Illegal reflective operation

[jjg-123]

Building OA4MP yields the following warning message

building OA4MP from sources ...
   deploy directory exists, cleaning...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.thoughtworks.xstream.core.util.Fields (file:/home/ncsa/.m2/repository/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar) to field java.util.Properties.defaults
WARNING: Please consider reporting this to the maintainers of com.thoughtworks.xstream.core.util.Fields
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

(the build continues fine, it's just a warning). the issue is that someplace, some dependency is calling an old version of com.thoughtworks.XStream for Java 8. This warning is because Java 11 now flags certain introspection operations as bad. Newer versions of XStream (1.4.20 is suggested) should solve this. The issue is that even having maven spit out its dependency tree shows no dependencies on com.thoughtworks, so this is a dependency of a dependecy of a... and there is no easy way to figure out where this is coming from except to try and build each module and isolate the error. There are a lot of modules in OA4MP. Actual detective work is needed.

For now, Java 11 allows this, but if we upgrade to another version of Java, it may kill the build until this is isolated and quashed.

[jjg-123]

Sleuthing shows that the issue is in client-webapp, client-oauth and oa4mp-webapp which use JSP. Some dependency someplace that is needed uses com.thoughtworks.XStream (a lightweight XML serializer). This implies the JSP processing code is the culprit. Since Oracle has deprecated JSP, this means that part of the codebase is effectively abandoned. The JSP pages can be replaced with a servlet, so that is probably the path forward.