Migrate to Jakarta Servlet 5.0

.github/workflows/build.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java: [11, 17, 21]
+        java: [17, 21]
     name: "Java ${{ matrix.java }} build"
     steps:
       - uses: actions/checkout@v4

Dockerfile

@@ -31,7 +31,7 @@ RUN \
   unzip openam-distribution/openam-distribution-ssoconfiguratortools/target/SSOConfiguratorTools-$(cat /build/version.txt).zip -d /build/ssoconf
 
 
-FROM tomcat:9-jdk17-temurin
+FROM tomcat:10-jdk17-temurin
 
 # Set environment variables
 ENV \
@@ -41,9 +41,11 @@ ENV \
     --add-exports=java.base/sun.security.x509=ALL-UNNAMED \
     --add-exports=java.management/sun.management=ALL-UNNAMED \
     --add-exports=java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED \
+    --add-opens=java.base/java.io=ALL-UNNAMED \
     --add-opens=java.base/java.lang.reflect=ALL-UNNAMED \
     --add-opens=java.base/java.net=ALL-UNNAMED \
     --add-opens=java.base/java.util.regex=ALL-UNNAMED \
+    --add-opens=java.base/sun.nio.ch=ALL-UNNAMED \
     -Dcom.sun.identity.configuration.directory=/srv/wrenam \
   " \
   CATALINA_OPTS="-server -Xmx2g -XX:MetaspaceSize=256m -XX:MaxMetaspaceSize=256m"

README.md

@@ -62,7 +62,7 @@ Following software is needed to build the project:
 
 | Software  | Required Version |
 | --------- | -------------    |
-| OpenJDK   | 11 and above     |
+| OpenJDK   | 17 and above     |
 | Git       | 2.0 and above    |
 | Maven     | 3.0 and above    |
 

openam-audit/openam-audit-context/src/main/java/org/forgerock/openam/audit/context/AuditContextFilter.java

@@ -20,13 +20,13 @@
 import org.forgerock.http.header.TransactionIdHeader;
 import org.forgerock.services.TransactionId;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 
 /**

openam-audit/openam-audit-context/src/test/java/org/forgerock/openam/audit/AuditContextFilterTest.java

@@ -38,9 +38,9 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
-import javax.servlet.FilterChain;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.google.inject.AbstractModule;
 import com.google.inject.Module;

openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/AMAccessAuditEventBuilder.java

@@ -29,7 +29,7 @@
 import java.util.Map;
 import java.util.TreeMap;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.forgerock.audit.events.AccessAuditEventBuilder;
 import org.forgerock.http.MutableUri;

openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/servlet/AuditAccessServletFilter.java

@@ -17,14 +17,14 @@
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.forgerock.guice.core.InjectorHolder;
 import org.forgerock.openam.audit.AuditConstants;

openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/servlet/AuditableHttpServletResponse.java

@@ -18,8 +18,8 @@
 
 import java.io.IOException;
 
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponseWrapper;
 
 /**
  * {@link HttpServletResponse} decorator used for capturing response status and message.

openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/servlet/Auditor.java

@@ -25,7 +25,7 @@
 import static org.forgerock.openam.audit.AuditConstants.EventName.AM_ACCESS_OUTCOME;
 
 import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.forgerock.audit.events.AuditEvent;
 import org.forgerock.json.JsonValue;

openam-audit/openam-audit-core/src/main/java/org/forgerock/openam/audit/servlet/AuditorFactory.java

@@ -16,7 +16,7 @@
 
 package org.forgerock.openam.audit.servlet;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.forgerock.openam.audit.AuditConstants.Component;
 

openam-audit/openam-audit-core/src/test/java/org/forgerock/openam/audit/servlet/AuditableHttpServletResponseTest.java

@@ -16,7 +16,7 @@
 
 package org.forgerock.openam.audit.servlet;
 
-import static javax.servlet.http.HttpServletResponse.*;
+import static jakarta.servlet.http.HttpServletResponse.*;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
@@ -25,7 +25,7 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * @since 13.0.0

openam-authentication/openam-auth-adaptive/src/main/java/org/forgerock/openam/authentication/modules/adaptive/Adaptive.java

@@ -51,8 +51,8 @@
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.forgerock.openam.utils.ClientUtils;
 import org.forgerock.openam.utils.CollectionUtils;

openam-authentication/openam-auth-adaptive/src/main/java/org/forgerock/openam/authentication/modules/adaptive/AdaptivePostAuthenticationPlugin.java

@@ -24,8 +24,8 @@
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.iplanet.sso.SSOToken;
 import com.sun.identity.authentication.service.AuthUtils;

openam-authentication/openam-auth-application/src/main/java/com/sun/identity/authentication/modules/application/Application.java

@@ -43,7 +43,7 @@
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.forgerock.openam.ldap.LDAPUtils;
 import org.forgerock.opendj.ldap.DN;

openam-authentication/openam-auth-cert/src/main/java/com/sun/identity/authentication/modules/cert/Cert.java

@@ -48,7 +48,7 @@
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.x500.X500Principal;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import org.forgerock.openam.ldap.LDAPUtils;
 import org.forgerock.opendj.ldap.LDAPUrl;
@@ -394,7 +394,7 @@ public int process (Callback[] callbacks, int state)
             HttpServletRequest servletRequest = getHttpServletRequest();
             if (servletRequest != null) {
                 allCerts = (X509Certificate[]) servletRequest.
-                   getAttribute("javax.servlet.request.X509Certificate");
+                   getAttribute("jakarta.servlet.request.X509Certificate");
                 if (allCerts == null || allCerts.length == 0) {
                     debug.message(
                           "Certificate: checking for cert passed in the URL.");

openam-authentication/openam-auth-common/src/main/java/org/forgerock/openam/authentication/modules/common/AMLoginModuleBinder.java

@@ -17,8 +17,8 @@
 package org.forgerock.openam.authentication.modules.common;
 
 import javax.security.auth.callback.CallbackHandler;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.sun.identity.authentication.spi.AMLoginModule;
 import com.sun.identity.authentication.spi.AuthLoginException;

openam-authentication/openam-auth-common/src/main/java/org/forgerock/openam/authentication/modules/common/AuthLoginModule.java

@@ -23,8 +23,8 @@
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.sun.identity.authentication.spi.AuthLoginException;
 

openam-authentication/openam-auth-common/src/main/java/org/forgerock/openam/authentication/modules/common/JaspiAuthLoginModule.java

@@ -21,9 +21,9 @@
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.login.LoginException;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
+import jakarta.security.auth.message.AuthException;
+import jakarta.security.auth.message.AuthStatus;
+import jakarta.security.auth.message.MessageInfo;
 
 import com.sun.identity.authentication.spi.AuthLoginException;
 import com.sun.identity.authentication.util.ISAuthConstants;

openam-authentication/openam-auth-common/src/main/java/org/forgerock/openam/authentication/modules/common/JaspiAuthLoginModulePostAuthenticationPlugin.java

@@ -18,11 +18,11 @@
 
 import java.util.Map;
 
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.security.auth.message.AuthException;
+import jakarta.security.auth.message.AuthStatus;
+import jakarta.security.auth.message.MessageInfo;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import com.iplanet.sso.SSOToken;
 import com.sun.identity.authentication.spi.AMPostAuthProcessInterface;

openam-authentication/openam-auth-common/src/main/java/org/forgerock/openam/authentication/modules/common/JaspiAuthModuleWrapper.java

@@ -21,13 +21,13 @@
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.security.auth.message.AuthException;
+import jakarta.security.auth.message.AuthStatus;
+import jakarta.security.auth.message.MessageInfo;
+import jakarta.security.auth.message.MessagePolicy;
+import jakarta.security.auth.message.module.ServerAuthModule;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * Base class for wrapping a Jaspi ServerAuthModule. Provides wrappers over the modules functionality, and hides

openam-authentication/openam-auth-common/src/test/java/org/forgerock/openam/authentication/modules/common/JaspiAuthLoginModulePAPTest.java

@@ -32,12 +32,12 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.security.auth.message.AuthException;
+import jakarta.security.auth.message.AuthStatus;
+import jakarta.security.auth.message.MessageInfo;
+import jakarta.security.auth.message.module.ServerAuthModule;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;

openam-authentication/openam-auth-common/src/test/java/org/forgerock/openam/authentication/modules/common/JaspiAuthLoginModuleTest.java

@@ -33,10 +33,10 @@
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
-import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.security.auth.message.AuthStatus;
+import jakarta.security.auth.message.MessageInfo;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.mockito.ArgumentMatchers;
 import org.testng.annotations.BeforeMethod;

openam-authentication/openam-auth-common/src/test/java/org/forgerock/openam/authentication/modules/common/JaspiAuthModuleWrapperTest.java

@@ -26,10 +26,10 @@
 import java.util.Map;
 
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.message.MessagePolicy;
-import javax.security.auth.message.module.ServerAuthModule;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.security.auth.message.MessagePolicy;
+import jakarta.security.auth.message.module.ServerAuthModule;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;

openam-authentication/openam-auth-httpbasic/src/main/java/com/sun/identity/authentication/modules/httpbasic/HTTPBasic.java

@@ -55,8 +55,8 @@
 import com.sun.identity.security.AdminTokenAction;
 import com.sun.identity.shared.encode.Base64;
 import java.security.AccessController;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 /**
  * HTTP Basic login module.

openam-authentication/openam-auth-msisdn/src/main/java/com/sun/identity/authentication/modules/msisdn/MSISDN.java

@@ -49,8 +49,8 @@
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.Cookie;
 
 /**
  * MSISDN Authentication module retrieves the device's <code>msisdn</code>

openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/OAuth.java

@@ -72,8 +72,8 @@
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.commons.lang.StringUtils;

openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/OAuth2PostAuthnPlugin.java

@@ -35,8 +35,8 @@
 
 import java.net.URLEncoder;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.forgerock.openam.utils.StringUtils;
 

openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/OAuthProxy.java

@@ -25,8 +25,8 @@
  */
 package org.forgerock.openam.authentication.modules.oauth2;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.PrintWriter;
 import java.util.Map;
 

openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/OAuthUtil.java

@@ -26,7 +26,7 @@
 
 package org.forgerock.openam.authentication.modules.oauth2;
 
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import com.sun.identity.shared.debug.Debug;
 import com.sun.identity.shared.encode.CookieUtils;

openam-authentication/openam-auth-oidc/src/main/java/org/forgerock/openam/authentication/modules/oidc/OpenIdConnect.java

@@ -28,7 +28,7 @@
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.security.Principal;
 import java.util.Map;
 import java.util.Set;