Bug with Java 17 due to WarningIntercept

Basics

Logistics

Basics

Logistics

Description

I think I am hitting an issue with Amazon Corretto 17 for Linux and my (sandbox) IDP’s WarningIntercept configuration.

To try and eliminate any code errors on my part, I am testing with the expiring password flow:

  <util:map id="shibboleth.warning.ConditionMap">
        <entry key="expiring-password">
            <bean parent="shibboleth.Pair">
                <constructor-arg index="0">
                    <bean id="shibboleth.expiring-password.Condition"
                        class="net.shibboleth.idp.profile.logic.DateAttributePredicate"
                        c:attribute="MainePersonPasswordExpires" c:formatString="yyyyMMddHHmmssX"
                        p:resultIfMissing="false" p:offset="-P190D" />
                </constructor-arg>
                <constructor-arg index="1">
                    <bean class="java.time.Duration" factory-method="parse" c:_0="PT8H" />
                </constructor-arg>
            </bean>
        </entry>
    </util:map>

Whenever the warning intercepts fire, the follow error is sent to the screen:

A software error was encountered that prevents normal operation:
org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'WarningIterator.hasNext()' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl]
Please report this problem to your Help Desk or administrative staff. It has also been logged for an administrator to review.

I will add the full stack trace seperately, but the “caused by” is:

Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make public final boolean java.util.LinkedHashMap$LinkedHashIterator.hasNext() accessible: module java.base does not "opens java.util" to unnamed module @50b46e24

at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)

at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)

at java.base/java.lang.reflect.Method.checkCanSetAccessible(Method.java:199)

at java.base/java.lang.reflect.Method.setAccessible(Method.java:193)

at org.springframework.util.ReflectionUtils.makeAccessible(ReflectionUtils.java:573)

at org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:128)

... 288 common frames omitted

If I downgrade to Amazon Corretto 11 for Linux, the warning intercept appears to fire correctly (though there is a spring warning).

Environment

Oracle Enterprise Linux 8
Amazon Corretto 17 for Linux
jetty-9.4.26.v20200117
IDP 4.1.5 (upgraded from original 4.1.4 install)

Linked work items

is duplicated by

IDP-2212

Warning interrupt causing runtime exception during load sometimes

Activity

Ian Young

March 24, 2022 at 4:10 PM

Confirming that this is also fixed in Spring Framework 6.0.0-M3.

Scott Cantor

February 21, 2022 at 4:30 PM

I reverted the original workaround so I'll close this out based on our belief that Spring should be addressing this now.

Ian Young

February 21, 2022 at 4:01 PM

Bumped Spring Framework to 5.3.16 in parent POM commit 26b764fd06bf995bb96a3e53f8d386ae4047c239.

Added canary to spring-extensions commit 5f936089cbb1ac67c0459bf8a4f281445bff4338.

Ian Young

February 21, 2022 at 3:14 PM

I have a canary test for this ready to go when we update to 5.3.16 (or before, if we’re OK with the -multi tests failing under Java 17 for a while).

Scott Cantor

February 17, 2022 at 12:54 PM

We probably should remove the workaround from 4.2 in that case.

Resize issue view side panel

Fixed

Details

Assignee

Scott Cantor

Reporter

Steven Premeau

Created January 31, 2022 at 6:24 PM

Updated February 6, 2025 at 6:36 PM

Resolved February 21, 2022 at 4:30 PM

Bug with Java 17 due to WarningIntercept

Description

Environment

Linked work items

is duplicated by

Activity

Details

Assignee

Reporter

Components

Fix versions

Affects versions