Nicolas Roduit created FELIX-5667:
-------------------------------------
Summary: Illegal access with Java 9 Jigsaw (Module System)
Key: FELIX-5667
URL: https://issues.apache.org/jira/browse/FELIX-5667
Project: Felix
Issue Type: Bug
Components: Framework
Affects Versions: framework-5.6.4
Reporter: Nicolas Roduit
Priority: Critical
The problem comes from the class URLHandlers and URLHandlersContentHandlerProxy
containing hard-coded class references:
URLHandlersContentHandlerProxy:
{code}
private static final String DEFAULT_CONTENT_HANDLER_PACKAGE =
"sun.net.www.content|com.ibm.oti.net.www.content|gnu.java.net.content|org.apache.harmony.luni.internal.net.www.content|COM.newmonics.www.content";
{code}
URLHandlers
{code}
private static final String DEFAULT_STREAM_HANDLER_PACKAGE =
"sun.net.www.protocol|com.ibm.oti.net.www.protocol|gnu.java.net.protocol|wonka.net|com.acunia.wonka.net|org.apache.harmony.luni.internal.net.www.protocol|weblogic.utils|weblogic.net|javax.net.ssl|COM.newmonics.www.protocols";
{code}
The restrictions to the class "sun.*" is already effective with Java WebStart
(see https://bugs.openjdk.java.net/browse/JDK-8183007 and it will be in a
future release of JRE). So it requires to export specifically the required
classes. Here are for sun classes:
--add-exports=java.base/sun.net.www.protocol.http=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.https=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.file=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.ftp=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED
--add-exports=java.base/sun.net.www.content.audio=ALL-UNNAMED
--add-exports=java.base/sun.net.www.content.image=ALL-UNNAMED
--add-exports=java.base/sun.net.www.content.text=ALL-UNNAMED
The current implementation doesn't write any errors neither in felix nor in JWS
(because the warning mode for problematic access will be implemented in jdk 10)
So forgetting to export a package doesn't show any direct errors. In my
opinion, the felix implementation should at least catch
"java.lang.IllegalStateException: Unable to access ...":
{code}
private URLStreamHandler loadBuiltInStreamHandler(String protocol,
ClassLoader classLoader) {
StringTokenizer pkgTok = new StringTokenizer(m_streamPkgs, "| ");
while (pkgTok.hasMoreTokens())
{
String pkg = pkgTok.nextToken().trim();
String className = pkg + "." + protocol + ".Handler";
try
{
// If a built-in handler is found then cache and return it
Class handler = m_secureAction.forName(className, classLoader);
if (handler != null)
{
return (URLStreamHandler) handler.newInstance();
}
}
catch (Throwable ex)
{
// This could be a class not found exception or an
// instantiation exception, not much we can do in either
// case other than ignore it.
}
}
{code}
There are also issues regarding illegal reflective access. To run felix with
Java Webstart it is required to add at least:
--add-opens=java.base/java.net=ALL-UNNAMED
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.security=ALL-UNNAMED
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
