Chapter 2. New Features and Enhancements

2.1. Security

Ability to Combine Multiple Security Realms for Authorization in an Aggregate Realm

You can now use multiple security realms for authorization in an aggregate-realm with the authorization-realms attribute.

For more information, see Configure Authentication and Authorization Using Multiple Identity Stores in the How to Configure Identity Management guide for JBoss EAP.

Ability to Use the Subject Alternative Name Extension From X.509 Certificate as the Principal

You can now configure an evidence decoder to use a subject alternative name from an X.509 certificate as the principal associated with that certificate.

For more information, see Configuring Evidence Decoder for X.509 Certificate with Subject Alternative Name Extension in the How to Configure Server Security guide.

Ability to Combine Multiple Evidence Decoders with Aggregate Evidence Decoder

Elytron now provides an aggregate evidence decoder to combine two or more evidence decoders into a single decoder.

For more information, see Configuring an Aggregate Evidence Decoder in the How to Configure Server Security guide.

Certificate Revocation Capability using OCSP

Elytron now provides certificate revocation capability using Online Certificate Status Protocol (OCSP), defined in RFC6960, when undertow is used as a load balancer.

Syslog Audit Logging Enhancements

Elytron syslog audit logging now supports log formats defined in RFC5424 and RFC3164 to describe audit events.

A new attribute, reconnect-attempts, is now available to configure the maximum number of times Elytron attempts to send successive messages to a syslog server before closing the connection when using UDP.

2.2. EJB

Client and Server Interceptors

JBoss EAP 7.2 and earlier only supported EJB interceptors configured in the container.

In JBoss EAP 7.3, client interceptors and server interceptors are now supported. Client and server interceptors can be configured globally.

2.3. Clustering

Ability to Specify Ranked Multiple Routes Session Affinity

You can now specify session affinity as an ordered list of nodes. If your load balancer supports multiple, ordered routes, in the event of a primary node failure, it can choose the optimal nodes in the order defined. It also ensures a definite failover target, if the primary owner of a specific session is inactive.

For information about the ranked affinity options, see The distributable-web subsystem for Distributable Web Session Configurations in the Development Guide for JBoss EAP. For information on how to enable ranked session affinity in your load balancer, see Enabling Ranked Session Affinity in Your Load Balancer in the Configuration Guide for JBoss EAP.

2.4. Infinispan

Enabling Statistics for Remote Cache Containers

You can now use the HotRod client to expose remote cache container statistics. The statistics-enabled attribute can be configured for remote cache containers using the management CLI. For more information, see Configuring Remote Cache Containers in the Configuration Guide for JBoss EAP.

2.5. Web Services

Optional <T> Parameter Types Available for RESTEasy

RESTEasy now supports the following java.util.Optional parameters as wrapper object types:

  • @QueryParam
  • @MatrixParam
  • @FormParam
  • @HeaderParam
  • @CookieParam

For more information, see java.util.Optional Parameter Types in the Developing Web Services Applications book for JBoss EAP.

2.6. OpenShift

Reduce Memory Footprint with Galleon Feature-packs

You can now customize the main JBoss EAP for OpenShift image configuration to include only the capabilities that you require, thereby reducing the memory footprint. The provisioning tool, Galleon, offers several layers that you can select to control the capabilities present in the JBoss EAP server.

Additionally, you can package customized capabilities as Galleon feature-packs that are installed during the JBoss EAP server Galleon provisioning. For JBoss EAP for OpenShift Source-to-Image (S2I), you can build your feature-packs offline, deploy them to Maven and reference them in your provisioning.xml file.

EAP Operator for Automating Application Deployment on OpenShift

JBoss EAP now offers EAP operator, a JBoss EAP-specific controller, to automate common deployment-related tasks. You can install the EAP operator using OperatorHub, the graphical interface that OpenShift cluster administrators use to discover, install, and upgrade operators.

EAP Operator for Safe Transaction Recovery and EJB Remoting

The EAP operator ensures safe transaction recovery in your application cluster by verifying that all transactions are completed before scaling down the replicas and marking the pod as clean for termination.

The EAP operator uses StatefulSet for the appropriate handling of EJB remoting and transaction recovery processing. The StatefulSet ensures persistent storage and network hostname preservation even after the pods are restarted.

Calculate JVM Memory Settings

JBoss EAP 7.2 and earlier did not address conditions where JVM memory settings are higher than the container limit.

The OpenShift JBoss EAP image can now calculate default JVM memory settings when a container limit has been defined and the JVM memory settings are higher than the container limit.

2.7. Quickstarts and BOMs

New Client BOM for JAX-WS

JBoss EAP now provides a new client BOM, wildfly-jaxws-client-bom, to manage JAX-WS dependencies. For information on how to add the wildfly-jaxws-client-bom dependencies to your project, see JBoss EAP Client BOMs in the Development Guide for JBoss EAP.