Skip to content

Add Java 21 compile time support #7612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add Java 21 compile time support #7612

wants to merge 1 commit into from

Conversation

@madurangasiriwardena
Copy link
Member

@madurangasiriwardena madurangasiriwardena commented Nov 13, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Refactor

    • Removed deprecated Nashorn-based scripting engine support from authentication framework

  • Chores

    • Updated Eclipse OSGi dependencies to use org.eclipse.platform
    • Upgraded Java compiler target to version 21
    • Updated Maven bundle plugin and build tools to latest versions

Copilot AI review requested due to automatic review settings November 13, 2025 08:21
@coderabbitai
Copy link

coderabbitai bot commented Nov 13, 2025
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Removes Nashorn JavaScript engine support from the authentication framework, migrating exclusively to Graal VM. Updates OSGi dependency groupIds across components and upgrades Java compiler target to version 21 in the parent build configuration.

Changes

Cohort / File(s) Summary
Nashorn Engine Core Removal
components/authentication-framework/.../graph/JsGraphBuilderFactory.java, JsNashornGraphBuilder.java, JsNashornSerializer.java, JsWrapperFactory.java, RestrictedClassFilter.java, SerializableJsFunction.java, ThreadLocalScriptEngineHolder.java		 Complete removal of Nashorn-based graph builder factory, graph builder runtime, serialization/deserialization, wrapper factory, and thread-local engine holder classes.
Nashorn JS Wrapper Classes
components/authentication-framework/.../js/nashorn/AbstractJsObject.java, JsHeaders.java, JsNashornAuthenticatedUser.java, JsNashornAuthenticationContext.java, JsNashornClaims.java, JsNashornCookie.java, JsNashornParameters.java, JsNashornRuntimeClaims.java, JsNashornServletRequest.java, JsNashornServletResponse.java, JsNashornStep.java, JsNashornSteps.java, JsNashornWritableParameters.java		 Removal of all Nashorn-specific JavaScript wrapper classes that proxied Java objects for script access.
Authentication Logic Updates
components/authentication-framework/.../handler/sequence/impl/SelectAcrFromFunction.java, GraalSelectAcrFromFunction.java, FrameworkUtils.java, JsWrapperFactoryProvider.java		 Deletion of Nashorn-based ACR selection logic; updates to graph builder factory creation to remove Nashorn branch and logger initialization refactoring in Graal variant.
Test Removals
components/authentication-framework/.../JsNashornGraphBuilderTest.java, JsNashornAuthenticationContextTest.java, GraphBasedSequenceHandlerAbstractTest.java, testng.xml		 Deletion of Nashorn-specific unit tests and test suite configuration updates; test setup simplified to Graal-only path.
OSGi Services Dependency Updates (org.wso2.eclipse.osgi → org.eclipse.platform)
components/authentication-framework/.../pom.xml, components/authorization-framework/.../pom.xml, components/client-attestation-mgt/.../pom.xml, components/configuration-mgt/.../pom.xml, components/consent-mgt/.../pom.xml, components/consent-server-configs-mgt/.../pom.xml, components/cors-mgt/.../pom.xml, components/extension-mgt/.../pom.xml, components/functions-library-mgt/.../pom.xml, components/input-validation-mgt/.../pom.xml, components/multi-attribute-login/.../pom.xml, components/role-mgt/.../pom.xml, components/system-config-mgt/.../pom.xml, components/template-mgt/.../*.pom.xml, components/trusted-app-mgt/.../pom.xml, components/user-functionality-mgt/.../pom.xml		 Systematic replacement of OSGi dependency groupId from org.wso2.eclipse.osgi to org.eclipse.platform for org.eclipse.osgi.services artifact across 16+ modules.
OSGi Capability Annotations
components/identity-core/.../IdentityCoreInitializedEventImpl.java, components/identity-event/.../IdentityEventServiceImpl.java, components/rule-mgt/.../RuleManagementServiceImpl.java, components/rule-mgt/.../RuleMetadataServiceImpl.java, components/secret-mgt/.../SecretManagerImpl.java		 Addition of @Capability annotations to declare OSGi service metadata on service implementation classes.
OSGi & Maven Configuration
components/configuration-mgt/.../endpoint/pom.xml, components/entitlement/.../endpoint/pom.xml, components/identity-core/pom.xml, components/identity-event/pom.xml, components/rule-mgt/pom.xml, components/rule-mgt/metadata/pom.xml, components/secret-mgt/.../pom.xml		 Maven WAR plugin version upgrade (2.2 → 3.5.0), addition of explicit groupIds; new OSGi dependencies added to identity-core and identity-event modules.
Parent POM & Version Management
pom.xml		 Java compiler source/target upgraded from 1.8 to 21; maven-bundle-plugin updated from 3.2.0 to 5.1.9; Equinox OSGi version updated from 3.5.100 to 3.12.0; version.equinox.osgi updated to 3.19.0; javax.servlet import range updated from [2.6.0, 3.0.0) to [3.1.0, 4.0.0); carbon.p2.plugin.version updated to 5.4.12-SNAPSHOT.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Areas requiring extra attention:

  • API Surface Removal: Large number of deleted classes and interfaces (JsGraphBuilderFactory, JsNashornGraphBuilder, etc.) requires verification that all callers have been migrated to Graal-based alternatives. Confirm no dangling references remain in non-displayed code.
  • Graal Migration Path: Verify that JsWrapperFactoryProvider and FrameworkUtils correctly handle the removal of Nashorn fallback paths and ensure Graal-only flow is functional.
  • OSGi Dependency Consolidation: 16+ pom.xml changes to groupId require verification that artifact resolution works correctly with org.eclipse.platform coordinates (potential transitive dependency changes).
  • Java 21 Compatibility: Parent POM upgrade to Java 21 is significant; ensure all modules and their dependencies support this target, especially maven-bundle-plugin (3.2.0 → 5.1.9) and compiler configuration changes.
  • Test Coverage: Removal of Nashorn-specific tests eliminates coverage for deprecated code path; verify GraphBasedSequenceHandlerAbstractTest adequately covers remaining Graal-only functionality.
  • SelectAcrFromFunction Deletion: Complete removal without obvious Graal-based replacement visible; confirm ACR selection logic is preserved elsewhere or explicitly deprecated.

Suggested reviewers

  • sadilchamishka
  • wso2-engineering

Poem

🐰 Farewell, Nashorn's ancient hum,
Graal now reigns, our journey's won!
Wrapper classes fade to grey,
Java twenty-one lights the way,
Dependencies dance anew—
The framework blooms, refreshed and true! 🌟

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Description check ⚠️ Warning The pull request description is empty, lacking all required sections from the template including purpose, goals, approach, user stories, release notes, and other critical information. Add a comprehensive pull request description following the provided template, including purpose, goals, approach, test environment, and other relevant sections to explain the Java 21 upgrade changes.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (1 passed)
Check name Status Explanation
Title check ✅ Passed The title 'Add Java 21 compile time support' clearly describes the main objective of the changeset - updating the project to support Java 21 compilation.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@madurangasiriwardena madurangasiriwardena marked this pull request as draft November 13, 2025 08:22
Copilot finished reviewing on behalf of madurangasiriwardena November 13, 2025 08:22
coderabbitai[bot]
coderabbitai bot reviewed Nov 13, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAbstractTest.java (1)

99-107: Potential NPE: graphBuilderFactory remains uninitialized for non-GraalJS script engines.

The method still accepts a scriptEngine parameter, but if the value is not GRAALJS, graphBuilderFactory remains null. This will cause a NullPointerException at line 118 when graphBuilderFactory.init() is called.

Since Nashorn support is being removed entirely (per the PR objective), consider one of these solutions:

Solution 1 (Recommended): Remove the parameter and hardcode GraalJS.

 @BeforeClass
-@Parameters({"scriptEngine"})
-protected void setupSuite(String scriptEngine) throws NoSuchFieldException, IllegalAccessException {
+protected void setupSuite() throws NoSuchFieldException, IllegalAccessException {
 
     configurationLoader = new UIBasedConfigurationLoader();
     CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME = false;
 
-    if (scriptEngine.contentEquals(FrameworkConstants.JSAttributes.GRAALJS)) {
-        graphBuilderFactory = new JsGraalGraphBuilderFactory();
-    }
+    graphBuilderFactory = new JsGraalGraphBuilderFactory();

Solution 2: Add validation with a clear error message.

 @BeforeClass
 @Parameters({"scriptEngine"})
 protected void setupSuite(String scriptEngine) throws NoSuchFieldException, IllegalAccessException {
 
     configurationLoader = new UIBasedConfigurationLoader();
     CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME = false;
 
     if (scriptEngine.contentEquals(FrameworkConstants.JSAttributes.GRAALJS)) {
         graphBuilderFactory = new JsGraalGraphBuilderFactory();
+    } else {
+        throw new IllegalArgumentException("Only GraalJS script engine is supported. Nashorn support has been removed.");
     }
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraalSelectAcrFromFunction.java (2)

60-60: Fix incorrect type cast that causes ClassCastException.

The cast (List<List>) is incorrect. Based on the error message expecting "array of strings" and the toArray(new String[0]) call, this should be cast to List or List<String>, not List<List>.

Apply this diff:

-            possibleOutcomes = ((List<List>) possibleOutcomesObj).toArray(new String[0]);
+            possibleOutcomes = ((List<String>) possibleOutcomesObj).toArray(new String[0]);

72-73: Simplify comparator - double reversal may cause incorrect ordering.

The code uses Collections.reverseOrder() with a lambda that's already reversed (o1, o2) -> o2.compareTo(o1), resulting in natural order instead of reverse order.

Apply this diff to use reverse order correctly:

-        Map<Integer, String> acrRequestedWithPriority =
-                new TreeMap<>(Collections.reverseOrder((o1, o2) -> o2.compareTo(o1)));
+        Map<Integer, String> acrRequestedWithPriority = new TreeMap<>(Collections.reverseOrder());
🧹 Nitpick comments (3)
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAbstractTest.java (1)

111-111: Minor formatting: Double space after instanceof.

There's an extra space between instanceof and JsGraalGraphBuilderFactory.

Apply this diff:

-        if (graphBuilderFactory instanceof  JsGraalGraphBuilderFactory) {
+        if (graphBuilderFactory instanceof JsGraalGraphBuilderFactory) {
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java (1)

275-275: Remove unused constant JDK_SCRIPTER_CLASS_NAME.

Verification confirms this constant is never referenced anywhere in the codebase. Only the OPENJDK version (OPENJDK_SCRIPTER_CLASS_NAME) is actively used. Remove line 275:

-    private static final String JDK_SCRIPTER_CLASS_NAME = "jdk.nashorn.api.scripting.ScriptObjectMirror";
pom.xml (1)

2109-2109: Consider using a release version instead of SNAPSHOT.

The carbon.p2.plugin.version is set to 5.4.12-SNAPSHOT. SNAPSHOT dependencies can lead to non-reproducible builds and should generally be avoided in production branches. Consider using a stable release version before merging to master.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 18349a9 and dc1fcab.

📒 Files selected for processing (58)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml (1 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsGraphBuilderFactory.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornSerializer.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsWrapperFactory.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsWrapperFactoryProvider.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/RestrictedClassFilter.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/SerializableJsFunction.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/ThreadLocalScriptEngineHolder.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/AbstractJsObject.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsHeaders.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornAuthenticatedUser.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornAuthenticationContext.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornClaims.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornCookie.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornParameters.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornRuntimeClaims.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornServletRequest.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornServletResponse.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornStep.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornSteps.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornWritableParameters.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraalSelectAcrFromFunction.java (1 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/SelectAcrFromFunction.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java (1 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilderTest.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/JsNashornAuthenticationContextTest.java (0 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAbstractTest.java (1 hunks)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml (0 hunks)
  • components/authorization-framework/org.wso2.carbon.identity.authorization.framework/pom.xml (1 hunks)
  • components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/pom.xml (1 hunks)
  • components/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.core/pom.xml (2 hunks)
  • components/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.endpoint/pom.xml (1 hunks)
  • components/consent-mgt/org.wso2.carbon.identity.consent.mgt/pom.xml (1 hunks)
  • components/consent-server-configs-mgt/org.wso2.carbon.identity.consent.server.configs.mgt/pom.xml (1 hunks)
  • components/cors-mgt/org.wso2.carbon.identity.cors.mgt.core/pom.xml (1 hunks)
  • components/entitlement/org.wso2.carbon.identity.entitlement.endpoint/pom.xml (1 hunks)
  • components/extension-mgt/org.wso2.carbon.identity.extension.mgt/pom.xml (2 hunks)
  • components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt/pom.xml (1 hunks)
  • components/identity-core/org.wso2.carbon.identity.core/pom.xml (1 hunks)
  • components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (1 hunks)
  • components/identity-event/org.wso2.carbon.identity.event/pom.xml (1 hunks)
  • components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (2 hunks)
  • components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/pom.xml (1 hunks)
  • components/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt/pom.xml (1 hunks)
  • components/role-mgt/org.wso2.carbon.identity.role.mgt.core/pom.xml (1 hunks)
  • components/rule-mgt/org.wso2.carbon.identity.rule.management/pom.xml (1 hunks)
  • components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (2 hunks)
  • components/rule-mgt/org.wso2.carbon.identity.rule.metadata/pom.xml (1 hunks)
  • components/rule-mgt/org.wso2.carbon.identity.rule.metadata/src/main/java/org/wso2/carbon/identity/rule/metadata/internal/service/impl/RuleMetadataServiceImpl.java (2 hunks)
  • components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/pom.xml (2 hunks)
  • components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/SecretManagerImpl.java (2 hunks)
  • components/system-config-mgt/org.wso2.carbon.identity.system.config.mgt/pom.xml (1 hunks)
  • components/template-mgt/org.wso2.carbon.identity.template.mgt.ui/pom.xml (1 hunks)
  • components/template-mgt/org.wso2.carbon.identity.template.mgt/pom.xml (1 hunks)
  • components/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt/pom.xml (1 hunks)
  • components/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt/pom.xml (1 hunks)
  • pom.xml (7 hunks)
💤 Files with no reviewable changes (25)
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsWrapperFactoryProvider.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/testng.xml
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornServletResponse.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornCookie.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornParameters.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsGraphBuilderFactory.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornRuntimeClaims.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/SelectAcrFromFunction.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornAuthenticationContext.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsWrapperFactory.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornClaims.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/RestrictedClassFilter.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilderTest.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/AbstractJsObject.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornAuthenticatedUser.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornWritableParameters.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornSteps.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornGraphBuilder.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/ThreadLocalScriptEngineHolder.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornServletRequest.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/JsNashornSerializer.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/JsNashornAuthenticationContextTest.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsHeaders.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/nashorn/JsNashornStep.java
  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/SerializableJsFunction.java
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-11-06T13:49:53.627Z 
Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/AbstractRequestCoordinator.java:61-71
Timestamp: 2025-11-06T13:49:53.627Z
Learning: In the carbon-identity-framework project, when resolving tenant domain from organization context in authentication flows, use StringUtils.isNotBlank() for validation instead of separate null and empty checks, and do not add logging for successful tenant domain resolution operations.

Applied to files:

  • components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java
📚 Learning: 2025-11-07T06:21:44.448Z 
Learnt from: ShanChathusanda93
Repo: wso2/carbon-identity-framework PR: 7596
File: components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/AbstractApplicationAuthenticator.java:133-137
Timestamp: 2025-11-07T06:21:44.448Z
Learning: In the carbon-identity-framework project, when OrganizationManager is used in the authentication framework components (FrameworkServiceComponent and related classes), null checks are not required because OrganizationManager is declared with ReferenceCardinality.MANDATORY in the OSGi component. This means the component will not activate until OrganizationManager is available, providing an architectural guarantee that the service is always present when the code executes.

Applied to files:

  • components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java
🧬 Code graph analysis (6)
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAbstractTest.java (1)
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java (1)
  • FrameworkConstants (24-921)
components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/SecretManagerImpl.java (4)
components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (1)
  • Capability (30-38)
components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (1)
  • Capability (34-69)
components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (1)
  • Capability (34-148)
components/rule-mgt/org.wso2.carbon.identity.rule.metadata/src/main/java/org/wso2/carbon/identity/rule/metadata/internal/service/impl/RuleMetadataServiceImpl.java (1)
  • Capability (34-62)
components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (3)
components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (1)
  • Capability (30-38)
components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (1)
  • Capability (34-148)
components/rule-mgt/org.wso2.carbon.identity.rule.metadata/src/main/java/org/wso2/carbon/identity/rule/metadata/internal/service/impl/RuleMetadataServiceImpl.java (1)
  • Capability (34-62)
components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (2)
components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (1)
  • Capability (34-69)
components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (1)
  • Capability (34-148)
components/rule-mgt/org.wso2.carbon.identity.rule.metadata/src/main/java/org/wso2/carbon/identity/rule/metadata/internal/service/impl/RuleMetadataServiceImpl.java (4)
components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (1)
  • Capability (30-38)
components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (1)
  • Capability (34-69)
components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (1)
  • Capability (34-148)
components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/SecretManagerImpl.java (1)
  • Capability (64-612)
components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (4)
components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (1)
  • Capability (30-38)
components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (1)
  • Capability (34-69)
components/rule-mgt/org.wso2.carbon.identity.rule.metadata/src/main/java/org/wso2/carbon/identity/rule/metadata/internal/service/impl/RuleMetadataServiceImpl.java (1)
  • Capability (34-62)
components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/SecretManagerImpl.java (1)
  • Capability (64-612)
🔇 Additional comments (36)
components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraalSelectAcrFromFunction.java (1)

37-37: LGTM! Logger now references the correct class.

The logger initialization correctly uses GraalSelectAcrFromFunction.class to match the actual class name, ensuring accurate log source identification.

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java (1)

4544-4566: Remove unused JDK_SCRIPTER_CLASS_NAME constant; null handling is already in place.

The JDK_SCRIPTER_CLASS_NAME constant at line 275 is no longer referenced in the codebase and should be removed as part of the Nashorn deprecation cleanup. The null return value is already properly handled by both callers via explicit null checks (FrameworkServiceComponent.java:286) and instanceof guards (FrameworkUtils.java:4538), so the NPE concern from the original review is not applicable.

Consider removing line 275:

private static final String JDK_SCRIPTER_CLASS_NAME = "jdk.nashorn.api.scripting.ScriptObjectMirror";

Adding debug logging remains optional for troubleshooting but is not critical.

Likely an incorrect or invalid review comment.

components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/pom.xml (1)

37-38: Verify upstream artifact availability.

Same concern as other modules: confirm org.eclipse.platform:org.eclipse.osgi.services is available in your Maven repositories and that the inherited version is compatible.

components/consent-mgt/org.wso2.carbon.identity.consent.mgt/pom.xml (1)

73-74: Verify upstream artifact availability.

Confirm org.eclipse.platform:org.eclipse.osgi.services is resolvable and version-compatible with the inherited POM definition.

components/rule-mgt/org.wso2.carbon.identity.rule.management/pom.xml (1)

36-43: Verify both org.eclipse.platform OSGi artifacts are available.

This module adds explicit dependencies on both org.eclipse.osgi and org.eclipse.osgi.services (other modules primarily update org.eclipse.osgi.services). Verify:

  1. Both artifacts are available from org.eclipse.platform in your repositories
  2. Inherited versions are compatible
  3. The need for org.eclipse.osgi as a new explicit dependency doesn't indicate missing transitive dependencies elsewhere
components/client-attestation-mgt/org.wso2.carbon.identity.client.attestation.mgt/pom.xml (1)

39-40: Verify upstream artifact availability.

Confirm org.eclipse.platform:org.eclipse.osgi.services is available and version-compatible.

components/system-config-mgt/org.wso2.carbon.identity.system.config.mgt/pom.xml (1)

45-46: Verify upstream artifact availability.

Confirm org.eclipse.platform:org.eclipse.osgi.services is available and version-compatible.

components/authorization-framework/org.wso2.carbon.identity.authorization.framework/pom.xml (2)

65-66: Verify upstream artifact availability.

Confirm org.eclipse.platform:org.eclipse.osgi.services is available and version-compatible.

127-130: Clarify Nashorn dependency scope given PR objectives.

The PR objective mentions migrating exclusively to GraalVM and removing Nashorn support, but this module retains nashorn-core as a provided dependency. Verify this is intentional (e.g., for backward compatibility or legacy support) or if it should be removed as part of the Java 21 migration.

components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/pom.xml (1)

41-59: Verify both org.eclipse.platform OSGi artifacts are available and compatible.

This module updates both org.eclipse.osgi.services and org.eclipse.osgi to use org.eclipse.platform groupId. Ensure:

  1. Both artifacts are available from org.eclipse.platform
  2. Inherited versions are compatible with each other and with the rest of the codebase
  3. No API breakage between WSO2-wrapped and upstream versions
components/cors-mgt/org.wso2.carbon.identity.cors.mgt.core/pom.xml (1)

59-60: Clarify version specification; verify no breaking changes in auto-resolved version.

The artifact org.eclipse.platform:org.eclipse.osgi.services is confirmed available in Maven Central. However, this change lacks explicit version pinning—the version will be inherited and auto-resolved by Maven rather than explicitly declared.

Additionally, this is a systematic change across 20+ modules (authentication-framework, authorization-framework, configuration-mgt, consent-mgt, cors-mgt, and others), all switching from the WSO2-wrapped coordinates to upstream Eclipse Platform. While this suggests coordinated upstream validation, you should:

  1. Pin the version explicitly in dependencyManagement (if not already present) to ensure reproducible builds
  2. Verify the actual resolved version and confirm there are no breaking API changes between the original org.wso2.eclipse.osgi version and the upstream equivalent
  3. Document the migration reason if not already captured in the PR description
components/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.endpoint/pom.xml (1)

165-167: LGTM! Maven WAR plugin upgrade supports Java 21.

The upgrade from version 2.2 to 3.5.0 is necessary for Java 21 compatibility, and adding the explicit groupId follows Maven best practices.

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreInitializedEventImpl.java (1)

21-36: LGTM! OSGi capability metadata properly declared.

The @capability annotation correctly declares the OSGi service capability, following the same pattern used in other service implementations across the framework (e.g., IdentityEventServiceImpl, RuleManagementServiceImpl).

components/consent-server-configs-mgt/org.wso2.carbon.identity.consent.server.configs.mgt/pom.xml (1)

36-38: LGTM! OSGi dependency migration to Eclipse Platform.

The groupId change from org.wso2.eclipse.osgi to org.eclipse.platform aligns with the standard Eclipse OSGi artifact coordinates and is consistent with the broader dependency migration across the codebase.

components/entitlement/org.wso2.carbon.identity.entitlement.endpoint/pom.xml (1)

137-139: LGTM! Maven WAR plugin upgrade supports Java 21.

The upgrade from version 2.2 to 3.5.0 is necessary for Java 21 compatibility, and adding the explicit groupId follows Maven best practices.

components/functions-library-mgt/org.wso2.carbon.identity.functions.library.mgt/pom.xml (1)

163-165: LGTM! OSGi dependency migration to Eclipse Platform.

The groupId change from org.wso2.eclipse.osgi to org.eclipse.platform aligns with the standard Eclipse OSGi artifact coordinates and is consistent with the broader dependency migration across the codebase.

components/rule-mgt/org.wso2.carbon.identity.rule.metadata/pom.xml (1)

37-44: LGTM! OSGi dependencies added for Eclipse Platform integration.

The addition of org.eclipse.osgi and org.eclipse.osgi.services from the Eclipse Platform groupId is consistent with the broader OSGi dependency migration and necessary for proper OSGi service capability support.

components/identity-core/org.wso2.carbon.identity.core/pom.xml (1)

36-43: LGTM! OSGi dependencies added for Eclipse Platform integration.

The addition of org.eclipse.osgi and org.eclipse.osgi.services from the Eclipse Platform groupId is consistent with the broader OSGi dependency migration and necessary for proper OSGi service capability support.

components/role-mgt/org.wso2.carbon.identity.role.mgt.core/pom.xml (1)

56-58: LGTM! OSGi dependency migration to Eclipse Platform.

The groupId change from org.wso2.eclipse.osgi to org.eclipse.platform aligns with the standard Eclipse OSGi artifact coordinates and is consistent with the broader dependency migration across the codebase.

components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/SecretManagerImpl.java (1)

27-27: LGTM! OSGi service metadata added.

The @Capability annotation adds OSGi service registration metadata without affecting the class behavior. This pattern is consistent with similar changes across other service implementations in this PR.

Also applies to: 64-70

components/template-mgt/org.wso2.carbon.identity.template.mgt/pom.xml (1)

143-143: LGTM! OSGi dependency groupId updated.

The migration from org.wso2.eclipse.osgi to org.eclipse.platform aligns with the PR's objective to modernize OSGi dependencies for Java 21 support. This change is consistent across multiple modules.

components/identity-event/org.wso2.carbon.identity.event/src/main/java/org/wso2/carbon/identity/event/services/IdentityEventServiceImpl.java (1)

24-24: LGTM! OSGi service metadata added.

The @Capability annotation provides OSGi service registration metadata. This is a non-functional change that aligns with similar updates across the codebase.

Also applies to: 34-40

components/identity-event/org.wso2.carbon.identity.event/pom.xml (1)

35-42: LGTM! OSGi dependencies explicitly declared.

The addition of org.eclipse.osgi and org.eclipse.osgi.services from org.eclipse.platform ensures explicit dependency declarations, which is beneficial for Java 21's module system. This aligns with the dependency migration pattern across the PR.

components/user-functionality-mgt/org.wso2.carbon.identity.user.functionality.mgt/pom.xml (1)

162-162: LGTM! OSGi dependency groupId updated.

The groupId change from org.wso2.eclipse.osgi to org.eclipse.platform is consistent with the PR's dependency modernization for Java 21 support.

components/rule-mgt/org.wso2.carbon.identity.rule.management/src/main/java/org/wso2/carbon/identity/rule/management/internal/service/impl/RuleManagementServiceImpl.java (1)

21-21: LGTM! OSGi service metadata added.

The @Capability annotation adds OSGi service capability metadata without affecting the implementation. This change is consistent with the pattern applied across other service classes in this PR.

Also applies to: 34-40

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml (1)

122-122: LGTM! OSGi dependency groupId updated.

The migration to org.eclipse.platform for OSGi services is consistent with the PR's objective to support Java 21 and modernize OSGi dependencies.

components/template-mgt/org.wso2.carbon.identity.template.mgt.ui/pom.xml (1)

87-87: LGTM! OSGi dependency groupId updated.

The groupId change to org.eclipse.platform completes the consistent pattern of OSGi dependency migration across the reviewed modules, supporting Java 21 compatibility.

components/multi-attribute-login/org.wso2.carbon.identity.unique.claim.mgt/pom.xml (1)

39-39: LGTM! OSGi dependency groupId updated.

The groupId change from org.wso2.eclipse.osgi to org.eclipse.platform aligns with the standardization of OSGi dependencies under the Eclipse platform namespace, which is necessary for Java 21 compatibility.

components/rule-mgt/org.wso2.carbon.identity.rule.metadata/src/main/java/org/wso2/carbon/identity/rule/metadata/internal/service/impl/RuleMetadataServiceImpl.java (1)

21-40: LGTM! OSGi service capability metadata added.

The @Capability annotation properly declares this service's OSGi metadata with correct objectClass and service.scope attributes. This pattern is consistent with other service implementations in the codebase and aligns with OSGi R7+ best practices.

components/trusted-app-mgt/org.wso2.carbon.identity.trusted.app.mgt/pom.xml (1)

38-38: LGTM! Consistent OSGi dependency migration.

GroupId update aligns with the broader migration to org.eclipse.platform for OSGi dependencies.

components/configuration-mgt/org.wso2.carbon.identity.configuration.mgt.core/pom.xml (1)

45-45: LGTM! Comprehensive OSGi dependency migration.

Both org.eclipse.osgi.services and org.eclipse.osgi dependencies have been migrated to the org.eclipse.platform groupId, ensuring consistency across all OSGi-related dependencies in this module.

Also applies to: 57-57

components/extension-mgt/org.wso2.carbon.identity.extension.mgt/pom.xml (1)

43-43: LGTM! Consistent OSGi dependency updates.

Both OSGi dependencies properly migrated to org.eclipse.platform groupId.

Also applies to: 55-55

pom.xml (4)

154-156: LGTM! Root POM OSGi dependency management updated.

The dependency management section properly updates both org.eclipse.osgi and org.eclipse.osgi.services to use the org.eclipse.platform groupId, ensuring consistent dependency resolution across all modules.

Also applies to: 1270-1272

2106-2106: Verify servlet API version constraint.

The import package version for javax.servlet is constrained to [3.1.0, 4.0.0), explicitly excluding Servlet API 4.0.x. Please confirm this exclusion is intentional, as:

  • Servlet 4.0 (Java EE 8) should be compatible with Java 21
  • Limiting to 3.x may prevent use of newer servlet containers
  • Consider whether Jakarta Servlet API (5.0+) support is needed for Java 21 environments

2313-2314: LGTM! Java 21 compiler target configured.

The compiler source and target versions have been successfully updated to Java 21, which is an LTS release. This is the core change for adding Java 21 compile-time support. The accompanying OSGi/Equinox version updates and Maven plugin upgrades appear coordinated to ensure Java 21 compatibility.

2375-2375: Verify maven-bundle-plugin upgrade with full build testing.

The maven-bundle-plugin upgrade from 3.2.0 to 5.1.9 is a stable version increase within the 5.x series, with no Java 21 breaking changes (version 6.0.0 requires Java 17+, not 5.1.9). However, the sandbox environment lacks Maven, so OSGi manifest generation cannot be verified automatically.

Ensure:

  • Full build completes without errors
  • Generated OSGi manifests are valid (run mvn clean package for at least one core module)
  • No unexpected changes to bundle headers or imports

pom.xml
<osgi.framework.imp.pkg.version.range>[1.7.0, 2.0.0)</osgi.framework.imp.pkg.version.range>
<osgi.util.tracker.imp.pkg.version.range>[1.5.1, 2.0.0)</osgi.util.tracker.imp.pkg.version.range>
<equinox.osgi.services.version>3.5.100.v20160504-1419</equinox.osgi.services.version>
<equinox.osgi.services.version>3.12.0</equinox.osgi.services.version>
Copy link

@coderabbitai coderabbitai bot Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify Equinox version compatibility.

The Equinox OSGi versions have been updated to 3.12.0 (services) and 3.19.0 (core), which should support Java 21. Please verify that these versions are compatible with each other and with the rest of the OSGi/Carbon framework dependencies.

Run the following script to check if these Equinox versions are available and gather their release information:

Also applies to: 2166-2166

🏁 Script executed:

#!/bin/bash
# Check Equinox version availability in Maven Central

echo "=== Checking org.eclipse.platform:org.eclipse.osgi:3.19.0 ==="
curl -s "https://search.maven.org/solrsearch/select?q=g:org.eclipse.platform+AND+a:org.eclipse.osgi+AND+v:3.19.0&rows=1&wt=json" | jq -r '.response.docs[] | "Found: \(.g):\(.a):\(.v) (timestamp: \(.timestamp))"'

echo ""
echo "=== Checking org.eclipse.platform:org.eclipse.osgi.services:3.12.0 ==="
curl -s "https://search.maven.org/solrsearch/select?q=g:org.eclipse.platform+AND+a:org.eclipse.osgi.services+AND+v:3.12.0&rows=1&wt=json" | jq -r '.response.docs[] | "Found: \(.g):\(.a):\(.v) (timestamp: \(.timestamp))"'

Length of output: 300

🌐 Web query:

Equinox 3.19.0 Java 21 compatibility

💡 Result:

Short answer: Equinox 3.19.0 itself runs on newer JDKs (you can run Equinox on Java 21), but many Equinox 3.19.x artifacts were built with Java 17 (class version 61) and the p2/publisher tooling originally only generated a JavaSE IU up to Java 17. If you need the OSGi osgi.ee JavaSE=21 capability (Require-Capability: osgi.ee;version=21) you must use an updated p2 publisher (fix merged in p2 PR #462) or run the repository/publish build with Java 21 so the a.jre.javase IU for Java 21 is produced. See forum discussion and the p2 PR for details. [1][2]

Sources:

🌐 Web query:

Eclipse Equinox 3.12.0 Java version support

💡 Result:

Equinox 3.12.0 is built for Java SE 17 — many 3.12.0 bundles declare an OSGi execution environment requirement of JavaSE (version=17), so running the Equinox 3.12.0 platform/core requires a Java 17 JVM. [1]

Note: some Equinox-related bundles in the same release stream still declare JavaSE/1.8 as their execution-environment requirement, so individual plugin requirements can vary; check the specific bundle's metadata if you need per-plugin compatibility. [2]

Sources:

  • org.eclipse.equinox.registry 3.12.0 build info (requires JavaSE 17). [1]
  • org.eclipse.osgi.services 3.12.0 build info (example bundle declaring JavaSE/1.8). [2]

Equinox 3.12.0 is incompatible with Java 21 — reverify version selection and target Java version.

The verification reveals a significant compatibility issue:

  • Equinox 3.12.0 is built for Java SE 17, not Java 21. Many 3.12.0 bundles declare JavaSE 17 as the execution environment requirement.
  • Equinox 3.19.0 runs on Java 21 but requires either an updated p2 publisher or a Java 21 build to generate the JavaSE/21 capability.

Action required: Clarify the target Java version for this project. If Java 21 is the target, using Equinox 3.12.0 creates a version mismatch. Consider aligning both versions to the same Java target (either both Java 17 or both with proper Java 21 configuration).

🤖 Prompt for AI Agents 
In pom.xml around line 2042, the equinox.osgi.services.version property is set
to 3.12.0 which targets Java SE 17 and is incompatible with Java 21; decide the
project's Java target and align Equinox accordingly: if the project should run
on Java 21, bump equinox.osgi.services.version to a Java‑21 compatible release
(e.g., 3.19.0) and ensure the build/p2 publisher and any generated JavaSE
capability are updated or use a Java‑21 build of Equinox; if the project remains
on Java 17, change the project’s maven compiler/source/target and enforcer rules
to Java 17 to match Equinox 3.12.0; finally, update any dependent
plugins/configs (p2 publisher, CI JDK versions) to reflect the chosen Java
target.

Copilot AI reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds Java 21 compile time support by upgrading dependencies, updating build configurations, and removing deprecated Nashorn JavaScript engine support.

Key Changes

  • Java Version Upgrade: Updated Maven compiler source and target from Java 8 to Java 21
  • OSGi Dependencies Migration: Changed Eclipse OSGi dependency groups from org.wso2.eclipse.osgi and org.eclipse.osgi to org.eclipse.platform for better Java 21 compatibility
  • Nashorn Removal: Removed deprecated JDK Nashorn JavaScript engine support (deprecated in Java 11, removed in Java 15+), retaining only GraalJS and OpenJDK Nashorn alternatives
  • Build Plugin Updates: Updated maven-bundle-plugin from 3.2.0 to 5.1.9 and maven-war-plugin from 2.2 to 3.5.0

Reviewed Changes

Copilot reviewed 58 out of 58 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
pom.xml Updated Java compiler versions to 21, migrated OSGi dependencies to org.eclipse.platform, updated Equinox versions (3.9.1 → 3.19.0), updated servlet API import version range, and upgraded build plugins
Multiple component pom.xml files Consistently changed OSGi dependency group IDs from org.wso2.eclipse.osgi to org.eclipse.platform across 15+ component modules
SecretManagerImpl.java Added OSGi @Capability annotation for service declaration in Java 21 compatible format
RuleMetadataServiceImpl.java Added OSGi @Capability annotation for service declaration
RuleManagementServiceImpl.java Added OSGi @Capability annotation for service declaration
IdentityEventServiceImpl.java Added OSGi @Capability annotation for service declaration
IdentityCoreInitializedEventImpl.java Added OSGi @Capability annotation for service declaration
GraalSelectAcrFromFunction.java Fixed logger initialization to use correct class name (bug fix)
testng.xml Removed Nashorn-specific test classes from test suite
GraphBasedSequenceHandlerAbstractTest.java Removed Nashorn-specific test setup logic, retained only GraalJS support
FrameworkUtils.java Removed Nashorn fallback logic from script engine factory method
JsWrapperFactoryProvider.java Removed default Nashorn wrapper factory fallback
Multiple Nashorn-related files Deleted 20+ Nashorn-specific implementation files including builders, serializers, wrappers, and utility classes
entitlement endpoint pom.xml Updated maven-war-plugin to 3.5.0 with explicit groupId
configuration-mgt endpoint pom.xml Updated maven-war-plugin to 3.5.0 with explicit groupId

pom.xml

<!-- Misc -->
<carbon.p2.plugin.version>5.1.2</carbon.p2.plugin.version>
<carbon.p2.plugin.version>5.4.12-SNAPSHOT</carbon.p2.plugin.version>
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version 5.4.12-SNAPSHOT appears to be a snapshot version. For production releases, it's recommended to use stable, released versions rather than SNAPSHOT versions to ensure reproducibility and stability of builds.

Copilot uses AI. Check for mistakes.
.../java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java
} catch (ClassNotFoundException ex) {
return null;
}
return null;
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The removal of Nashorn support and related fallback logic should be accompanied by documentation or migration guide for existing users. Since Nashorn was deprecated in Java 11 and removed in Java 15+, this change is necessary for Java 21 support. However, ensure that the GraalJS or OpenJDK Nashorn alternatives are properly documented for users migrating from older Java versions.

Copilot uses AI. Check for mistakes.
...entity/application/authentication/framework/config/model/graph/JsWrapperFactoryProvider.java
jsWrapperBaseFactory = new JsOpenJdkNashornWrapperFactory();
} else if (FrameworkServiceDataHolder.getInstance()
.getJsGenericGraphBuilderFactory() instanceof JsGraalGraphBuilderFactory) {
jsWrapperBaseFactory = new JsGraalWrapperFactory();
Copy link

Copilot AI Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The removal of the default case that creates JsWrapperFactory when neither OpenJDK Nashorn nor GraalJS is detected could potentially cause a NullPointerException if jsWrapperBaseFactory remains null. Consider adding an else block that either throws an exception with a clear error message or sets a sensible default to prevent runtime null pointer errors.

Suggested change
jsWrapperBaseFactory = new JsGraalWrapperFactory();
jsWrapperBaseFactory = new JsGraalWrapperFactory();
} else {
// Could not detect a supported JavaScript engine. Throw an exception to prevent NullPointerException later.
throw new IllegalStateException("No supported JavaScript engine detected. " +
"JsWrapperFactoryProvider requires either OpenJDK Nashorn or GraalJS.");

Copilot uses AI. Check for mistakes.
@madurangasiriwardena madurangasiriwardena force-pushed the java21 branch 3 times, most recently from 80faad1 to 648b3b2 Compare November 21, 2025 09:20
@madurangasiriwardena madurangasiriwardena force-pushed the java21 branch 3 times, most recently from 331d984 to 3269d5c Compare December 1, 2025 06:37
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 1, 2025

Quality Gate Passed Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@madurangasiriwardena