This is something of a placeholder to investigate the detailed behaviour.
Starting the IdP under Java OpenJDK 9.0.4 or Java 10 EA 46 gives this:
The IdP still functions in this environment, or at least my simplistic deployment still runs.
We need to dig into this to figure out which if any other modules are implicated, and see whether we can get updated components prior to our next and hopefully final 3.x release so that we can avoid things failing further down the line.
Environment
None
Activity
Ian YoungSeptember 24, 2018 at 2:28 PM
Confirmed warning no longer appears in the latest 3.4.0-SNAPSHOT.
Ian YoungSeptember 20, 2018 at 2:16 PM
Confirmed it's just a warning, even in Java 11.
Ian YoungSeptember 20, 2018 at 1:37 PM
Reading back to my original comments, looks like the extra option isn't actually required for operation, but I added it to see if I could smoke out any more issues. I will verify that before proceeding, but if so I don't think we need to alert deployers to this at all; it's just a warning which will go away in V3.4.
Ian YoungSeptember 19, 2018 at 4:53 PM
Confirming that 3.3.3 still does this under Java 11 EA, and that the workround still operates there (but may not, of course, operate in a future version of Java).
I will test a V3.4 SNAPSHOT against that environment to confirm that the workround can be removed.
Scott CantorSeptember 18, 2018 at 2:06 PM
Just for the record, it's worth noting that there is no JAXP SecurityManager or XMLSecurityManager interface to code to that we could use to build our own to inject that wouldn't be subject to these reflection limitations. It's all just internal classes made up by Xerces and adopted into the JDK.
I'll review our various text but I think we need to make it clear we don't support any other parsers, we simply "support" in a physical sense the possible use of one.
This is something of a placeholder to investigate the detailed behaviour.
Starting the IdP under Java OpenJDK 9.0.4 or Java 10 EA 46 gives this:
The IdP still functions in this environment, or at least my simplistic deployment still runs.
We need to dig into this to figure out which if any other modules are implicated, and see whether we can get updated components prior to our next and hopefully final 3.x release so that we can avoid things failing further down the line.