Skip to content

on JDK 11 - WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 #24548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Felixoid opened this issue Feb 18, 2020 · 13 comments
Closed

on JDK 11 - WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 #24548

Felixoid opened this issue Feb 18, 2020 · 13 comments
Labels
status: duplicate A duplicate of another issue

Comments

@Felixoid
Copy link

Hello. Issue #22674 was closed, but it still exists.

@jhoeller has mentioned, that it's fixed, but it obviously not.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Feb 18, 2020
@sbrannen
Copy link
Member

@Felixoid, can you please provide a full stack trace showing the code path leading to the warning you encounter?

@sbrannen sbrannen added the in: core Issues in core modules (aop, beans, core, context, expression) label Feb 18, 2020
@Felixoid
Copy link
Author

Here's a warning from our tests:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/var/lib/jenkins/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.2.2.RELEASE/bfcf2f6d0494d89db63ae170b8491223c93a88dc/spring-core-5.2.2.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Is it enough, or do you prefer me to provide something more?

@sbrannen
Copy link
Member

TL;DR: I'm trying to get a bigger picture of the exact use case that leads to this warning.

That warning tells us that something called org.springframework.cglib.core.ReflectUtils (which is Spring's repackaged version of CGLIB). That would likely be called when generating a CGLIB-based proxy; however, the information in the warning does not tell us the code path that got us here.

In other words, is it part of the Spring Framework (or a Spring portfolio project) that is creating the proxy, or is it an external library that is relying on Spring to create a proxy. Also, what is a proxy being created for -- a type from your application, or some other type?

@sbrannen
Copy link
Member

Potentially a duplicate of #23099

@snicoll snicoll mentioned this issue Feb 19, 2020
Closed
@Felixoid
Copy link
Author

We get this warning during integration tests and I can't find a way to produce stack trace for this warning.

I've found the test where it comes from, but can't paste it here because of NDA. The next snippet from build.gradle doesn't help:

test {
     testLogging {               
         exceptionFormat = 'full'
         showStackTraces = true  
     }
}

We launch gradle with command ./gradlew --no-daemon check --full-stacktrace --debug and I don't see anything around the mentioned snippet despite the test class name class SomeTest extends AbstractControllerTestCase

@jhoeller
Copy link
Contributor

As just mentioned in #22674 (comment), this is unfortunately much more involved than a simple "fixed" versus "not fixed". We did address the case that can be semantically adapted to the JDK 9+ Lookup.defineClass API in Spring Framework 5.1... but certain cases remain where that API is not sufficient, in particular defining classes in custom ClassLoader architectures. We have to keep using ClassLoader.defineClass there; such a warning is therefore totally expected for those cases. We can only try to address specific cases based on detailed reports... either on the caller's side through changing the candidate class, or potentially through some heuristics within our CGLIB code.

@jCalculette
Copy link

Interestingly, I was playing around with several dependecies while choosing frameworks for a new project and I noticed that the warning also happens when you try to use

org.joinfaces jsf-spring-boot-starter 4.1.4

to enable use of JSF in a project that would also potentially incorporate latest PrimeFaces.

Other details about the project would be that other than incorporating dependancies for PrimeFaces, PrimeFaces Extension and BootStrap, it is purely initialized from spring boot and runs JDK 13.

Once you remove joinfaces, the warning also went away. So I would say that at least there is one of the culprits.

Adding full list of used dependancies if someone wants to check it out as well:

org.springframework.boot spring-boot-starter-actuator org.springframework.boot spring-boot-starter-data-jdbc org.springframework.boot spring-boot-starter-data-jpa org.springframework.boot spring-boot-starter-data-redis org.springframework.boot spring-boot-starter-mail org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-web-services 
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-devtools</artifactId>
	<scope>runtime</scope>
	<optional>true</optional>
</dependency>
<dependency>
	<groupId>com.h2database</groupId>
	<artifactId>h2</artifactId>
	<scope>runtime</scope>
</dependency>
<dependency>
	<groupId>org.postgresql</groupId>
	<artifactId>postgresql</artifactId>
	<scope>runtime</scope>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-test</artifactId>
	<scope>test</scope>
	<exclusions>
		<exclusion>
			<groupId>org.junit.vintage</groupId>
			<artifactId>junit-vintage-engine</artifactId>
		</exclusion>
	</exclusions>
</dependency>
<dependency>
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-test</artifactId>
	<scope>test</scope>
</dependency>
<!-- Additional packages -->
<!-- JSF related -->
<dependency>
       <groupId>org.primefaces.extensions</groupId>
       <artifactId>primefaces-extensions</artifactId>
       <version>8.0</version>
</dependency>
<dependency>
       <groupId>org.primefaces</groupId>
       <artifactId>primefaces</artifactId>
       <version>8.0</version>
</dependency>
<dependency>
       <groupId>org.joinfaces</groupId>
       <artifactId>jsf-spring-boot-starter</artifactId>
       <version>4.1.4</version>
</dependency>
<dependency>
       <groupId>com.ocpsoft</groupId>
       <artifactId>prettyfaces-jsf2</artifactId>
       <version>3.3.3</version>
    </dependency>
<!-- Bootstrap and FontAwesome -->
<dependency>
       <groupId>org.webjars</groupId>
       <artifactId>font-awesome</artifactId>
       <version>5.12.0</version>
</dependency>
<dependency>
       <groupId>org.webjars</groupId>
       <artifactId>bootstrap</artifactId>
       <version>4.4.1-1</version>
</dependency>

@Felixoid
Copy link
Author

We have the issue only during the testing, and here's a list of our gradle test dependencies:

testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.3.1'
testImplementation 'org.junit.jupiter:junit-jupiter-params:5.3.1'
testRuntimeOnly    'org.junit.jupiter:junit-jupiter-engine:5.3.1'

Maybe this would help

@adzubla
Copy link

adzubla commented Mar 13, 2020
edited
Loading

I have an application using

Java 11.0.6
Spring Boot 2.2.5
Spring Cloud Hoxton.SR3

When I added spring-cloud-starter-zipkin dependency the warning below occurred:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/home/user/.m2/repository/org/springframework/spring-core/5.2.4.RELEASE/spring-core-5.2.4.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Using --illegal-access=debug the stack trace is:

WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/home/user/.m2/repository/org/springframework/spring-core/5.2.4.RELEASE/spring-core-5.2.4.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
    at org.springframework.cglib.core.ReflectUtils.defineClass(ReflectUtils.java:533)
    at org.springframework.cglib.core.AbstractClassGenerator.generate(AbstractClassGenerator.java:363)
    at org.springframework.cglib.proxy.Enhancer.generate(Enhancer.java:582)
    at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData$3.apply(AbstractClassGenerator.java:110)
    at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData$3.apply(AbstractClassGenerator.java:108)
    at org.springframework.cglib.core.internal.LoadingCache$2.call(LoadingCache.java:54)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at org.springframework.cglib.core.internal.LoadingCache.createEntry(LoadingCache.java:61)
    at org.springframework.cglib.core.internal.LoadingCache.get(LoadingCache.java:34)
    at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData.get(AbstractClassGenerator.java:134)
    at org.springframework.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:319)
    at org.springframework.cglib.proxy.Enhancer.createHelper(Enhancer.java:569)
    at org.springframework.cglib.proxy.Enhancer.createClass(Enhancer.java:416)
    at org.springframework.aop.framework.ObjenesisCglibAopProxy.createProxyClassAndInstance(ObjenesisCglibAopProxy.java:57)
    at org.springframework.aop.framework.CglibAopProxy.getProxy(CglibAopProxy.java:205)
    at org.springframework.aop.framework.ProxyFactoryBean.getProxy(ProxyFactoryBean.java:378)
    at org.springframework.aop.framework.ProxyFactoryBean.getSingletonInstance(ProxyFactoryBean.java:330)
    at org.springframework.aop.framework.ProxyFactoryBean.getObject(ProxyFactoryBean.java:254)
    at org.springframework.cloud.sleuth.instrument.async.ExecutorBeanPostProcessor.getObject(ExecutorBeanPostProcessor.java:287)
    at org.springframework.cloud.sleuth.instrument.async.ExecutorBeanPostProcessor.getProxiedObject(ExecutorBeanPostProcessor.java:234)
    at org.springframework.cloud.sleuth.instrument.async.ExecutorBeanPostProcessor.createExecutorServiceProxy(ExecutorBeanPostProcessor.java:204)
    at org.springframework.cloud.sleuth.instrument.async.ExecutorBeanPostProcessor.wrapExecutorService(ExecutorBeanPostProcessor.java:157)
    at org.springframework.cloud.sleuth.instrument.async.ExecutorBeanPostProcessor.postProcessAfterInitialization(ExecutorBeanPostProcessor.java:101)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:431)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1800)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:595)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
    at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
    at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)

@MahatmaFatalError
Copy link

MahatmaFatalError commented Mar 26, 2020
edited
Loading

OpenJDK Runtime Environment (build 11.0.6.0.1+10-LTS-sapmachine)

Using --illegal-access=debug the stack trace is:

In my case, it is apparently related to H2

WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/home/user/.m2/repository/org/springframework/spring-core/5.2.4.RELEASE/spring-core-5.2.4.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
	at org.springframework.cglib.core.ReflectUtils.defineClass(ReflectUtils.java:533)
	at org.springframework.cglib.core.AbstractClassGenerator.generate(AbstractClassGenerator.java:363)
	at org.springframework.cglib.proxy.Enhancer.generate(Enhancer.java:582)
	at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData$3.apply(AbstractClassGenerator.java:110)
	at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData$3.apply(AbstractClassGenerator.java:108)
	at org.springframework.cglib.core.internal.LoadingCache$2.call(LoadingCache.java:54)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at org.springframework.cglib.core.internal.LoadingCache.createEntry(LoadingCache.java:61)
	at org.springframework.cglib.core.internal.LoadingCache.get(LoadingCache.java:34)
	at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData.get(AbstractClassGenerator.java:134)
	at org.springframework.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:319)
	at org.springframework.cglib.proxy.Enhancer.createHelper(Enhancer.java:569)
	at org.springframework.cglib.proxy.Enhancer.createClass(Enhancer.java:416)
	at org.springframework.aop.framework.ObjenesisCglibAopProxy.createProxyClassAndInstance(ObjenesisCglibAopProxy.java:57)
	at org.springframework.aop.framework.CglibAopProxy.getProxy(CglibAopProxy.java:205)
	at org.springframework.aop.framework.ProxyFactory.getProxy(ProxyFactory.java:110)
	at org.springframework.aop.scope.ScopedProxyFactoryBean.setBeanFactory(ScopedProxyFactoryBean.java:117)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:1818)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1783)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:595)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1287)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory$DependencyObjectProvider.getIfAvailable(DefaultListableBeanFactory.java:1920)
	at org.springframework.beans.factory.ObjectProvider.ifAvailable(ObjectProvider.java:91)
	at org.springframework.boot.autoconfigure.h2.H2ConsoleAutoConfiguration.h2Console(H2ConsoleAutoConfiguration.java:72)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651)

@bclozel bclozel added status: duplicate A duplicate of another issue and removed in: core Issues in core modules (aop, beans, core, context, expression) status: waiting-for-triage An issue we've not yet triaged or decided on labels Apr 1, 2020
@bclozel
Copy link
Member

bclozel commented Apr 1, 2020

Closing as a duplicate of #22674, see this comment for more details.

@bclozel bclozel closed this as completed Apr 1, 2020
@JenniferJohnson89 JenniferJohnson89 mentioned this issue Aug 17, 2020
Closed
@ggutierrezgarzon
Copy link

I used this pom, and my problem dissapared


4.0.0

org.springframework.boot
spring-boot-starter-parent
2.2.1.RELEASE


com.universidad.springboot.backend.academia
academia
0.0.1-SNAPSHOT
academia
Demo project for Spring Boot

1.8 Hoxton.RC2 org.springframework.boot spring-boot-starter-data-jpa org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-devtools runtime mysql mysql-connector-java runtime org.springframework.boot spring-boot-starter-test test javax.xml.bind jaxb-api org.glassfish.jaxb jaxb-runtime org.springframework.security spring-security-test 5.1.2.RELEASE test com.h2database h2 test 1.4.194 org.springframework.security spring-security-jwt 1.1.0.RELEASE javax.xml.bind jaxb-api org.glassfish.jaxb jaxb-runtime com.walterjwhite.java.dependencies hikari-jdbc-connection-pool 0.0.17 pom org.springframework.boot spring-boot-maven-plugin

@jdsalasca
Copy link

Report:

Spring Boot: 2.3.1

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/home/dev-juan/.m2/repository/org/springframework/spring-core/5.2.7.RELEASE/spring-core-5.2.7.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@bclozel @sbrannen @MahatmaFatalError @jhoeller @Felixoid @adzubla @spring-projects-issues @jdsalasca @jCalculette @ggutierrezgarzon