on JDK 11 - WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/C:/Users/.../spring-core/4.3.22.RELEASE/spring-core-4.3.22.RELEASE.jar)

[paulvi]

Error for Spring Boot 1.5.x (1.5.19.RELEASE, using the latest spring-core-4.3.22.RELEASE.jar)

I have not seen this error before within previous boot 1.5.17.RELEASE.
And frankly upgrade to the latest 1.5.19.RELEASE/spring-core-4.3.22.RELEASE.jar was maybe 1-2 weeks ago.

So why this error appeared?

14:43:23.388 [main] INFO  o.s.b.f.s.DefaultListableBeanFactory#registerBeanDefinition:826 - Overriding bean definition for bean 'managementServletContext' with a different definition: replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.actuate.autoconfigure.EndpointWebMvcHypermediaManagementContextConfiguration; factoryMethodName=managementServletContext; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/actuate/autoconfigure/EndpointWebMvcHypermediaManagementContextConfiguration.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration; factoryMethodName=managementServletContext; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/actuate/autoconfigure/EndpointWebMvcAutoConfiguration.class]]
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/C:/Users/myuserlogin/.m2/repository/org/springframework/spring-core/4.3.22.RELEASE/spring-core-4.3.22.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
14:43:25.687 [main] INFO  o.s.b.f.a.AutowiredAnnotationBeanPostProcessor#<init>:155 - JSR-330 'javax.inject.Inject' annotation found and supported for autowiring

ref #22019

[jhoeller]

This is just a warning that appears on JDK 9+, caused by the use of internal JDK API in CGLIB. You may safely ignore this for the time being; a Spring Framework 4.3 based application will nevertheless run fine.

For full JDK 9+ support, please upgrade to Spring Framework 5.1+ / Spring Boot 2.1+.

[paulvi]

This warning has been on JDK 8 u201

[jhoeller]

Seriously, on a recent JDK 8 update? Could you please double-check that? This is only known to appear on JDK 9+ against the new module system foundation there.

In any case, those warnings will only disappear as of Spring Framework 5.1+. The alternative way of defining classes on JDK 9+ is quite involved and comes with side effects, so we are not going to backport it. With 4.3.x and 5.0.x, it's safe to ignore those warnings anyway, as far as we're aware.

[paulvi]

OK, I will do java -version at work....

[paulvi]

D:\Workspaces\Projectname>java -version
java version "1.8.0_201"
Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)

OS Windows 10

[snicoll]

@paulvi java -version is not a proof that the process you are running is using that version.

[paulvi]

Indeed, my wrong:

while a have Java 8 on path, and have been using it for all projects,
my IDE chose JDK 11, when I was reimporting code into IDE yesterday, and I just noticed this.

The good news is that after using JDK 11 for a day, I have not noticed any other issues.

[sbrannen]

@paulvi, thanks for the feedback.

[cy503328434]

OS Windows 10, jdk-11.0.5, Spring boot 2.2.1,spring-core/5.2.1.RELEASE, I noticed stille has:WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/E:/dev/gradle/repository/caches/modules-2/files-2.1/org.springframework/spring-core/5.2.1.RELEASE/32b265ff5c7c35257b5a242b9628dcd321a2b010/spring-core-5.2.1.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

[nilsign]

@cy503328434
I am getting the same warning on OS Windows 10, jdk-11.0.2, Spring boot 2.2.1,spring-core/5.2.1.RELEASE!

[tezcan10]

I am experiencing this warning on MacOS Catalina, oracle JDK11, spring 5.1.6 and spring boot 2.1.10
Can you please inform me of a solution (not the mentioned work around of --add jvm option as mention in stackoverflow)

[elue]

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file://org/springframework/spring-core/5.2.2.RELEASE/spring-core-5.2.2.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

[mariusstaicu]

I'm getting the same on spring-core-5.1.10 with jdk 11. This should be reopened.

[herrsorgenfrei]

same warning on openjdk64-11.0.2, spring-core-5.2.2.RELEASE.jar, spring boot 2.2.2.RELEASE

[KaranLala]

Same issue Windows 10, jdk-11.0.3, spring-boot 2.0.6.Release, spring-core 5.0.10.RELEASE

[StevenHachel]

Same Issue Windows 10 Prof., openjdk-12.0.2, spring-boot 2.1.4, openjfx 13

[johnstrickler]

Same, Mac OS Mojave . openjdk 11.0.6 2020-01-14. spring boot 2.2.4.RELEASE

[ascheman]

Same here (Spring Boot 2.2.4, OpenJDK 11, Alpine):
Illegal reflective access by org.springframework.cglib.core.ReflectUtils (jar:file:...jar!/BOOT-INF/lib/spring-core-5.2.3.RELEASE.jar!/) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)

How many repeated reports are necessary to re-open the error, @jhoeller?
This is No. 10 (with about 20 likes all-in-all in the last 3 months).
Should we raise a new issue?

[funder7]

Same on Windows 10 with Oracle JDK 11.0.6 LTS

 Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:cC/<user-dir>/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.2.3.RELEASE/3734223040040e8c3fecd5faa3ae8a1ed6da146b/spring-core-5.2.3.RELEASE.jar
) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)

[snicoll]

Everyone, sharing the warning is not very useful unfortunately as the warning alone is no indication that it is the same problem. Please review this comment.

[jhoeller]

Please note that this warning can still happen on Spring Framework 5.1+ in case of certain ClassLoader scenarios and certain kinds of application classes to be proxied. The root of the problem is that there is no full replacement for the (non-public) ClassLoader.defineClass mechanism in JDK 9+ since Lookup.defineClass does not allow for specifying the ClassLoader to define the class in (it rather always uses the ClassLoader of the given context class). For that reason, we have to keep using ClassLoader.defineClass in case of custom ClassLoader architectures such as OSGi, some Java EE scenarios, and also DevTools reloading. Some occurrences of that warning are therefore totally expected; we only ´fixed´ the case that we can actually address with the replacement API.

As for the warning itself, as Stéphane mentioned, unfortunately it only indicates that Spring's CGLIB variant has been used for creating a class in a specific ClassLoader where ClassLoader.defineClass still has to be used. What we really need to know about is the particular class that triggered the warning, the ClassLoader architecture in use, and the code path that led to the creation attempt.

[TiredFalcon]

This has just happened for me.
I'm on spring-core/5.3.0-M1, spring-boot/2.4.0-M1.
If it helps, it started happening after I added a class implementing ApplicationContextAware to provide access to Beans from outside Spring code, as described in this article.

[napsterv]

Happening to me as well.
Windows 10 / Amazon Coretto JDK 11/ Spring Boot 2.3.4 RELEASE

[chattling]

Happening to me as well.
Windows 10 / Oracle JDK 11.0.8 / Spring Boot 2.3.4 RELEASE

[krzyk]

@jhoeller Considering that there is now https://openjdk.java.net/jeps/396 which will replace this warning with an error (application will fail to start) are the plans on somehow fix the issue in all cases? This JEP doesn't yet have a target release, but both JDK 16 and 17 are likely.

Or maybe report issue to JDK that defineClass is lacking some feature?
I would gladly do that, but I don't know anything about reflection in Java :(

[jcantonio]

Same issue
Mac OS / Oracle JDK 11.0.9 / Spring Boot 2.3.4
and
Mac OS / AdoptOpen JDK 11.0 / Spring Boot 2.3.4

[chattling]

Resolved for me after upgrade to Spring Boot 2.4.0.

[RicoApfelbeck]

still the same error with Spring Boot 2.4.0 and adopt openJDK 15.0.1 under macOS BigSur 11.0.1

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/Users/ra/.m2/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

[gaurav2493]

still the same error with Spring Boot 2.4.0 and adopt openJDK 15.0.1 under macOS BigSur 11.0.1

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:/Users/ra/.m2/repository/org/springframework/spring-core/5.3.1/spring-core-5.3.1.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

I'm getting the same in JDK 11(adopt-openj9-11.0.9)

[roeniss]

same issue.

Mac OS 10.15.7 / Spring Boot 2.4.1

openjdk version "11.0.9.1" 2020-11-04
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.9.1+1)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.9.1+1, mixed mode)

[jhoeller]

A quick update: See my comment at #22814 (comment) -
We're fine-tuning our defineClass handling for Boot's DevTools where a significant number of warnings comes from at the moment. Proxying for JDK library classes remains tough, as explained there as well.

Please note that many scenarios are going to work ok even with --illegal-access=deny in JDK 16 since we have a fallback in place once our defineClass attempt fails. Nevertheless, we'd like to address all remaining Boot scenarios so that we do not need to reflectively call ClassLoader.defineClass at all anymore, avoiding warnings with --illegal-access=warn.

An easy way out is also --add-opens java.base/java.lang=ALL-UNNAMED on JVM startup, getting rid of the warning in any scenario and also making any scenario work with --illegal-access=deny. All we're trying to do is improve the default experience with Spring Boot 2.4.x / 2.5 on Spring Framework 5.3.x, given the advent of JDK 16 and then JDK 17 LTS.

[msiniy]

I just reproduced warnings on openjdk 11.0.10 without any additional dependencies, just by unpacking the simplest starter archive and adding simple configuration:

@Configuration
public class TestConfiguration {

    @Bean("testbean")
    @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE, proxyMode = ScopedProxyMode.TARGET_CLASS)
    public Object testBean() {
        return "hehe";
    }
}

Probably this is related to the difficulties with proxying of JDK classes (java.lang.Object).

[TinaTiel]

Can also confirm this issue, if it helps this only started happening after adding Spring Integration (via the spring-boot-starter-integration starter -- version 5.4.2 according to effective POM)
Windows 10
Java 11.0.11 (adopt-open-j9-11)
Spring Boot v2.4.1, Spring v5.3.2

[tkohegyi]

Occurred for me too, after I started to create a new class with

@Component
@Scope(value = "session",  proxyMode = ScopedProxyMode.TARGET_CLASS)    //<- happened when inserted, and this class is used in other Component as @Autowired

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils (file:.....jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

JDK: azul-15.0.5
OS: Win10
Lib versions:
orgSpringframework='5.3.24'
orgSpringframeworkSecurity='5.8.1'
(no spring boot libs at all)