[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] java.lang.reflect.InaccessibleObjectException error in webapp
|
Hi,
On Thu, Aug 22, 2024 at 10:11 PM Paul B. Henson <henson@xxxxxxx> wrote:
> A suggested workaround is to add "--add-opens
> java.base/java.util=ALL-UNNAMED" to the jvm startup arguments. Would
> that prevent the problem when the race condition is lost for this issue?
> If so, would it have any undesirable security aspects that make it a bad
> idea?
Yes it's a bad idea because now all code in the class-path will be
able to perform deep reflection on JDK code, opening up for
vulnerabilities (depending on your application).
This may not be a race, but just a data problem.
For example, when you have an empty collection you return List.of()
which has a private Iterator implementation, but when you have data
you return some other data structure that has a public Iterator
implementation.
How are you using JPMS, if at all?
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.