Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] java.lang.reflect.InaccessibleObjectException error in webapp

Hi,

On Thu, Aug 22, 2024 at 10:11 PM Paul B. Henson <henson@xxxxxxx> wrote:
> A suggested workaround is to add "--add-opens
> java.base/java.util=ALL-UNNAMED" to the jvm startup arguments. Would
> that prevent the problem when the race condition is lost for this issue?
> If so, would it have any undesirable security aspects that make it a bad
> idea?

Yes it's a bad idea because now all code in the class-path will be
able to perform deep reflection on JDK code, opening up for
vulnerabilities (depending on your application).

This may not be a race, but just a data problem.
For example, when you have an empty collection you return List.of()
which has a private Iterator implementation, but when you have data
you return some other data structure that has a public Iterator
implementation.

How are you using JPMS, if at all?

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.


Back to the top