1.0 Changelog#

JCL 1.0.1#

Released: 2023-08-31

Bugs fixed#

  • The SolidContainer class method getResources() is now more strict in validating containment triples: it now excludes containment triples that include fragment and query components.

JCL 1.0#

Released: 2023-07-17


  • To support Android development, the library uses RDF Module with Java8 support

  • Added NonRDFSource class to handle non-rdf resources.

  • The Session interface has added a new method authenticate(Authenticator auth, Request req, Set<String> algs) and deprecates authenticate(Request req, Set<String> algs) . This change makes use of the ClientCache<K, V> mechanism to speed up the use of session credential objects.

  • The AccessGrantClient now includes a verify(AccessCredential) method, returning an AccessCredentialVerification object.

  • When the high-level Solid Client encounters an HTTP error (e.g. 404 Not Found or 409 Conflict), rather than throwing the generic SolidClientException, it throws specializations, such as NotFoundException or ConflictException.

  • Added SolidContainer::getResources method which returns a Set and deprecated SolidContainer::getContainedResources which returns a Stream.

  • The Java Client libraries now publish an inrupt-client-runtime artifact that includes all of the modules that are commonly used by application developers.

  • The AccessGrantClient now includes a grantAccess(AccessRequest) method for approving access requests.

  • The WebIdProfile and AccessGrant classes use consistent naming for getters such that methods that return collections have pluralized names (e.g., .getStorages()). Existing (non-plural) getter methods are now deprecated.

  • The antlr dependency used by the inrupt-client-parser module is now listed in the provided Maven BOM, making it easier for users of the Java Client Libraries to have a consistent runtime version of antlr.

  • The Session interface now includes a reset() method that can be used to clear the internal state of the session.

  • The AccessGrantClient now includes a denyAccess(AccessRequest) method for issuing access denials.

  • The Metadata class in the Solid package now has an Optional<URI> getAcl() method, returning the location of an ACL document, if one is available.

  • To enable Access Grant usage, added AccessGrantUtils to update Access Control Resource(s).

  • The AccessGrantClient.query method now accepts a Set<URL> parameter for purpose arguments.

  • The AccessCredential classes (AccessGrant, AccessRequest, AccessDenial) now include a method to retrieve the date at which the credential was issued: getIssuedAt()

  • To specify multiple query values for multiple purpose and access mode values, introduces an AccessCredentialQuery class (with a .builder) that can be used with the AccessGrantClient.query method.

  • The AccessGrantClient.requestAccess method now accepts an AccessRequest.RequestParameters object so that the access request can be constructed via a builder pattern. This also adds support for issuance dates in the future.

  • The SolidContainer and SolidNonRDFSource objects can now be created without the need for explicitly providing a Metadata parameter

  • The SolidContainer class now includes an implementation of the RDFSource::validate() method so that, in the high-level client, during data mapping, a resource with the wrong shape (e.g. invalid ldp:contains triples, missing trailing slash) will throw a DataMappingException. This makes the handling of containment triples much safer for applications, as a malicious server cannot trick a client into processing unexpected resources. Strictly speaking, this change is superfluous when interacting with ESS, as the server already validates the shape of a container in this regard. This is relevant specifically for servers that maliciously or inadvertently do not conform to the Solid protocol


  • The java client libraries now use the groupId: com.inrupt.client

  • The UmaSession class is now deprecated. A developer should use either the OpenIdSession or AccessGrantSession instead.

  • Upgrade JSON-B module to use JakartaEE 10+.

  • Developers may write custom plugins for supporting different authentication mechanisms in Solid. For known insecure mechanisms, however, the reactive authorization mechanism explicitly excludes the auth schemes: Basic and Digest

  • This change introduces a new parameter to the AccessGrantClient.query method such that developers can filter access credential queries on creator and/or recipient (instead of the more ambiguous “agent”)

  • The internal session caches are based on request URI, but those caches unnecessarily consider query parameters and fragment URIs. Those elements are now removed from the internal cache keys if they are present.

  • Ensure that the PKCE verifier code always produces strings that correspond to the specification requirements.


  • All deprecated methods and classes from the Beta series of releases have been removed for 1.0 GA

Bugs fixed#

  • No longer send Accept: text/turtle when handling Non-RDF resources.

  • Improved support for concurrent OpenId session refresh flows.

  • Bugfix preventing runtime exceptions thrown when processing an OkHttp response to bubble up and not be caught instead of being gracefully handled.