Uploaded image for project: 'Weld'
  1. Weld
  2. WELD-2620

ClassFileUtils.makeClassLoaderMethodsAccessible() wrong implementation

    Details

      Description

      I know that Weld currently doesn't support JPMS. However, I use it as a JPMS module and everything worked fine with JDK 11. However, in JDK12+ I started to get

      Caused by: java.lang.reflect.InaccessibleObjectException: 
      Unable to make protected final java.lang.Class   
      java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
      throws java.lang.ClassFormatError accessible: module java.base does 
      not "opens java.lang" to module weld.servlet.shaded.
      

      Firstly I thought that the problem was in JPMS and asked a question on StackOverflow here.

      Later it became clear that the problem was with the implementation of ClassFileUtils.makeClassLoaderMethodsAccessible().

      Alan Bateman who is a JPMS specialist asked to fire a bug and gave the following comment:

      "The AccessibleObject.override field is a private field that is highly security sensitive. It is hidden from core reflection in recent JDK releases so I think this explains why you see a difference. That said, the maintainers of ClassUtils should not be hacking into this private field and setting it with Unsafe. It is unsupportable to be hacking into private fields like this. If the use-case is injecting a class into the same run-time package as another class then they should use Lookup.defineClass."

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  pasha_turok Pavel K
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: