[MAGNOLIA-8349] The interface info.magnolia.cms.security.auth.Entity is deprecated, but what is the replacement-class? Created: 10/Mar/22 Updated: 15/Mar/22 |
|
| Status: | Reopened |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Tim Molenaar | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Date of First Response: |
| Description |
|
We are using the interface info.magnolia.cms.security.auth.Entity, which is deprecated. But what is the replacement-class? It is not mentioned in the javadoc. |
| Comments |
| Comment by Richard Gange [ 10/Mar/22 ] |
|
Hello Tim- I don't think there is a replacement. IIRC the idea was to delegate everything to JCR based security. See 4.5.1 release notes. HTH |
| Comment by Michiel Meeuwissen [ 15/Mar/22 ] |
|
Tim, I think we only use it for the constants. See https://github.com/vpro/magnolia-module-vpro-keycloak/blob/master/src/main/java/nl/vpro/magnolia/module/keycloak/security/KeycloakUserManager.java
I'd propose to simply not do that any more and avoid the warning. |
| Comment by Michiel Meeuwissen [ 15/Mar/22 ] |
|
The strange thing is that the same thing is happening in `info.magnolia.cms.security.ExternalUser`
We use the deprecated constants, because they must correspond to that.
I think the issue then boils down to: 'why is the class, deprecated for over 11 years' still being used in the core class `info.magnolia.cms.security.ExternalUser` (which is itself not deprecated) |
| Comment by Michiel Meeuwissen [ 15/Mar/22 ] |
|
I request to reopen the issue. |
| Comment by Richard Gange [ 15/Mar/22 ] |
|
Because ExternalUser itself isn't deprecated. It does still refer to the deprecated class but so what? What is it that you are really trying to accomplish here? This isn't going to be a priority for us anytime soon. The constructor using the class is deprecated. You have the methods for getting and setting properties which take the place of the methods using the constants. I don't see the issue. |
| Comment by Michiel Meeuwissen [ 15/Mar/22 ] |
|
The issue is that the constants in Entity are public, and also are used in ExternalUser. So, it is natural to use these constants, when filling the map needed by the constructor of ExternalUser. But then you use a deprecated class, and the compiler issues warnings. I think it would be a simple matter to move the constants from Entity to ExternalUser itself or so. |