-
CSR
-
Resolution: Approved
-
P2
-
minimal
-
Java API
-
SE
Summary
Remove the "forRemoval=true" element from the Deprecated annotation of several deprecated security APIs.
Problem
Several deprecated security APIs have been marked with forRemoval=true to indicate they will be removed in a future release of Java SE. However, it has since been reported that some external applications/code are still using some of these APIs, and there is concern that there may not be enough advance notice to adapt their code to transition away from these legacy APIs and/or replace them with newer APIs before they would be removed.
In particular, one of the dependencies is in a standard EE API which would require a specification change: https://java.net/jira/browse/EJB_SPEC-130.
We still believe that these APIs should eventually be removed from SE, but we need to make sure these projects and the EE community is prepared for it.
Solution
Remove the "forRemoval=true" element from the Deprecated annotation of the affected APIs.
Specification
Remove "forRemoval=true" from the Deprecated annotation on the following classes:
java.security.Certificate java.security.Identity java.security.IdentityScope java.security.Signer java.security.acl.Acl java.security.acl.AclEntry java.security.acl.AclNotFoundException java.security.acl.Group java.security.acl.LastOwnerException java.security.acl.NotOwnerException java.security.acl.Owner java.security.acl.Permission javax.security.auth.Policy javax.security.cert.Certificate javax.security.cert.CertificateEncodingException javax.security.cert.CertificateException javax.security.cert.CertificateExpiredException javax.security.cert.CertificateNotYetValidException javax.security.cert.CertificateParsingException javax.security.cert.X509Certificate com.sun.net.ssl.HostnameVerifier com.sun.net.ssl.HttpsURLConnection com.sun.net.ssl.KeyManager com.sun.net.ssl.KeyManagerFactory com.sun.net.ssl.KeyManagerFactorySpi com.sun.net.ssl.SSLContext com.sun.net.ssl.SSLContextSpi com.sun.net.ssl.SSLPermission com.sun.net.ssl.TrustManager com.sun.net.ssl.TrustManagerFactory com.sun.net.ssl.TrustManagerFactorySpi com.sun.net.ssl.X509KeyManager com.sun.net.ssl.X509TrustManager com.sun.net.ssl.internal.ssl.Provider com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager com.sun.net.ssl.internal.www.protocol.https.DelegateHttpsURLConnection com.sun.net.ssl.internal.www.protocol.https.Handler com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
Remove "forRemoval=true" from the Deprecated annotation on the following methods:
javax.net.ssl.HandshakeCompletedEvent.getPeerCertificateChain javax.net.ssl.SSLSession.getPeerCertificateChain
- csr for
-
JDK-8173827 Remove forRemoval=true from several deprecated security APIs
-
- Closed
-