Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakarta.ee-community] removal of java.security.Identity in JDK 12

I would not worry about them so much. Both Java 8 and Java 11 are LTS releases, and Extended Support goes till 2025/6, not sure, if those subscriptions also include Sustaining Support, but that is available forever in both cases. If existing app servers run in production they rarely get a JDK update just for the sake of it. Java EE 8 may be strictly bound to Java SE 8, but it is the first LTS version, so many enterprises probably stick to that for production. The next LTS release is 11 where this particular case also does not apply, and for newly developed apps and projects, they might consider migrating to Jakarta EE and a recent JDK. 

The likely consolidation after the IBM/Red Hat merger (whatever brand or project names will survive) should support a new Jakarta EE compliant successor in the near future, but of course IBM will continue the JBoss EAP support plans for existing servers, too.

Werner 





On Wed, Oct 31, 2018 at 9:31 PM Alasdair Nottingham <alasdair.nottingham@xxxxxxxxx> wrote:
I’m not concerned about this from a Jakarta EE perspective because as you say this can be fixed in a new release. However I am concerned about what this means for application servers that have already shipped. I would still expect to want to support the use of Java EE 6, 7 & 8 function post the end of support date of Java 11. I would hope that leeway would be provided via the EE CTS requirements for when this happens.

> On Oct 31, 2018, at 1:31 PM, Bill Shannon <bill.shannon@xxxxxxxxxx> wrote:
>
> The java.security.Identity class has been deprecated since J2SE 1.2.
> The EJBContext class uses java.security.Identity in the getCallerIdentity
> method, which has been deprecated almost as long, and is replaced by
> the getCallerPrincipal method.
>
> The JDK team proposes removing the java.security.Identity class in JDK 12.
> A consequence of this is that it would *not be possible* for any
> *Java EE compatible product* to *support JDK 12 or later*.
>
> (Note that this is not a *technical* issue, but rather a violation of
> the Java EE compatibility requirements and the CTS.)
>
> Presumably the EJBContext class would be updated for Jakarta EE 9 to
> remove the getCallerIdentity method, thus solving this problem for
> products that support Jakarta EE 9 or later.
>
> If this is a concern for you, please send feedback to
> security-dev@xxxxxxxxxxxxxxxx, or contact sean.mullan@xxxxxxxxxx
> directly.
>
> Thank you.
> _______________________________________________
> jakarta.ee-community mailing list
> jakarta.ee-community@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jakarta.ee-community

_______________________________________________
jakarta.ee-community mailing list
jakarta.ee-community@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jakarta.ee-community

Back to the top