Java Web Start: unsigned cglib

Question

I am using hibernate on the server side with a client application started via Java Web Start. I can't sign the jars (I'd like to but I can't). I get a permission exception when I get a POJO with lazy fields.

Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission cglib.debugLocation read) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at java.lang.System.getProperty(Unknown Source) at net.sf.cglib.core.DebuggingClassWriter.(DebuggingClassWriter.java:35) ... 44 more

How can I avoid that? I thought about setting the collection to null before returning the pojo to the client but I'd like to find a better solution.

Answer 1

Since you can't use the unresolved lazy Hibernate fields on the client side anyway (accessing them, would cause the client to try to load the fields from the db) I would choose on of two options:

• If you need the data on the client side, you must make sure that the lazy fields are resolved by the server before returning the POJO to the client.

• If you don't need the fields, I would set them to null.

Answer 2

You have two options:

• sign all jars in you application;
• change bytecode provider from cglib to javassist which doesn't such behavior (i.e. you can sign only necessary jars).-

See also news regarding the issue here.