[Solved] Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1

My JDK 9+181 Spring Boot 2.0.0.BUILD-SNAPSHOT CLI application displays this warning on startup:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (jar:file:/home/jan/src/fm-cli/target/fm-cli-0.1.0-SNAPSHOT.jar!/BOOT-INF/lib/spring-core-5.0.0.RELEASE.jar!/) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1

This is a console application, so I need to disable this warning — how can I do that?

Note: This question asks the specific question of how to disable this warning triggered by Spring; it is not a duplicate of JDK9: An illegal reflective access operation has occurred. org.python.core.PySystemState which deals with a similar symptom in a different library.

Solution #1:

In JDK 9+, add the following option to the JVM to disable the warning from Spring’s use of CGLIB:

--add-opens java.base/java.lang=ALL-UNNAMED

for example:

java --add-opens java.base/java.lang=ALL-UNNAMED -jar target/*.jar

No need to report it; it’s a known Spring bug.

This happens because the new JDK 9 module system detected an illegal access that will be disallowed sometime in the (near) future. You can read more about the JDK 9 Module system here.


A fix for this issue is available JDK 9+ with Spring 5.1+.

Respondent: Jan Nielsen

Solution #2:

This also happened to me on JDK 11 and Spring Boot 2.2.1 (Spring Core 5.2.1).

What helped was removing the dependency to org.springframework.boot:spring-boot-devtools, as suggested in some comments to Spring Framework issue #22814.

Respondent: Jan Nielsen

Solution #3:

Adding to Jan Nielsen answer above, if you are using Intellij and Spring Boot 2.0.3, which depends on Spring core 5.0.7, you are still stuck and do not have the fix.

The way out for me needed two things:

  • Add the –add-opens mentioned by Jan to your run/debug configuration. Just edit the configuration and look under Environment / VM Options. This takes care of silencing some of the “illegal access messages”.

  • I also needed to add a dependency to the jaxb-api library. I got the hint from ValentinBossi comment on this spring github issue.

Respondent: Cos64

Solution #4:

When using the spring initializer, make sure you use the latest version of Spring Boot. It automatically gets Spring core 5.1 or greater for you and you won’t see the error when you run the project.

So you don’t have to worry about editing any JVM configuration.

Respondent: Coffee_fan

Solution #5:

After these warnings, if your app is still not working then add this dependency to your pom.xml


This helped me!!

Respondent: Onome Sotu

Solution #6:

I’m sitting on these versions and I still see the WARNING:

  • SpringBoot 2.4.1
  • Spring Core FW: 5.3.2 (my parent pom is Spring Boot’s, so this version is introduced by it, not manually set by me)
  • Java openjdk version “” 2020-11-04

Removing the dependency from spring-boot-devtools also worked for me and the warning is no longer there at startup.


… At the end of the day I was just using the automatic re-start from my IDE upon any change in the classpath and I can leave without it.
The thing, though, is that theroreticatlly we should not worry about it, since according to Spring documentation:

Developer tools are automatically disabled when running a fully packaged application. If your application is launched using java -jar or if it’s started using a special classloader, then it is considered a “production application”

So one could expect that when the application is launched from command line the warning should go away (I haven’t verified that).

Solution #7:

If you use maven and spring, just please upgrade to Spring Framework 5.1+ / Spring Boot 2.1+.

Respondent: WinterBoot

The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .

Leave a Reply

Your email address will not be published.