Unable to start Omada Controller 5.3.1 with openjdk-17-jre
I am the maintainer of the mbentley/omada-controller Docker image and when using the Omada Controller 5.3.1, I notice that when I try to utilize a newer version of OpenJDK JRE, specifically 17, that the controller fails to start. Based on the readme included wit the Linux tarball, it says `1. Install Java 8 or above`. It's not specific on what it needs exactly so I figured that 17 would be fine. When the controller starts, I am getting an error:
Exception in thread "main" java.lang.IllegalAccessError: class com.tplink.smb.omada.system.api.a.a (in unnamed module @0x62bd2070) cannot access class sun.security.x509.X509CertImpl (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x62bd2070
at com.tplink.smb.omada.system.api.a.a.a(SourceFile:260)
at com.tplink.smb.omada.starter.OmadaBootstrap.a(SourceFile:545)
at com.tplink.smb.omada.starter.OmadaBootstrap.e(SourceFile:259)
at com.tplink.smb.omada.starter.OmadaLinuxMain.a(SourceFile:84)
at com.tplink.smb.omada.starter.OmadaLinuxMain.main(SourceFile:36)
I found a workaround but I am not sure if there are any security implications of adding the JVM arg --add-opens=java.base/sun.security.x509=ALL-UNNAMED
as it describes and it adds a not-insignificant amount of adaptations to the scripts that power the image. The issue only seems to come up if I am taking my own PEM certs and creating a JKS. Using the default certs seems to be fine.
The reason that I would like to use openjdk-17's JRE is that it includes support for cgroupsv2 support for containers which was added in v15 but Ubuntu 20.04 jumps from openjdk-11 to openjdk-16.