JDK-8191136 : Remove deprecated java.security.{Certificate,Identity,IdentityScope,Signer} APIs
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2017-11-13
  • Updated: 2023-12-01
Related Reports
Blocks :  
CSR :  
Relates :  
Description
The deprecated java.security.{Certificate,Identity,IdentityScope,Signer} APIs were marked with forRemoval=true in JDK 10.
Comments
See https://mail.openjdk.org/pipermail/security-dev/2023-April/035019.html for more discussion of this issue.
25-04-2023

The two methods of javax.ejb.EJBContext that have dependencies on java.security.Identity (getCallerIdentity and isCallerInRole) are not present in jakarta.ejb.EJBContext in Jakarta 9. This reduces the risk considerably of moving forward with the removal of these APIs. Given that RDP1 is less than a week away, it is probably too late to remove these from JDK 18, so I am re-targeting to 19 and plan to remove them early in the release, once the repository is open for PRs.
02-12-2021

See https://github.com/eclipse-ee4j/ejb-api/blob/master/4.0-PLAN.adoc#removal-of-methods-relying-on-javasecurityidentity for more information on the plans for removing dependencies on java.security.Identity from Jakarta EE, specifically this section: "As of Java 11 the java.security.Identity class has been marked for removal and will not be present in any future LTS releases. Use of java.security.Identity will be removed from Jakarta Enterprise Beans 4.0 during the javax to jakarta transition to ensure applications, once ported, do not experience a future breaking change running on JVMs beyond Java 11." This should greatly reduce the risk of removing these APIs. Although it should be relatively safe to remove these APIs in JDK 17, I am still proposing we remove them in JDK 18 to further minimize any potential risk.
04-01-2021

Changed the fixVersion to "tbd" as there is no "18" version yet. See below for rationale. Removal of these APIs has become difficult, primarily due to the dependency on java.security.Identity in the two deprecated methods of javax.ejb.EJBContext. Ideally, we would like to have confidence that whatever JDK release we remove these APIs from will not cause conformance issues for EE implementations in the future. A couple of factors are at play here: 1. A future version of the EJB specification must remove the deprecated getCallerIdentity and isCallerInRole methods of EJBContext. We have already gotten feedback from the Jakarta community that removal of the APIs from SE should not be an issue for Jakarta EE 9 [1]. The EJB specification is targeted to go into Jakarta EE 9 in "Wave 5" [2], but I can't find any dates associated with that yet. 2. Continued support of Java EE 8 implementations on future versions of the JDK. Unless an MR is initiated to remove the EJBContext methods, Java EE 8 implementations can only be supported on Java SE versions that include the java.security.Identity APIs. Given the previous two factors, we think targeting the removal of these APIs to JDK 18 is appropriate. This would allow Java EE 8 implementations to support the next JDK LTS release (17), if necessary. [1] https://www.eclipse.org/lists/jakarta.ee-community/msg00857.html [2] https://eclipse-ee4j.github.io/jakartaee-platform/jakartaee9/JakartaEE9ReleasePlan
28-05-2020

Retargeting to 14 as more time is needed to resolve EE API dependencies on java.security.Identity.
08-05-2019

Re-targeting to JDK 13 to allow for more time to resolve upward dependencies. See previous comments for more details.
21-11-2018

Latest webrev: http://cr.openjdk.java.net/~mullan/webrevs/8191136/webrev.02/
14-11-2018

The removal of these APIs is now targeted to JDK 12 instead of JDK 11. With the 6 month release cycle, it will give projects more time to migrate away from these APIs. In particular, the EJB javax.ejb.EJBContext.getIdentity() API (which is deprecated) has a direct dependency on java.security.Identity and needs to be removed from the EJB specification; otherwise this may cause conformance issues for Java EE implementations if the Identity API is removed before that. There is a bug filed against the EJB specification requesting the removal: https://github.com/javaee/ejb-spec/issues/136 And a previous related issue: https://github.com/javaee/ejb-spec/issues/130 Also, the Identity, IdentityScope, Certificate, and Signer APIs all have dependencies on each other, so they need to be removed as a group.
19-01-2018