- edited description
Illegal reflection reported on the nimbus project
Hi,
We get these messages:
2021-11-10T13:06:01.52+0100 [APP/PROC/WEB/1] ERR WARNING: An illegal reflective access operation has occurred
2021-11-10T13:06:01.52+0100 [APP/PROC/WEB/1] ERR WARNING: Illegal reflective access by com.nimbusds.jose.shaded.asm.DynamicClassLoader (file:xxxxxx/app/BOOT-INF/lib/nimbus-jose-jwt-9.10.1.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
2021-11-10T13:06:01.52+0100 [APP/PROC/WEB/1] ERR WARNING: Please consider reporting this to the maintainers of com.nimbusds.jose.shaded.asm.DynamicClassLoader
Is this a known issue?
Running on jdk 11, linux in a Spring Boot application.
Regards,
Bart
Comments (8)
-
reporter -
reporter Any update on this?
-
- changed status to open
Hello Bart,
This issue appears to come from the shaded JOSE library.
Could you upgrade to version 9.21.1 (2022-04-21) or later, and report if it is still appearing?
-
reporter Yes, it’s still there (on version: 9.23)
[ERROR] WARNING: An illegal reflective access operation has occurred [ERROR] WARNING: Illegal reflective access by com.nimbusds.jose.shaded.asm.DynamicClassLoader (file:/Users/#######/.m2/repository/com/nimbusds/nimbus-jose-jwt/9.23/nimbus-jose-jwt-9.23.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) [ERROR] WARNING: Please consider reporting this to the maintainers of com.nimbusds.jose.shaded.asm.DynamicClassLoader [ERROR] WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations [ERROR] WARNING: All illegal access operations will be denied in a future release
-
reporter any update on this?
-
Hi Bart,
It looks like we’ll need to change the underlying JSON lib, because JSON Smart is no longer being actively maintained, to remove such reflection warnings.
The primary candidate is Gson for now.
There was also a proposal to add an SPI to enable dynamic plugging of JSON libs for the serialisation and parsing.
-
reporter That would be nice. I think Gson is a good choice. it’s very common in usage right now and in benchmark tests usually the fastest. Alternatively you could use Jackson, which is default in Spring Boot.
-
- changed status to resolved
Replaces JSON Smart 2.4.8 (shaded) with GSon 2.9.1 (also shaded): 74a64ad6
Released as v9.24.
- Log in to comment