Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Tomcat9 warns about Illegal reflective access on startup

Description

I get the following warning on startup:

WARNING: Illegal reflective access by org.apache.felix.framework.ext.ClassPathExtenderFactory$DefaultClassLoaderExtender (file:/opt/lucee/jar/lucee-5.3.9.133.jar) to method java.net.URLClassLoader

So I added --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.net=ALL-UNNAMED --add-opens java.base/java.security=ALL-UNNAMED to JAVA_OPTS. The original warning disappeared, instead I now get a warning about another such issue, but this time caused by lucee.commons.lang.ClassUtil:

Jun 01 15:00:26 testbox tomcat9[97002]: Starting Servlet engine: [Apache Tomcat/9.0.43 (Debian)] Jun 01 15:00:27 testbox tomcat9[97002]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JA> Jun 01 15:00:28 testbox tomcat9[97002]: WARNING: An illegal reflective access operation has occurred Jun 01 15:00:28 testbox tomcat9[97002]: WARNING: Illegal reflective access by lucee.commons.lang.ClassUtil (jar:/var/lucee/config/server/lucee-server/patches/5.3.9.141.lco) to constructor com.sun.org.apache.xerces.internal.jaxp.Document> Jun 01 15:00:28 testbox tomcat9[97002]: WARNING: Please consider reporting this to the maintainers of lucee.commons.lang.ClassUtil Jun 01 15:00:28 testbox tomcat9[97002]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

Environment

Debian 11.3 Bullseye, Kernel 5.10.0-14-amd64, Java-11-OpenJDK 11.0.15 2022-04-19, Tomcat/9.0.43 (Debian)

relates to

Activity

Show:

Brad Wood 1 June 2022 at 17:51

This is something Lucee knows they need to address before Lucee will run on java 16+ (where the illegal reflective access is blocked), but the warnings on Java 11 doesn’t represent any sort of issue you need to worry about. It’s just the JVM letting you know the feature will be blocked in future versions.

Here are some related tickets that already cover what’s discussed here:

https://luceeserver.atlassian.net/browse/LDEV-3526

https://luceeserver.atlassian.net/browse/LDEV-3807

Markus Wollny 1 June 2022 at 13:33

I get the warnings to disappear using the following startup options:

JAVA_OPTS="$JAVA_OPTS --add-opens java.base/java.lang=ALL-UNNAMED" JAVA_OPTS="$JAVA_OPTS --add-opens java.base/java.net=ALL-UNNAMED" JAVA_OPTS="$JAVA_OPTS --add-opens java.base/java.security=ALL-UNNAMED" JAVA_OPTS="$JAVA_OPTS --add-opens java.xml/com.sun.org.apache.xerces.internal.jaxp=ALL-UNNAMED" JAVA_OPTS="$JAVA_OPTS --add-opens java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED"

I assume that this is not a fix as such, just a workaround.

Fixed

Details

Assignee

Reporter

Priority

Labels

Fix versions

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Affects versions

Created 1 June 2022 at 13:20
Updated 24 August 2022 at 08:30
Resolved 24 August 2022 at 08:30

Flag notifications