- edited description
Illegal reflective access by com.nimbusds.jose.shaded.asm.DynamicClassLoader
Issue #435
resolved
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.nimbusds.jose.shaded.asm.DynamicClassLoader (file:/C:/Users/karln/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.10/nimbus-jose-jwt-9.10.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.nimbusds.jose.shaded.asm.DynamicClassLoader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Error happens when about to do the following code snippet. Must be triggered by loading of the class that contains the code snippet. The message above comes out on the console in intelliJ.
JWSSigner signer = new MACSigner(sharedSecret);
// Prepare JWT with claims set
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.claim("role", applicationUser.getRoles())
.subject(applicationUser.getEmail())
.issueTime(createdDate)
.expirationTime(expirationDate)
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
// Apply the HMAC protection
signedJWT.sign(signer);
// Serialize to compact form, produces something like
// eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
String token = signedJWT.serialize();
Comments (5)
-
reporter
-
reporter
- edited description
-
Hi Nicholas,
What does
applicationUser.getRoles()return? It appears that is returns an object that triggers the object mapper.For safe op the claim value should be a String, Number, List<String> or Map<String,String|Number|…> instance .
-
reporter
Ok, I see. Roles has enums in it, so I will need to map it to strings. Thanks, and sorry for the inconvenience.
-
reporter
- changed status to resolved
Code error.
- Log in to comment
