--permit-illegal-access and non-reflective access

Sander Mak sander.mak at luminis.eu
Mon Apr 24 13:53:04 UTC 2017

I was trying out the --permit-illegal-access flag with a simple class that uses an encapsulated type from the JDK by (non-reflectively) instantiating it in the main method:

$ java Test
Exception in thread "main" java.lang.IllegalAccessError: class Test (in unnamed module @0x7b3300e5) cannot access class sun.security.x509.X500Name (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x7b3300e5
	at Test.main(Test.java:5)

$ java --permit-illegal-access Test
WARNING: --permit-illegal-access will be removed in the next major release

What I expected to see was a warning message about sun.security.x509.X500Name during the second invocation of java. Then, after reading [0] again, I realized the warnings only pertain to reflective access. 

What's the idea behind this distinction? The Test class fails just as well with an IllegalAccessException without the --permit-illegal-access flag. Only, I don't get to see the problem when running with --permit-illegal-access unless the access is done reflectively. Is it because non-reflective uses can be found statically by jdeps, and are not 'worthy' of a warning? Just looking for the rationele here. It does mean fixing all warnings logged by --permit-illegal-access is not a guarantee there won't be IllegalAccessExceptions anymore afterwards.


[0] http://mail.openjdk.java.net/pipermail/jigsaw-dev/2017-March/011763.html

More information about the jigsaw-dev mailing list