I am the maintainer of the mbentley/omada-controller Docker image and when using the Omada Controller 5.3.1, I notice that when I try to utilize a newer version of OpenJDK JRE, specifically 17, that the controller fails to start.  Based on the readme included wit the Linux tarball, it says `1. Install Java 8 or above`.  It's not specific on what it needs exactly so I figured that 17 would be fine.  When the controller starts, I am getting an error:

Exception in thread "main" java.lang.IllegalAccessError: class com.tplink.smb.omada.system.api.a.a (in unnamed module @0x62bd2070) cannot access class sun.security.x509.X509CertImpl (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x62bd2070
        at com.tplink.smb.omada.system.api.a.a.a(SourceFile:260)
        at com.tplink.smb.omada.starter.OmadaBootstrap.a(SourceFile:545)
        at com.tplink.smb.omada.starter.OmadaBootstrap.e(SourceFile:259)
        at com.tplink.smb.omada.starter.OmadaLinuxMain.a(SourceFile:84)
        at com.tplink.smb.omada.starter.OmadaLinuxMain.main(SourceFile:36)

I found a workaround but I am not sure if there are any security implications of adding the JVM arg --add-opens=java.base/sun.security.x509=ALL-UNNAMED

as it describes and it adds a not-insignificant amount of adaptations to the scripts that power the image.  The issue only seems to come up if I am taking my own PEM certs and creating a JKS.  Using the default certs seems to be fine.

The reason that I would like to use openjdk-17's JRE is that it includes support for cgroupsv2 support for containers which was added in v15 but Ubuntu 20.04 jumps from openjdk-11 to openjdk-16.