kateyang1998
commented
6 days ago = Update on Nov 25 =
About the error: java.lang.reflect.InaccessibleObjectException: Unable to make field private static volatile java.net.Authenticator
This is the warning message we got after upgrading to Java 11: WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.apache.cxf.common.util.ReflectionUtil$11 (file:/usr/local/tomcat/webapps/oscar/WEB-INF/lib/cxf-core-3.2.0.jar) to field java.net.Authenticator.theAuthenticator WARNING: Please consider reporting this to the maintainers of org.apache.cxf.common.util.ReflectionUtil$11 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release
This is the complete error logs I got after upgrading to Java 17:
2024-11-22 13:45:50,231 ERROR core.FaxSchedulerJob (FaxSchedulerJob.java:76) - Fax scheduler has been stopped due to an unexpected error
java.lang.reflect.InaccessibleObjectException: Unable to make field private static volatile java.net.Authenticator java.net.Authenticator.theAuthenticator accessible: module java.base does not "opens java.net" to unnamed module @70eced1f
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354) ~[?:?]
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297) ~[?:?]
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178) ~[?:?]
at java.base/java.lang.reflect.Field.setAccessible(Field.java:172) ~[?:?]
at org.apache.cxf.common.util.ReflectionUtil$11.run(ReflectionUtil.java:194) ~[cxf-core-3.2.0.jar:3.2.0]
at org.apache.cxf.common.util.ReflectionUtil$11.run(ReflectionUtil.java:192) ~[cxf-core-3.2.0.jar:3.2.0]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) ~[?:?]
at org.apache.cxf.common.util.ReflectionUtil.setAccessible(ReflectionUtil.java:192) ~[cxf-core-3.2.0.jar:3.2.0]
at org.apache.cxf.transport.http.CXFAuthenticator.addAuthenticator(CXFAuthenticator.java:55) ~[cxf-rt-transports-http-3.2.0.jar:3.2.0]
at org.apache.cxf.transport.http.URLConnectionHTTPConduit.
These two issues are related, as both stem from the Java Module System introduced in Java 9 and the stricter restrictions on reflective access.
From Java 11 Warnings to Java 17 Errors:
- Java 11 Warning:
The warning indicates that
org.apache.cxf.common.util.ReflectionUtiluses reflection to access the fieldjava.net.Authenticator.theAuthenticator. Reflective access to such fields has been restricted since Java 9, requiring explicit configuration (e.g., using --add-opens or --illegal-access). In Java 11, these reflective operations are allowed but generate warnings to signal potential issues. - Java 17 Error:
Starting with Java 16, unauthorized reflective access is strictly prohibited by default. Fields or classes within the
java.basemodule that are not explicitly opened cannot be accessed reflectively. TheInaccessibleObjectExceptionerror is a hallmark of this stricter modular enforcement, indicating that reflective access tojava.net.Authenticator.theAuthenticatorhas been denied. The code in Apache CXF 3.2.0 relies on such reflective access, causing it to fail under Java 17 due to the enhanced restrictions.
Long-term Solution:
- Upgrade Apache CXF to Version 3.5.0 or Higher: In newer versions of Apache CXF, features that previously relied on reflective access have been optimized or restructured to avoid accessing restricted fields. Our current dependency, Apache CXF version 3.2.0, is outdated and incompatible with Java 17. Upgrading to the latest version (such as 3.5.0 or above) provides better support for Java 17.
References:
- Java Module System introduced in Java 9: https://blogs.oracle.com/java/post/modular-development-with-jdk-9
- Changes in Java 17: https://blogs.oracle.com/javamagazine/post/a-peek-into-java-17-continuing-the-drive-to-encapsulate-the-java-runtime-internals
- Apache CXF 3.5.0 Migration Guide: https://cxf.apache.org/docs/35-migration-guide.html
= Update on Nov 26 =
Successfully run and build with JDK 21.
root@848eea50a7dc:/workspace# java -version openjdk version "21" 2023-09-19 OpenJDK Runtime Environment (build 21+35-2513) OpenJDK 64-Bit Server VM (build 21+35-2513, mixed mode, sharing)
= Update on Nov 25 =
The error: 2024-11-22 11:13:36,593 ERROR core.FaxSchedulerJob (FaxSchedulerJob.java:76) - Fax scheduler has been stopped due to an unexpected error java.lang.reflect.InaccessibleObjectException: Unable to make field private static volatile java.net.Authenticator java.net.Authenticator.theAuthenticator accessible: module java.base does not "opens java.net" to unnamed module @1da53092 is resolved by adding ENV CATALINA_OPTS="--add-opens java.base/java.net=ALL-UNNAMED" into Dockerfile to bypass the restrictions in the default setup in Java 17. The fax server connection is up, but this is the temporary solution - please check the comment below for the suggested solution for the long term.
= Update on Nov 22 =
Since the package
java.security.aclwas removed in Java 14, we needed to remove it from our project. After doing it inOscarGroupandBaseLoginModuleclasses, the compilation errors were solved, and the Java version was successfully upgraded to Java 17.The error encountering now:
This error indicates that there was an access control issue when trying to access the theAuthenticator field in the java.net.Authenticator class during reflection. The theAuthenticator field is a private static volatile field, and the module system introduced in Java 9 by default restricts access between modules, especially without explicit authorization. It relates to Apache CXF, since we are using version 3.2.0, there're some incompatibilities with Java 17. We might consider to upgrade the CXF version to 3.5.0 (the full compatible ver.)
The document of Java 17 upgrade is updated in teams.