Migrating MuleSoft applications from Java 8/11 to Java 17 introduces several breaking changes. This troubleshooting guide covers the most common errors and their solutions.
Quick Diagnosis Checklist
Before diving into specific errors, verify your environment:
# Check Java version
java -version
# Verify JAVA_HOME
echo $JAVA_HOME
# Check MuleSoft runtime version (must be 4.4.0+ for Java 17)
mule -versionError: InaccessibleObjectException - Module Access Denied
Symptom:
java.lang.reflect.InaccessibleObjectException: Unable to make field private final
java.lang.String java.lang.String.value accessible: module java.base does not
"opens java.lang" to unnamed module
Cause: Java 17 enforces strong encapsulation. Internal JDK APIs are no longer accessible by default.
Solution 1 - Add JVM Arguments:
<!-- In your mule-artifact.json or wrapper.conf -->
{
"minMuleVersion": "4.4.0",
"javaSpecificationVersions": ["17"],
"additionalPluginDependencies": [],
"secureProperties": [],
"configs": {
"wrapper.java.additional.20": "--add-opens=java.base/java.lang=ALL-UNNAMED",
"wrapper.java.additional.21": "--add-opens=java.base/java.util=ALL-UNNAMED",
"wrapper.java.additional.22": "--add-opens=java.base/java.lang.reflect=ALL-UNNAMED"
}
}Solution 2 - CloudHub 2.0 Configuration:
# In your deployment configuration
spec:
muleAgent:
jvmArgs: >-
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.util=ALL-UNNAMED
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED
--add-opens=java.base/java.io=ALL-UNNAMEDError: NoSuchMethodError with JAX-B/JAX-WS
Symptom:
java.lang.NoSuchMethodError: javax.xml.bind.DatatypeConverter.parseBase64Binary
Cause: JAX-B and JAX-WS were removed from JDK in Java 11+.
Solution - Add Dependencies:
<!-- In your pom.xml -->
<dependencies>
<!-- JAX-B API -->
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>4.0.0</version>
</dependency>
<!-- JAX-B Implementation -->
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>4.0.2</version>
</dependency>
<!-- JAX-WS if needed -->
<dependency>
<groupId>jakarta.xml.ws</groupId>
<artifactId>jakarta.xml.ws-api</artifactId>
<version>4.0.0</version>
</dependency>
</dependencies>Error: Illegal Reflective Access - Nashorn Script Engine
Symptom:
java.lang.IllegalAccessError: class org.mule.weave.v2.module.native.NativeRuntime
cannot access class jdk.nashorn.api.scripting.NashornScriptEngine
Cause: Nashorn JavaScript engine was removed in Java 15+.
Solution - Use GraalJS:
<!-- Replace Nashorn with GraalJS -->
<dependency>
<groupId>org.graalvm.js</groupId>
<artifactId>js</artifactId>
<version>23.0.2</version>
</dependency>
<dependency>
<groupId>org.graalvm.js</groupId>
<artifactId>js-scriptengine</artifactId>
<version>23.0.2</version>
</dependency>Update your script references:
// Old (Nashorn)
ScriptEngine engine = new ScriptEngineManager().getEngineByName("nashorn");
// New (GraalJS)
ScriptEngine engine = new ScriptEngineManager().getEngineByName("graal.js");Error: ClassNotFoundException for sun.misc.Unsafe
Symptom:
java.lang.ClassNotFoundException: sun.misc.Unsafe
Cause: Direct usage of sun.misc.Unsafe is restricted in Java 17.
Solution:
<!-- Add JVM argument -->
--add-opens=java.base/sun.misc=ALL-UNNAMED
--add-opens=java.base/jdk.internal.misc=ALL-UNNAMEDBetter Long-term Fix - Use VarHandle:
// Old (sun.misc.Unsafe)
Unsafe unsafe = Unsafe.getUnsafe();
unsafe.putLong(object, offset, value);
// New (VarHandle - Java 9+)
VarHandle handle = MethodHandles.lookup()
.findVarHandle(MyClass.class, "myField", long.class);
handle.set(object, value);Error: SSL/TLS Handshake Failures
Symptom:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Cause: Java 17 disabled weak TLS algorithms by default.
Solution 1 - Update Target Systems:
Upgrade servers to support TLS 1.2+ with modern cipher suites.
Solution 2 - Temporary Workaround (Not Recommended for Production):
# In java.security file or via system property
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBCSolution 3 - Configure Specific Ciphers:
<tls:context name="Legacy_TLS_Context">
<tls:trust-store path="truststore.jks" password="${secure::truststore.pass}"/>
<tls:key-store path="keystore.jks"
keyPassword="${secure::key.pass}"
password="${secure::keystore.pass}"/>
<tls:protocols>
<tls:protocol value="TLSv1.2"/>
<tls:protocol value="TLSv1.3"/>
</tls:protocols>
</tls:context>Error: DataWeave Memory Issues
Symptom:
com.mulesoft.weave.core.WeaveException: Memory limit exceeded
Cause: Java 17's G1GC has different default heap behavior.
Solution - Tune GC Settings:
# wrapper.conf or JVM arguments
wrapper.java.additional.30=-XX:+UseG1GC
wrapper.java.additional.31=-XX:MaxGCPauseMillis=200
wrapper.java.additional.32=-XX:G1HeapRegionSize=16m
wrapper.java.additional.33=-XX:InitiatingHeapOccupancyPercent=45
wrapper.java.additional.34=-Xms2g
wrapper.java.additional.35=-Xmx4gError: MVEL Compilation Failures
Symptom:
org.mvel2.CompileException: could not access field
Cause: MVEL uses reflection that's restricted in Java 17.
Solution:
<!-- Add these JVM arguments -->
--add-opens=java.base/java.lang=ALL-UNNAMED
--add-opens=java.base/java.util=ALL-UNNAMED
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED
--add-opens=java.base/java.text=ALL-UNNAMED
--add-opens=java.desktop/java.awt.font=ALL-UNNAMEDComplete JVM Arguments Template
Here's a comprehensive set of JVM arguments for Java 17 migration:
# wrapper.conf - Complete Java 17 compatibility settings
# Module access for common reflection scenarios
wrapper.java.additional.20=--add-opens=java.base/java.lang=ALL-UNNAMED
wrapper.java.additional.21=--add-opens=java.base/java.util=ALL-UNNAMED
wrapper.java.additional.22=--add-opens=java.base/java.lang.reflect=ALL-UNNAMED
wrapper.java.additional.23=--add-opens=java.base/java.io=ALL-UNNAMED
wrapper.java.additional.24=--add-opens=java.base/java.nio=ALL-UNNAMED
wrapper.java.additional.25=--add-opens=java.base/java.text=ALL-UNNAMED
wrapper.java.additional.26=--add-opens=java.base/java.time=ALL-UNNAMED
wrapper.java.additional.27=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED
wrapper.java.additional.28=--add-opens=java.base/sun.security.ssl=ALL-UNNAMED
wrapper.java.additional.29=--add-opens=java.base/sun.security.util=ALL-UNNAMED
# For XML processing
wrapper.java.additional.30=--add-opens=java.xml/com.sun.org.apache.xerces.internal.parsers=ALL-UNNAMED
wrapper.java.additional.31=--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED
# For management/monitoring
wrapper.java.additional.32=--add-opens=java.management/sun.management=ALL-UNNAMED
# GC optimization
wrapper.java.additional.40=-XX:+UseG1GC
wrapper.java.additional.41=-XX:MaxGCPauseMillis=200Migration Checklist
Follow this checklist for smooth migration:
- Runtime Version: Ensure MuleSoft 4.4.0+ (4.5.0+ recommended)
- Anypoint Studio: Update to 7.15+ for Java 17 support
- Dependencies: Audit all custom Java dependencies for Java 17 compatibility
- Connectors: Update to latest connector versions
- Test Environment: Test thoroughly in non-production first
- JVM Arguments: Apply module access arguments as needed
- Monitoring: Monitor memory and GC after migration
- Rollback Plan: Keep Java 11 deployment ready for quick rollback
Need Expert Help?
MuleSoft Java 17 migration can be complex, especially for large enterprise applications. Our team specializes in:
- Migration assessment and planning
- Custom connector Java 17 compatibility fixes
- Performance optimization post-migration
- 24/7 production support during migration