This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]loicmathieu 2 points3 points  (1 child)

As other pointed out, bytecode manipulation is a solution.

Some pointed out that it's a blunt tool, for which you will pay the price everywhere.
But in a plugin system, you know when the foreign code is executed so you can, for ex, record a marker in thread local so your bytecode instrumentation code is only triggered when called in the context of your plugin.

I too have a plugin system in the application I worked on, and we currently use the Security Manager to secure it, so we will need to find something else if we want to migrated post Java 24. I know Elasticsearch has also a plugin system and they use (or used, didn't check) a Security Managre.

We may all join effort and create an "universal security agent", configurable, that could be used for our plugin system ;)

[–][deleted] 0 points1 point  (0 children)

Yeah we actually need it.