search

OpenLiberty / open-liberty

Open Liberty is a highly composable, fast to start, dynamic application server runtime environment
https://openliberty.io
Eclipse Public License 2.0
1.16k stars 599 forks source link

required JVM arguments when calling ServerBuilder (embedded launch) #18258

Open tjwatson opened 3 years ago

tjwatson commented 3 years ago

The SPI com.ibm.wsspi.kernel.embeddable.ServerBuilder can be used by java code running in an existing Java process to create and launch a Liberty server instance which runs in the same JVM process.

With Java 17 the JVM, by default, enforces strong encapsulation (see https://blogs.oracle.com/javamagazine/java-runtime-encapsulation-internals). For several parts of Liberty to work on Java 17 we must configure several --add-opens options with the JVM when launching the Java process. See https://raw.githubusercontent.com/OpenLiberty/open-liberty/integration/dev/com.ibm.ws.kernel.boot/publish/platform/java/java9.options

The java9.options file gets read by the liberty server script and automatically adds the JVM arguments to the launch of the java process used to launch liberty. The problem for ServerBuilder use cases is that the existing Java process that is invoking the ServerBuilder likely will not have set all these java9.options to add the necessary --add-opens when the Java process was launched.

Before Java 16 this was not a big deal. With Java 11 all that would happen is the JVM would output a warning to the console about some code having illegal access to some internals of the JVM. But now with Java 16 that warning became an error and would throw an exception, but this could be disabled back to a warning with the --illegal-access JVM argument. With Java 17 the --illegal-access setting is now going away and there is no way to disable the error for illegal access except through the use of various --add-opens settings.

Users of ServerBuilder will need to be aware of all the settings we have added to java9.options and set them on their own Java process when launching in order for Liberty to work properly. Liberty cannot control the way Java is launched for the embedded use case with ServerBuilder. If we do not want to require users to configure their own Java launch with the various --add-opens settings required for Liberty then each place in liberty that requires internal access will need to be fixed to avoid the internal access altogether.

tjwatson commented 3 years ago

Design call: Aug 24, 2021

Must add documentation for things to consider for Java 17 that describes the requirement to configure the various --add-opens included in the java9.options when launching the JVM for embedded usecases with ServerBuilder. Also should add a reference to this in documentation for ServiceBuilder like https://www.ibm.com/docs/en/was-liberty/core?topic=liberty-embedding-server-in-your-applications

Also need to communicate to the liberty embedders channel about this issue.

Had discussions about longer term need to investigate each place in Liberty that requires the --add-opens and need to look for alternatives or propose a need for new API from Java SE to do what we need to do.