How to fix Guice error, "An illegal reflective access operation has occurred"

Asked 30/9, 2019 at 10:27 Answered 21/12, 2023 at 9:37

I've a Kotlin project which uses Guice for DI and has recently been updated from JDK 8 -> 11. It now emits the following error at runtime:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.inject.internal.cglib.core.$ReflectUtils$1 (file:/Users/matt/.gradle/caches/modules-2/files-2.1/com.google.inject/guice/4.2.2/6dacbe18e5eaa7f6c9c36db33b42e7985e94ce77/guice-4.2.2.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.google.inject.internal.cglib.core.$ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

How should this warning be addressed?

Coper answered 30/9, 2019 at 10:27 Comment(5)

See github.com/google/guice/issues/1133 – Subtropics 30/9, 2019 at 11:42

Thanks for the link @StefanZobel -- I have to admit, after having a look through the (fairly long) thread on that issue, it's not clear to me whether this is a case of "wait for Guice to fix it", or if there is some fix that can be applied in the mean time. – Coper 30/9, 2019 at 14:1

My understanding is that cglib 3.2.5 added support for using Methodhandles.Lookup.defineClass. This is the supported API for injecting a class into the same run-time package as another class. My reading of the Guice issue is that it bundles or re-packages a copy of cglib, I can't tell which version, but it might be an old version that relies on hacking the non-public ClassLoader.defineClass method The "Illegal reflective access" warning is important as the hack will break once java.base is full encapsulated. – Dentelle 30/9, 2019 at 14:35

Also see github.com/google/guice/issues/1216 – Greathearted 14/8, 2020 at 23:3

Confirmed this is now fixed in Guice 5.0.1 as of Feb 2021. – Pindus 8/3, 2021 at 0:43

The issue is due to how Guice internally accesses Java objects, which is unsafe under the new (Java 9+) Java Module System.

Also, starting with Java 16, this warning becomes an error, and the execution flag --illegal-access=permit must be specified manually to reproduce the behaviour of Java 9-15.

There is not much you can do to fix it; the best option is to upgrade to Guice 5.0.1, which has been patched to avoid illegal accesses. Your warning will disappear, and your application will work on Java 16+ with the default JVM behaviour.

Nudicaul answered 22/6, 2021 at 13:41 Comment(1)

Thanks, updating to 5.0.1 has made the warning go away. – Coper 15/7, 2021 at 11:49

As mentioned, it's better you just upgrade to Guice 5 where this is updated.

BUT ... just in case you are stuck with Guice 4 until you can make the upgrade, just start java with these extra parameters:

java --illegal-access=permit --add-opens java.base/java.lang=ALL-UNNAMED ...

Recommended topics

Hot tags