Java 9 (jdk-9+170) does not allow by default an application to see all classes from the JDK, unlike all previous versions of Java, due to the new module system.
To workaround this, the java command line offers a new argument --add-exports which allows to break encapsulation as follows:
java -jar josm.jar \
--add-exports java.base/sun.security.util=ALL-UNNAMED \
--add-exports java.base/sun.security.x509=ALL-UNNAMED
This is well explained in JEP 261: Module System.
I have read about a similar option --add-opens using the same syntax, but the JEP 261 has not yet been updated to describe it (last update: 2017/03/08 13:58).
What is the difference between these two options?
EDIT: The JEP 261 has been updated on 2017-09-22 to explain it.
--add-exports the package is exported, meaning all public types and members therein are accessible at compile and run time.--add-opens the package is opened, meaning all types and members (not only public ones!) therein are accessible at run time.So the main difference at run time is that --add-opens allows "deep reflection", meaning access of non-public members. You can typically identify this kind of access by the reflecting code making calls to setAccessible(true).