[Java 21 runtime] Java 21 runtime support for WSO2 Identity Server

[indeewari]

Describe the issue:
The latest LTS release of Java; Java 21 was released on September 2023. As Identity Server is a downloadable product which will be used years after its releases, its important to plan for the latest LTS support for a upcoming release proactively.

This initiative aims to ensure compatibility with the Java 21 runtime for the IS product.

1. Remove sun.java dependencies to ensure compatibility with the Java 21 LTS .
2. Resolving Strong Encapsulation Errors.
3. Product IS builder github actions for 17 and 21.
4. Test failures with Nashorn.
5. Update the Docker images on Java 21 runtime.
6. Update the official IS documentation for Java 21 runtime support.

[indeewari]

1. Remove sun.java dependencies to ensure compatibility with the Java 21 LTS runtime.

With the introduction of Java 21 LTS, most of the sun.java classes and methods are no longer supported. These internal APIs were never intended for public use and have been strongly encapsulated since Java 9. Continuing to rely on them in Java 21 poses significant risks, including potential runtime failures and compatibility issues. Therefore, it's essential to refactor the codebase to replace sun.java dependencies with standard, supported Java APIs to ensure long-term stability and maintainability of the product.

Related PRs

• Remove sun.java dependency carbon-multitenancy#271
• Remove sun.java dependency carbon-identity-framework#5980
• Remove sun.java dependency carbon-kernel#4082

[indeewari]

2. Resolving Strong Encapsulation Errors in JDK Internals

Some non-critical JDK internals, which are strongly encapsulated, are accessed via reflection for audit purposes. There are two approaches to address this:

1. Eliminate the use of strongly encapsulated JDK internals accessed through reflection.
2. Opt for relaxed strong encapsulation.

The choice between these options should be made on a case-by-case basis.

After evaluating backward compatibility, impact areas, and implementation complexity, we have opted for relaxed strong encapsulation for the following modules:

For java.base:

• sun.security.util
• java.security
• sun.security.rsa
• java.security.cert

Related PRs

• [Java 21 runtime] Relaxed strong encapsulation to support java 17 runtime #21175

[indeewari]

3. Product IS builder github actions for 17 and 21

Java 17 runtime action for IS builder

• Adding the latest ubuntu version #21179
• Remove zip 64 extra validation #21183
• Fixing JDK 17 build status check #21362
• Scheduling the test runners for JDK 17 and 21 #21376

Java 21 runtime action for IS builder

• Adding integration test runner for JDK 21 runtime #21366
• Fixing JDK 21 runner status check #21373

[indeewari]

4. Test failures with Nashorn

• Fixing nashorn test incompatibility with java 17 runtimes #21277

[indeewari]

5. Update the Docker images on Java 21 runtime.

Draft PRs until 7.1.0 is released

• [Java 21 runtime][Ubuntu][IS 7.1.0-m3] docker image for IS 7.1.0-m3 docker-is#438
• [Java 21 runtime][Alpine][IS 7.1.0-m3] docker image for IS 7.1.0-m3 docker-is#439

[indeewari]

6. Update the official IS documentation for Java 21 runtime support.
   Email "[Architecture] Review of JDK Compatibility Matrix for WSO2 Identity Server"

• Adding JDK 21 to the matrix docs-is#4824

[indeewari]

This task is in the state of completed.
Waiting for wso2/docs-is#4824 pr to be merged to close the issue.

Email reference "Review of JDK Compatibility Matrix for WSO2 Identity Server"

[indeewari]

7. Update the error message on startup

• Modifying the maximum LTS JDK runtime carbon-kernel#4112