背景

在做企業(yè)微信消息通知的時(shí)候，運(yùn)行項(xiàng)目，出現(xiàn)該警告。

WARNING: A Java agent has been loaded dynamically (D:\maven-repository\net\bytebuddy\byte-buddy-agent\1.14.9\byte-buddy-agent-1.14.9.jar)
WARNING: If a serviceability tool is in use, please run with -XX:+EnableDynamicAgentLoading to hide this warning
WARNING: If a serviceability tool is not in use, please run with -Djdk.instrument.traceUsage for more information
WARNING: Dynamic loading of agents will be disallowed by default in a future release

解決

經(jīng)過

查了一些資料，找到一篇英文的介紹，有想深入的小伙伴可以自己研究下。
這里貼到下面

OpenJDK’s JEP 451: Balancing Serviceability and Integrity in JVM

JEP 451, Prepare to Disallow the Dynamic Loading of Agents（ 鏈接）, has been completed from Target status for JDK 21. This JEP has evolved from its original intent to disallow the dynamic loading of agents into a running JVM by default to issue warnings when agents are dynamically loaded into a running JVM. The goals of this JEP include: reassessing the balance between serviceability and integrity; and ensuring that a majority of tools, which do not need to load agents dynamically, are unaffected.
（JEP 451，準(zhǔn)備禁止代理的動態(tài)加載，已從 JDK 21 的目標(biāo)狀態(tài)完成。此 JEP 已從其最初的意圖演變而來，即默認(rèn)不允許將代理動態(tài)加載到正在運(yùn)行的 JVM 中，而是在代理動態(tài)加載到正在運(yùn)行的 JVM 時(shí)發(fā)出警告。該 JEP 的目標(biāo)包括：重新評估可維護(hù)性和完整性之間的平衡;并確保大多數(shù)不需要?jiǎng)討B(tài)加載代理的工具不受影響。）

The primary goal of this proposal is to prepare for a future release of the JDK that will, by default, disallow the loading of agents into a running JVM. This change is designed to reassess the balance between serviceability, which involves ad-hoc changes to running code, and integrity, which assumes that running code is not arbitrarily changed. It is important to note that the majority of tools, which do not need to load agents dynamically, will remain unaffected by this change.
（該提案的主要目標(biāo)是為將來的 JDK 版本做準(zhǔn)備，默認(rèn)情況下，該版本將不允許將代理加載到正在運(yùn)行的 JVM 中。此更改旨在重新評估可維護(hù)性（涉及對運(yùn)行代碼的臨時(shí)更改）和完整性（假定運(yùn)行代碼未被任意更改）之間的平衡。需要注意的是，大多數(shù)不需要?jiǎng)討B(tài)加載代理的工具將不受此更改的影響。）

In JDK 21, the dynamic loading of agents is allowed, but the JVM issues a warning when it occurs. For example:
（在 JDK 21 中，允許動態(tài)加載代理，但 JVM 會在發(fā)生時(shí)發(fā)出警告。例如）

WARNING: A Java agent has been loaded dynamically (D:\maven-repository\net\bytebuddy\byte-buddy-agent\1.14.9\byte-buddy-agent-1.14.9.jar)
WARNING: If a serviceability tool is in use, please run with -XX:+EnableDynamicAgentLoading to hide this warning
WARNING: If a serviceability tool is not in use, please run with -Djdk.instrument.traceUsage for more information
WARNING: Dynamic loading of agents will be disallowed by default in a future release

To allow tools to load agents without warnings dynamically, developers must run with the -XX:+EnableDynamicAgentLoading option on the command line.
（要允許工具在沒有警告的情況下動態(tài)加載代理，開發(fā)人員必須在命令行上使用 -XX：+EnableDynamicAgentLoading 選項(xiàng)運(yùn)行。）

Agents in the Java platform are components that can alter the code of an application while it is running. They were introduced by the Java Platform Profiling Architecture in JDK 5 as a way for tools, notably profilers, to instrument classes. This means altering the code in a class so that it emits events to be consumed by a tool outside the application without otherwise changing the code’s behaviour.
（Java 平臺中的代理是可以在應(yīng)用程序運(yùn)行時(shí)更改其代碼的組件。它們是由 JDK 5 中的 Java 平臺分析體系結(jié)構(gòu)引入的，作為工具（尤其是分析器）檢測類的一種方式。這意味著更改類中的代碼，以便它發(fā)出事件以供應(yīng)用程序外部的工具使用，而無需更改代碼的行為。）

However, over time, advanced developers found use cases such as Aspect-Oriented Programming that change application behaviour in arbitrary ways. There is also nothing to stop an agent from altering code outside the application, such as code in the JDK itself. To ensure that the owner of an application approved the use of agents, JDK 5 required agents to be specified on the command line with the -javaagent or -agentlib options and loaded the agents immediately at startup. This represented an explicit grant of privileges by the application owner.
（然而，隨著時(shí)間的流逝，高級開發(fā)人員發(fā)現(xiàn)了諸如面向方面的編程之類的用例，這些用例會以任意方式改變應(yīng)用程序行為。也沒有什么可以阻止代理更改應(yīng)用程序外部的代碼，例如 JDK 本身中的代碼。為了確保應(yīng)用程序的所有者批準(zhǔn)使用代理，JDK 5 要求在命令行上使用 -javaagent 或 -agentlib 選項(xiàng)指定代理，并在啟動時(shí)立即加載代理。這表示應(yīng)用程序所有者顯式授予特權(quán)。）

Serviceability is the ability of a system operator to monitor, observe, debug, and troubleshoot an application while it runs. The Java Platform’s excellent serviceability has long been a source of pride. To support serviceability tools, JDK 6 introduced the Attach API which is not part of the Java Platform but, rather, a JDK API supported for external use. It allows a tool launched with appropriate operating-system privileges to connect to a running JVM, either local or remote, and communicate with that JVM to observe and control its operation.
（可維護(hù)性是指系統(tǒng)操作員在應(yīng)用程序運(yùn)行時(shí)對其進(jìn)行監(jiān)視、觀察、調(diào)試和故障排除的能力。長期以來，Java 平臺出色的可維護(hù)性一直是我們引以為豪的源泉。為了支持可維護(hù)性工具，JDK 6 引入了 Attach API，它不是 Java 平臺的一部分，而是支持外部使用的 JDK API。它允許以適當(dāng)?shù)牟僮飨到y(tǒng)權(quán)限啟動的工具連接到正在運(yùn)行的 JVM（本地或遠(yuǎn)程），并與該 JVM 通信以觀察和控制其操作。）

However, despite a conceptual separation of concerns between libraries and tools, some libraries provide functionality that relies upon the code-altering superpower afforded to agents. For example, a mocking library might redefine application classes to bypass business-logic invariants, while a white-box testing library might redefine JDK classes so that reflection over private fields is always permitted.
（然而，盡管庫和工具之間的關(guān)注點(diǎn)在概念上是分開的，但一些庫提供的功能依賴于為代理提供的代碼更改超級能力。例如，模擬庫可能會重新定義應(yīng)用程序類以繞過業(yè)務(wù)邏輯不變量，而白盒測試庫可能會重新定義 JDK 類，以便始終允許對私有字段進(jìn)行反射。）

Unfortunately, some libraries misuse dynamically loaded agents, leading to a loss of integrity. They use the Attach API to silently connect to the JVMs in which they run and load agents dynamically, in effect masquerading as serviceability tools. This misuse of dynamically loaded agents by libraries has led to the need for stronger measures to prevent such actions and maintain the integrity of the JVM.
（遺憾的是，某些庫濫用了動態(tài)加載的代理，導(dǎo)致完整性喪失。它們使用 Attach API 以靜默方式連接到運(yùn)行它們的 JVM，并動態(tài)加載代理程序，實(shí)際上偽裝成可維護(hù)性工具。庫對動態(tài)加載代理的這種濫用導(dǎo)致需要采取更有力的措施來防止此類行為并維護(hù) JVM 的完整性。）

The proposal aims to require the dynamic loading of agents to be approved by the application owner, moving the Java Platform closer to the long-term vision of integrity by default. In practical terms, the application owner will have to choose to allow the dynamic loading of agents via a command-line option.
（該提案旨在要求代理的動態(tài)加載必須得到應(yīng)用程序所有者的批準(zhǔn)，從而使 Java 平臺更接近默認(rèn)完整性的長期愿景。實(shí)際上，應(yīng)用程序所有者必須選擇允許通過命令行選項(xiàng)動態(tài)加載代理。）

The impact of this change will be mitigated by the fact that most modern server applications are designed with redundancy, so individual nodes can be restarted with the command-line option as needed. Special cases, such as a JVM that must never be stopped for maintenance, can typically be identified in advance so that the dynamic loading of agents can be enabled from the start.
（由于大多數(shù)現(xiàn)代服務(wù)器應(yīng)用程序都設(shè)計(jì)有冗余，因此可以根據(jù)需要使用命令行選項(xiàng)重新啟動單個(gè)節(jié)點(diǎn)，因此可以減輕此更改的影響。特殊情況，例如永遠(yuǎn)不能停止維護(hù)的 JVM，通?？梢蕴崆白R別，以便從一開始就啟用代理的動態(tài)加載。）

This change will allow the Java ecosystem to attain the vision of integrity by default without substantially constraining serviceability. It is a significant step towards ensuring the security and reliability of applications running on the JVM. The proposal is a clear indication of OpenJDK’s commitment to enhancing the integrity of the JVM and ensuring the secure operation of Java applications.
（這一變化將允許 Java 生態(tài)系統(tǒng)在默認(rèn)情況下實(shí)現(xiàn)完整性的愿景，而不會嚴(yán)重限制可維護(hù)性。這是朝著確保在 JVM 上運(yùn)行的應(yīng)用程序的安全性和可靠性邁出的重要一步。該提案清楚地表明了 OpenJDK 致力于增強(qiáng) JVM 的完整性并確保 Java 應(yīng)用程序的安全運(yùn)行。）文章來源地址http://www.zghlxwxcb.cn/news/detail-766755.html

參考文章

• https://www.infoq.com/news/2023/07/jep-451-balancing-serviceability/#:~:text=To%20allow%20tools%20to%20load%20agents%20without%20warnings,code%20of%20an%20application%20while%20it%20is%20running.

到了這里，關(guān)于JDK21 WARNING: A Java agent has been loaded dynamically的文章就介紹完了。如果您還想了解更多內(nèi)容，請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！