JDK 17 and ‘illegal reflective access’

As Java moves towards adopting security best practices – whether that’s JPMS or sealed classes – it’s evident that the best recourse is to pay down the tech debt and update the code to adopt these policies into your own code. Or if not your own code (in the case of external dependencies), then use updated libraries or different libraries that follow Java 9+ security best practices.

In the enterprise world that’s not always possible, so we discussed here resolution to one particular problem which occurs when migrating to JDK 16+ from JDK 11. These temporary fixes can buy you some time while allowing you to upgrade to a more modern versions of Java

Controlling JDBCSession Timeout

You might have noticed that Spring Boot’s server.session.timeout does not apply if JDBCSession library is autoconfigured. Which means, the standard way to set default session timeout no longer applies. The appropriate way to set the timeout in this case is through the @EnableJdbcHttpSession annotation’s maxInactiveIntervalInSeconds like so. This is fine Read more…