Nicolas Roduit created FELIX-5667: ------------------------------------- Summary: Illegal access with Java 9 Jigsaw (Module System) Key: FELIX-5667 URL: https://issues.apache.org/jira/browse/FELIX-5667 Project: Felix Issue Type: Bug Components: Framework Affects Versions: framework-5.6.4 Reporter: Nicolas Roduit Priority: Critical
The problem comes from the class URLHandlers and URLHandlersContentHandlerProxy containing hard-coded class references: URLHandlersContentHandlerProxy: {code} private static final String DEFAULT_CONTENT_HANDLER_PACKAGE = "sun.net.www.content|com.ibm.oti.net.www.content|gnu.java.net.content|org.apache.harmony.luni.internal.net.www.content|COM.newmonics.www.content"; {code} URLHandlers {code} private static final String DEFAULT_STREAM_HANDLER_PACKAGE = "sun.net.www.protocol|com.ibm.oti.net.www.protocol|gnu.java.net.protocol|wonka.net|com.acunia.wonka.net|org.apache.harmony.luni.internal.net.www.protocol|weblogic.utils|weblogic.net|javax.net.ssl|COM.newmonics.www.protocols"; {code} The restrictions to the class "sun.*" is already effective with Java WebStart (see https://bugs.openjdk.java.net/browse/JDK-8183007 and it will be in a future release of JRE). So it requires to export specifically the required classes. Here are for sun classes: --add-exports=java.base/sun.net.www.protocol.http=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.https=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.file=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.ftp=ALL-UNNAMED --add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED --add-exports=java.base/sun.net.www.content.audio=ALL-UNNAMED --add-exports=java.base/sun.net.www.content.image=ALL-UNNAMED --add-exports=java.base/sun.net.www.content.text=ALL-UNNAMED The current implementation doesn't write any errors neither in felix nor in JWS (because the warning mode for problematic access will be implemented in jdk 10) So forgetting to export a package doesn't show any direct errors. In my opinion, the felix implementation should at least catch "java.lang.IllegalStateException: Unable to access ...": {code} private URLStreamHandler loadBuiltInStreamHandler(String protocol, ClassLoader classLoader) { StringTokenizer pkgTok = new StringTokenizer(m_streamPkgs, "| "); while (pkgTok.hasMoreTokens()) { String pkg = pkgTok.nextToken().trim(); String className = pkg + "." + protocol + ".Handler"; try { // If a built-in handler is found then cache and return it Class handler = m_secureAction.forName(className, classLoader); if (handler != null) { return (URLStreamHandler) handler.newInstance(); } } catch (Throwable ex) { // This could be a class not found exception or an // instantiation exception, not much we can do in either // case other than ignore it. } } {code} There are also issues regarding illegal reflective access. To run felix with Java Webstart it is required to add at least: --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED -- This message was sent by Atlassian JIRA (v6.4.14#64029)