I'm working on a user-related service that handles personal information. While writing unit tests with Mockito, I ran into dependency issues with Byte Buddy, which prevented me from using the latest version of Mockito.
As a workaround, I'm using Mockito version 1.10.19. To make the tests run successfully, I added the following configuration to my pom.xml:
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <version>3.2.5</version> <configuration> <argLine>--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED</argLine> </configuration> </plugin> Concern
My senior mentioned that since this is a user service dealing with personal data, I need to make sure that the configuration above doesn't:
- Interfere with anything outside the test scope, or
- Pose any security risks to the service or user data.
Additional context
I've also tried mocking dependencies manually, but since the service involves JDBI, it’s been challenging to handle. So I’d like clarification on:
- Whether it’s safe to continue using Mockito (with this setup).
- If there’s a better or safer approach for testing JDBI-based services.
- Any useful articles or resources related to testing with Mockito and JDBI.
--add-opensoptions don't permanently change anything. Putting them in your Surefire configuration will only affect your unit tests.--add-opensoption, like all JVM options, only has an effect if it's actually passed when launching a JVM. How a JVM option is passed can vary, but if an option is not passed then it cannot have an effect. Additionally, the Maven Surefire plugin is for running unit tests. Configuring the plugin will only affect its own execution. The configuration won't magically leak into your production environment. In fact, Maven itself won't even be in your production environment to begin with.