Status: JDK-8191136 Remove deprecated java.security.{Certificate, Identity, IdentityScope, Signer} APIs
Sean Mullan
sean.mullan at oracle.com
Mon Apr 10 20:00:16 UTC 2023
Eirik,
First, thanks for volunteering to help out. Unfortunately though, this
is a tricky issue that is best left as is for now.
On 4/10/23 3:46 PM, Eirik Bjørsnøs wrote:
> The issue with java.security.Identity is/was the usage in Java EE, more
> specifically the EJB spec and the concern that there are app servers
> that want to support Java EE releases and run on newer JDK releases at
> the same time. So this one has been stuck for a long time.
>
>
> Jakarta EE 9 was updated to remove EJBContext methods which depended on
> java.security.Identity.
Correct.
> Is the remaining concern about Java EE 8 implementations running Java 21
> and newer?
Yes.
Given that removing these APIs would cause TCK issues in these cases, I
have been reticent to remove the APIs. At this point, I view this to be
in a holding pattern until we have a very strong confidence that it
won't break EE implementations.
> The Java 17 LTS seems to be supported until 2029?
>
> Are our hands tied or would it be possible to move forward on this?
I wouldn't necessarily say our hands are tied, but more that we need to
wait longer.
This is a small enough set of APIs that I don't feel this is a huge
burden to keep around a few more releases. All dependencies on these
APIs in the JDK have been removed.
I shall update the issue with some more of these details.
--Sean
More information about the security-dev
mailing list