ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Plehanov <plehanov.a...@gmail.com>
Subject Re: Do I have to use --illegal-access=permit for Java thin client and JDBC with JDK 9/10/11.
Date Mon, 26 Aug 2019 13:22:14 GMT
Dmitry,

As I said before, thin client uses BinaryHeapOutputStream, which uses
Unsafe, so "--illegal-access=deny" has an effect.
With "--illegal-access=deny" thin client will not start unless you specify
"--add-opens=java.base/java.nio=ALL-UNNAMED"

пн, 26 авг. 2019 г. в 15:57, Dmitriy Pavlov <dpavlov@apache.org>:

> Hi Alex, Would it be reasonable to migrate exports to --add-opens?
>
> Thin clients don't use Unsafe, so --illegal-access=deny has no effect.
>
> --illegal-acess=pertmit is also well known that it is a default value. I
> guess it was added to compensate future Java defaults changes from permit
> to deny. We can save one more release if Ignite will work on a future
> release of Java, where `permit` is not  default.
>
> Sincerely,
> Dmitriy Pavlov
>
> пн, 26 авг. 2019 г. в 15:51, Alex Plehanov <plehanov.alex@gmail.com>:
>
> > Denis,
> >
> > I've tried Oracle JDK 11 and OpenJDK 12 with Ignite 2.7.5, looks like:
> > "--add-exports=java.base/jdk.internal.misc=ALL-UNNAMED"
> > Is enough for running java thin client.
> > Also, adding:
> > "--add-opens=java.base/java.nio=ALL-UNNAMED"
> > Eliminates all warnings about illegal access (with
> > "--illegal-access=permit" warnings are still shown)
> >
> > About "--illegal-access=permit" flag, AFAIK this is the default value for
> > currently released java versions (11, 12). But with option
> > "--add-opens=java.base/java.nio=ALL-UNNAMED" thin client also works even
> if
> > "--illegal-access=deny" is set.
> >
> >  пт, 23 авг. 2019 г. в 19:44, Denis Magda <dmagda@apache.org>:
> >
> > > Hmm, looks like we need to provide some VM options for the thin clients
> > as
> > > well.
> > >
> > > Alex, would you mind checking and sharing a full subset of such options
> > for
> > > the thin clients? I'll update the docs.
> > >
> > > -
> > > Denis
> > >
> > >
> > > On Fri, Aug 23, 2019 at 9:23 AM Alex Plehanov <plehanov.alex@gmail.com
> >
> > > wrote:
> > >
> > > > Denis,
> > > >
> > > > Thin client uses BinaryHeapOutputStream, which uses Unsafe. I've got
> > some
> > > > warnings when I run thin client with --illegal-access=debug flag, for
> > > > example:
> > > >
> > > > WARNING: Illegal reflective access by
> > > > org.apache.ignite.internal.util.GridUnsafe$2
> > > > (file:/D:/Work/Projects/ignite/modules/core/target/classes/) to field
> > > > java.nio.Buffer.address
> > > > at
> > org.apache.ignite.internal.util.GridUnsafe$2.run(GridUnsafe.java:1536)
> > > > at
> > org.apache.ignite.internal.util.GridUnsafe$2.run(GridUnsafe.java:1531)
> > > > at
> > > >
> > > >
> > >
> >
> java.base/java.security.AccessController.doPrivileged(AccessController.java:310)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.ignite.internal.util.GridUnsafe.bufferAddressOffset(GridUnsafe.java:1531)
> > > > at
> > >
> org.apache.ignite.internal.util.GridUnsafe.<clinit>(GridUnsafe.java:106)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.ignite.internal.binary.streams.BinaryHeapOutputStream.writeIntFast(BinaryHeapOutputStream.java:122)
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.ignite.internal.binary.streams.BinaryAbstractOutputStream.writeInt(BinaryAbstractOutputStream.java:123)
> > > >
> > > >
> > > > чт, 22 авг. 2019 г. в 23:43, Denis Magda <dmagda@apache.org>:
> > > >
> > > > > Ok, I updated the docs saying that
> > > > >
> > > > > "4. Add the following VM options to your Java applications. That's
> > not
> > > > > needed if you use Java thin clients or Ignite JDBC."
> > > > >
> > > > >
> > > >
> > >
> >
> https://apacheignite.readme.io/docs/getting-started#section-running-ignite-with-java-9-10-11
> > > > >
> > > > > -
> > > > > Denis
> > > > >
> > > > >
> > > > > On Thu, Aug 22, 2019 at 9:30 AM Denis Mekhanikov <
> > > dmekhanikov@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Denis,
> > > > > >
> > > > > > I didn’t find any usages of JDK internals in the implementation
> of
> > > the
> > > > > > thin clients.
> > > > > > It would be nice to verify in tests that thin clients can work
> > > without
> > > > > > these flags.
> > > > > >
> > > > > > Do our Java 9/10/11 tests include thin client testing? If so,
do
> > > these
> > > > > > tests include these flags?
> > > > > >
> > > > > > Denis
> > > > > > On 15 Aug 2019, 11:09 +0300, Denis Magda <dmagda@apache.org>,
> > wrote:
> > > > > > > Denis,
> > > > > > >
> > > > > > > Does it mean we don't need to pass any flags from this
list [1]
> > at
> > > > all
> > > > > > for
> > > > > > > the JDBC and thin clients?
> > > > > > >
> > > > > > > [1]
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://apacheignite.readme.io/docs/getting-started#section-running-ignite-with-java-9-10-11
> > > > > > >
> > > > > > > -
> > > > > > > Denis
> > > > > > >
> > > > > > >
> > > > > > > On Wed, Aug 14, 2019 at 5:56 PM Denis Mekhanikov <
> > > > > dmekhanikov@gmail.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > Hi!
> > > > > > > >
> > > > > > > > There are two JDK internal things that are used by
Ignite:
> > Unsafe
> > > > and
> > > > > > > > sun.nio.ch package.
> > > > > > > > None of these things are used by thin clients. So,
it’s fine
> to
> > > use
> > > > > > thin
> > > > > > > > clients without additional flags.
> > > > > > > >
> > > > > > > > Denis
> > > > > > > >
> > > > > > > > > On 13 Aug 2019, at 23:01, Shane Duan <sduanesri@gmail.com>
> > > > wrote:
> > > > > > > > >
> > > > > > > > > Hi Igniter,
> > > > > > > > >
> > > > > > > > > I understand that --illegal-access=permit is
required for
> JDK
> > > > > > 9/10/11 on
> > > > > > > > > Ignite server. But do I have to include this
JVM parameter
> > for
> > > > > Ignite
> > > > > > > > Java
> > > > > > > > > thin client and JDBC client? I tried some simple
test
> without
> > > it
> > > > > and
> > > > > > it
> > > > > > > > > seems working fine...
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > > Shane
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message