After JDK 9+ JVM emit illegal access operations warning if you use some illegal access like setAccessible()
.
My questions
setAccessible()
will be blocked in the future?I can't find reference anywhere, thanks in advance.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.hazelcast.internal.networking.nio.SelectorOptimizer (file:/var/folders/9w/wp9vfqmn2ql0mp3lgym0bxf40000gn/T/toy.war-spring-boot-libs-0024b388-730f-430b-b21b-1611bd2ad612/hazelcast-4.0.2.jar) to field sun.nio.ch.SelectorImpl.selectedKeys
WARNING: Please consider reporting this to the maintainers of com.hazelcast.internal.networking.nio.SelectorOptimizer
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
setAccessible()
will be blocked in the future?No, AccessibleObject#setAccessible(boolean)
is not deprecated nor, as far as I'm aware, are there plans to deprecate it.
The warning you see is related to this method but not directly. The Java Platform Module System introduced in Java 9 added stronger encapsulation, both at compile-time and run-time (i.e. reflection). The run-time rules are documented by #setAccessible(boolean)
:
This method may be used by a caller in class
C
to enable access to a member of declaring classD
if any of the following hold:
C
andD
are in the same module.- The member is public and
D
is public in a package that the module containingD
exports to at least the module containingC
.- The member is protected static,
D
is public in a package that the module containingD
exports to at least the module containingC
, andC
is a subclass ofD
.D
is in a package that the module containingD
opens to at least the module containingC
. All packages in unnamed and open modules are open to all modules and so this method always succeeds whenD
is in an unnamed or open module.This method cannot be used to enable access to private members, members with default (package) access, protected instance members, or protected constructors when the declaring class is in a different module to the caller and the package containing the declaring class is not open to the caller's module.
This is a breaking change from Java 8 when reflection had free rein to access anything it wanted (assuming no SecurityManager
). A breaking change is a problem since Java prides itself on backwards compatibility. In order to provide libraries and frameworks enough time to migrate they relaxed this strong encapsulation for a specific scenario (see below).
The warning you see is related to the --illegal-access
option, which is documented by the java
tool specification:
When present at run time,
--illegal-access=
takes a keyword parameter to specify a mode of operation:Note: This option will be removed in a future release.
permit
: This mode opens each package in each module in the run-time image to code in all unnamed modules ( such as code on the class path), if that package existed in JDK 8 [emphasis added]. This enables both static access, (for example, by compiled bytecode, and deep reflective access) through the platform's various reflection APIs. The first reflective-access operation to any such package causes a warning to be issued. However, no warnings are issued after the first occurrence. This single warning describes how to enable further warnings. This mode is the default for the current JDK but will change in a future release [emphasis added].
warn
: This mode is identical to permit except that a warning message is issued for each illegal reflective-access operation.
debug
: This mode is identical to warn except that both a warning message and a stack trace are issued for each illegal reflective-access operation.
deny
: This mode disables all illegal-access operations except for those enabled by other command-line options, such as--add-opens
. This mode will become the default in a future release [emphasis added].The default mode,
--illegal-access=permit
, is intended to make you aware of code on the class path that reflectively accesses any JDK-internal APIs at least once. To learn about all such accesses, you can use the warn or the debug modes. For each library or framework on the class path that requires illegal access, you have two options:
If the component's maintainers have already released a fixed version that no longer uses JDK-internal APIs then you can consider upgrading to that version.
If the component still needs to be fixed, then you can contact its maintainers and ask them to replace their use of JDK-internal APIs with the proper exported APIs.
If you must continue to use a component that requires illegal access, then you can eliminate the warning messages by using one or more
--add-opens
options to open only those internal packages to which access is required.To verify that your application is ready for a future version of the JDK, run it with
--illegal-access=deny
along with any necessary--add-opens
options. Any remaining illegal-access errors will most likely be due to static references from compiled code to JDK-internal APIs. You can identify those by running thejdeps
tool with the--jdk-internals
option. For performance reasons, the current JDK does not issue warnings for illegal static-access operations.
To summarize the emphasized parts:
permit
.
deny
.
--illegal-access
option itself will eventually be removed entirely.In what release these changes will occur... I have no idea. However, the --illegal-access
option will probably be removed one or two releases after the default mode becomes deny
.
JEP 396: Strongly Encapsulate JDK Internals by Default was delivered with Java 16 and makes the default mode deny
. The --illegal-access
option is still present.
JEP 403: Strongly Encapsulate JDK Internals is currently targeted for Java 17. This will make permit
, warn
, and debug
modes ineffective and attempting to use them will result in a warning being emitted. However, the --illegal-access
option will remain for now (but is planned to be removed in a future release).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With