Problem
When upgrading IdentityIQ alongside the JDK, it is important to verify that your existing custom code remains compatible with the updated JDK APIs.
During our upgrade process, we encountered access issues related to the use of internal JDK classes, with the following classes:
- HttpURLConnection
- OutputStream
Error:
sun.net.www.protocol.https.HttpsURLConnectionImpl’ :java.lang.IllegalAccessException: class bsh.Reflect cannot access class sun.net.www.protocol.https.HttpsURLConnectionImpl (in module java.base) because module java.base does not export
Diagnosis
Java introduced the ‘Java Platform Module System’. This system encapsulates internal APIs within modules, restricting access unless explicitly declared. As a result, internal classes such as sun.net.www.protocol.https.HttpsURLConnectionImpl are no longer accessible by default.
Solution
To bypass the restriction, you can modify the ‘catalina.sh’ (or ‘catalina.bat’ for Windows) startup script for Tomcat by adding the following JVM options:
This is a temporary workaround and not recommended for long-term use.
CATALINA_OPTS="$CATALINA_OPTS \
--add-exports=java.base/sun.net.www.protocol.https=ALL-UNNAMED \
--add-exports=java.base/sun.net.www.http=ALL-UNNAMED"
Solution : Refactor the affected code to use other API.
For example, replace the use of ‘HttpURLConnection’ with a OkHTTP 4.9.3 jar.