envoyé : 23 août 2024 à 11:47
de : Simone Bordet via jetty-users <jetty-users@xxxxxxxxxxx>
à : "Paul B. Henson" <henson@xxxxxxx>
Cc: Simone Bordet <sbordet@xxxxxxxxxxx>, JETTY user mailing list <jetty-users@xxxxxxxxxxx>
objet : Re: [jetty-users] java.lang.reflect.InaccessibleObjectException error in webapp
Hi,
On Thu, Aug 22, 2024 at 10:11 PM Paul B. Henson <henson@xxxxxxx> wrote:
A suggested workaround is to add "--add-opens
java.base/java.util=ALL-UNNAMED" to the jvm startup arguments. Would
that prevent the problem when the race condition is lost for this issue?
If so, would it have any undesirable security aspects that make it a bad
idea?
Yes it's a bad idea because now all code in the class-path will be
able to perform deep reflection on JDK code, opening up for
vulnerabilities (depending on your application).
This may not be a race, but just a data problem.
For example, when you have an empty collection you return List.of()
which has a private Iterator implementation, but when you have data
you return some other data structure that has a public Iterator
implementation.
How are you using JPMS, if at all?
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users