How to Make JVM Ignore Jar Signatures
https://stackoverflow.com/questions/956639
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We have a vendor-provided Jar that contains a class we wish to extends and/or modify via AOP. The default Sun JVM security model does not allow code that is unsigned or signed by someone else to extend classes in a signed jar. We can easily remove the signatures from the jar file, but I would prefer to configure the JVM to ignore jar signing security measures. Can this be done? Note that we are in a very controlled environment, so we are relatively unconcerned with rogue code being inserted into vendor-supplied jars.
Solution
I'm not sure if this will work in your case, but it might. Write your own Classloader, but not based on URLClassLoader, just extends Classloader and resolve you classes in your own way.
Load you classes with this classloader and apply your AOP magic, I might say it should work.
What I did was to implement a framework based on plugins and I didn't want to sign every piece of code(library/plugin), just the boot libraries(the one that loads the application). Of course, the code that you run in your classloader must be trustable since you bypass some of the default security constraints.
