Support running DG Toolkit 4.x with default --illegal-access=deny

[nmandrescu]

JDK16 brings JEP 396 that defaults to --illegal-access=deny. Current workaround is to use --illegal-access=permit (or warn) to bypass illegal reflective-access restriction.

JEP 403 is planned for JDK17 (Sept 2021), that will remove --illegal-access flag altogether and act always with deny rule.

Illegal reflective access in DGToolkit 4.x are reported for (some samples):

• wicket-core/9.3.0
• jackson-databind/2.12.3
• cglib/3.3.0

Example:

WARNING: Illegal reflective access by org.apache.wicket.core.util.lang.PropertyResolver$DefaultPropertyLocator (file:~/.m2/repository/org/apache/wicket/wicket-core/9.3.0/wicket-core-9.3.0.jar) to field java.lang.Enum.name

Note: also cleanup readme about illegal-access once no longer needed.

[nmandrescu]

The solution is to grand illegal reflective access with --add-opens for specific modules used by above libraries:

• wicket and jackson libs by nature heavily rely on reflection. Both try to use a setter/getter method before accessing a field directly.
  • DG Toolkit modules should carefully define getters/setters for reflective usage.
  • Some external modules can still miss getter/setters and they need to be explicitly opened. Nevertheless we should report to wicket/jackson such use cases, since they can (and did) find ways to bypass some of them.
• cglib however needs to transition to a standard replacement Java 16 and 17 compatibility cglib/cglib#191

A few modules are now opened to ALL-UNNAMED. It would be best to open them only to wicket/jackson modules. We can either find the right module path config (couldn't figure the setup that works) or use Java Module system #379 to open from there. Until then the entries are stored in the argfile.txt that has to be provided as JVM option java @argfile.txt ...

Ofc DG Toolkit based projects will grow and may encounter new use cases to open other modules.