Deprecated API

Contents

• Terminally Deprecated
• Interfaces
• Classes
• Exceptions
• Fields
• Methods
• Constructors
• Enum Constants

Terminally Deprecated Elements

Element	Description
com.sun.identity.saml2.plugins.FedletAdapter	since AM 7.3.0 Implement use-case specific FedletAdapter implementations instead.
com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter	since AM 7.3.0 Implement use-case specific IDPAdapter implementations instead.
com.sun.identity.saml2.plugins.SAML2IDPFinder	since AM 7.3.0 Implement use-case specific IDPFinder implementations instead.
com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter	since AM 7.3.0 Implement use-case specific SPAdapter implementations instead.
org.forgerock.http.filter.Filters.newHttpBasicAuthenticationFilter(String, SecretReference<GenericSecret>)	use Filters.newHttpBasicAuthenticationFilter(CredentialPair) instead
org.forgerock.http.filter.Filters.newHttpBasicAuthenticationFilter(String, SecretReference<GenericSecret>, Charset)	use Filters.newHttpBasicAuthenticationFilter(CredentialPair, Charset) instead
org.forgerock.http.filter.Filters.newUrlEncodedHttpBasicAuthFilter(String, SecretReference<GenericSecret>)	use Filters.newUrlEncodedHttpBasicAuthFilter(CredentialPair) instead
org.forgerock.http.header.SetCookie2Header	This header is no longer supported by browsers. Use SetCookieHeader instead.
org.forgerock.http.oauth2.AccessTokenResolver.resolve(Context, String)	Use AccessTokenResolver.resolve(Context, Supplier, String) instead.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose<DataEncryptionKey>)	Please use EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSecretsProvider(SecretsProvider)	Please use SecretReference API instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose<SigningKey>)	Please use PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.oauth.clients.apple.AppleClient(Handler, OpenIDConnectClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator)	use AppleClient(Handler, AppleClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator) instead.
org.forgerock.openam.saml2.plugins.IDPAdapter.preSendFailureResponse(HttpServletRequest, HttpServletResponse, String, String)	since 7.2.0 use IDPAdapter.preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String).
org.forgerock.openam.saml2.plugins.InitializablePlugin.initialize(String, String)	since 7.3.0 use InitializablePlugin.initialize(Map).

Deprecated Interfaces

Interface	Description
com.sun.identity.federation.common.IFSConstants
com.sun.identity.log.spi.IAuthorizer
com.sun.identity.log.spi.IVerifierOutput
com.sun.identity.plugin.log.Logger
com.sun.identity.policy.interfaces.Condition
com.sun.identity.policy.interfaces.PolicyListener
com.sun.identity.policy.interfaces.Referral
com.sun.identity.policy.interfaces.ResourceName
com.sun.identity.policy.interfaces.ResponseProvider
com.sun.identity.policy.interfaces.Subject
com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter	since AM 7.3.0 Implement use-case specific IDPAdapter implementations instead.
com.sun.identity.saml2.plugins.SAML2IDPFinder	since AM 7.3.0 Implement use-case specific IDPFinder implementations instead.
org.forgerock.guava.common.collect.ListMultimap	Use ListMultimap instead.
org.forgerock.guava.common.collect.Multimap	Use Multimap instead.
org.forgerock.guava.common.collect.Multiset	Use Multiset instead.
org.forgerock.http.session.SessionManager
org.forgerock.oauth2.core.ScopeValidator	since 7.2.0

Deprecated Classes

Class	Description
com.sun.identity.log.LogConstants
com.sun.identity.log.Logger
com.sun.identity.log.LogManager
com.sun.identity.log.LogQuery
com.sun.identity.log.LogReader
com.sun.identity.log.LogRecord
com.sun.identity.log.QueryElement
com.sun.identity.log.spi.Authorizer
com.sun.identity.policy.ActionDecision	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ConditionDecision	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ConditionTypeManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.Policy	As of OpenSSO Express 8.0, use Entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyDecision	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyEvaluator	As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyEvent	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.PolicyManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ProtectedResource	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ProxyPolicyEvaluator	As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
com.sun.identity.policy.ProxyPolicyEvaluatorFactory	As of OpenSSO Express 8.0, use Evaluator instead as Entitlement has replaced Policy.
com.sun.identity.policy.ReferralTypeManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ResourceMatch	As of OpenSSO Express 8.0, use ResourceMatch instead as Entitlement has replaced Policy.
com.sun.identity.policy.ResourceResult	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ResponseProviderTypeManager	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.Rule	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.SubjectTypeManager	As of OpenSSO Express 8.0, use EntitlementSubject instead as Entitlement has replaced Policy.
com.sun.identity.policy.Syntax	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.policy.ValidValues	As of OpenSSO Express 8.0, use com.sun.identity.entitlement instead as Entitlement has replaced Policy.
com.sun.identity.saml2.plugins.FedletAdapter	since AM 7.3.0 Implement use-case specific FedletAdapter implementations instead.
com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter	since AM 7.3.0 Implement use-case specific SPAdapter implementations instead.
com.sun.identity.shared.debug.Debug	Use Logger instead.
org.forgerock.am.identity.application.UsernameExtractor
org.forgerock.config.resolvers.FlatFileResolver	This class is currently only used in conjunction with the PropertyResolverSecretStore and this pairing is deprecated. Instead, use the FileSystemSecretStore.
org.forgerock.http.client.ChfHttpClient	Will be replaced in a later release by Client.
org.forgerock.http.header.SetCookie2Header	This header is no longer supported by browsers. Use SetCookieHeader instead.
org.forgerock.http.oauth2.ClientSecretBasicAuthenticationFilter	since 26.2. See Filters.newUrlEncodedHttpBasicAuthFilter(String, SecretReference) for a replacement.
org.forgerock.http.oauth2.resolver.OpenAmAccessTokenResolver	The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5. OpenAmAccessTokenResolver is deprecated and should not be used.
org.forgerock.jaspi.modules.session.jwt.KeyStoreJwtCryptographyHandler	The AuthenticatedEncryptionCryptographyHandler should be preferred.
org.forgerock.jaspi.modules.session.jwt.SecretsProviderJwtCryptographyHandler	The AuthenticatedEncryptionCryptographyHandler should be preferred.
org.forgerock.json.jose.builders.SignedEncryptedJwsHeaderBuilder	Use EncryptedThenSignedJwtHeaderBuilder instead.
org.forgerock.json.jose.builders.SignedEncryptedJwtBuilder	Use EncryptedThenSignedJwtBuilder instead.
org.forgerock.json.jose.jwe.handlers.encryption.AbstractEncryptionHandler	Use ContentEncryptionHandler instead.
org.forgerock.json.jose.jwe.handlers.encryption.RSA15AES128CBCHS256EncryptionHandler	Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
org.forgerock.json.jose.jwe.handlers.encryption.RSA15AES256CBCHS512EncryptionHandler	Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
org.forgerock.json.jose.jws.handlers.ECDSASigningHandler	Use SecretECDSASigningHandler instead
org.forgerock.json.jose.jws.handlers.EdDSASigningHandler	Use SecretEdDSASigningHandler instead.
org.forgerock.json.jose.jws.handlers.HmacSigningHandler	Use SecretHmacSigningHandler instead
org.forgerock.json.jose.jws.handlers.NOPSigningHandler	This algorithm is inherently insecure and shouldn't be used.
org.forgerock.json.jose.jws.handlers.RSASigningHandler	Use SecretRSASigningHandler instead
org.forgerock.json.jose.jws.SignedEncryptedJwt	Use EncryptedThenSignedJwt instead.
org.forgerock.json.jose.tokenhandler.JwtTokenHandler	Prefer SecretsJwtTokenHandler instead.
org.forgerock.json.resource.AbstractRequestHandler	RequestHandler now has default methods which implement the not-supported behavior. This class is here for transition from pre-JDK8 impelementations.
org.forgerock.openidconnect.Claim	use Claim
org.forgerock.util.Utils	Use Strings, Closeables, Objects or Threads instead.

Deprecated Exceptions

Exceptions	Description
com.iplanet.log.ConnectionException
com.iplanet.log.DriverLoadException
com.iplanet.log.LogException
com.iplanet.log.NullLocationException
com.sun.identity.plugin.log.LogException

Deprecated Fields

Field	Description
org.forgerock.openam.auth.node.api.Action.universalId	use Action.identifiedIdentity instead.
org.forgerock.openam.auth.node.api.SharedStateConstants.OBJECT_ATTRIBUTES	use IdmIntegrationService.OBJECT_ATTRIBUTES instead.
org.forgerock.openam.auth.node.api.TreeContext.sharedState	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.openam.auth.node.api.TreeContext.transientState	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.opendj.ldap.LdapClients.LOAD_BALANCER_IDLE_SERVER_SELECTOR	For internal use only. This option will be removed in future version and will not be replaced.

Deprecated Methods

Method	Description
com.iplanet.am.util.SystemProperties.getPlatform()	use getAll()
com.sun.identity.authentication.spi.AMLoginModule.validatePassword(String)
com.sun.identity.entitlement.ConditionDecision.addAdvices(ConditionDecision)
com.sun.identity.entitlement.ConditionDecision.clearAdvices()
com.sun.identity.entitlement.ResourceAttribute.getPResponseProviderName()
com.sun.identity.entitlement.ResourceAttribute.setPResponseProviderName(String)
com.sun.identity.idm.IdRepoException.getLDAPErrorCode()	Use #getLdapErrorIntCode() instead. The ldap error code is always an int
com.sun.identity.idm.IdRepoListener.objectChanged(String, int, Map)	As of Sun Java System Access Manager 7.1.
com.sun.identity.idm.IdSearchControl.isRecursive()	This method is deprecated. The setting for recursive search should be configured via the data store.
com.sun.identity.idm.IdSearchControl.setRecursive(boolean)	This method is deprecated. The setting for recursive search should be configured via the data store.
com.sun.identity.saml2.common.SAML2SDKUtils.byteArrayToHexString(byte[])	This method is deprecated, use Hex.encode(byte[])} instead. Converts byte array to Hex String.
com.sun.identity.saml2.common.SAML2SDKUtils.hexStringToByteArray(String)	This method is deprecated, use Hex.decode(String) instead. Converts Hex String to Byte Array.
com.sun.identity.saml2.common.XmlSerializable.toXMLString()	Use XmlSerializable.toDocumentFragment(Document, boolean, boolean) instead.
com.sun.identity.saml2.common.XmlSerializable.toXMLString(boolean, boolean)	Use XmlSerializable.toDocumentFragment(Document, boolean, boolean) instead.
com.sun.identity.saml2.plugins.IDPAuthnContextMapper.getIDPAuthnContextInfo(AuthnRequest, String, String)	use IDPAuthnContextMapper.getIDPAuthnContextInfo(AuthnRequest, String, String, String) instead
com.sun.identity.sm.OrganizationConfigManager.addListener(ServiceListener)	Use ServiceConfigManager.addListener(ServiceListener) instead.
com.sun.identity.sm.OrganizationConfigManager.getConfiguredServices()	This method has been deprecated, use getAssignedServices() instead.
com.sun.identity.sm.OrganizationConfigManager.removeListener(String)	Use ServiceConfigManager.removeListener(String) instead.
com.sun.identity.sm.ServiceConfig.deleteLabeledUri(String)	The labeledURI setting shall not be used for storing configuration data.
com.sun.identity.sm.ServiceConfig.getLabeledUri()	The labeledURI setting shall not be used for storing configuration data.
com.sun.identity.sm.ServiceConfig.setLabeledUri(String)	The labeledURI setting shall not be used for storing configuration data.
com.sun.identity.sm.ServiceConfigManager.removeOrganizationConfiguration(String, String)
org.forgerock.am.identity.persistence.IdentityStore.getIdentity(String)	Use IdentityStore.findIdentityByUsername(java.lang.String, IdType) instead
org.forgerock.am.identity.persistence.IdentityStore.getUserUsingAuthenticationUserAliases(String)	Use IdentityStore.searchForIdentity(IdType, String) instead
org.forgerock.config.resolvers.PropertyResolver.getProperty(String)	In favour of PropertyResolver.getProperty(String, boolean)
org.forgerock.config.resolvers.PropertyResolver.getProperty(String, String)	In favour of PropertyResolver.getProperty(String, String, boolean)
org.forgerock.http.filter.Filters.newHttpBasicAuthenticationFilter(String, SecretReference<GenericSecret>)	use Filters.newHttpBasicAuthenticationFilter(CredentialPair) instead
org.forgerock.http.filter.Filters.newHttpBasicAuthenticationFilter(String, SecretReference<GenericSecret>, Charset)	use Filters.newHttpBasicAuthenticationFilter(CredentialPair, Charset) instead
org.forgerock.http.filter.Filters.newSessionFilter(SessionManager)
org.forgerock.http.filter.Filters.newUrlEncodedHttpBasicAuthFilter(String, SecretReference<GenericSecret>)	use Filters.newUrlEncodedHttpBasicAuthFilter(CredentialPair) instead
org.forgerock.http.header.ContentTypeHeader.getAdditionalParameters()	Replaced by ContentTypeHeader.getDirectives()
org.forgerock.http.oauth2.AccessTokenResolver.resolve(Context, String)	Use AccessTokenResolver.resolve(Context, Supplier, String) instead.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose<DataEncryptionKey>)	Please use EncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.OAuth2Error.toWWWAuthenticateHeader()	Use OAuth2Error.asWwwAuthenticateHeader() instead.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.buildSecretReferences()	for removal with PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSecretsProvider(SecretsProvider)	Please use SecretReference API instead. Will be removed in winter 2021 season.
org.forgerock.http.oauth2.PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose<SigningKey>)	Please use PrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference) instead. Will be removed in winter 2021 season.
org.forgerock.http.protocol.Cookie.getComment()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getCommentURL()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getDiscard()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getPort()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.getVersion()	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setComment(String)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setCommentURL(String)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setDiscard(Boolean)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setPort(List<Integer>)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Cookie.setVersion(Integer)	Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.
org.forgerock.http.protocol.Form.fromRequestEntity(Request)	Because Entity content should be read asynchronously. Instead retrieve the Form with Entity.getFormAsync().
org.forgerock.http.protocol.Form.fromString(String)	use Form.fromFormString(String) instead.
org.forgerock.http.protocol.Form.toString()	use Form.toFormString() instead.
org.forgerock.http.protocol.Request.getForm()	Use Request.getQueryParams() or Entity.getForm()
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.decrypt(EncryptedThenSignedJwt)
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.jwe(JwtBuilderFactory)
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.sign(EncryptedJwtBuilder)
org.forgerock.jaspi.modules.session.jwt.FallbackJwtCryptographyHandler.verify(EncryptedThenSignedJwt)
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.decrypt(EncryptedThenSignedJwt)	Use JwtCryptographyHandler.decryptAndVerify(JwtBuilderFactory, String) instead.
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.jwe(JwtBuilderFactory)	Use JwtCryptographyHandler.buildJwt(JwtBuilderFactory, JwtClaimsSet) instead.
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.sign(EncryptedJwtBuilder)	Use JwtCryptographyHandler.buildJwt(JwtBuilderFactory, JwtClaimsSet) instead.
org.forgerock.jaspi.modules.session.jwt.JwtCryptographyHandler.verify(EncryptedThenSignedJwt)	Use JwtCryptographyHandler.decryptAndVerify(JwtBuilderFactory, String) instead.
org.forgerock.json.jose.builders.EncryptedJwtBuilder.sign(SigningHandler, JwsAlgorithm)	Use EncryptedJwtBuilder.signedWith(SigningHandler, JwsAlgorithm) instead.
org.forgerock.json.jose.builders.JweHeaderBuilder.epk(String)	Use JweHeaderBuilder.epk(JWK) instead.
org.forgerock.json.jose.builders.JwtBuilderFactory.jwe(Key)	Prefer JwtBuilderFactory.jwe(EncryptionKey) instead.
org.forgerock.json.jose.builders.JwtBuilderFactory.jwt()	This method provides no security at all and shouldn't be used.
org.forgerock.json.jose.builders.SignedJwtBuilderImpl.encrypt(Key)	Prefer SignedJwtBuilderImpl.encrypt(EncryptionKey) instead.
org.forgerock.json.jose.jwe.EncryptedJwt.decrypt(Key)	Prefer EncryptedJwt.decrypt(SecretsProvider, Purpose) instead.
org.forgerock.json.jose.jwe.EncryptedJwt.decryptRawPayload(Key)	Prefer EncryptedJwt.decryptRawPayload(SecretsProvider, Purpose) instead.
org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler.decryptContentEncryptionKey(Key, byte[])	Use EncryptionHandler.decryptContentEncryptionKey(Key, byte[], JweHeader) instead.
org.forgerock.json.jose.jwe.handlers.encryption.EncryptionHandler.generateJWEEncryptedKey(Key, Key)	Use EncryptionHandler.generateJWEEncryptedKey(Key, Key, JweHeader) instead.
org.forgerock.json.jose.jwe.SignedThenEncryptedJwt.decryptAndVerify(Key, SigningHandler)	Prefer SignedThenEncryptedJwt.decryptAndVerify(SecretsProvider, Purpose, Purpose) instead.
org.forgerock.json.jose.jwk.EcJWK.getCurve()	replaced by EcJWK.getEllipticCurve().
org.forgerock.json.jose.jwk.JWK.Builder.x509Thumbnail(String)	Use JWK.Builder.x509Thumbprint(String) or JWK.Builder.x509ThumbprintS256(String) instead.
org.forgerock.json.jose.jwk.JWK.getAlgorithm()	replaced by JWK.getJwaAlgorithm()
org.forgerock.json.jose.jwk.JWK.getX509Thumbnail()	Use JWK.getX509Thumbprint() instead.
org.forgerock.json.jose.jwk.JWKSetParser.jwkSet(URL)	Use JWKSetParser.jwkSetAsync(URL) instead.
org.forgerock.json.jose.jwk.store.JwksStore.findJwk(String)	Use JwksStore.findJwkAsync(String) instead.
org.forgerock.json.jose.jwk.store.JwksStore.findJwk(Algorithm, String)	Use JwksStore.findJwkAsync(String) instead.
org.forgerock.json.jose.jwk.store.JwksStore.reloadJwks()	Use JwksStore.reloadJwksAsync() instead.
org.forgerock.json.jose.jwk.store.JwksStore.setJwkUrl(URL)	Use JwksStore.setJwkUrlAsync(URL) instead.
org.forgerock.json.jose.jwk.store.JwksStoreService.configureJwksStore(String, Duration, Duration, URL)	Use JwksStoreService.configureJwksStore(String, Duration, Duration, URL, Clock) with an explicit clock.
org.forgerock.json.jose.jwk.store.JwksStoreService.configureJwksStore(String, Duration, Duration, URL, Clock)	use JwksStoreService.configureJwksStoreAsync(String, Duration, Duration, URL, Clock) instead.
org.forgerock.json.jose.jws.EncryptedThenSignedJwt.decrypt(Key)	Prefer EncryptedThenSignedJwt.decrypt(SecretsProvider, Purpose) instead.
org.forgerock.json.jose.jws.JwsAlgorithm.getJwsAlgorithm(String)	Replaced by JwsAlgorithm.parseCryptographicAlgorithm(String)
org.forgerock.json.jose.jws.SigningManager.newEcdsaSigningHandler(ECPrivateKey)	use SigningManager.newEcdsaSigningHandler(SigningKey)} instead
org.forgerock.json.jose.jws.SigningManager.newEcdsaSigningHandler(PrivateKey)	use SigningManager.newEcdsaSigningHandler(SigningKey)} instead
org.forgerock.json.jose.jws.SigningManager.newEcdsaVerificationHandler(ECPublicKey)	use SigningManager.newEcdsaVerificationHandler(VerificationKey) instead
org.forgerock.json.jose.jws.SigningManager.newEdDsaSigningHandler(byte[])	Use SigningManager.newEdDsaSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newEdDsaVerificationHandler(byte[])	Use SigningManager.newEdDsaVerificationHandler(VerificationKey) instead.
org.forgerock.json.jose.jws.SigningManager.newHmacSigningHandler(byte[])	use SigningManager.newHmacSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newHmacSigningHandler(SecretKey)	use SigningManager.newHmacSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newNopSigningHandler()	This method is inherently insecure and shouldn't be used.
org.forgerock.json.jose.jws.SigningManager.newRsaSigningHandler(Key)	use SigningManager.newRsaVerificationHandler(VerificationKey) instead
org.forgerock.json.jose.jws.SigningManager.newSigningHandler(Key)	Use SigningManager.newSigningHandler(SigningKey) instead
org.forgerock.json.jose.jws.SigningManager.newVerificationHandler(Key)	Use SigningManager.newVerificationHandler(VerificationKey) instead
org.forgerock.json.jose.utils.Utils.base64urlDecode(String)	Use Utils.decodeJwtComponent(String).
org.forgerock.json.jose.utils.Utils.base64urlEncode(String)	Use Utils.encodeJwtComponent(String).
org.forgerock.json.JsonValueFunctions.identity()	use JsonValue::copy directly instead
org.forgerock.json.resource.ResourceException.getException(int)	in favor of ResourceException.newResourceException(int)
org.forgerock.json.resource.ResourceException.getException(int, String)	in favor of ResourceException.newResourceException(int, String)
org.forgerock.json.resource.ResourceException.getException(int, String, Throwable)	in favor of ResourceException.newResourceException(int, String, Throwable)
org.forgerock.json.resource.Resources.newAnnotatedRequestHandler(Object)	Use Resources.newHandler(Object) instead.
org.forgerock.json.resource.Resources.newCollection(Object)	Use Resources.newHandler(Object) instead.
org.forgerock.json.resource.Resources.newSingleton(Object)	Use Resources.newHandler(Object) instead.
org.forgerock.json.resource.Responses.newRemainingResultsResponse(String, int)	Use Responses.newQueryResponse(String, CountPolicy, int) instead.
org.forgerock.oauth.clients.oauth2.OAuth2Client.createAuthRedirectUri(String)	Use OAuth2Client.createAuthRedirectUri(String, String) and specify a PKCE challenge.
org.forgerock.oauth.clients.oauth2.OAuth2Client.createRequestForTokenEndpoint(String)	Use OAuth2Client.createAuthRedirectUri(String, String) and specify a PKCE verifier.
org.forgerock.oauth.clients.oauth2.OAuth2ClientConfiguration.Builder.withClientSecret(String)	Use OAuth2ClientConfiguration.Builder.withClientSecret(SecretReference) instead.
org.forgerock.oauth.clients.oauth2.OAuth2ClientConfiguration.getClientSecret()	Use OAuth2ClientConfiguration.getClientSecretReference() instead.
org.forgerock.oauth.clients.oidc.OpenIDConnectClient.createAuthRedirectUri(String, String)	Use OpenIDConnectClient.createAuthRedirectUri(String, String, String) and specify a PKCE challenge.
org.forgerock.oauth.resolvers.OpenIdResolverFactory.createJWKResolver(String, URL, int, int)	Replaced by OpenIdResolverFactory.createJWKResolver(String, URL) ()}
org.forgerock.oauth2.core.AccessToken.addExtraData(String, String)	Use AccessToken.addExtraData(String, Supplier) instead.
org.forgerock.oauth2.core.ScopeValidator.additionalDataToReturnFromAuthorizeEndpoint(Map<String, Token>, OAuth2Request)	since 7.2.0 Use AuthorizeEndpointDataProvider.provide(Map, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.additionalDataToReturnFromTokenEndpoint(AccessToken, OAuth2Request)	since 7.2.0 Use AccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request) instead. Functionality provided by Access Token Modification plugin supersedes the functionality this extension point was originally intended to provide.
org.forgerock.oauth2.core.ScopeValidator.evaluateScope(AccessToken)	since 7.2.0 Use ScopeEvaluator.evaluateScope(AccessToken) instead.
org.forgerock.oauth2.core.ScopeValidator.getUserInfo(ClientRegistration, AccessToken, OAuth2Request)	since 7.2.0 Use UserInfoClaimsPlugin.getUserInfo(ClientRegistration, AccessToken, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.modifyAccessToken(AccessToken, OAuth2Request)	since 7.2.0 Use AccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateAccessTokenScope(ClientRegistration, Set<String>, OAuth2Request)	since 7.2.0 Use #validateAccessTokenScope(ClientRegistration, Set, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateAuthorizationScope(ClientRegistration, Set<String>, OAuth2Request)	since 7.2.0 Use #validateAuthorizationScope(ClientRegistration, Set, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateBackChannelAuthorizationScope(ClientRegistration, Set<String>, OAuth2Request)	since 7.2.0 Use #validateBackChannelAuthorizationScope(ClientRegistration, Set, OAuth2Request) instead.
org.forgerock.oauth2.core.ScopeValidator.validateRefreshTokenScope(ClientRegistration, Set<String>, Set<String>, OAuth2Request)	since 7.2.0 Use #validateRefreshTokenScope(ClientRegistration, Set, Set, OAuth2Request) instead.
org.forgerock.openam.auth.node.api.AbstractNodeAmPlugin.getNodes()	in favour of AbstractNodeAmPlugin.getNodesByVersion()
org.forgerock.openam.auth.node.api.Action.ActionBuilder.withUniversalId(String)	use Action.ActionBuilder.withIdentifiedIdentity(java.lang.String, com.sun.identity.idm.IdType) instead.
org.forgerock.openam.auth.node.api.Action.ActionBuilder.withUniversalId(Optional<String>)	use Action.ActionBuilder.withIdentifiedIdentity(java.lang.String, com.sun.identity.idm.IdType) instead.
org.forgerock.openam.auth.node.api.TreeContext.getSecureState(String)	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.openam.auth.node.api.TreeContext.getState(String)	Use TreeContext.getStateFor(Node) instead as this method performs the same function but supports filtering of the available state based on the nodes declared inputs.
org.forgerock.openam.auth.node.api.TreeContext.getTransientState(String)	Use TreeContext.getStateFor(Node) instead as this method does not leak implementation detail of the specific type of state.
org.forgerock.openam.plugins.AmPlugin.onStartup()	Use AmPlugin.onStartup(StartupType) instead.
org.forgerock.openam.plugins.PluginTools.registerAuthNode(Class<?>)	Use PluginTools.installAuthNode(Class) and PluginTools.startAuthNode(Class) as appropriate.
org.forgerock.openam.plugins.PluginTools.registerService(Class<?>)	Use PluginTools.installService(Class) and PluginTools.startService(Class) as appropriate.
org.forgerock.openam.saml2.plugins.IDPAdapter.preSendFailureResponse(HttpServletRequest, HttpServletResponse, String, String)	since 7.2.0 use IDPAdapter.preSendFailureResponse(String, String, HttpServletRequest, HttpServletResponse, String, String).
org.forgerock.openam.saml2.plugins.InitializablePlugin.initialize(String, String)	since 7.3.0 use InitializablePlugin.initialize(Map).
org.forgerock.opendj.ldap.Dn.isRootDn()	use Dn.isEmpty() instead
org.forgerock.opendj.ldap.Dn.rootDn()	use Dn.emptyDn() instead
org.forgerock.secrets.gcpkms.GoogleKmsSignature.engineGetParameter(String)
org.forgerock.secrets.gcpkms.GoogleKmsSignature.engineSetParameter(String, Object)
org.forgerock.secrets.SecretBuilder.build(Class<T>)	Use SecretBuilder.build(Purpose) instead.
org.forgerock.secrets.vault.VaultSignature.engineGetParameter(String)
org.forgerock.secrets.vault.VaultSignature.engineSetParameter(String, Object)
org.forgerock.secrets.vault.VaultSignature.GenericRsaPssSignature.engineGetParameter(String)
org.forgerock.secrets.vault.VaultSignature.GenericRsaPssSignature.engineSetParameter(String, Object)
org.forgerock.util.encode.Base64.decodeFast(byte[])	Use Base64.decode(byte[]) instead.
org.forgerock.util.encode.Base64.decodeFast(char[])	Use Base64.decode(char[]) instead.
org.forgerock.util.encode.Base64.decodeFast(String)	Use Base64.decode(String) instead.
org.forgerock.util.promise.Promise.getOrThrowUninterruptibly()	Since 25.0.0. Prefer using Promise.getOrThrow() and handle properly the InterruptedException in the calling code, or use Promise.getOrThrowIfInterrupted().
org.forgerock.util.promise.Promise.getOrThrowUninterruptibly(long, TimeUnit)	Since 25.0.0. Prefer using Promise.get(long, TimeUnit) and handle properly the InterruptedException in the calling code, or use Promise.getOrThrowIfInterrupted().
org.forgerock.util.promise.PromiseImpl.getOrThrowUninterruptibly()
org.forgerock.util.promise.PromiseImpl.getOrThrowUninterruptibly(long, TimeUnit)
org.forgerock.util.Reject.checkNotNull(T)	use Objects.requireNonNull(Object)} instead
org.forgerock.util.Reject.checkNotNull(T, String)	use Objects.requireNonNull(Object, String) instead
org.forgerock.util.Reject.ifFalse(boolean)	Experience has shown that Reject.ifFalse can be hard to read. Prefer to use Reject.unless(boolean) (which works identically) or rewrite to use Reject.ifTrue(boolean) instead.
org.forgerock.util.Reject.ifFalse(boolean, String)	Experience has shown that Reject.ifFalse can be hard to read. Prefer to use Reject.unless(boolean, String) (which works identically) or rewrite to use Reject.ifTrue(boolean, String) instead.
org.forgerock.util.thread.ExecutorServiceFactory.createCachedThreadPool()	ExecutorServiceFactory.createCachedThreadPool(String) or ExecutorServiceFactory.createCachedThreadPool(ThreadFactory) should be used so that threads have meaningful names.
org.forgerock.util.thread.ExecutorServiceFactory.createFixedThreadPool(int)	ExecutorServiceFactory.createFixedThreadPool(int, String) should be used so that threads have meaningful names.
org.forgerock.util.thread.ExecutorServiceFactory.createScheduledService(int)	ExecutorServiceFactory.createScheduledService(int, String) should be used so that threads have meaningful names.
org.forgerock.util.thread.ExecutorServiceFactory.createThreadPool(int, int, long, TimeUnit, BlockingQueue<Runnable>)	ExecutorServiceFactory.createThreadPool(int, int, long, TimeUnit, BlockingQueue, String) should be used so that threads have meaningful names.
org.forgerock.util.Utils.asEnum(String, Class<T>)	Use Strings.asEnum(String, Class)
org.forgerock.util.Utils.closeSilently(Closeable...)	Use Closeables.closeSilently(Closeable...)
org.forgerock.util.Utils.closeSilently(Iterable<? extends Closeable>)	Use Closeables.closeSilently(Iterable)
org.forgerock.util.Utils.compareValues(Object, Object)	Use Objects.compareValues(Object, Object)
org.forgerock.util.Utils.isBlank(CharSequence)	Use Strings.isBlank(CharSequence)
org.forgerock.util.Utils.isCompatible(Object, Object)	Use Objects.isCompatible(Object, Object)
org.forgerock.util.Utils.isNullOrEmpty(String)	Use Strings.isNullOrEmpty(String)
org.forgerock.util.Utils.joinAsString(StringBuilder, String, Iterable<?>)	Use Strings.joinAsString(StringBuilder, String, Iterable)
org.forgerock.util.Utils.joinAsString(StringBuilder, String, Object...)	Use Strings.joinAsString(StringBuilder, String, Object...)
org.forgerock.util.Utils.joinAsString(String, Iterable<?>)	Use Strings.joinAsString(String, Iterable)
org.forgerock.util.Utils.joinAsString(String, Object...)	Use Strings.joinAsString(String, Object...)
org.forgerock.util.Utils.newThreadFactory(ThreadGroup, String, boolean)	Use Threads.newThreadFactory(ThreadGroup, String, boolean)

Deprecated Constructors

Constructor	Description
com.sun.identity.entitlement.ConditionDecision(boolean, Map<String, Set<String>>)
com.sun.identity.entitlement.ConditionDecision(boolean, Map<String, Set<String>>, long)
com.sun.identity.idm.AMIdentityRepository(SSOToken, String)	Use the other constructor AMIdentityRepository(String, SSOToken)
com.sun.identity.idm.IdRepoException(String, String, String, Object[])	Passing in an ldapErrorCode as a String is not recommended, use the OO ctor instead.
org.forgerock.http.filter.TransactionIdInboundFilter()	Replaced by TransactionIdInboundFilter(boolean)
org.forgerock.http.header.ContentTypeHeader(String, String, String)	Replaced by ContentTypeHeader(String, Map)
org.forgerock.http.header.ContentTypeHeader(String, String, String, Map<String, String>)	Replaced by ContentTypeHeader(String, Map)
org.forgerock.http.io.PipeBufferedStream()	Since 25.0.0. Prefer using PipeBufferedStream(Factory) to provide your own Buffer Factory
org.forgerock.http.oauth2.ResourceServerFilter(AccessTokenResolver, Clock, ResourceAccess, String)	The clock attribute is not used anymore. Use ResourceServerFilter(AccessTokenResolver, ResourceAccess, String) instead. Deprecated in 25.0.0.
org.forgerock.json.jose.builders.EncryptedJwtBuilder(Key)	Use JwtBuilderFactory.jwe(org.forgerock.secrets.keys.EncryptionKey) instead.
org.forgerock.json.jose.jwk.EcJWK(String, String, String, String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.EcJWK(String, String, String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.EcJWK(ECPublicKey, String, String)	Use the builder instead.
org.forgerock.json.jose.jwk.EcJWK(ECPublicKey, ECPrivateKey, String, String)	Use the builder instead.
org.forgerock.json.jose.jwk.JWK(KeyType, String, String, String)	Use the builder instead.
org.forgerock.json.jose.jwk.JWK(KeyType, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.OctJWK(String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(String, String, String, String, String, String, String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(String, String, String, String, String, String, String, String, String, String, String, List<RsaJWK.PrimesInfo>, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(String, String, String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(String, String, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(RSAPublicKey, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(RSAPublicKey, RSAPrivateCrtKey, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.RsaJWK(RSAPublicKey, RSAPrivateKey, String, String, String, String, String, List<String>)	Use the builder instead.
org.forgerock.json.jose.jwk.store.JwksStore(Duration, Duration, URL, JWKSetParser, Clock)	It is recommended to use JwksStore.newJwksStore(Duration, Duration, URL, JWKSetParser, Clock).
org.forgerock.json.jose.jwk.store.JwksStoreService()	Prefer using the constructor JwksStoreService(Client client) in which you provide your own instance of Client. This one does instantiate a specific instance of AsyncHttpClient but does not allow any custom filter processing, nor does it close it properly.
org.forgerock.json.jose.jwk.store.JwksStoreService(int, int)	Prefer using the constructor JwksStoreService(Client client) where timeouts are in control of the client application
org.forgerock.json.jose.jws.handlers.RSASigningHandler(Key, SignatureUtil)	Please use RSASigningHandler(Key).
org.forgerock.json.jose.jws.SigningManager()	use SigningManager(SecretsProvider) instead
org.forgerock.json.jose.tokenhandler.SecretsJwtTokenHandler(JweAlgorithm, EncryptionMethod, JwsAlgorithm, Optional<Long>, KeyPair, SigningManager, Purpose<SigningKey>, Purpose<VerificationKey>, Clock)	Use SecretsJwtTokenHandler.builder() instead.
org.forgerock.json.JsonPointer()	Use JsonPointer.rootPtr() instead.
org.forgerock.oauth.clients.apple.AppleClient(Handler, OpenIDConnectClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator)	use AppleClient(Handler, AppleClientConfiguration, Clock, SecureRandom, OpenIdResolverService, OpenIdResolverServiceConfigurator) instead.
org.forgerock.oauth.resolvers.OpenIdResolverFactory(int, int)	Use org.forgerock.oauth.resolvers.OpenIdResolverFactory#OpenIdResolverFactory (org.forgerock.http.Client) instead
org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl(int, int)	Use org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl#OpenIdResolverServiceImpl (org.forgerock.http.Client) instead.
org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory(int, int)	Use org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory# WellKnownOpenIdConfigurationFactory(org.forgerock.http.Client) instead
org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory(Client)	Use org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory# WellKnownOpenIdConfigurationFactory(org.forgerock.http.Client, java.time.Clock) instead
org.forgerock.openidconnect.Claim(String)	use Claim.ClaimBuilder
org.forgerock.openidconnect.Claim(String, Object)	use Claim.ClaimBuilder
org.forgerock.openidconnect.Claim(String, List<Object>)	use Claim.ClaimBuilder
org.forgerock.openidconnect.Claim(String, List<Object>, boolean)	use Claim.ClaimBuilder
org.forgerock.secrets.keystore.HsmKeyStoreLoader(String)	use HsmKeyStoreLoader(Provider hsmProvider) instead so that management of the provider can be left to the caller.
org.forgerock.secrets.SecretReference(SecretsProvider, Purpose<T>)	Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
org.forgerock.secrets.SecretReference(SecretsProvider, Purpose<T>, Clock)	Use SecretsProvider.createActiveReference(Purpose) or SecretReference.active(SecretsProvider, Purpose, Clock) instead.
org.forgerock.secrets.SecretsProvider()	Prefer using SecretsProvider(Clock) and provide your own clock instance.
org.forgerock.services.context.RequestAuditContext(Context)	Prefer using RequestAuditContext(Context, Instant) not to rely on the system clock.
org.forgerock.services.context.RequestAuditContext(Context, Clock)	Prefer using RequestAuditContext(Context, Instant).
org.forgerock.util.time.Duration(Long, TimeUnit)	Prefer the use of Duration.duration(long, TimeUnit).

Deprecated Enum Constants

Enum Constant	Description
org.forgerock.http.handler.HttpClientHandler.HostnameVerifier.ALLOW_ALL	this should never be used as it is a security risk.
org.forgerock.json.jose.jwe.JweAlgorithm.RSAES_PKCS1_V1_5	RSA1_5 is an insecure encryption mode. Use JweAlgorithm.RSA_OAEP_256 instead.
org.forgerock.json.jose.jws.JwsAlgorithm.NONE	This algorithm is inherently insecure and should not be used.
org.forgerock.json.jose.jws.JwsAlgorithmType.NONE	This algorithm is inherently insecure and shouldn't be used.
org.forgerock.openam.secrets.config.PropertyFormat.BASE64_HMAC_KEY	Prefer PropertyFormat.PEM for keys.
org.forgerock.openam.secrets.config.PropertyFormat.ENCRYPTED_HMAC_KEY	Prefer PropertyFormat.ENCRYPTED_PEM for keys.
org.forgerock.openam.secrets.config.PropertyFormat.GOOGLE_KMS_ENCRYPTED_HMAC_KEY	Prefer PropertyFormat.GOOGLE_KMS_ENCRYPTED_PEM for keys.