolution: Won't Fix
-
P3
-
None
-
9, 10
-
x86_64
-
linux
ADDITIONAL SYSTEM INFORMATION :
This is OS and system agnostic.
Java 9 and 10.
A DESCRIPTION OF THE PROBLEM :
In JDK 9 and 10 there are newly designed ways to define classes from bytecode. In our case, we are creating proxies and we were using ClassLoader.defineClass() which we made accessible via reflection. One of the parameters of this method is ProtectionDomain which we were fiddling with a bit (we took either our domain or the one from the original class and sometimes added additional permission for our proxy class).
Now, the newly added approach is MethodHandles.Lookup.defineClass(). This approach does not allow to specify ProtectionDomain and, worse still, automatically takes PD of the class which we used to obtain Lookup. This is a no-go for us and we know of no other "good" way to solve this.
Hence in order to avoid Illegal access on JDK 10 (running with --illegal-access=deny), we are forced to use Unsafe to crack open CL.defineClass() method. This is of course highly undesirable as we are aware of the intentions to remove Unsafe altogether (let alone the fact that using Unsafe is nasty).
REGRESSION : Last worked in version 8u162
CUSTOMER SUBMITTED WORKAROUND :
You can crack open the old ClassLoader.defineClass() method using Unsafe.
E.g. something like:
Unsafe theUnsafe = ... //obtain unsafe instance
// get the offset of the override field in AccessibleObject
long overrideOffset = theUnsafe.objectFieldOffset(AccessibleObject.class.getDeclaredField("override"));
// get defineClass method from ClassLoader
defineClass2 = cl.getDeclaredMethod(name, new Class[] { String.class, byte[].class, int.class, int.class, ProtectionDomain.class });
// make accessible
theUnsafe.putBoolean(defineClass2, overrideOffset, true);
// now you can use the old CL.defineClass() method again but this approach can be removed in the future
FREQUENCY : always
This is OS and system agnostic.
Java 9 and 10.
A DESCRIPTION OF THE PROBLEM :
In JDK 9 and 10 there are newly designed ways to define classes from bytecode. In our case, we are creating proxies and we were using ClassLoader.defineClass() which we made accessible via reflection. One of the parameters of this method is ProtectionDomain which we were fiddling with a bit (we took either our domain or the one from the original class and sometimes added additional permission for our proxy class).
Now, the newly added approach is MethodHandles.Lookup.defineClass(). This approach does not allow to specify ProtectionDomain and, worse still, automatically takes PD of the class which we used to obtain Lookup. This is a no-go for us and we know of no other "good" way to solve this.
Hence in order to avoid Illegal access on JDK 10 (running with --illegal-access=deny), we are forced to use Unsafe to crack open CL.defineClass() method. This is of course highly undesirable as we are aware of the intentions to remove Unsafe altogether (let alone the fact that using Unsafe is nasty).
REGRESSION : Last worked in version 8u162
CUSTOMER SUBMITTED WORKAROUND :
You can crack open the old ClassLoader.defineClass() method using Unsafe.
E.g. something like:
Unsafe theUnsafe = ... //obtain unsafe instance
// get the offset of the override field in AccessibleObject
long overrideOffset = theUnsafe.objectFieldOffset(AccessibleObject.class.getDeclaredField("override"));
// get defineClass method from ClassLoader
defineClass2 = cl.getDeclaredMethod(name, new Class[] { String.class, byte[].class, int.class, int.class, ProtectionDomain.class });
// make accessible
theUnsafe.putBoolean(defineClass2, overrideOffset, true);
// now you can use the old CL.defineClass() method again but this approach can be removed in the future
FREQUENCY : always