Java 10: Warnings: Illegal reflective access: CloneableConverter

Question

Java 10: Warnings: Illegal reflective access: CloneableConverter

bernhardkern opened this issue 6 years ago · 26 comments

What

When starting a spring boot application, using Orika with Java 10, I receive the following warnings:
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by ma.glasnost.orika.converter.builtin.CloneableConverter (file:/xxxr) to method java.lang.Object.clone()
WARNING: Please consider reporting this to the maintainers of ma.glasnost.orika.converter.builtin.CloneableConverter
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Versions
I am using Java 10.0.2 and orika-core 1.5.2

How can this issue be solved? I did not check with Java 9 but I expect it to be the same (as with other libraries, which use Reflections).

monterinio commented 6 years ago

Nice!

akpraha commented 4 years ago

Bump.

planschmu commented 4 years ago

Bump.

t-patt commented 4 years ago

Bump

👍3

MevlutOzdemir commented 3 years ago

Bump

rivancic commented 2 years ago

Bump

Answer 1 · 2018-11-15T21:24:27.000Z

Any news on this? We're also seeing this

Answer 2 · 2019-02-04T15:27:55.000Z

Bump!

Any chance to get it fixed soon?

Answer 3 · 2019-02-05T22:13:26.000Z

Bump!
Any news on this?

Answer 4 · 2019-02-20T10:27:54.000Z

Quick answer: in Java >9 you'll need to add --add-opens java.base/java.lang=ALL-UNNAMED

Actually this particular converter need to use .clone method if available
I removed the need for reflection in builtin converters (ma.glasnost.orika.converter.builtin.CloneableConverter), and the reflection based one will stay there if wanted.
This modification should be available in 1.6.0

Just keep in mind those warnings wont affect anything. Now a lot of infrastructure code in Java ecosystem are just ignoring those warnings. Some naughty people dared to disable the logger 😅

/**
     * Java 9 now complains about every privileged action regardless.
     * Displaying warnings of "illegal usage" and then instructing users
     * to go hassle the maintainers in order to have it fixed.
     * Making it hush for now, see all fixed.
     * @param tu theUnsafe that'll fix it */
    static void disableWarning(TheUnsafe tu) {
        try {
            if (ClassFile.MAJOR_VERSION < ClassFile.JAVA_9)
                return;
            Class<?> cls = Class.forName("jdk.internal.module.IllegalAccessLogger");
            Field logger = cls.getDeclaredField("logger");
            tu.call("putObjectVolatile", cls, tu.call("staticFieldOffset", logger), null);
        } catch (Exception e) { /*swallow*/ }
    }

(from javassist)
We will not do that but gradually remove all illegal usages (there is only few places in Orika)

Answer 5 · 2019-02-22T05:39:31.000Z

Branch 1.6.x is available (main repository, free of illegal access) please check it out and let me know.

Answer 6 · 2019-11-10T12:08:29.000Z

I am using orkia core 1.5.4 latest in maven till now, but I am still getting. Where to get 1.6.X ?

Answer 7 · 2020-02-20T11:27:40.000Z

Using "net.rakugakibox.spring.boot:orika-spring-boot-starter:1.9.0". Same problem (as it uses orika 1.5.4)

Answer 8 · 2020-02-26T11:01:34.000Z

Using java 11 and Orika 1.5.2 with the same problem

Answer 9 · 2020-03-19T07:53:15.000Z

Using java build 13.0.1+9 and orika-core 1.5.4 with same problem.

Answer 10 · 2020-04-16T07:48:45.000Z

Using java 11 and Orika 1.5.4 with the same problem

Answer 11 · 2020-04-16T07:51:09.000Z

Quick answer: in Java >9 you'll need to add --add-opens java.base/java.lang=ALL-UNNAMED

Actually this particular converter need to use .clone method if available
I removed the need for reflection in builtin converters (ma.glasnost.orika.converter.builtin.CloneableConverter), and the reflection based one will stay there if wanted.
This modification should be available in 1.6.0

Just keep in mind those warnings wont affect anything. Now a lot of infrastructure code in Java ecosystem are just ignoring those warnings. Some naughty people dared to disable the logger 😅
/**
     * Java 9 now complains about every privileged action regardless.
     * Displaying warnings of "illegal usage" and then instructing users
     * to go hassle the maintainers in order to have it fixed.
     * Making it hush for now, see all fixed.
     * @param tu theUnsafe that'll fix it */
    static void disableWarning(TheUnsafe tu) {
        try {
            if (ClassFile.MAJOR_VERSION < ClassFile.JAVA_9)
                return;
            Class<?> cls = Class.forName("jdk.internal.module.IllegalAccessLogger");
            Field logger = cls.getDeclaredField("logger");
            tu.call("putObjectVolatile", cls, tu.call("staticFieldOffset", logger), null);
        } catch (Exception e) { /*swallow*/ }
    }
(from javassist)
We will not do that but gradually remove all illegal usages (there is only few places in Orika)

This is not true in my case, the destination object's properties are all set to null on mapper.map(source, destination.class)

Answer 12 · 2020-07-09T10:08:46.000Z

No news on this?

Answer 13 · 2021-02-15T10:39:11.000Z

Any chance of releasing the 1.6.0 version any time soon? It's been 2 years since you have mentioned it.

Answer 14 · 2021-04-22T15:54:22.000Z

I locally built 1.6.0 branch and used for our project with Java 11 open and it is working fine without any issues

Answer 15 · 2021-09-01T12:42:14.000Z

The WARNING: All illegal access operations will be denied in a future release - part of the error is now becoming reality. In Java 16 orika mapper simply does not work any more*. With the upcoming release of Java 17 (which is an LTS build!), I think the release of version 1.6 is becoming quite important.

* Error logs:

nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'orikaMapperFacade' defined in class path resource 
[net/rakugakibox/spring/boot/orika/OrikaAutoConfiguration.class]: 
Bean instantiation via factory method failed; 

nested exception is org.springframework.beans.BeanInstantiationException: 
Failed to instantiate [ma.glasnost.orika.MapperFacade]: 
Factory method 'orikaMapperFacade' threw exception; 

nested exception is java.lang.reflect.InaccessibleObjectException: 
Unable to make protected native java.lang.Object java.lang.Object.clone() 
throws java.lang.CloneNotSupportedException accessible: module java.base 
does not "opens java.lang" to unnamed module @744e1a70

Answer 16 · 2021-09-14T20:42:04.000Z

FYI: JDK 17 now has landed.

Answer 17 · 2021-09-14T21:04:05.000Z

So I guess the answer is - stay on JDK 11, or look for something else. Fortunately for me, I don't need to upgrade immediately, but it looks like it's time to reevaluate whether it's not better to just write the mapping layer by hand and forget about Orika.

Answer 18 · 2021-09-14T21:05:01.000Z

I mean, it's only been three years since this was first reported, so nobody could possibly expect any sort of solution in that time frame.

Answer 19 · 2022-04-06T12:45:49.000Z

In 2022, I am also affected by this problem.

java version "11.0.14" 2022-01-18 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.14+8-LTS-263)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.14+8-LTS-263, mixed mode)

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by ma.glasnost.orika.converter.builtin.CloneableConverter (file:path/my.jar) to method java.lang.Object.clone()
WARNING: Please consider reporting this to the maintainers of ma.glasnost.orika.converter.builtin.CloneableConverter
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Answer 20 · 2023-10-19T12:17:39.000Z

Hi @elaatifi ya djari, think about releasing the 1.6.0, I'm having the same issue with 1.5.4.