Deprecated API
Contents
-
Terminally Deprecated ElementsElementDescriptionorg.forgerock.audit.events.handlers.buffering.BufferedBatchPublisher.Builder.writeInterval
(Duration) UseTimeLimitRotationPolicy(java.time.Duration)instead.This header is no longer supported by browsers. UseSetCookieHeaderinstead.UseClientSecretPostAuthenticationFilter(CredentialPair)instead.for removal withEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.Please useEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference)instead. Will be removed in winter 2021 season.for removal withPrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.Please useSecretReferenceAPI instead. Will be removed in winter 2021 season.Please usePrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference)instead. Will be removed in winter 2021 season.UseJwksStore.getCacheMissCacheTimeDuration()instead.UseJwksStore.getCacheTimeoutDuration()instead.UseJwksStore.setCacheMissCacheTime(Duration)instead.UseJwksStore.setCacheTimeout(Duration)instead.UseJwksStoreService.JWKS_STORE_DEFAULT_CACHE_TIMEOUTinstead.useJsonValueFunctions.javaDuration()insteadThis filter is transitional only and should not be used - OPENIG-9318This interface method is transitional only and should not be used - OPENIG-9377, OPENAM-21910This filter is transitional only and should not be used - OPENIG-9312use the other constructor instead.useSqlAttributesFilter(DataSource, String, ScheduledExecutorService)instead.UsePerItemEvictionStrategyCache.getMaxTimeoutDuration()instead.UseDurationinstead.
-
Deprecated Interfaces
-
Deprecated ClassesClassDescriptionThis header is no longer supported by browsers. Use
SetCookieHeaderinstead.since 26.2. SeeFilters.newUrlEncodedHttpBasicAuthFilter(String, SecretReference)for a replacement.The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5.OpenAmAccessTokenResolveris deprecated and should not be used.UseEncryptedThenSignedJwtHeaderBuilderinstead.UseEncryptedThenSignedJwtBuilderinstead.UseContentEncryptionHandlerinstead.UseRSAEncryptionHandlerandAESCBCHMACSHA2ContentEncryptionHandlerinstead.UseRSAEncryptionHandlerandAESCBCHMACSHA2ContentEncryptionHandlerinstead.UseSecretECDSASigningHandlerinsteadUseSecretEdDSASigningHandlerinstead.UseSecretHmacSigningHandlerinsteadThis algorithm is inherently insecure and shouldn't be used.UseSecretRSASigningHandlerinsteadUseEncryptedThenSignedJwtinstead.PreferSecretsJwtTokenHandlerinstead.RequestHandlernow has default methods which implement the not-supported behavior. This class is here for transition from pre-JDK8 impelementations.This class will be removed once CAF has been migrated fully to CHF, at which point components should createSecurityContexts directly rather than via request attributes.This filter is transitional only and should not be used - OPENIG-9318This filter is transitional only and should not be used - OPENIG-9312in 2023.4.0, useSamlFederationFilterHeapletas a replacementUseSecretsKeyManagerHeapletinstead.UseKeyStoreSecretStoreHeapletinstead.UseSecretsTrustManagerHeapletinstead.UseDurationinstead.
-
Deprecated FieldsFieldDescriptionUse
JwksStoreService.JWKS_STORE_DEFAULT_CACHE_TIMEOUTinstead.OAuth2ResourceServerFilterHeaplet.NAMEis more accurate and should be used for all new referencesSince 2023.6 - supports legacy behaviour only - Tracked by OPENIG-7482
-
Deprecated MethodsMethodDescriptionorg.forgerock.audit.events.handlers.buffering.BufferedBatchPublisher.Builder.writeInterval
(Duration) UseElasticsearchUtil.NORMALIZING_OBJECT_MAPPERinstead.UseHttpClientHandler.ProxyInfo.getCredentials()insteadUseHttpClientHandler.ProxyInfo.getCredentials()insteadReplaced byContentTypeHeader.getDirectives()for removal withEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionPurpose(Purpose). Will be removed in winter 2021 season.Please useEncryptedPrivateKeyJwtClientAuthenticationFilter.Builder.withEncryptionSecretReference(SecretReference)instead. Will be removed in winter 2021 season.UseOAuth2Error.asWwwAuthenticateHeader()instead.for removal withPrivateKeyJwtClientAuthenticationFilter.Builder.withSigningPurpose(Purpose). Will be removed in winter 2021 season.Please useSecretReferenceAPI instead. Will be removed in winter 2021 season.Please usePrivateKeyJwtClientAuthenticationFilter.Builder.withSigningSecretReference(SecretReference)instead. Will be removed in winter 2021 season.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Only valid for RFC 2965 cookies ("Cookie2"), which have been deprecated and removed by most clients.Because Entity content should be read asynchronously. Instead retrieve theFormwithEntity.getFormAsync().useForm.fromFormString(String)instead.useForm.toFormString()instead.UseJweHeaderBuilder.epk(JWK)instead.PreferJwtBuilderFactory.jwe(EncryptionKey)instead.This method provides no security at all and shouldn't be used.PreferSignedJwtBuilderImpl.encrypt(EncryptionKey)instead.PreferEncryptedJwt.decrypt(SecretsProvider, Purpose)instead.PreferEncryptedJwt.decryptRawPayload(SecretsProvider, Purpose)instead.replaced byEcJWK.getEllipticCurve().replaced byJWK.getJwaAlgorithm()UseJWK.getX509Thumbprint()instead.UseJWKSetParser.jwkSetAsync(URL)instead.UseJwksStore.findJwkAsync(String)instead.UseJwksStore.findJwkAsync(String)instead.UseJwksStore.getCacheMissCacheTimeDuration()instead.UseJwksStore.getCacheTimeoutDuration()instead.UseJwksStore.reloadJwksAsync()instead.UseJwksStore.setCacheMissCacheTime(Duration)instead.UseJwksStore.setCacheTimeout(Duration)instead.UseJwksStore.setJwkUrlAsync(URL)instead.PreferEncryptedThenSignedJwt.decrypt(SecretsProvider, Purpose)instead.Replaced byJwsAlgorithm.parseCryptographicAlgorithm(String)useSigningManager.newEcdsaSigningHandler(SigningKey)} insteaduseSigningManager.newEcdsaSigningHandler(SigningKey)} insteaduseSigningManager.newHmacSigningHandler(SigningKey)insteaduseSigningManager.newHmacSigningHandler(SigningKey)insteadThis method is inherently insecure and shouldn't be used.UseSigningManager.newSigningHandler(SigningKey)insteaduseJsonValueFunctions.javaDuration()insteaduseJsonValue::copydirectly insteadUseCrestHttp.newHttpHandler(CrestApplication)instead.UseCrestHttp.newHttpHandler(CrestApplication)instead.UseCrestHttp.newHttpHandler(CrestApplication)instead.Since 25.0.0. Prefer to useCrestHttp.newHttpHandler(CrestApplication, Factory)and provide your own factory instead of the default one.Since 25.0.0. Prefer to useCrestHttp.newHttpHandler(CrestApplication, HttpContextFactory, Factory)and provide your own factory instead of the default one.Since 25.0.0. Prefer to useCrestHttp.newHttpHandler(CrestApplication, Context, Factory)and provide your own factory instead of the default one.UseCrestHttp.newHttpHandler(CrestApplication)instead.in favor ofResourceException.newResourceException(int)UseResources.newHandler(Object)instead.UseResources.newHandler(Object)instead.UseResources.newHandler(Object)instead.UseResponses.newQueryResponse(String, CountPolicy, int)instead.This interface method is transitional only and should not be used - OPENIG-9377, OPENAM-21910As of Version 2.1 of the Java Servlet API, useServletContext.getRealPath(java.lang.String)instead.As of Version 2.1 of the Java Servlet API, useChfHttpServletRequestAdapter.isRequestedSessionIdFromURL()instead.As of version 2.1, use encodeRedirectURL(String url) insteadAs of version 2.1, use encodeURL(String url) insteadAs of version 2.1, due to ambiguous meaning of the message parameter. To set a status code usesetStatus(int), to send an error with a description usesendError(int, String). Sets the status code and message for this response.since 2024.3.0, with OPENIG-8029. UseJwtValidator.Builder.claimSet(String, java.util.function.Function, JwtClaimConstraint, boolean)instead.UseSecretBuilder.build(Purpose)instead.UseBase64.decode(byte[])instead.UseBase64.decode(char[])instead.UseBase64.decode(String)instead.UsePerItemEvictionStrategyCache.getMaxTimeoutDuration()instead.Since 25.0.0. Prefer usingPromise.getOrThrow()and handle properly theInterruptedExceptionin the calling code, or usePromise.getOrThrowIfInterrupted().Since 25.0.0. Prefer usingPromise.get(long, TimeUnit)and handle properly theInterruptedExceptionin the calling code, or usePromise.getOrThrowIfInterrupted().useObjects.requireNonNull(Object)} insteaduseObjects.requireNonNull(Object, String)insteadExperience has shown thatReject.ifFalsecan be hard to read. Prefer to useReject.unless(boolean)(which works identically) or rewrite to useReject.ifTrue(boolean)instead.Experience has shown thatReject.ifFalsecan be hard to read. Prefer to useReject.unless(boolean, String)(which works identically) or rewrite to useReject.ifTrue(boolean, String)instead.ExecutorServiceFactory.createCachedThreadPool(String)orExecutorServiceFactory.createCachedThreadPool(ThreadFactory)should be used so that threads have meaningful names.ExecutorServiceFactory.createFixedThreadPool(int, String)should be used so that threads have meaningful names.ExecutorServiceFactory.createScheduledService(int, String)should be used so that threads have meaningful names.ExecutorServiceFactory.createThreadPool(int, int, long, TimeUnit, BlockingQueue, String)should be used so that threads have meaningful names.
-
Deprecated ConstructorsConstructorDescriptionUse
TimeLimitRotationPolicy(java.time.Duration)instead.Replaced byTransactionIdInboundFilter(boolean)Replaced byContentTypeHeader(String, Map)Replaced byContentTypeHeader(String, Map)Since 25.0.0. Prefer usingPipeBufferedStream(Factory)to provide your own Buffer FactoryUseClientSecretPostAuthenticationFilter(CredentialPair)instead.The clock attribute is not used anymore. UseResourceServerFilter(AccessTokenResolver, ResourceAccess, String)instead. Deprecated in 25.0.0.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.Use the builder instead.It is recommended to useJwksStore.newJwksStore(Duration, Duration, URL, JWKSetParser, Clock).Prefer using the constructorJwksStoreService(Client client)in which you provide your own instance ofClient. This one does instantiate a specific instance of AsyncHttpClient but does not allow any custom filter processing, nor does it close it properly.Prefer using the constructorJwksStoreService(Client client)where timeouts are in control of the client applicationPlease useRSASigningHandler(Key).useSigningManager(SecretsProvider)insteadUseSecretsJwtTokenHandler.builder()instead.UseJsonPointer.rootPtr()instead.use the other constructor instead.useSqlAttributesFilter(DataSource, String, ScheduledExecutorService)instead.useHsmKeyStoreLoader(Provider hsmProvider)instead so that management of the provider can be left to the caller.Prefer usingSecretsProvider(Clock)and provide your own clock instance.Prefer usingRequestAuditContext(Context, Instant)not to rely on the system clock.Prefer usingRequestAuditContext(Context, Instant).Prefer the use ofDuration.duration(long, TimeUnit).
-
Deprecated Enum ConstantsEnum ConstantDescriptionthis should never be used as it is a security risk.RSA1_5 is an insecure encryption mode. Use
JweAlgorithm.RSA_OAEP_256instead.This algorithm is inherently insecure and should not be used.This algorithm is inherently insecure and shouldn't be used.
CommonAuditBatchConfiguration.POLLING_INTERVAL_DURATIONinstead.