Using --add-opens flag with an Adoptium based java 17 docker image result in unrecognized option error

Question

I have java 17 based spring project, where I have to connect to a ftps server with SSL session reuse. There are many solutions for this problem floating around the internet and all of them require the following JVM flags to be set:

--add-opens java.base/sun.security.ssl=ALL-UNNAMED 
--add-opens java.base/sun.security.util=ALL-UNNAMED

The solution works perfectly during development time, but I'm unable to create a working docker image. Currently, the images are created with jib-maven-plugin the base image is amd64/eclipse-temurin:17.0.1_12-jre-alpine but I already tried newer versions of Java 17 and older too, I even tried JDK imaged too.

    <plugin>
        <groupId>com.google.cloud.tools</groupId>
        <artifactId>jib-maven-plugin</artifactId>
        <version>3.1.4</version>
        <configuration>
            <from>
                <image>${image.base}</image>
            </from>
            <to>
                <image>${image.name}:${project.version}</image>
            </to>
            <container>
                <mainClass>${image.mainClass}</mainClass>
                <jvmFlags>
                    <jvmFlag>--add-opens java.base/sun.security.ssl=ALL-UNNAMED</jvmFlag>
                    <jvmFlag>--add-opens java.base/sun.security.util=ALL-UNNAMED</jvmFlag>
                </jvmFlags>
            </container>
        </configuration>
    </plugin>

This is the current set-up, all the variables are correct, and worked previously I just added the JVM flags, but with this whenever I try to start the docker container I get the following error message:

Unrecognized option: --add-opens java.base/sun.security.ssl=ALL-UNNAMED Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit.

I also tried adding this JVM argument with JAVA_TOOL_OPTIONS but I get the same results. Since I have no idea what could possibly go wrong I dumped the docker image tar, and checked the entry point defined in the config.json and that looked fine according to my knowledge.

   "Entrypoint":[
      "java",
      "--add-opens java.base/sun.security.ssl=ALL-UNNAMED --add-opens java.base/sun.security.util=ALL-UNNAMED",
      "-cp",
      "@/app/jib-classpath-file",
      "com.example.demo.DemoApplication"
   ],

As far as I know --add-opens is not an optional switch and every java implementation should use it or am I wrong?

Answer 1

So while I try to look for solution I run into the following old OpenJDK bug report:

https://bugs.openjdk.org/browse/JDK-8173128

According to the first comment in the report the solution is the following:

                <jvmFlags>
                    <jvmFlag>--add-opens=java.base/sun.security.ssl=ALL-UNNAMED</jvmFlag>
                    <jvmFlag>--add-opens=java.base/sun.security.util=ALL-UNNAMED</jvmFlag>
                </jvmFlags>

Indeed it's solved the issue, so there should be a = mark between the --add-opens and the module/package definition. This was not an issue running from IntelliJ on windows during development.