java 9: "Illegal reflective access by com.amazonaws.util.XpathUtils"

[cvmocanu]

I got the following warning, running on Java 9 (running with --illegal-access=debug to get the stack trace):

WARNING: Illegal reflective access by com.amazonaws.util.XpathUtils (file:/home/cvmocanu/.m2/repository/com/amazonaws/aws-java-sdk-core/1.11.129/aws-java-sdk-core-1.11.129.jar) to method com.sun.org.apache.xpath.internal.XPathContext.getDTMManager()
	at com.amazonaws.util.XpathUtils.speedUpDTMManager(XpathUtils.java:98)
	at com.amazonaws.util.XpathUtils.<clinit>(XpathUtils.java:135)
	at com.amazonaws.http.DefaultErrorResponseHandler.parseXml(DefaultErrorResponseHandler.java:124)
	at com.amazonaws.http.DefaultErrorResponseHandler.documentFromContent(DefaultErrorResponseHandler.java:105)
	at com.amazonaws.http.DefaultErrorResponseHandler.createAse(DefaultErrorResponseHandler.java:84)
	at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:71)
	at com.amazonaws.http.DefaultErrorResponseHandler.handle(DefaultErrorResponseHandler.java:47)
	at com.amazonaws.http.AwsErrorResponseHandler.handleAse(AwsErrorResponseHandler.java:50)
	at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:38)
	at com.amazonaws.http.AwsErrorResponseHandler.handle(AwsErrorResponseHandler.java:24)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1570)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
	at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
	at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.doInvoke(AWSSecurityTokenServiceClient.java:1271)
	at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.invoke(AWSSecurityTokenServiceClient.java:1247)
	at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.executeAssumeRole(AWSSecurityTokenServiceClient.java:454)
	at com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient.assumeRole(AWSSecurityTokenServiceClient.java:431)
...stack trace trimmed for privacy issues

This should be fixed, since the warning will turn into exceptions in subsequent Java versions.

[zoewangg]

Thanks for reporting. We might not be able get to this soon for V1 but we will definitely look into it for V2 if this issue also occurs in v2 (https://github.com/aws/aws-sdk-java-v2)

[dagguh]

We use AWS in many of our tests and we see this set of warnings all the time. It's suboptimal for maintaining a culture of clean logs and sensitivity to warnings. Devs will soon start subconsciously ignoring them and any other (perhaps more severe) potential warnings.

[jsyrjala]

I am getting this warning with OpenJDK 11 (without any --illegal-access paramaters)

[debora-ito]

@cvmocanu @dagguh @jsyrjala

The SDK team has reviewed the feature request list for V1 and decided to not implement this one since they're concentrating efforts on V2 new features. This issue is already fixed in V2.

I'll go ahead and close this, feel free to reach out with any comments.

[meshuga]

I kindly ask to backport the change to V1. My company has a lot of code that requires V1 to run and migration to V2 would mean additional costs. I assume it's not a feasible option for other companies that use the SDK as well.

[cruizba]

@meshuga I'm facing the same problem as you. I'm not sure, but maybe this option will be available for all OpenJDK versions in the future. This makes public all elements of the "illegal" access of aws-sdk-java v1:

--add-opens=java.xml/com.sun.org.apache.xpath.internal=ALL-UNNAMED

[hyderkhanmoj]

@meshuga I'm facing the same problem as you. I'm not sure, but maybe this option will be available for all OpenJDK versions in the future. This makes public all elements of the "illegal" access of aws-sdk-java v1:

--add-opens=java.xml/com.sun.org.apache.xpath.internal=ALL-UNNAMED

This solution does not seem to work for me, I also trying exporting. Did you manage to get it working?