Red Hat JBoss Enterprise Application Platform 7.1 Release Notes (Beta)

Updated -

For use with Red Hat JBoss Enterprise Application Platform 7.1. This release note contains important information related to Red Hat JBoss Enterprise Application Platform 7. 1.

About Red Hat JBoss Enterprise Application Platform 7.1

Red Hat JBoss Enterprise Application Platform 7.1 (JBoss EAP) is a middleware platform built on open standards and compliant with the Java Enterprise Edition 7 specification.
JBoss EAP includes a modular structure that allows service enabling only when required, improving startup speed.
The management console and management command-line interface (CLI) make editing XML configuration files unnecessary and add the ability to script and automate tasks.
JBoss EAP provides two operating modes for JBoss EAP instances: standalone server or managed domain. The standalone server operating mode represents running JBoss EAP as a single server instance. The managed domain operating mode allows for the management of multiple JBoss EAP instances from a single control point.
In addition, JBoss EAP includes APIs and development frameworks for quickly developing secure and scalable Java EE applications.

Support Statement and Resources

The JBoss EAP 7.1 Beta release is provided as a service to customers who want to try the latest major release features and work with support when problems are encountered. Support for Beta releases is limited to commercially reasonable effort and non-production use cases, and all support cases should be opened with a severity of 4. Patches will not be provided, but bug fixes may be incorporated in future releases. To contact support, please visit the support case creation page Open a Support Case.

New Features and Enhancements

Security and Elytron

Elytron and the elytron Subsystem

Elytron and the elytron subsystem are new in JBoss EAP 7.1. During the Beta release, see Elytron Subsystem for more things you can do with Elytron.

Elytron features in JBoss EAP 7.1 are based on the WildFly Elytron project, a security framework used to unify security across the entire application server. The elytron subsystem enables a single point of configuration for securing both applications and the management interfaces. It provides a set of APIs and SPIs for creating custom implementations of functionality and integration.

The elytron subsystem exists in parallel with the legacy security subsystem and legacy core management authentication. By default, JBoss EAP 7.1 uses the legacy security subsystem and core management authentication. You can find steps for enabling the Elytron configuration in the Elytron Subsytem section.
Note: In the elytron subsystem, a secure credential store replaces the legacy vault implementation.

Important features of the elytron subsystem include:

  • Stronger authentication mechanisms for HTTP and SASL authentication.
  • Improved architecture that allows SecurityIdentities to be propagated across security domains and transparently transformed to make them ready for use for authorization. Transformation takes place using configurable role decoders, role mappers, and permission mappers.
  • Centralized point for SSL/TLS configuration, including cipher suites and protocols.
  • SSL/TLS optimizations such as eager SecureIdentity construction and closely tying authorization to establishing an SSL/TLS connection. This enables permission checks to happen before the first request is received. Eager SecureIdentity construction eliminates the need for a SecureIdentity to be constructed on a per-request basis.
  • A secure credential store that replaces the legacy vault implementation. The secure credential store can store multiple other encrypted credential types in addition to encrypted strings. You can find details on creating and using a credential store in the Create a Credential Store section. With the exception of the elytron subsystem, new and existing legacy vaults may still be used with other subsystems.

Automatic Self-signed Certificate Creation for Applications

JBoss EAP 7.1 provides automatic generation of self-signed certificate for development purposes for legacy security realms. For more information, see Automatic Self-signed Certificate Creation for Applications.

Configure Security for Batch Jobs

You can configure the batch-jberet subsystem to run batch jobs with an Elytron security domain. This allows batch jobs to be securely suspended and resumed by the same secured identity. For example, a secured RESTful endpoint is created to initiate batch jobs using the batch-jberet subsystem. If both the RESTful endpoint and batch-jberet subsystem were secured using the same security domain, or the batch-jberet security domain trusted the RESTful endpoint’s security domain, batch jobs initiated in this manner can be securely paused and resumed by the same secured identity. For more information, see Configure Security for Batch Jobs.

Credential Store Definitions Within the Elytron Subsystem

A credential store allows for secure storage and usage of credentials. The default implementation uses a JCEKS keystore file to store credentials. When creating a new credential store, the default implementation also allows you to reference an existing keystore file or have JBoss EAP automatically create one for you. Currently, the default implementation only allows you to store clear text passwords. For more information, see Credential Stores.

Integration with the messaging-activemq Subsystem

You can use the elytron subsystem to secure the messaging-activemq subsystem. You can find more information on using the elytron subsystem and creating and Elytron security domains in the Elytron Subsystem section.

Elytron Integration with the mod_cluster Subsystem

One of the security capabilities exposed by the elytron subsystem is a client ssl-context. It can be used to configure the mod_cluster subsystem to communicate with a load balancer using SSL/TLS. For more information, see Elytron Integration with the mod_cluster Subsystem.

Elytron Integration with the OpenJDK IIOP Subsystem

You can configure the iiop-openjdk subsystem to use SSL/TLS to secure communication between clients and servers. The elytron subsystem, as well as the legacy security subsystem, provide the necessary components for configuring SSL/TLS for the iiop-openjdk subsystem as well as other subsystems within JBoss EAP. For more information, see Configure IIOP to Use SSL/TLS with the Elytron Subsystem.

WildFly Elytron Tool

JBoss EAP 7.1 includes the WildFly Elytron tool, which includes the vault command. The plain text password is masked in summary output and as SALT and ITERATION will be used default values:

$ java -jar  wildfly-elytron-tool.jar vault --enc-dir ./ --keystore server.store --keystore-password secretsecret --location cs012.jceks --alias jboss --summaryVault (enc-dir="./";keystore="server.store") converted to credential store "cs012.jceks"
Vault Conversion summary:
--------------------------------------
Vault Conversion Successful
CLI command to add new credential store:
/subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,location="cs012.jceks",implementation-properties={},credential-reference={clear-text="MASK-13KrO2ZNhwNg3UxmIt.02D;12345678;23"})

Mapping Identity for Authenticated Management Users

When using the elytron subsystem to secure the management interfaces, you can provide a security domain to the management interfaces for identity mapping of authenticated users. This allows authenticated users to appear with the appropriate identity when logged into the management interfaces. For more information, see Mapping Identity for Authenticated Management Users.

Credential Store Integration With the Core Server

The recovery-credential-reference lets the credential, from a credential store, to authenticate on recovery of the connection.

Setting up Caching for Security Realms

Elytron provides a caching-realm which allows you to cache the results of a credential lookup from a security realm. For example, you could use this to configure a cache for credentials coming from LDAP or database to increase performance for frequently queried users. The caching-realm uses an LRU or Least Recently Used caching strategy, in which the least accessed entries are discarded when maximum number of entries is reached. For more information, see Setup Caching for Security Realms.

Elytron and Remoting Subsystem Integration

In JBoss EAP 7.1, there is an option to use Elytron security with both inbound and outbound connection provided by the remoting subsystem.
The inbound remoting can utilise Elytron the following ways:

  • connector resource can consume pre-configured ssl-context and sasl-authentication-factory resource provided by Elytron.
  • http-connector resource can consume pre-configured sasl-authentication-factory resource provided by Elytron. SSL can be configured in the listener that the http-connector refers to.

The outbound remoting utilises Elytron pre-configured authentication-context resource. The authentication-context resource is used for providing both the information required for authentication and the SSL context required for connection.

Elytron Integration With the JCA Subsystem

The elytron-enabled attribute enables the Elytron security for the workmanager. For more information, see Configuring the JCA Subsystem.

Elytron Integration With the JGroups Subsystem

The protocol resources for ASYM_ENCRYPT and SYM_ENCRYPT include 3 new attributes:

  • key-store: references a key-store capability defined by the elytron subsystem.
  • key-alias: identifies the alias containing the symmetric key for SYM_ENCRYPT or key pair for ASYM_ENCRYPT.
  • key-credential-reference: references a credential capability defined by the elytron subsystem used to access the key from the key-store.

JBoss EAP 7.1 also includes integration with the AUTH protocol and new AUTH token types such as SimpleToken, DigestToken, and CipherToken.

Elytron Integration With the Mail Subsystem

In addition to providing clear-text passwords in the mail subsystem, you can also use a credential store to provide passwords. The elytron subsystem provides credential-reference attribute.
Example Using CLI:

/subsystem=mail/mail-session=mySession/server=smtp:add(outbound-socket-binding-ref=my-smtp-binding, username=user, credential-reference={store=exampleCS, alias=mail-session-pw}, tls=true) 

Example to specify a credential-reference attribute that uses a clear-text password:

credential-reference={clear-text="MASK-Ewcyuqd/nP9;A1B2C3D4;351"}

Elytron Integration With the Resource Adapters Subsystem

In IronJacamar, the contained-managed sign-on requires propagation of a JAAS subject with principal and credentials to the resource adapter.
IronJacamar supports security inflow, as defined in the JCA specification. This mechanism enables a resource adapter to establish security information when submitting a Work to WorkManager, and when delivering messages to endpoints residing in the same JBoss EAP instance.

Container-Managed Single Sign-on

For applications to use container-managed single sign-on, they must use the same authentication method. You can use single sign-on across applications deployed on different JBoss EAP instances as long as these instances are in cluster. For more information, see Configure Applications to use Container-managed Single Sign-on.

Enabling Elytron in Related Subsystems and Management Interfaces

A script is provided to enable the Elytron framework. This script, enable-elytron.cli is present in the EAP_HOME/docs/example/ directory. This script can also be used as an example for enabling Elytron in related subsystems and management interfaces. For more information, see How Red Hat JBoss Enterprise Application Platform 7 Handles Security out of the Box.

Elytron Integration With the EJB Subsystem and Containers

In JBoss EAP 7.1, Elytron is integrated with the EJB subsystem. In JBoss EAP 7.1, it is now possible to create mappings for Elytron security domains in EJB3 subsystem to be referenced from deployments. For more information, see Elytron Integration with the EJB Subsystem.

Management Console

Configuring Certain Subsystems

The ability to configure the following subsystems using the management console is a newly supported feature in JBoss EAP 7.1:

  • IO
  • Remoting
  • BeanValidation
  • Jaxrs
  • Jdr
  • Jsf
  • Jsr77
  • Naming
  • Pojo
  • RequestController
  • Sar
  • Singleton
  • Weld

Configuring Elytron Subsystem

The ability to configure the Elytron subsystem using the management console is a newly supported feature in JBoss EAP 7.1. To find this feature in the management console, navigate to Configuration → Subsystems → Security - Elytron.
For more information, see Elytron Subsystem configuration.

Transaction Monitoring Management Console Support

JBoss EAP 7.1 provides enhanced transaction subsystem metrics as well as metrics of JDBC and JMS transaction resources in the management console.

Suggested Values for Text Fields

In some text fields in the management console, as you type, values may appear as suggestions.

Adding a JMS Bridge

You can use the management console to add a JMS bridge. The option is available in ConfigurationSubsystemsMessaging - ActiveMQJMS BridgeViewAdd. Provide the required information and click Save when finished.

Viewing, Committing, or Rolling Back Prepared Transactions

You can use the management console to view, commit, or roll back prepared transactions. The option is available in RuntimeServerSubsystemsMessaging - ActiveMQ → Select provider → Prepared Transactions. For more information, see Manage Prepared Transactions Using the Management Console.

Using the Create Datasource Wizard to Test a Datasource Connection

When using the Create Datasource wizard in the management console, you have the opportunity to test the connection before creating the datasource. On the Test Connection screen of the wizard, click the Test Connection button.

Tracking and Viewing Configuration Changes

To enable tracking of configuration changes from the management console, navigate to the Runtime tab, select the standalone server or managed domain host, and select Configuration Changes from the drop down. Click the Enable button and provide a maximum history value.
The table on this page then lists each configuration change made, with the date, origin, outcome, and operation details.

Configuring a Filter

You can configure an Undertow filter using the management console by navigating to Configuration → Subsystems → Web/HTTP - Undertow → Filters → View.

Managing Batch Jobs

In JBoss EAP 7.1, you can manage batch jobs from the management console. Navigate to the Runtime tab, select the server, and select Subsystems → Batch → View. Open the Jobs tab and start, stop, or restart jobs as necessary.

Application Deployment Updates

JBoss EAP 7.1 includes an updated management console user interface for application deployment. In the management console, click the Deployments tab. This includes:

  • The Explode option lets you unzip a disabled deployment.
  • The Browse Content option lets you browse the content as a tree-listing only. Navigation is not supported.
    If you select a deployment, you can view the whether the application is managed or archived in the Overview details.

Datasource Templates

The datasource templates provided for creating new datasources in the management console are supported in JBoss EAP 7.1.

JSF

Full Support for Multi-JSF

JBoss EAP 7.1 provides full support for Multi-JSF. This feature enables a user to replace the JSF implementation provided with JBoss EAP with a user-supplied JSF implementation. This feature also enables a user to install multiple JSF implementations and easily switch between them to use as a default.

Users should be aware, that when they provide and install their JSF implementations following issues may occur:

Mojarra/MyFaces 2.2.x
Everything should be working according to the specification. There may be some issues when trying to call javax.faces.application.ViewHandler constructor, which is defined outside the specification. This is caused by removing the org.jboss.as.jsf.logging.JSFLogger class from JBoss EAP. To fix these issues, add <module name="org.jboss.as.jsf"/> to the dependencies in module.xml of the respective jsf-injection module.

Mojarra/MyFaces 2.1.x/2.0.x
JBoss EAP is Java EE 7 full platform compatible implementation. However, if you install alternative JSF implementation version 2.1 or older, JBoss EAP 7 is no longer compliant with Java EE 7. These versions are compliant with JSR-314 so there are a lot of missing features against JSR-344 which specifies JSF 2.2.

Management CLI

Include the Prompt and Command in the Output in Non-Interactive Mode

In JBoss EAP 7.1, the --echo-command argument displays the prompt and command with the output for commands executed in non-interactive mode. This can be useful when resolving failures by matching the output to the command that was executed.

$ EAP_HOME/bin/jboss-cli.sh --connect --file=/path/to/cli_commands.txt --echo-command

The command and its output are displayed as it executes.

:read-attribute(name=running-mode)
{"outcome" => "success", "result" => "NORMAL"}

ls /deployment
helloworld.war

Specifying Exported Dependencies for a Custom Module

JBoss EAP 7.1 provides the --export-dependencies argument to specify exported dependencies. For example:

module add --name=com.mysql --resources=/path/to/mysql-connector-java-5.1.36-bin.jar --export-dependencies=javax.api,javax.transaction.api

Setting the Module Location During Creation of a New Module

In JBoss EAP 7.1, use the --module-root-dir argument if you have defined an external JBoss EAP modules directory to use instead of the default EAP_HOME/modules/ directory.

module add --module-root-dir=/path/to/my-external-modules/ --name=com.mysql --resources=/path/to/mysql-connector-java-5.1.36-bin.jar --dependencies=javax.api,javax.transaction.api

Setting a Timeout for Commands

JBoss EAP 7.1 allows you to set the maximum time, in seconds, to wait for a management CLI command to complete. A value of 0 means no timeout. By default, there is no timeout.

Support for Displaying and Saving Attachments

In JBoss EAP 7.1, the attachment command is provided to display or save the content of the attached streams. This works for the management resources that can expose the contents as a stream.
The syntax to save is: attachment save --operation=<operation> [--file={local path to file} --overwrite]. The syntax to display is: attachment display --operation=<operation>{noformat}
For example:

attachment save --operation=/subsystem=logging/log-file=server.log:read-attribute(name=stream) --file=test`
attachment display --operation=/subsystem=logging/log-file=server.log:read-attribute(name=stream)

Note: If a file name is not provided, then the EAP_HOME/bin/STREAM_UUID is used as the file path.

Support for Attaching Files

In JBoss EAP 7.1, you can use the management CLI to attach a file to a management operation. For example, you can use the add-content operation to add content to an existing deployment or the remove-content operation to remove content. For example:

/deployment=test:add-content(content=[{input-stream-index=C:/a.txt,target-path=a.txt}])

You can use the browse-content operation to browse the contents of a deployment.

EJB

ejb-name tag in interceptor-binding Supports Regular Expression Usage

In JBoss EAP 7.1, you can use regular expressions in the ejb-name tag within interceptor-binding. For example:

<interceptor-binding>
     <ejb-name>Intercepted*Bean</ejb-name>                                             
     <interceptor-class>interceptors.InterceptorOne</interceptor-class>
</interceptor-binding>
 <interceptor-binding>
      <ejb-name>[AB]*Bean</ejb-name>                                             
      <interceptor-class>interceptors.InterceptorOne</interceptor-class>
</interceptor-binding>

Note: By default, this functionality is not enabled. To enable this, you must set the allow-ejb-name-regex attribute of ejb3 subsystem to true:

/subsystem=ejb3:write-attribute(name=allow-ejb-name-regex,value=true)

Full Support for Clustered Singleton MDBs

When an MDB is identified as a clustered singleton and deployed in a cluster, it will always be active only on one node at a time. When the server node fails or is shut down, the clustered singleton MDB is activated on a different node and starts consuming messages on that node.

Rebalancing of all Inbound MDB Connections

JBoss EAP 7.1 provides the rebalanceConnections activation configuration property for MDBs. This parameter allows for rebalancing of all inbound MDB connections when the underlying Artemis cluster topology changes. The default value is false. There is no rebalancing for outbound connections.

Single artifactID for jboss-ejb-client Dependencies

Including the jboss-ejb-client dependency (with its version managed using wildfly-ejb-client-bom) includes all the required dependencies for the EJB client.
In the previous releases of JBoss EAP, the dependencies had to be included manually in the pom.xml. In JBoss EAP 7.1, this is not required.
For more information, see Project Dependencies for Remote EJB Clients.

Configuring the EJB Client Address

There are two ways to configure the EJB client address:

  • Container-based configuration: Configure the worker attribute in the io subsystem.
  • Standalone client configuration: Configure the address in the wildfly-client.xml file for the standalone application.

For more information, see How to configure EJB Client Address in JBoss EAP 7.1.

Legacy EJB Client Compatibility

JBoss EAP 7.1 ships with two EJB clients:

  • EJB client: The regular EJB client is not fully backward compatible.
  • Legacy EJB client: The legacy EJB client provides binary backward compatibility. This legacy EJB client can run with the client applications that were initially compiled using the EJB client from JBoss EAP 7.0. All the APIs that were present in the EJB client for JBoss EAP 7.0 are present in the legacy EJB client for JBoss EAP 7.1.
    For more information, see Legacy EJB Client Compatibility.

Class Loading

Use of Absolute Paths for Resources in module.xml Files

In JBoss EAP 7.1, the use of absolute paths in the resource-root path element of the module.xml file is supported. This allows your resource libraries to be accessible without the need to move them to the EAP_HOME/modules directory.

Logging

Improved Reporting of Boot Errors Caused by Invalid XML Configuration Files

Prior to JBoss EAP 7.1, boot errors that occurred when parsing invalid server configuration files provided little feedback and were difficult to debug. JBoss EAP 7.1 uses XSD analysis to produce more informative error messages when encountering XML parsing errors. It now shows where the error occurred, provides feedback about the validation error, and, when possible, pulls and displays supporting documentation from the XSD to describe the issue. The enhanced validation of XML configuration does not include deployment descriptors of deployments.

Server Log Includes the Information About the Patches Applied

Patch-related information is logged in the server.log file during startup. This information is useful while debugging issues.

Deployments

Undeploying All Deployments

In JBoss EAP 7.1, you can now undeploy all deployments using a wildcard (*). For example:

undeploy *

Redeploying All Disabled Deployments

JBoss EAP 7.1 provides an option to use a wildcard (*) to deploy all disabled deployments.

deploy --name=*

Exploded Managed Deployments

In JBoss EAP 7.1, you can create exploded managed deployments and manipulate their contents using the deployment management operations.

Support for Browsing the Content Repository

In JBoss EAP 7.1, you can view the content of managed deployments using the deployment management operations. For more information, see Viewing Deployment Content.

Hibernate

Migrating from Hibernate ORM 5.0 to Hibernate ORM 5.1

JBoss EAP 7.1 now includes Hibernate ORM 5.1. The Hibernate ORM 5.1 release includes many performance improvements and bug fixes.
For more information about the new features available in Hibernate ORM 5.1, see ORM 5.1 feature release.

Access to Properties of Associations in Envers Queries

In JBoss EAP 7.1, access to properties of associations in Envers queries is supported.

Implementation of HHH-10267 Lazy Loading

In JBoss EAP 7.1, if you are using bytecode enhanced lazy loading, you can define the groupings of attributes to be fetched when one of the group is accessed.

Server Management

Servers Start in Suspended Mode

In JBoss EAP 7.1, servers are in the suspended state during the startup process. The server does not accept any requests until all the required services have started, and the server is automatically switched to normal state to accept the requests.
It is also possible to start the servers in suspended mode and keep them suspended until the :resume operation is invoked. To start the server in suspended mode, use the --start-mode=suspend parameter or start-mode=suspend option of the reload and restart commands.

Track and View Configuration Changes from the Management CLI

In a managed domain, configuration changes are tracked at the host level for host and server-related modifications. Enabling configuration changes for a host controller enables it for all of its managed servers. Configuring tracking configuration changes has been moved to the new core-management subsystem. For more information see View Configuration Changes.

parse-group-name-from-dn Attribute Available

In JBoss EAP 7.1, the parse-group-name-from-dn attribute is added to /core-service=management/security-realm=realm/authorization=ldap/group-search=principal-to-group. The attribute is provided in place of the org.jboss.as.domain.management.security.parseGroupNameFromLdapDN system property.

Monitoring Worker Statistics

You can view a worker’s runtime statistics using the management CLI. This exposes worker statistics such as connection count, thread count, and queue size.
The following command displays runtime statistics for the default worker:

/subsystem=io/worker=default:read-resource(include-runtime=true,recursive=true)

For more information, see Configuring Workers.

Improved Resource Monitoring for Slave Host Controllers

In JBoss EAP 7.1, host controllers that are configured as slaves can ignore resources that are not required in the domain-wide configuration using the ignore-unused-resources attribute within the domain-controller/remote element in the domain.xml or host.xml file. Resources may be irrelevant if they are not associated with the servers managed by the slave host controllers. By default, the ignore-unused-resources attribute is not defined. To set the value to true, see the following example:

<domain-controller>
    <remote security-realm="ManagementRealm" ignore-unused-configuration="true">
        <discovery-options>
            <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
        </discovery-options>
    </remote>
</domain-controller>

You can use the --backup command line flag along with ignore-unused-resources=true. This allows slave to start using a backup copy of the domain configuration if the domain controller is not available. The slave does not require the full domain.xml to do this.

Host Controllers Using a Cached Configuration Automatically Reconnect to the Domain Controller

In JBoss EAP 7.1, a host controller that has been started using a cached configuration because the domain controller was unreachable will automatically reconnect once the domain controller becomes available. The host controller must have been started using the --cached-dc option.

Configuring a Listener to Receive Notifications of Server Lifecycle Events

In JBoss EAP 7.1, you can configure a listener to receive notifications from the management layer of server and host controller lifecycle events.

JMX Notifications for Server Lifecycle Events

In JBoss EAP 7.1, you can configure a listener to receive JMX notifications from the management layer of server and host controller lifecycle events.

Naming

Changing JNDI Bindings Dynamically

In JBoss EAP 7.1, you can use the rebind operation to update JNDI bindings dynamically without needing a reload or restart of the services. However, external-context bindings require the services to be restarted.

Datasource

Flushing Datasource and Resource Adapter Connections

You can flush datasource and resource adapter connections. For example, you can flush the datasource connections using the following management CLI commands.
Note: In a managed domain, you must precede these commands with /host=HOST_NAME/server=SERVER_NAME.

  • Flush all connections in the pool.

    /subsystem=datasources/data-source=DATASOURCE_NAME:flush-all-connection-in-pool
    
  • Gracefully flush all connections in the pool. The server will wait until connections become idle before flushing them.

    /subsystem=datasources/data-source=DATASOURCE_NAME:flush-gracefully-connection-in-pool
    
  • Flush all idle connections in the pool.

    /subsystem=datasources/data-source=DATASOURCE_NAME:flush-idle-connection-in-pool
    
  • Flush all invalid connections in the pool.

    /subsystem=datasources/data-source=DATASOURCE_NAME:flush-invalid-connection-in-pool
    

The server will flush all connections that it determines to be invalid, for example, by the valid-connection-checker-class-name or check-valid-connection-sql validation mechanism.

You can also flush connections using the management console. Navigate to Configuration → Subsystems → Datasources, select the appropriate type and datasource and click View. Select the Pool tab and use the drop down box to select the appropriate action.

Recording of Enlistment Traces is Disabled

In JBoss EAP 7.1, by default, the enlistment-trace attribute is set to false for datasources and resource adapters. You can enable the recording of enlistment traces by setting the enlistment-trace attribute to true.
Warning: Enabling enlistment tracing makes tracking down errors during transaction enlistment easier, but comes with a performance impact.

Installer

Graphical Installer Includes Option for JSF Installation

Run the graphical installer. On the Configure runtime environment screen, select Perform advanced configuration → Install JSF implementation → JSF Setup. Provide the required details.
Note: The JBoss EAP 7.1 installer supports installing MyFaces v2.1.x/v2.2.x and Mojarra v2.1.x/v2.2.x. The MyFaces implementation itself is not supported.

Transactions

Forget Operation for Transaction Tooling

Previously, the transaction tooling operation to remove heuristically completed XA resource participants from transaction logs did not invoke the forget operation on the resource. This call is useful since it facilitates clean up. In this release, the forget operation is called when removing such participants. However, by default the result of the forget call is ignored and even if it fails the log is still removed. To override this behavior, the administrator can set a system property called ignoreMBeanHeuristics to the value of false. With this value set, the participants are not removed from the log if the forget call is unsuccessful.

Full Support for Transaction Monitoring for JCA Resources

JBoss EAP 7.1 provides enhanced statistics for JDBC transaction resources.

Full Support for Transaction Monitoring for JMS Resources

JBoss EAP 7.1 provides enhanced statistics for JMS transaction resources.

Graceful Shutdown for Transactions

Once suspended, the server will not accept new requests, but in-flight transactions and requests are allowed to continue until they complete or until the timeout period expires.

Resource Adapters

Configuring Generic JMS Resource Adapter

JBoss EAP 7.1 lets you configure a generic JMS Resource Adapter for use with JMS provider.

JCA

Full Support for JCA DistributedWorkManager

JBoss EAP 7.1 supports the use of the optional JCA DistributedWorkManager component to allow distribution of work instances across the network using a JGroups transport.

High Availability

Load Balancing Profile Added to the Standalone and Domain Configuration

JBoss EAP 7.1 includes a new load balancing profile for the standalone and domain configurations. This allows a server to run as a load balancer.
For more information, see Configure Undertow as a Load Balancer Using mod_cluster.

RESTEasy

Display Resource Details of REST Endpoints

JBoss EAP 7.1 shows the REST endpoints' resource details using the read-resource operation of jaxrs subsystem in the management CLI. You can retrieve details about the REST endpoints provided by a deployment. For more information, see Viewing RESTEasy Endpoints.

Support for jackson-datatype-jsr310 and jackson-datatype-jdk8 for RESTEasy

JBoss EAP 7.1 provides support for jackson-datatype-jsr310 and jackson-datatype-jdk8 for RESTEasy. jackson-datatype-jsr310 supports the new JDK 8 time API, and jackson-datatype-jdk8 supports the new JDK 8 Optional type.

Support for JSON Filter

In JBoss EAP 7.1 , there is new feature JsonFilter to allow annotate class with @JsonFilter and perform dynamic filtering. For more information, see JsonFilter Support in RESTEasy Jackson2.

Logging RESTEasy Providers and Interceptors

RESTEasy logs the used providers and interceptors in the DEBUG level of logging. For more information, see Logging RESTEasy Providers and Interceptors.

Messaging

Setting the Client Thread Pool Size Using System Properties

The following system properties can be used to set the size of a client’s global thread pool and global scheduled thread pool.

  • activemq.artemis.client.global.thread.pool.max.size
  • activemq.artemis.client.global.scheduled.thread.pool.core.size

Note: Pool sizes set using the management CLI will have precedence over sizes set by system properties.
The system properties can then be referenced in XML configuration. For example:

<subsystem xmlns="urn:jboss:domain:messaging-activemq:1.1">
  <global-client thread-pool-max-size="${activemq.artemis.client.global.thread.pool.max.size}"
    scheduled-thread-pool-max-size="${activemq.artemis.client.global.scheduled.thread.pool.core.size}" />
  <server ...>
  </server>
  ...
</subsystem>

Supports HTTP/2

JBoss EAP 7.1 supports secure HTTP/2 on all platforms with exception of HP-UX. There are two ways to enable HTTP/2 in a supported way:

  • Using JBoss EAP 7.1 internal support for ALPN (uses reflection API) which works out-of-the-box, but is limited to only OpenJDK and Oracle JDK.
  • Using ALPN support from the new JBoss Core Services OpenSSL, which works on all supported platforms with the exception of HP-UX.

Supported Configurations

  • Operating System

    • Windows Server 2016 on x86_64 architecture has been added to the list of tested configurations.
  • DBMS
    The following DBMS have been certified and are now fully supported:

    • SQL Server 2016
    • Sybase 16.0
    • MariaDB Galera Cluster 10.1

Hibernate Validator

Upgraded to Hibernate Validator 5.3.3

JBoss EAP 7.1 includes Hibernate Validator 5.3.3.

Quickstarts

ha-singleton-deployment Quickstart Available

The ha-singleton-deployment quickstart is shipped with JBoss EAP. This is a complete working example of a service packaged in an application as a cluster-wide singleton using singleton deployments.

RPM Installation

JBoss EAP 7.1 Beta RPM Packages Available

You can install JBoss EAP 7.1 Beta using the RPM packages by subscribing to the jb-eap-7.1-for-rhel-RHEL_VERSION-server-beta-rpms repository. Be sure to replace RHEL_VERSION with 6 or 7 as appropriate for your version of Red Hat Enterprise Linux.

Note that it is not supported to upgrade from a JBoss EAP 7.0.x installation to JBoss EAP 7.1 Beta. You should not have packages installed from any other version of JBoss EAP, JBoss Web Server, or JBoss Core Services.

Documentation

Performance Tuning Guide Available

In JBoss EAP 7.1, the Performance Tuning Guide is available. For more information, see Performance Tuning Guide.

Technology Preview

WARNING: The following configurations and features are provided as technology previews only. They are not supported for use in a production environment, and may be subject to significant future changes. See this note on the Red Hat Customer Portal on the support scope for Technology Preview features.

  • EJB and JNDI over HTTP/HTTPS Capability with HTTP Load Balancer
    JBoss EAP 7.1 supports EJB and JNDI invocation using the HTTP protocol, so requests will be mapped directly to HTTP requests. You can invoke EJBs over an HTTP load balancer.
    This can be used using the EJB/naming client APIs.

  • Modern Enterprise Web Applications with Server-side JavaScript on JVM
    JBoss EAP 7.1 allows you to write server-side JavaScript (using JDK 8 Nashorn capabilities) to quickly develop REST endpoints that can pull in CDI beans, perform JNDI lookups, and invoke JPA Entity Beans. The undertow subsystem provides this capability.

  • Server-Sent Events in Java (SSE)
    An implementation of the Server-Sent event model in Java is provided for customers working with mobile and rich clients. This includes only the server implementation.

  • filesystem-realm Security Realm
    In JBoss EAP 7.1, filesystem-realm is a simple security realm definition backed by the file system.

  • Configuring SecurityManager Subsystem in the Management Console
    In JBoss EAP 7.1, you can configure the securitymanager subsystem using the management console.

  • Download Maven Repository Using the Offliner Application
    In JBoss EAP 7.1, you can use the Offliner application to download the Maven repository. The jboss-eap-7.1.0.Beta1-maven-repository-content-with-sha256-checksums.txt file is required to download the Maven repository. For more information about Offliner, see the Offliner documentation.

  • Elytron Features
    The following Elytron features are provided as technical preview only:

    • realm
    • filesystem-security-realm
    • modifiable-custom-security-realm
    • operations for identity manipulation on the LDAP and Database security realms

Unsupported and Deprecated Functionality

Unsupported Features

Support for some technologies are removed due to the high maintenance cost, low community interest, and better alternative solutions. The following features are not supported in JBoss EAP 7.1.

Note: The unsupported features listed in the JBoss EAP 7.0 Release Notes - Unsupported Section also apply to the JBoss EAP 7.1 release, unless they are mentioned in the New Features and Enhancements section of this release notes,

Messaging (ActiveMQ Artemis)

  • AMQP, STOMP, REST, MQTT, and OpenWire protocol
  • Netty over HTTP and Netty Servlet transport options for connectors/acceptors
  • OIO (Old Java IO) connectors/acceptors type is no longer possible to configure
  • Vert.x, AeroGear, Spring and Jolokia integration
  • Dynamic queue creation
  • Chain cluster
  • Clustered message grouping
  • Using ActiveMQ Artemis Management using JMX
  • Graceful shutdown/scaling down of nodes in an Artemis cluster
  • Colocated HA topology configured using replication-colocated/shared-store-colocated
    Note: However, colocated HA topology is supported as described in the Colocated Backup Servers
  • Using messaging with MAPPED journal type

Infinispan APIs

  • Infinispan is delivered as a private module to provide the caching capabilities of JBoss EAP. Infinispan is not supported for direct use by applications.

Jackson API

OAuth with RESTEasy

  • OAuth is not supported with RESTEasy.

Deprecated Features

Some features have been deprecated with the release of JBoss EAP 7.1. This means that no enhancements will be made to these features, and they may be removed in the future, usually the next major release.

Red Hat will continue providing full support and bug fixes under our standard support terms and conditions. For more information about the Red Hat support policy, see the Red Hat JBoss Middleware Product Update and Support Policy located on the Red Hat Customer Portal.

Note: In most cases, the deprecated attributes will not be shown in the management console.

  • JBoss EAP Container Image
    The JBoss EAP base image for containers, registry.access.redhat.com/jboss-eap-7-tech-preview/eap70, distributed through the Red Hat Docker Registry will not be updated for JBoss EAP 7.1 and this image will be removed for the JBoss EAP 7.1 release.

  • The following Undertow HTTPS listener attributes are deprecated:

    • enable-spdy
    • enabled-cipher-suites
    • enabled-protocols
    • security-realm
    • verify-client
    • ssl-session-cache-size
    • ssl-session-timeout
    • enabled
  • The following Clustering attributes are deprecated:

    • binary-keyed-jdbc-store
    • mixed-keyed-jdbc-store
  • The following jaxrs operation is deprecated:

    • show-resources
  • The following IIOP-OpenJDK attributes are deprecated:

    • add-component-via-interceptor
    • queue-flush-interval
  • The following remoting resources are deprecated:

    • outbound-connection
    • local-outbound-connection
  • The following attributes of the remote-outbound-connection resource are deprecated:

    • protocol
    • security-realm
    • username
  • The following Infinispan attributes are deprecated:

    • queue-flush-interval
    • queue-size
  • The following resources are deprecated because management security is migrated to Elytron based security:

    • audit
    • security-realm
    • ldap-connection

Fixed Issues for the 7.1 Release

See JBoss EAP 7.1 Beta-Fixed Issues to view the list of fixed issues for this release. This list includes the JIRAs that were logged as known issues in the previous release, and are fixed and verified in JBoss EAP 7.1.
Note: You do not need to log in to JIRA to view this JIRA list.

Fixed CVEs for the 7.1 Release

  • CVE-2016-5406 - Domain Management - RBAC configurations are discarded by transformers for legacy slaves running management API versions 1.8 and earlier
  • CVE-2016-8627 - Domain Management - Potential EAP resource starvation DOS attack via GET requests for server log files
  • CVE-2016-7061 - Domain Management - Sensitive data can be exposed at the server level in domain mode
  • CVE-2016-4993 - Web (Undertow) - HTTP header injection / response splitting
  • CVE-2016-9589 - Web (Undertow) - ParseState headerValuesCache can be exploited to fill heap with garbage
  • CVE-2016-6311 - Web (Undertow)- Internal IP address disclosed on redirect when request header Host field is not set
  • CVE-2015-0254- XML Frameworks - XXE and RCE via XSL extension in JSTL XML tags

Known Issues for the 7.1 Release

See JBoss EAP 7.1 Beta-Known Issues to view the list of known issues for this release. This list includes the issues that are marked as blocker or critical.
Note: You do not need to log in to JIRA to view this JIRA list.

Additionally, be aware of the following:

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.