Use the V5 ReleaseNotes page for any material going forward.

Programmer Visible (-api changes)

Removed various APIs related to SAML delegation

Removed unused SingletonFactory interface and implementations from opensaml

Moved refactored SecurityConfiguration classes into OpenSAML.

IdPAttribute#setValues() takes a List not a Collection (non-list deprecated since at least 4.1)

Migration of net.shibboleth.utilities.java.support → net.shibboleth.shared

  • codec

    • Definitely used a fair bit, but the StringDigester can be rewired via Spring and the HTMLEncoder was left stubbed for compatibility. The others should be mostly used in code only, but we may end up wanting stubs for Base32/Base64.

  • collection

    • Mostly these are our interfaces and APIs, but Pair is an exception that has a parent bean but likely it came later than 3.0 so might be an issue. Discussed possibly migrating off of Pair to Java Records.

  • component

    • Our APIs by and large.

  • net

    • Impacts a few APIs some might use in scripts to do servlet-y things, but should be rare. IPRange in particular tends to be used with String conversions via Spring.

  • httpclient

    • Used in some APIs but not likely by many deployers. One exception is the HttpClientSupport class which gets used in scripts to process response bodies, eg. in the HTTP data connector. To maintain compatibility, a stub with warnings was left behind.

  • installer

    • All api classes will be removed. API access to the installer will no longer be possible

  • logic

    • Lots of classes used mostly in Spring wiring (rewrites added to IdP), but left behind a couple of stubs for PredicateSupport and FunctionSupport. Removed our Predicate bridge interface used during the Java 8 transition.

  • primitive

    • Pretty much only StringSupport matters much here, a stub was left for that.

  • resolver

    • Our APIs used by a lot of our code but hopefully not by deployers much.

  • resource

    • One interface, our non-Spring version of Resource, really just used in APIs and not as a class itself.

  • services

    • ServiceableComponent now extends AutoCloseable. Any code using ServiceableComponent should be changed to exploit this

    • The implementation details of ServiceableComponent management (pin/unpin/unload) have been removed from that interface. As a result of this, any code implementing ServiceableComponent but wanting to exploit ReloadableSpringService must extend AbstractServiceableComponent.

    • The getServiceableComponent method now always returns the component or throws a ServiceException. The choice there was done for consistency with the strategy functions that used it, and because converting to checked would mean a very visible API change, though mostly to our code. We may still do that.

  • scripting

    • Used by our higher level classes.

  • security

    • Command line tool changes but those are captured in shell files we supply. The AccessControl interfaces move but I don’t expect deployers would have directly interacted with that service as an API. Various beans move but they’re system-defined in almost all cases. Biggest API ripple is the IdentifierGenerationStrategy stuff, but that’s unlikely to affect anybody but us and probably needs more work given the use of impl classes all over the code base.

  • xml

    • Moved BasicParserPool and an errorhandler class into an impl subpackage. Lots of Java code will have used the various XSupport classes and likely depend on the ParserPool and exception classes, but I do not expect deployer impact of much significance.