[jira] [Updated] (GEODE-10534) Fix Deprecated APIs in Support Modules (geode-management, geode-serialization, geode-deployment-legacy, geode-web-api)

[Jinwoo Hwang (Jira)]

     [ 
https://issues.apache.org/jira/browse/GEODE-10534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jinwoo Hwang updated GEODE-10534:
---------------------------------
    Description: 
h2. Summary

Fix 13 deprecated API warnings across 4 support modules: geode-management (10 
warnings), geode-serialization (1 warning), geode-deployment-legacy (1 
warning), and geode-web-api (1 warning).
h2. Description

These support modules contain deprecated API usage across reflection APIs, HTTP 
client libraries, and string utilities. While none are marked for immediate 
removal, addressing these warnings improves code maintainability and prepares 
for future library migrations.

*Total Warnings:* 13 [deprecation] warnings
*Priority:* MEDIUM - Technical debt cleanup, no immediate upgrade blockers
h2. Module Breakdown
h3. Module 1: geode-management (10 warnings)

*Owner:* Management/REST Team
*Package:* {{{}org.apache.geode.management.api{}}}, 
{{org.apache.geode.management.configuration}}
*Total APIs:* 3 deprecated APIs
*Effort:* 6-8 hours
h4. Issue 1.1: Apache HttpClient 5 SSL APIs (9 warnings)

*File:* 
{{geode-management/src/main/java/org/apache/geode/management/api/RestTemplateClusterManagementServiceTransport.java}}
*Lines:* 167 (×2), 173, 181 (×2), 187

*Deprecated APIs:*

*API 1: SSLConnectionSocketFactory*
{code:java}
Package: org.apache.hc.client5.http.ssl
Full Name: org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory
Deprecated: Apache HttpClient 5.0
Removal Target: Future major version (likely 6.0)
Replacement: org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder
{code}
*API 2: PoolingHttpClientConnectionManagerBuilder.setSSLSocketFactory()*
{code:java}
Package: org.apache.hc.client5.http.impl.io
Full Name: 
org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder.setSSLSocketFactory()
Signature: public PoolingHttpClientConnectionManagerBuilder 
setSSLSocketFactory(LayeredConnectionSocketFactory)
Deprecated: Apache HttpClient 5.0
Removal Target: Future major version (likely 6.0)
Replacement: setTlsSocketStrategy() or similar modern TLS approach
{code}
*Warnings:*
{code:java}
Line 167: warning: [deprecation] SSLConnectionSocketFactory in 
org.apache.hc.client5.http.ssl has been deprecated (×2)
Line 173: warning: [deprecation] 
setSSLSocketFactory(LayeredConnectionSocketFactory) has been deprecated
Line 181: warning: [deprecation] SSLConnectionSocketFactory in 
org.apache.hc.client5.http.ssl has been deprecated (×2)
Line 187: warning: [deprecation] 
setSSLSocketFactory(LayeredConnectionSocketFactory) has been deprecated
{code}
*Action Required:*
 * Migrate to Apache HttpClient 5 recommended SSL configuration
 * Use {{SSLConnectionSocketFactoryBuilder}} for SSL socket factory creation
 * Replace {{setSSLSocketFactory()}} with {{setTlsSocketStrategy()}} or modern 
TLS approach
 * Test SSL/TLS connections thoroughly

*Risk:* MEDIUM - Library migration, requires SSL connection testing
h4. Issue 1.2: Apache Commons Lang StringUtils (1 warning)

*File:* 
{{geode-management/src/main/java/org/apache/geode/management/configuration/Index.java:91}}

*Deprecated API:*
{code:java}
Package: org.apache.commons.lang3
Full Name: org.apache.commons.lang3.StringUtils.removeStart()
Signature: public static String removeStart(String str, String remove)
Deprecated: Commons Lang 3.x
Removal Target: Not scheduled
{code}
*Migration Pattern:*
{code:java}
// Before:
String result = StringUtils.removeStart(str, prefix);

// After:
String result = str.startsWith(prefix) ? str.substring(prefix.length()) : str;
{code}
*Risk:* LOW - Simple string manipulation

—
h3. Module 2: geode-serialization (1 warning)

*Owner:* Serialization Team
*Package:* {{org.apache.geode.internal.serialization.internal}}
*Total APIs:* 1 deprecated API
*Effort:* 2-3 hours

*File:* 
{{geode-serialization/src/main/java/org/apache/geode/internal/serialization/internal/DSFIDSerializerImpl.java:343}}

*Deprecated API:*
{code:java}
Package: java.lang.reflect
Full Name: java.lang.reflect.AccessibleObject.isAccessible()
Signature: public boolean isAccessible()
Deprecated: Java 9
Removal Target: Not scheduled
Replacement: java.lang.reflect.AccessibleObject.canAccess(Object obj)
{code}
*Warning:*
{code:java}
warning: [deprecation] isAccessible() in AccessibleObject has been deprecated
{code}
*Migration Pattern:*
{code:java}
// Before:
if (field.isAccessible()) {
    // do something
}

// After:
if (field.canAccess(targetObject)) {
    // do something
}
// Note: canAccess() requires the target object instance
{code}
*Action Required:*
 * Replace {{isAccessible()}} with {{canAccess(Object obj)}}
 * Ensure target object instance is available for {{canAccess()}}
 * May require refactoring if target object is not readily available

*Risk:* MEDIUM - Reflection API change, requires target object reference

—
h3. Module 3: geode-deployment-legacy (1 warning)

*Owner:* Deployment Team
*Package:* {{org.apache.geode.classloader.internal}}
*Total APIs:* 1 deprecated API
*Effort:* 2-3 hours

*File:* 
{{geode-deployment/geode-deployment-legacy/src/main/java/org/apache/geode/classloader/internal/LegacyClasspathServiceImpl.java:235}}

*Deprecated API:*
{code:java}
Package: java.lang.reflect
Full Name: java.lang.reflect.Proxy.getProxyClass()
Signature: public static Class<?> getProxyClass(ClassLoader loader, Class<?>... 
interfaces)
Deprecated: Java 9
Removal Target: Not scheduled
Replacement: java.lang.reflect.Proxy.newProxyInstance(ClassLoader, Class<?>[], 
InvocationHandler)
{code}
*Warning:*
{code:java}
warning: [deprecation] getProxyClass(ClassLoader,Class<?>...) in Proxy has been 
deprecated
{code}
*Migration Pattern:*
{code:java}
// Before:
Class<?> proxyClass = Proxy.getProxyClass(classLoader, interfaces);
Object proxy = 
proxyClass.getConstructor(InvocationHandler.class).newInstance(handler);

// After:
Object proxy = Proxy.newProxyInstance(classLoader, interfaces, handler);
{code}
*Action Required:*
 * Use {{Proxy.newProxyInstance()}} directly
 * May require restructuring proxy creation logic
 * Ensure {{InvocationHandler}} is available at call site

*Risk:* MEDIUM - Dynamic proxy generation, requires testing

—
h3. Module 4: geode-web-api (1 warning)

*Owner:* Web/REST API Team
*Package:* {{org.apache.geode.rest.internal.web.swagger.config}}
*Total APIs:* 1 deprecated API
*Effort:* 2-3 hours

*File:* 
{{geode-web-api/src/main/java/org/apache/geode/rest/internal/web/swagger/config/SwaggerConfig.java:62}}

*Deprecated API:*
{code:java}
Package: org.springframework.web.util.pattern
Full Name: 
org.springframework.web.util.pattern.PathPatternParser.setMatchOptionalTrailingSeparator()
Signature: public void setMatchOptionalTrailingSeparator(boolean 
matchOptionalTrailingSeparator)
Deprecated: Spring Framework 6.x
Removal Target: Not scheduled (likely Spring 7.x)
{code}
*Warning:*
{code:java}
warning: [deprecation] setMatchOptionalTrailingSeparator(boolean) in 
PathPatternParser has been deprecated
{code}
*Action Required:*
 * Consult Spring Framework 6.x migration guide for replacement configuration
 * Update path pattern matching configuration
 * Test Swagger/OpenAPI URL path matching
 * Verify trailing separator handling behavior

*Risk:* LOW - Configuration change, verify Swagger/OpenAPI compatibility
h2. How to Verify Warnings

*Step 1:* Enable warnings in 
{{{}build-tools/scripts/src/main/groovy/warnings.gradle{}}}:
{code:groovy}
tasks.withType(JavaCompile) {
  options.compilerArgs << '-Xlint:unchecked' << '-Xlint:deprecation' << 
'-Xlint:removal'
  options.deprecation = true
}
{code}
*Step 2:* Build and check warnings for each module:
{code:bash}
# geode-management
./gradlew clean :geode-management:compileJava --no-build-cache 2>&1 | grep 
"warning:"

# geode-serialization
./gradlew clean :geode-serialization:compileJava --no-build-cache 2>&1 | grep 
"warning:"

# geode-deployment-legacy
./gradlew clean :geode-deployment:geode-deployment-legacy:compileJava 
--no-build-cache 2>&1 | grep "warning:"

# geode-web-api
./gradlew clean :geode-web-api:compileJava --no-build-cache 2>&1 | grep 
"warning:"
{code}
*Step 3:* After fixing, restore original configuration:
{code:bash}
git checkout build-tools/scripts/src/main/groovy/warnings.gradle
{code}
h2. References
 * [Apache HttpClient 5 Migration 
Guide|https://hc.apache.org/httpcomponents-client-5.0.x/migration-guide/]
 * [Apache HttpClient 5 SSL 
Configuration|https://hc.apache.org/httpcomponents-client-5.0.x/examples.html]
 * [Java 9 Reflection API 
Changes|https://docs.oracle.com/javase/9/docs/api/java/lang/reflect/AccessibleObject.html]
 * [Proxy API 
Documentation|https://docs.oracle.com/javase/9/docs/api/java/lang/reflect/Proxy.html]
 * [Spring Framework 6.x Migration 
Guide|https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x]
 * [Apache Commons Lang 3 
Documentation|https://commons.apache.org/proper/commons-lang/]

h2. Acceptance Criteria
 * All 13 [deprecation] warnings resolved across 4 modules
 * Code compiles without warnings in Java 17
 * All existing tests pass for each module
 * SSL/TLS connections verified in geode-management
 * Reflection operations tested in geode-serialization and 
geode-deployment-legacy
 * Swagger/OpenAPI path matching verified in geode-web-api
 * No changes to public API behavior

h2. Testing Strategy
h3. geode-management
 * Unit tests: Verify REST client SSL configuration
 * Integration tests: Test HTTPS connections to management API
 * Security tests: Verify SSL/TLS certificate validation

h3. geode-serialization
 * Unit tests: Verify reflection-based serialization
 * Test various accessibility scenarios (public, private, protected fields)
 * Verify serialization/deserialization with different object types

h3. geode-deployment-legacy
 * Unit tests: Verify dynamic proxy creation
 * Test proxy invocation with various interface combinations
 * Verify classloader isolation

h3. geode-web-api
 * Unit tests: Verify Swagger configuration
 * Integration tests: Test OpenAPI path matching
 * Verify trailing separator handling in API endpoints

h2. Impact

*Risk:* MEDIUM - Does not block Java or Spring upgrades, but involves critical 
areas (SSL, serialization, dynamic proxies)
*Scope:* 4 modules, 6 files, 13 warnings
*Related Work:* Part of Java 17 warning cleanup effort (36 total warnings 
across 6 modules)

> Fix Deprecated APIs in Support Modules (geode-management, 
> geode-serialization, geode-deployment-legacy, geode-web-api)
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: GEODE-10534
>                 URL: https://issues.apache.org/jira/browse/GEODE-10534
>             Project: Geode
>          Issue Type: Improvement
>            Reporter: Jinwoo Hwang
>            Priority: Major
>
> h2. Summary
> Fix 13 deprecated API warnings across 4 support modules: geode-management (10 
> warnings), geode-serialization (1 warning), geode-deployment-legacy (1 
> warning), and geode-web-api (1 warning).
> h2. Description
> These support modules contain deprecated API usage across reflection APIs, 
> HTTP client libraries, and string utilities. While none are marked for 
> immediate removal, addressing these warnings improves code maintainability 
> and prepares for future library migrations.
> *Total Warnings:* 13 [deprecation] warnings
> *Priority:* MEDIUM - Technical debt cleanup, no immediate upgrade blockers
> h2. Module Breakdown
> h3. Module 1: geode-management (10 warnings)
> *Owner:* Management/REST Team
> *Package:* {{{}org.apache.geode.management.api{}}}, 
> {{org.apache.geode.management.configuration}}
> *Total APIs:* 3 deprecated APIs
> *Effort:* 6-8 hours
> h4. Issue 1.1: Apache HttpClient 5 SSL APIs (9 warnings)
> *File:* 
> {{geode-management/src/main/java/org/apache/geode/management/api/RestTemplateClusterManagementServiceTransport.java}}
> *Lines:* 167 (×2), 173, 181 (×2), 187
> *Deprecated APIs:*
> *API 1: SSLConnectionSocketFactory*
> {code:java}
> Package: org.apache.hc.client5.http.ssl
> Full Name: org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory
> Deprecated: Apache HttpClient 5.0
> Removal Target: Future major version (likely 6.0)
> Replacement: org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder
> {code}
> *API 2: PoolingHttpClientConnectionManagerBuilder.setSSLSocketFactory()*
> {code:java}
> Package: org.apache.hc.client5.http.impl.io
> Full Name: 
> org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder.setSSLSocketFactory()
> Signature: public PoolingHttpClientConnectionManagerBuilder 
> setSSLSocketFactory(LayeredConnectionSocketFactory)
> Deprecated: Apache HttpClient 5.0
> Removal Target: Future major version (likely 6.0)
> Replacement: setTlsSocketStrategy() or similar modern TLS approach
> {code}
> *Warnings:*
> {code:java}
> Line 167: warning: [deprecation] SSLConnectionSocketFactory in 
> org.apache.hc.client5.http.ssl has been deprecated (×2)
> Line 173: warning: [deprecation] 
> setSSLSocketFactory(LayeredConnectionSocketFactory) has been deprecated
> Line 181: warning: [deprecation] SSLConnectionSocketFactory in 
> org.apache.hc.client5.http.ssl has been deprecated (×2)
> Line 187: warning: [deprecation] 
> setSSLSocketFactory(LayeredConnectionSocketFactory) has been deprecated
> {code}
> *Action Required:*
>  * Migrate to Apache HttpClient 5 recommended SSL configuration
>  * Use {{SSLConnectionSocketFactoryBuilder}} for SSL socket factory creation
>  * Replace {{setSSLSocketFactory()}} with {{setTlsSocketStrategy()}} or 
> modern TLS approach
>  * Test SSL/TLS connections thoroughly
> *Risk:* MEDIUM - Library migration, requires SSL connection testing
> h4. Issue 1.2: Apache Commons Lang StringUtils (1 warning)
> *File:* 
> {{geode-management/src/main/java/org/apache/geode/management/configuration/Index.java:91}}
> *Deprecated API:*
> {code:java}
> Package: org.apache.commons.lang3
> Full Name: org.apache.commons.lang3.StringUtils.removeStart()
> Signature: public static String removeStart(String str, String remove)
> Deprecated: Commons Lang 3.x
> Removal Target: Not scheduled
> {code}
> *Migration Pattern:*
> {code:java}
> // Before:
> String result = StringUtils.removeStart(str, prefix);
> // After:
> String result = str.startsWith(prefix) ? str.substring(prefix.length()) : str;
> {code}
> *Risk:* LOW - Simple string manipulation
> —
> h3. Module 2: geode-serialization (1 warning)
> *Owner:* Serialization Team
> *Package:* {{org.apache.geode.internal.serialization.internal}}
> *Total APIs:* 1 deprecated API
> *Effort:* 2-3 hours
> *File:* 
> {{geode-serialization/src/main/java/org/apache/geode/internal/serialization/internal/DSFIDSerializerImpl.java:343}}
> *Deprecated API:*
> {code:java}
> Package: java.lang.reflect
> Full Name: java.lang.reflect.AccessibleObject.isAccessible()
> Signature: public boolean isAccessible()
> Deprecated: Java 9
> Removal Target: Not scheduled
> Replacement: java.lang.reflect.AccessibleObject.canAccess(Object obj)
> {code}
> *Warning:*
> {code:java}
> warning: [deprecation] isAccessible() in AccessibleObject has been deprecated
> {code}
> *Migration Pattern:*
> {code:java}
> // Before:
> if (field.isAccessible()) {
>     // do something
> }
> // After:
> if (field.canAccess(targetObject)) {
>     // do something
> }
> // Note: canAccess() requires the target object instance
> {code}
> *Action Required:*
>  * Replace {{isAccessible()}} with {{canAccess(Object obj)}}
>  * Ensure target object instance is available for {{canAccess()}}
>  * May require refactoring if target object is not readily available
> *Risk:* MEDIUM - Reflection API change, requires target object reference
> —
> h3. Module 3: geode-deployment-legacy (1 warning)
> *Owner:* Deployment Team
> *Package:* {{org.apache.geode.classloader.internal}}
> *Total APIs:* 1 deprecated API
> *Effort:* 2-3 hours
> *File:* 
> {{geode-deployment/geode-deployment-legacy/src/main/java/org/apache/geode/classloader/internal/LegacyClasspathServiceImpl.java:235}}
> *Deprecated API:*
> {code:java}
> Package: java.lang.reflect
> Full Name: java.lang.reflect.Proxy.getProxyClass()
> Signature: public static Class<?> getProxyClass(ClassLoader loader, 
> Class<?>... interfaces)
> Deprecated: Java 9
> Removal Target: Not scheduled
> Replacement: java.lang.reflect.Proxy.newProxyInstance(ClassLoader, 
> Class<?>[], InvocationHandler)
> {code}
> *Warning:*
> {code:java}
> warning: [deprecation] getProxyClass(ClassLoader,Class<?>...) in Proxy has 
> been deprecated
> {code}
> *Migration Pattern:*
> {code:java}
> // Before:
> Class<?> proxyClass = Proxy.getProxyClass(classLoader, interfaces);
> Object proxy = 
> proxyClass.getConstructor(InvocationHandler.class).newInstance(handler);
> // After:
> Object proxy = Proxy.newProxyInstance(classLoader, interfaces, handler);
> {code}
> *Action Required:*
>  * Use {{Proxy.newProxyInstance()}} directly
>  * May require restructuring proxy creation logic
>  * Ensure {{InvocationHandler}} is available at call site
> *Risk:* MEDIUM - Dynamic proxy generation, requires testing
> —
> h3. Module 4: geode-web-api (1 warning)
> *Owner:* Web/REST API Team
> *Package:* {{org.apache.geode.rest.internal.web.swagger.config}}
> *Total APIs:* 1 deprecated API
> *Effort:* 2-3 hours
> *File:* 
> {{geode-web-api/src/main/java/org/apache/geode/rest/internal/web/swagger/config/SwaggerConfig.java:62}}
> *Deprecated API:*
> {code:java}
> Package: org.springframework.web.util.pattern
> Full Name: 
> org.springframework.web.util.pattern.PathPatternParser.setMatchOptionalTrailingSeparator()
> Signature: public void setMatchOptionalTrailingSeparator(boolean 
> matchOptionalTrailingSeparator)
> Deprecated: Spring Framework 6.x
> Removal Target: Not scheduled (likely Spring 7.x)
> {code}
> *Warning:*
> {code:java}
> warning: [deprecation] setMatchOptionalTrailingSeparator(boolean) in 
> PathPatternParser has been deprecated
> {code}
> *Action Required:*
>  * Consult Spring Framework 6.x migration guide for replacement configuration
>  * Update path pattern matching configuration
>  * Test Swagger/OpenAPI URL path matching
>  * Verify trailing separator handling behavior
> *Risk:* LOW - Configuration change, verify Swagger/OpenAPI compatibility
> h2. How to Verify Warnings
> *Step 1:* Enable warnings in 
> {{{}build-tools/scripts/src/main/groovy/warnings.gradle{}}}:
> {code:groovy}
> tasks.withType(JavaCompile) {
>   options.compilerArgs << '-Xlint:unchecked' << '-Xlint:deprecation' << 
> '-Xlint:removal'
>   options.deprecation = true
> }
> {code}
> *Step 2:* Build and check warnings for each module:
> {code:bash}
> # geode-management
> ./gradlew clean :geode-management:compileJava --no-build-cache 2>&1 | grep 
> "warning:"
> # geode-serialization
> ./gradlew clean :geode-serialization:compileJava --no-build-cache 2>&1 | grep 
> "warning:"
> # geode-deployment-legacy
> ./gradlew clean :geode-deployment:geode-deployment-legacy:compileJava 
> --no-build-cache 2>&1 | grep "warning:"
> # geode-web-api
> ./gradlew clean :geode-web-api:compileJava --no-build-cache 2>&1 | grep 
> "warning:"
> {code}
> *Step 3:* After fixing, restore original configuration:
> {code:bash}
> git checkout build-tools/scripts/src/main/groovy/warnings.gradle
> {code}
> h2. References
>  * [Apache HttpClient 5 Migration 
> Guide|https://hc.apache.org/httpcomponents-client-5.0.x/migration-guide/]
>  * [Apache HttpClient 5 SSL 
> Configuration|https://hc.apache.org/httpcomponents-client-5.0.x/examples.html]
>  * [Java 9 Reflection API 
> Changes|https://docs.oracle.com/javase/9/docs/api/java/lang/reflect/AccessibleObject.html]
>  * [Proxy API 
> Documentation|https://docs.oracle.com/javase/9/docs/api/java/lang/reflect/Proxy.html]
>  * [Spring Framework 6.x Migration 
> Guide|https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x]
>  * [Apache Commons Lang 3 
> Documentation|https://commons.apache.org/proper/commons-lang/]
> h2. Acceptance Criteria
>  * All 13 [deprecation] warnings resolved across 4 modules
>  * Code compiles without warnings in Java 17
>  * All existing tests pass for each module
>  * SSL/TLS connections verified in geode-management
>  * Reflection operations tested in geode-serialization and 
> geode-deployment-legacy
>  * Swagger/OpenAPI path matching verified in geode-web-api
>  * No changes to public API behavior
> h2. Testing Strategy
> h3. geode-management
>  * Unit tests: Verify REST client SSL configuration
>  * Integration tests: Test HTTPS connections to management API
>  * Security tests: Verify SSL/TLS certificate validation
> h3. geode-serialization
>  * Unit tests: Verify reflection-based serialization
>  * Test various accessibility scenarios (public, private, protected fields)
>  * Verify serialization/deserialization with different object types
> h3. geode-deployment-legacy
>  * Unit tests: Verify dynamic proxy creation
>  * Test proxy invocation with various interface combinations
>  * Verify classloader isolation
> h3. geode-web-api
>  * Unit tests: Verify Swagger configuration
>  * Integration tests: Test OpenAPI path matching
>  * Verify trailing separator handling in API endpoints
> h2. Impact
> *Risk:* MEDIUM - Does not block Java or Spring upgrades, but involves 
> critical areas (SSL, serialization, dynamic proxies)
> *Scope:* 4 modules, 6 files, 13 warnings
> *Related Work:* Part of Java 17 warning cleanup effort (36 total warnings 
> across 6 modules)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)