Status: JDK-8191136 Remove deprecated java.security.{Certificate, Identity, IdentityScope, Signer} APIs
Alan Bateman
Alan.Bateman at oracle.com
Wed Apr 19 07:09:13 UTC 2023
On 19/04/2023 07:36, Eirik Bjørsnøs wrote:
>
>
> To summarize, I'm hopeful that removing 'Identity' and friends have
> limited effect on Java EE 8 implementations and apps and that
> workarounds exist for problems which may occur. Apps using the
> deprecated APIs in EJBContext would of course need to be updated, but
> that's a straightforward replacement job.
Sean put it well when he said we are in a "holding pattern" on these
APIs right now. I don't think it's a holding pattern for perpetuity but
I think it will take time for the big proprietary and legacy app servers
to move beyond Java EE 8 and not expect build+deploy with new JDK
releases at the same time. From the JDK side, it is annoying to be keep
around classes such as java.security.Identity that have been deprecated
since 1998. Ideally enhanced deprecation would have been introduced long
before Java 9 and that Java EE or EJB would have removed its dependence
on this API a long time ago. I think we are where we are and it should
be possible to re-visit this one in a few releases.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230419/25d7f217/attachment.htm>
More information about the security-dev
mailing list