Status: JDK-8191136 Remove deprecated java.security.{Certificate, Identity, IdentityScope, Signer} APIs
Eirik Bjørsnøs
eirbjo at gmail.com
Thu Apr 20 10:32:43 UTC 2023
> It's great to make projects aware that they are depending on APIs that are
> long deprecated
>
I gave Oracle WebLogic Server 14.1.1 a spin on 21-internal with Identity
and friends removed. This version of WLS supports Java EE 8.
Accessing an EJB with an injected EJBContext somewhat predictably fails
with a NoClassDefFoundError / ClassNotFoundException:
Root cause of ServletException.
> java.lang.NoClassDefFoundError: java/security/Identity
> at
> weblogic.ejb.container.manager.StatefulSessionManager.allocateContext(StatefulSessionManager.java:947)
> [..]
> Caused By: java.lang.ClassNotFoundException: java.security.Identity
> at
> java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
I believe this NoClassDefFoundError has an easily fix, which is to move any
BaseEJBContext code touching java/security/Identity out of
the BaseEJBContext class, such that any class loading of
java/security/Identity is deferred until any of the deprecated methods are
actually called. This fix would allow apps not calling the deprecated
methods to deploy as usual in WLS using a JDK with these classes removed.
If anyone knows how to get in touch with relevant people in the WebLogic
organization to discuss this, please let me know in a private email.
Eirik.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230420/ae7ffce6/attachment.htm>
More information about the security-dev
mailing list