When stopping a Spring Boot web application running on Tomcat 9 with Java 10, you might encounter a warning related to illegal reflective access. This warning is part of the Java Platform Module System (JPMS) introduced in Java 9, which aims to improve security and maintainability by enforcing encapsulation at the module level. Here's a detailed breakdown of what this means and how to approach these warnings.

Understanding Illegal Reflective Access

Reflective access in Java is a technique that allows code to examine and invoke methods, fields, and constructors of classes at runtime, even if they are not accessible at compile time. This is powerful but can potentially violate the encapsulation that Java modules aim to enforce.

What Triggers the Warning?

In Java 9 and later, if your application attempts to perform reflective operations to access internal APIs that are not exported by a module, a runtime warning is triggered. This is because the JPMS regulates module boundaries and does not allow access to non-exported types:

• Java Modules: Introduced to better manage packages and access.
• Illegal Access: Occurs when reflective APIs bypass these regulations to access internal JVM components.

When you shut down a Spring Boot application using Tomcat 9 with Java 10, the underlying libraries, or the application itself, might be attempting to use such reflective operations on JDK internal APIs or other modules that don’t explicitly provide export permissions.

Example of a Warning

A typical warning might look like this:

• Suppress Warnings: Use the JVM option `--add-opens` to allow the necessary access. This is more of a stop-gap measure to suppress warnings without changing the core behavior.
• Future Compatibility: Ignoring these warnings may lead to runtime errors when using newer Java versions as stricter enforcement comes into place.
• Security Risks: Reflective access can introduce unexpected security vulnerabilities if sensitive internal APIs are exposed unintentionally.