i'm using javaassists to modify the behaviour of a class in runtime. When i run the app in my computer all works fine.
But this app is launched by the users with Java Web Start, so that the .jar of the app must be signed. When the class is modified in runtime time by javaassists and loaded with the
CtClass.toClass()
method a SecurityException is launched:
java.lang.SecurityException: class "com.sch.coberturas.db.CobDao"'s signer information does not match signer information of other classes in the same package
I can avoid it by isolating the modified class in a single class package, but this is a weird solution. Is there another workarround?
Like OP requested I'm creating an answer regarding my comment.
When you are using a SecurityManager you must always provide the protected domain in use. With this information javassist will be able to be generate classes with the same signing information.
This means that instead of using CtClass.toClass() you should use ClassPool.toClass(CtClass ct, java.lang.ClassLoader loader, java.security.ProtectionDomain domain).
More information about this method in javassist javadoc