You have to load the classes to use reflection, static initializers
run when the class is loaded. So you're quite literally loading and
executing completely unknown code while you scrape the classpath for
annotations. ASM parses the class file, but doesn't load it.
-David
On Oct 27, 2006, at 12:56 PM, Alan D. Cabrera wrote:
Interesting. Can you provide detail about your security comment
and how asm figures into this?
Regards,
Alan
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: David Blevins <[EMAIL PROTECTED]>
Date: Fri, 27 Oct 2006 12:13:39
To:[email protected]
Subject: xbean-finder: ClassFinder
So added a finder for searching for classes that have a specific
annotation, etc. It's there it works and is better than some of the
code i've seen that does the same, but... I still hate it as like all
the approaches I've seen it loads the classes and uses reflection to
determine if the annotation is present.
This is the most insecure code I can think of, so I'm yanking it in
leu of an asm-based approach. So take this as your warning not to
start consuming the ClassFinder just yet.
-David
