Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [aspectj-users] How to ensure your jars will never be weaved byaspectJ 
Sealing a jar requires a key, so another party won't be able 
to build a sealed jar. No man-in-the-middle.

Wes

> ------------Original Message------------
> From: "Eric Bodden" <eric.bodden@xxxxxxxxxxxxxx>
> To: aspectj-users@xxxxxxxxxxx
> Date: Tue, Feb-7-2006 9:56 PM
> Subject: RE: [aspectj-users] How to ensure your jars will never be weaved byaspectJ
>
> Just out of curiosity - does signing also affect static weaving? Or 
> does that only help in the case of load time weaving (cause that's what I 
> thought...)?
>  
> Thanks,
> Eric
>  
> --
> Eric Bodden
> Sable Research Group
> McGill University, Montréal, Canada
> 
> ________________________________
> 
> From: aspectj-users-bounces@xxxxxxxxxxx on behalf of Adrian Colyer
> Sent: Tue 07.02.2006 03:13
> To: Wes Isberg; aspectj-users@xxxxxxxxxxx
> Subject: Re: [aspectj-users] How to ensure your jars will never be 
> weaved byaspectJ
> 
> 
> 
> If you *only* care about AspectJ (and not any of the many other tools
> that can do byte code enhancement), you can weave the jar yourself
> with the -XnotReweavable flag. Once woven with this flag on, AspectJ
> will not reweave those types again.
> 
> Wes' suggestion of signing and sealing is much prefered though. It
> copes in all cases.
> 
> On 06/02/06, Wes Isberg <wes@xxxxxxxxxxxxxx> wrote:
> > As with other Java code, sign/seal the jar and control the deployment
> > to not use any bytecode weaver.  Also, if you obfuscate the code, it
> > will be harder to make sense of anything.
> >
> > AspectJ offers the same guarantees as Java in this respect.
> >
> > Wes
> >
> > > ------------Original Message------------
> > > From: Kaare Nilsen <kaare.nilsen@xxxxxxxxx>
> > > To: aspectj-users@xxxxxxxxxxx
> > > Date: Mon, Feb-6-2006 11:57 AM
> > > Subject: [aspectj-users] How to ensure your jars will never be 
> weaved by aspectJ
> > >
> > > Hi..
> > >
> > > Anyone who would like to tell me how I would go about making sure 
> my
> > > jarfile never can be inspected by aspects after deployment..
> > >
> > > Lets say i have code in my jars that i did not want to expose the
> > > inner workings of, how do I then ensure that no one can e.g. take a
> > > tracing aspect so that they could look at my calls, and intercept 
> them
> > > ?
> > >
> > > /Kaare
> > > _______________________________________________
> > > aspectj-users mailing list
> > > aspectj-users@xxxxxxxxxxx
> > > https://dev.eclipse.org/mailman/listinfo/aspectj-users
> > >
> >
> > _______________________________________________
> > aspectj-users mailing list
> > aspectj-users@xxxxxxxxxxx
> > https://dev.eclipse.org/mailman/listinfo/aspectj-users
> >
> 
> 
> --
> -- Adrian
> adrian.colyer@xxxxxxxxx
> _______________________________________________
> aspectj-users mailing list
> aspectj-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/aspectj-users
> 
> 
> _______________________________________________
> aspectj-users mailing list
> aspectj-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/aspectj-users
>

Back to the top