Deprecated API
Contents
-
Terminally Deprecated ElementsElementDescriptionthis isn't called, so can be safely removed.this isn't called, so can be safely removed.this isn't called, so can be safely removed.Use the other constructor
AMIdentityRepository(String, SSOToken)Passing in an ldapErrorCode as a String is not recommended, use the OO ctor instead.Use #getLdapErrorIntCode() instead. The ldap error code is always an intAs of Sun Java System Access Manager 7.1.This method is deprecated. The setting for recursive search should be configured via the data store.This method is deprecated. The setting for recursive search should be configured via the data store.This method is deprecated, useHex.encode(byte[])} instead. Converts byte array toHexString.This method is deprecated, useHex.decode(String)instead. ConvertsHexString to Byte Array.since AM 7.3.0 Implement use-case specificFedletAdapterimplementations instead.since AM 7.3.0 Implement use-case specificIDPAdapterimplementations instead.since AM 7.3.0 Implement use-case specificIDPFinderimplementations instead.since AM 7.3.0 Implement use-case specificSPAdapterimplementations instead.UseLoggerinstead.UseServiceConfigManager.addListener(ServiceListener)instead.This method has been deprecated, usegetAssignedServices()instead.UseServiceConfigManager.removeListener(String)instead.The labeledURI setting shall not be used for storing configuration data.The labeledURI setting shall not be used for storing configuration data.The labeledURI setting shall not be used for storing configuration data.UseIdentityStore.searchForIdentity(IdType, String)insteadUseListMultimapinstead.UseMultimapinstead.UseMultisetinstead.Will be replaced in a later release byClient.This header is no longer supported by browsers. UseSetCookieHeaderinstead.UseClientSecretPostAuthenticationFilter(CredentialPair)instead.for removal withEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.Please useEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference)instead. Will be removed in winter 2021 season.for removal withPrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.Please useSecretReferenceAPI instead. Will be removed in winter 2021 season.Please usePrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference)instead. Will be removed in winter 2021 season.UseJwksStore.getCacheMissCacheTimeDuration()instead.UseJwksStore.getCacheTimeoutDuration()instead.UseJwksStore.setCacheMissCacheTime(Duration)instead.UseJwksStore.setCacheTimeout(Duration)instead.UseJwksStoreService.JWKS_STORE_DEFAULT_CACHE_TIMEOUTinstead.useJsonValueFunctions.javaDuration()insteadUseAccessToken.addExtraData(String, Supplier)instead.since 7.2.0since 7.2.0 UseAuthorizeEndpointDataProvider.provide(Map, OAuth2Request)instead.since 7.2.0 UseAccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request)instead. Functionality provided by Access Token Modification plugin supersedes the functionality this extension point was originally intended to provide.since 7.2.0 UseScopeEvaluator.evaluateScope(AccessToken)instead.org.forgerock.oauth2.core.ScopeValidator.getUserInfo(ClientRegistration, AccessToken, OAuth2Request) since 7.2.0 UseUserInfoClaimsPlugin.getUserInfo(ClientRegistration, AccessToken, OAuth2Request)instead.since 7.2.0 UseAccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request)instead.since 7.2.0 Use#validateAccessTokenScope(ClientRegistration, Set, OAuth2Request)instead.since 7.2.0 Use#validateAuthorizationScope(ClientRegistration, Set, OAuth2Request)instead.since 7.2.0 Use#validateBackChannelAuthorizationScope(ClientRegistration, Set, OAuth2Request)instead.since 7.2.0 Use#validateRefreshTokenScope(ClientRegistration, Set, Set, OAuth2Request)instead.in favour ofAbstractNodeAmPlugin.getNodesByVersion()useNodeStateinstead, setting state in the action is no longer required.useNodeStateinstead, setting state in the action is no longer required.useNodeStateinstead, setting state in the action is no longer required.useNodeStateinstead, setting state in the action is no longer required.useAction.identifiedIdentityinstead.useIdmIntegrationService.OBJECT_ATTRIBUTESinstead.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.UseTreeContext.getStateFor(Node)instead as this method performs the same function but supports filtering of the available state based on the nodes declared inputs.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.UseAmPlugin.onStartup(StartupType)instead.UsePluginTools.installAuthNode(Class)andPluginTools.startAuthNode(Class)as appropriate.UsePluginTools.installService(Class)andPluginTools.startService(Class)as appropriate.since 7.3.0 useInitializablePlugin.initialize(Map).PreferPropertyFormat.PEMfor keys.PreferPropertyFormat.ENCRYPTED_PEMfor keys.PreferPropertyFormat.GOOGLE_KMS_ENCRYPTED_PEMfor keys.useClaimthis method is supplied to allow a smooth migration from the original behaviour of using only the version part of the Secret Version name as the stable ID and should be used only for a limited time during the migration. New applications should use the full stable ID mapping without fallback.this method is supplied to allow reverting to the original behaviour of using only the version part of the Secret Version name as the stable ID, however this is not recommended as it leads to stableIDs which match for many different secrets.UsePerItemEvictionStrategyCache.getMaxTimeoutDuration()instead.UseDurationinstead.
-
Deprecated InterfacesInterfaceDescriptionsince AM 7.3.0 Implement use-case specific
IDPAdapterimplementations instead.since AM 7.3.0 Implement use-case specificIDPFinderimplementations instead.UseListMultimapinstead.UseMultimapinstead.UseMultisetinstead.since 7.2.0
-
Deprecated ClassesClassDescriptionAs of OpenSSO Express 8.0, use
com.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, useEntitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, useResourceMatchinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.As of OpenSSO Express 8.0, usecom.sun.identity.entitlementinstead asEntitlementhas replacedPolicy.since AM 7.3.0 Implement use-case specificFedletAdapterimplementations instead.since AM 7.3.0 Implement use-case specificSPAdapterimplementations instead.UseLoggerinstead.This class is currently only used in conjunction with the PropertyResolverSecretStore and this pairing is deprecated. Instead, use the FileSystemSecretStore.Will be replaced in a later release byClient.This header is no longer supported by browsers. UseSetCookieHeaderinstead.since 26.2. SeeFilters.newUrlEncodedHttpBasicAuthFilter(String, SecretReference)for a replacement.The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5.OpenAmAccessTokenResolveris deprecated and should not be used.TheAuthenticatedEncryptionCryptographyHandlershould be preferred.TheAuthenticatedEncryptionCryptographyHandlershould be preferred.UseEncryptedThenSignedJwtHeaderBuilderinstead.UseEncryptedThenSignedJwtBuilderinstead.UseContentEncryptionHandlerinstead.UseRSAEncryptionHandlerandAESCBCHMACSHA2ContentEncryptionHandlerinstead.UseRSAEncryptionHandlerandAESCBCHMACSHA2ContentEncryptionHandlerinstead.UseSecretECDSASigningHandlerinsteadUseSecretEdDSASigningHandlerinstead.UseSecretHmacSigningHandlerinsteadThis algorithm is inherently insecure and shouldn't be used.UseSecretRSASigningHandlerinsteadUseEncryptedThenSignedJwtinstead.PreferSecretsJwtTokenHandlerinstead.RequestHandlernow has default methods which implement the not-supported behavior. This class is here for transition from pre-JDK8 impelementations.since 8.1.0, this has just been left available for legacy scripting, for next-gen useScriptedSecretsFacadeImplinstead.useClaimUseDurationinstead.
-
Deprecated Exceptions
-
Deprecated FieldsFieldDescriptionThis type is deprecated and will be removed in a future release. Use the Scalable Clients feature instead.This type is deprecated and will be removed in a future release. Use the Scalable Clients feature instead.Use
JwksStoreService.JWKS_STORE_DEFAULT_CACHE_TIMEOUTinstead.useNodeStateinstead, setting state in the action is no longer required.useNodeStateinstead, setting state in the action is no longer required.useAction.identifiedIdentityinstead.useIdmIntegrationService.OBJECT_ATTRIBUTESinstead.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.
-
Deprecated MethodsMethodDescriptionuse
getAll()this isn't called, so can be safely removed.this isn't called, so can be safely removed.this isn't called, so can be safely removed.Use #getLdapErrorIntCode() instead. The ldap error code is always an intAs of Sun Java System Access Manager 7.1.This method is deprecated. The setting for recursive search should be configured via the data store.This method is deprecated. The setting for recursive search should be configured via the data store.This method is deprecated, useHex.encode(byte[])} instead. Converts byte array toHexString.This method is deprecated, useHex.decode(String)instead. ConvertsHexString to Byte Array.UseServiceConfigManager.addListener(ServiceListener)instead.This method has been deprecated, usegetAssignedServices()instead.UseServiceConfigManager.removeListener(String)instead.The labeledURI setting shall not be used for storing configuration data.The labeledURI setting shall not be used for storing configuration data.The labeledURI setting shall not be used for storing configuration data.UseIdentityStore.searchForIdentity(IdType, String)insteadIn favour ofPropertyResolver.getProperty(String, boolean)UseHttpClientHandler.ProxyInfo.getCredentials()insteadUseHttpClientHandler.ProxyInfo.getCredentials()insteadReplaced byContentTypeHeader.getDirectives()for removal withEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.Please useEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference)instead. Will be removed in winter 2021 season.UseOAuth2Error.asWwwAuthenticateHeader()instead.for removal withPrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.Please useSecretReferenceAPI instead. Will be removed in winter 2021 season.Please usePrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference)instead. Will be removed in winter 2021 season.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Because Entity content should be read asynchronously. Instead retrieve theFormwithEntity.getFormAsync().useForm.fromFormString(String)instead.useForm.toFormString()instead.UseJweHeaderBuilder.epk(JWK)instead.PreferJwtBuilderFactory.jwe(EncryptionKey)instead.This method provides no security at all and shouldn't be used.PreferSignedJwtBuilderImpl.encrypt(EncryptionKey)instead.PreferEncryptedJwt.decrypt(SecretsProvider, Purpose)instead.PreferEncryptedJwt.decryptRawPayload(SecretsProvider, Purpose)instead.replaced byEcJWK.getEllipticCurve().replaced byJWK.getJwaAlgorithm()UseJWK.getX509Thumbprint()instead.UseJWKSetParser.jwkSetAsync(URL)instead.UseJwksStore.findJwkAsync(String)instead.UseJwksStore.findJwkAsync(String)instead.UseJwksStore.getCacheMissCacheTimeDuration()instead.UseJwksStore.getCacheTimeoutDuration()instead.UseJwksStore.reloadJwksAsync()instead.UseJwksStore.setCacheMissCacheTime(Duration)instead.UseJwksStore.setCacheTimeout(Duration)instead.UseJwksStore.setJwkUrlAsync(URL)instead.PreferEncryptedThenSignedJwt.decrypt(SecretsProvider, Purpose)instead.Replaced byJwsAlgorithm.parseCryptographicAlgorithm(String)useSigningManager.newEcdsaSigningHandler(SigningKey)} insteaduseSigningManager.newEcdsaSigningHandler(SigningKey)} insteaduseSigningManager.newHmacSigningHandler(SigningKey)insteaduseSigningManager.newHmacSigningHandler(SigningKey)insteadThis method is inherently insecure and shouldn't be used.UseSigningManager.newSigningHandler(SigningKey)insteaduseJsonValueFunctions.javaDuration()insteaduseJsonValue::copydirectly insteadin favor ofResourceException.newResourceException(int)UseResources.newHandler(Object)instead.UseResources.newHandler(Object)instead.UseResources.newHandler(Object)instead.UseResponses.newQueryResponse(String, CountPolicy, int)instead.UseOAuth2Client.createAuthRedirectUri(String, String)and specify a PKCE challenge.UseOAuth2Client.createAuthRedirectUri(String, String)and specify a PKCE verifier.UseOAuth2ClientConfiguration.getClientSecretReference()instead.UseOpenIDConnectClient.createAuthRedirectUri(String, String, String)and specify a PKCE challenge.Replaced byOpenIdResolverFactory.createJWKResolver(String, URL)()}UseAccessToken.addExtraData(String, Supplier)instead.since 7.2.0 UseAuthorizeEndpointDataProvider.provide(Map, OAuth2Request)instead.since 7.2.0 UseAccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request)instead. Functionality provided by Access Token Modification plugin supersedes the functionality this extension point was originally intended to provide.since 7.2.0 UseScopeEvaluator.evaluateScope(AccessToken)instead.org.forgerock.oauth2.core.ScopeValidator.getUserInfo(ClientRegistration, AccessToken, OAuth2Request) since 7.2.0 UseUserInfoClaimsPlugin.getUserInfo(ClientRegistration, AccessToken, OAuth2Request)instead.since 7.2.0 UseAccessTokenModifier.modifyAccessToken(AccessToken, OAuth2Request)instead.since 7.2.0 Use#validateAccessTokenScope(ClientRegistration, Set, OAuth2Request)instead.since 7.2.0 Use#validateAuthorizationScope(ClientRegistration, Set, OAuth2Request)instead.since 7.2.0 Use#validateBackChannelAuthorizationScope(ClientRegistration, Set, OAuth2Request)instead.since 7.2.0 Use#validateRefreshTokenScope(ClientRegistration, Set, Set, OAuth2Request)instead.in favour ofAbstractNodeAmPlugin.getNodesByVersion()useNodeStateinstead, setting state in the action is no longer required.useNodeStateinstead, setting state in the action is no longer required.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.UseTreeContext.getStateFor(Node)instead as this method performs the same function but supports filtering of the available state based on the nodes declared inputs.UseTreeContext.getStateFor(Node)instead as this method does not leak implementation detail of the specific type of state.Since 8.1.0 this value is unused by PingOne Protect, but the builder methods remain to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but the builder methods remain to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but the builder methods remain to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but the builder methods remain to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but the builder methods remain to support backwards compatibility.Since 8.1.0 enableTrust has been replaced by universalDeviceIdentification. This method continues to be provided to support backwards compatibility and will set universalDeviceIdentification to the value provided, however, this method will be removed in a later version. All calls to this method should be updated to usePingOneProtectInitializeCallback.Builder.withUniversalDeviceIdentification(boolean)instead.Since 8.1.0 this value is unused by PingOne Protect, but the builder methods remain to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but continues to be provided to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but continues to be provided to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but continues to be provided to support backwards compatibility.org.forgerock.openam.authentication.callbacks.PingOneProtectInitializeCallback.isConsoleLogEnabled()Since 8.1.0 this value is unused by PingOne Protect, but continues to be provided to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but continues to be provided to support backwards compatibility.Since 8.1.0 this value has been replaced by universalDeviceIdentification. This method now returns the universalDeviceIdentification value to support backwards compatibility.Since 8.1.0 this value is unused by PingOne Protect, but continues to be provided to support backwards compatibility.UseAmPlugin.onStartup(StartupType)instead.UsePluginTools.installAuthNode(Class)andPluginTools.startAuthNode(Class)as appropriate.UsePluginTools.installService(Class)andPluginTools.startService(Class)as appropriate.since 7.3.0 useInitializablePlugin.initialize(Map).useMultiple.nameSet()instead.useDn.isEmpty()insteaduseDn.emptyDn()insteadthis method is supplied to allow a smooth migration from the original behaviour of using only the version part of the Secret Version name as the stable ID and should be used only for a limited time during the migration. New applications should use the full stable ID mapping without fallback.this method is supplied to allow reverting to the original behaviour of using only the version part of the Secret Version name as the stable ID, however this is not recommended as it leads to stableIDs which match for many different secrets.UseSecretBuilder.build(Purpose)instead.org.forgerock.secrets.vault.VaultSignature.GenericRsaPssSignature.engineSetParameter(String, Object) UseBase64.decode(byte[])instead.UseBase64.decode(char[])instead.UseBase64.decode(String)instead.UsePerItemEvictionStrategyCache.getMaxTimeoutDuration()instead.Since 25.0.0. Prefer usingPromise.getOrThrow()and handle properly theInterruptedExceptionin the calling code, or usePromise.getOrThrowIfInterrupted().Since 25.0.0. Prefer usingPromise.get(long, TimeUnit)and handle properly theInterruptedExceptionin the calling code, or usePromise.getOrThrowIfInterrupted().useObjects.requireNonNull(Object)} insteaduseObjects.requireNonNull(Object, String)insteadExperience has shown thatReject.ifFalsecan be hard to read. Prefer to useReject.unless(boolean)(which works identically) or rewrite to useReject.ifTrue(boolean)instead.Experience has shown thatReject.ifFalsecan be hard to read. Prefer to useReject.unless(boolean, String)(which works identically) or rewrite to useReject.ifTrue(boolean, String)instead.ExecutorServiceFactory.createCachedThreadPool(String)orExecutorServiceFactory.createCachedThreadPool(ThreadFactory)should be used so that threads have meaningful names.ExecutorServiceFactory.createFixedThreadPool(int, String)should be used so that threads have meaningful names.ExecutorServiceFactory.createScheduledService(int, String)should be used so that threads have meaningful names.ExecutorServiceFactory.createThreadPool(int, int, long, TimeUnit, BlockingQueue, String)should be used so that threads have meaningful names.
-
Deprecated ConstructorsConstructorDescriptionUse the other constructor
AMIdentityRepository(String, SSOToken)Passing in an ldapErrorCode as a String is not recommended, use the OO ctor instead.Replaced byTransactionIdInboundFilter(boolean)Replaced byContentTypeHeader(String, Map)Replaced byContentTypeHeader(String, Map)Since 25.0.0. Prefer usingPipeBufferedStream(Factory)to provide your own Buffer FactoryUseClientSecretPostAuthenticationFilter(CredentialPair)instead.The clock attribute is not used anymore. UseResourceServerFilter(AccessTokenResolver, ResourceAccess, String)instead. Deprecated in 25.0.0.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.It is recommended to useJwksStore.newJwksStore(Duration, Duration, URL, JWKSetParser, Clock).Prefer using the constructorJwksStoreService(Client client)in which you provide your own instance ofClient. This one does instantiate a specific instance of AsyncHttpClient but does not allow any custom filter processing, nor does it close it properly.Prefer using the constructorJwksStoreService(Client client)where timeouts are in control of the client applicationPlease useRSASigningHandler(Key).useSigningManager(SecretsProvider)insteadUseSecretsJwtTokenHandler.builder()instead.UseJsonPointer.rootPtr()instead.Use org.forgerock.oauth.resolvers.OpenIdResolverFactory#OpenIdResolverFactory (org.forgerock.http.Client) insteadUse org.forgerock.oauth.resolvers.service.OpenIdResolverServiceImpl#OpenIdResolverServiceImpl (org.forgerock.http.Client) instead.Use org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory# WellKnownOpenIdConfigurationFactory(org.forgerock.http.Client) insteadUse org.forgerock.oauth.resolvers.WellKnownOpenIdConfigurationFactory# WellKnownOpenIdConfigurationFactory(org.forgerock.http.Client, java.time.Clock) insteaduseHsmKeyStoreLoader(Provider hsmProvider)instead so that management of the provider can be left to the caller.Prefer usingSecretsProvider(Clock)and provide your own clock instance.Prefer usingRequestAuditContext(Context, Instant)not to rely on the system clock.Prefer usingRequestAuditContext(Context, Instant).Prefer the use ofDuration.duration(long, TimeUnit).
-
Deprecated Enum ConstantsEnum ConstantDescriptionthis should never be used as it is a security risk.RSA1_5 is an insecure encryption mode. Use
JweAlgorithm.RSA_OAEP_256instead.This algorithm is inherently insecure and should not be used.This algorithm is inherently insecure and shouldn't be used.PreferPropertyFormat.PEMfor keys.PreferPropertyFormat.ENCRYPTED_PEMfor keys.PreferPropertyFormat.GOOGLE_KMS_ENCRYPTED_PEMfor keys.
getAll()