2. New Features, Enhancements and Tech Previews
2.1. New Features
- Apache Server and Connectors
- mod_snmp and mod_rt now available on ppc64
As of JBoss EAP 6.4, mod_snmp and mod_rt are available on ppc64 Red Hat Enterprise Linux systems.
- Enable configuration of the global session timeout for the web container through the management APIs
The global HTTP session timeout may now be configured using the Management APIs.Expose public API for WebSockets use cases.
All classes in the
javax.websocket.serverpackages of the Websockets API are now publicly exposed.
- Authentication Manager
- A logout() method was added to org.jboss.security.AuthenticationManager interface
A logout method has been added to
org.jboss.security.AuthenticationManagerinterface. Be aware of this if you have implemented a custom
org.jboss.security.ServerAuthenticationManager, like the following example.
<valve> <class-name>org.jboss.as.web.security.jaspi.WebJASPIAuthenticator</class-name> <param> <param-name>serverAuthenticationManagerClass</param-name> <param-value>com.acme.ServerAuthenticationManager</param-value> </param> </valve>
- fail_on_status for mod_cluster
fail_on_statushas been added to mod_cluster.
fail_on_statuscan be used to specify one or more HTTP status codes, so that if a worker node in a cluster returns one of the specified status codes, it will cause that worker to fail. The load balancer will then send future requests to another worker node in the cluster.
- Domain Management
- Support nested expressions
Expressions may be nested, which allows for more advanced use of expressions in place of fixed values. Nested expressions are permitted anywhere that expressions are permitted, with the exception of Management CLI commands. As for normal expressions, the supported sources for resolving nested expressions are: system properties, environment variables and the Vault.Ability to read boot errors via the admin APIs
A new Management CLI command has been created, which outputs details of any errors which occurred on bootup. The command is
read-boot-errorsand has no parameters.Kerberos auth for management over HTTP/HTTPS
It is now possible to configure authentication of management operations made via HTTP/HTTPS using Kerberos. This means it is now possible to authenticate to the Management Console using Kerberos.
- Ability to specify a resource adapter reference in jboss-ejb3.xml without the ear name
jboss-ejb3.xmldeployment descriptor you can specify a resource adapter for a message driven bean (MDB) to use, without specifying the name of the EAR, in cases where the deployment descriptor is in the same EAR as the resource adapter.
- New implementation of StrictMaxPool
Contention within the EJB StrictMaxPool has been eliminated by changing the underlying data structure.Ability to use alternate persistent stores for unclustered EJB timers
EJB timers' data may now be stored in a database and shared between clustered server instances. Advantages of this method include suitability to high availability.Enable wildcard for <ejb-name> in jboss-ejb3.xml
Support for use of wildcards (*) has been enabled for <ejb-name> in jboss-ejb3.xml.
- Deliver new Hibernate Dialect for MySQL 5.7
A new dialect has been added to Hibernate to support MySQL 5.7. To prevent issues as a result of rounding fractional digits in date and time, the dialect currently has the following limitations: Hibernate will assume
datetime(6)for "timestamp" columns, and Hibernate will assume
time(0)for "time" columns.
- Ability to close all consumers on a destination and the connections for these consumers
The ability to close all consumers on a destination and the connections for those consumers has been added. This command is available via the Management CLI, management API and JMX.Abort slow HornetQ consumers
The rate of consumption for message consumers may now be monitored automatically, and action taken if the rate does not meet specific criteria. A minimum consumption rate is specified in messages per second and if it is not met, either the consumer's connection is killed or a management notification is raised, which can be handled by an application. By default this feature is disabled.Ability to terminate a connection by JMS User
HornetQ now supports termination of connections with the JMS user as the criteria. Previously it was only possible to terminate connections according to the client ID or IP address.
- Hibernate Search
- Deliver Hibernate Search as a default module
Hibernate Search is now a standard component of JBoss EAP.
- Test datasource and LDAP connections in the installer
When installing JBoss EAP in either GUI or console mode, the installer now provides the option to verify LDAP and datasource connectivity during the installation process. This ensures that the parameters provided during installation are valid.
- JBoss Web
- Load taglibs from jars in a JBoss Module
Tag Library Descriptors (TLDs) may be separated from their respective applications, allowing for easier additions and updates. To use this feature, create a custom JBoss EAP 6 module that contains the TLD JARs, and declare a dependency on that module in the applications.Ability to configure HttpOnly SSO cookies
A new attribute has been added to the SSO configuration of a virtual server:
http-only. When set to
true, this attribute adds
- Support enabled for "datasource_class" system property
By default, when a database driver JAR contains a
services/javax.sql.Driverfile, the datasource_class attribute in the datasource definition is ignored and the Driver class in the JAR used instead. To override this default behavior and use the datasource_class attribute, set the property
-Dironjacamar.jdbc.prefer_datasource_class=true.Detect and throw deployment exception for JCA 1.7 resource adapters
An exception is thrown if JCA 1.7 deployments are detected as they belong in an EE 7 based platform.Add leak detector pool
IronJacamar now features a connection pool implementation which monitors connections and provides feedback if they are never released by the application. When either the pool is shut down or flushed, a stack trace is output to the system logs. To enable the connection pool, set the system value
org.jboss.jca.core.connectionmanager.pool.mcp.LeakDumperManagedConnectionPool. To have the stack trace output to a separate file, set the system value
ironjacamar.leaklogto the name and path of the desired file.
- JMS Operations
- Add remove-jndi operation for JMS resources
remove-jndioperation is now enabled for JMS resources.
- Enable JMX MBean Registration and Unregistration notifications for JBoss' facade MBeans in EAP 6
MBeans in the
jboss.as.exprdomains are not truly MBeans but instead facades. As a result, MBean registration and unregistration events were not available. Registration and unregistration events for these domains have now been enabled, allowing these events to be monitored.
- Requesting suffix support for size-based log file rotation
Size-based log file rotation has been enhanced with support for a timestamp suffix which is appended to each log file when it is rotated. The format of the timestamp is configurable according to your requirements. Previously it was only possible to have a numeric suffix added to rotated log files, which made finding the relevant log file difficult in some circumstances.Implement java.util.logging.LogManager.getLoggerNames() in JBoss Logging
A getLoggerNames() method has been added to java.util.logging.LogManager which returns the names of all loggers.Audit syslog handler should be able to automatically reconnect
The audit syslog handler has been enhanced with a new attribute -
reconnect-timeout- which specifies the time period between attempts to reconnect to the syslog server.Make PeriodicSizeRotatingFileHandler configurable directly via CLI/web console
PeriodicSizeRotatingFileHandleris now able to be configured via either the Management Console or Management CLI. Previously such a handler was only able to be configured by using a custom handler. The new configuration methods are easier and less prone to error.Mask "password" System Properties
Any system property which contains the text
password(regardless of case) is replaced with the text
redactedwhen output via logging. This improves security by avoiding having passwords output in plain text in log files.
- Management CLI
- The CLI should support property substitution for names of elements and not only for parameters
Property substitution for names of elements has been added. Previously the Management CLI only supported property substitution for parameters.Add echo command for use in CLI scripting
A new management CLI command -
echo- has been added. It outputs verbatim any text which follows the command.
- Management Console
- Display server logs in graphical console
You can now view server and application logs in the JBoss EAP Management Console to help diagnose errors, performance problems, and other issues. For a log to be viewable in the Management Console Log Viewer, it must be located in the server's
jboss.server.log.dirdirectory. The Log Viewer also respects user RBAC role assignments, so a user logged in to the Management Console can only view logs that they are authorized to access.Access Red Hat plugin
Access to commonly used features of the Red Hat Customer Portal are now available from within the Management Console. The top navigation bar of the Management Console contains a drop-down menu: Red Hat Access. Clicking on this menu will reveal three task-specific links to the Customer Portal:, and .Expose web container global session timeout in the Console
The global HTTP session timeout may now be configured using the Management Console.
- Use external-context for remote TIBCO ems lookup
When using the generic JMS resource adapter to connect to an external messaging server, an external context may be used instead of writing a custom ObjectFactory. The following is an extract of an example use of
<external-context>. Replace the example properties with those appropriate for your JMS provider.
<external-context name="java:global/tibco" module="com.tibco.tibjms" class="javax.naming.InitialContext"> <environment> <property name="java.naming.factory.initial" value="com.tibco.tibjms.naming.TibjmsInitialContextFactory"/> <property name="java.naming.provider.url" value="TIBCO_EMS_SERVER_HOST_NAME:PORT"/> <property name="java.naming.factory.url.pkgs" value="com.tibco.tibjms.naming"/> <property name="org.jboss.as.naming.lookup.by.string" value="true"/> </environment> </external-context>
- Access to details of patches has been improved
The Management CLI command
patchhas two additional arguments:
infoargument outputs information on installed patches. The
inspectargument outputs information about a downloaded patch.The Patch Management panel of the Management Console has been improved to include a brief description of each patch and a link to a more detailed article.
- Backport AbstractPool initLock() synchronization elimination from 1.2
A lock was created when calling to register a transaction after getting a connection from the pool. Since the transaction registry already handled locking, as it already used a concurrent collection, the additional lock handling was unnecessary, and so removed.New managed connection pool
A new managed connection pool in JCA subsystem has been created that improves performance and eliminates thread contention within the server.
- Console plugin to integrate PicketLink subsystems into EAP console
PicketLink's subsystems are now configurable via the JBoss EAP Management Console, resulting in easier configuration.Modify the PicketLink IDP to support SAML 2.0 unsolicited responses
The PicketLink Identity Provider (IDP) has been enhanced so that it can now send SAML 2.0 unsolicited responses to the Service Provider.PicketLink should be configurable to ignore ajax calls
In case the user is not authenticated and sends a request to both IdP and SP using AJAX, PicketLink will respond with a 403 HTTP status code instead of the login page. AJAX requests are identified by checking the presence of the
X-Requested-Withheader with value
- RESTEasy logging through JBossLogging
RESTEasy logging functionality is now handled by JBossLogging. The benefits of this change include support for internationalization of log messages.New security parameters
RESTEasy has two new parameters intended to improve security in processing
org.w3c.dom.Documentdocuments. Both parameters are
context-paramparameters and can be set up in the
web.xmlof the application.The parameter
resteasy.document.secure.processing.featureimposes security constraints in processing
org.w3c.dom.Documentdocuments and JAXB object representations.The parameter
resteasy.document.secure.disableDTDsprohibit DTDs in
org.w3c.dom.Documentdocuments and JAXB object representations.The default value for
true. To disable one of them or both, add following to the application's
<context-param> <param-name>resteasy.document.secure.processing.feature</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>resteasy.document.secure.disableDTDs</param-name> <param-value>false</param-value> </context-param>
- RPM Installation and Updates
- There is now a choice of RPM channels or repositories to which to subscribe for installation and updates of JBoss EAP via RPM. The current JBoss EAP channel provides the latest version, while a minor channel provides a specific minor release and all applicable patches. This allows you to maintain the same minor version of JBoss EAP 6, while still staying current with high severity and security patches. For further details of the available channels, see https://access.redhat.com/solutions/1346093.
- SSLValve allows for user-configurable header names
The names of HTTP headers that SSLValve uses for passing SSL/TLS information from the originator were predefined, for example: ssl_client_cert, ssl_cipher, ssl_session_id and ssl_cipher_usekeysize. With this change, the names of the headers are now customizable so that the originator can use an arbitrary name of the HTTP header, with the name specified in the SSLValve configuration.Kerberos based authentication for Remoting
Support for Kerberos authentication for EJBs and EJB clients has now been enabled.Management security realms should cache LDAP data
The management security realm now caches LDAP data, which helps reduce the number of LDAP requests.Authorization with static Kerberos credentials to Oracle DB on Oracle JVM
Authorization using static Kerberos credentials in an Oracle DB datasource on Oracle JVM has been added. Note that Oracle DB driver version 184.108.40.206 or newer is required, also security domain cache must be enabled.Authorization with static Kerberos credentials to SQLServer on Oracle JVM
Authorization using static Kerberos credentials in a Microsoft SQL Server datasource has been added. Note that this feature is only supported for non-XA connections.Add support for external password of keystore to PicketBoxVault implementation
The Vault feature now supports the option of having the keystore password provided via an external command or a custom class.Add "remove vault entry" option to vault tool
The Vault CLI tool has been improved with the addition of the ability to remove a value stored in a vault.Use of the -secmgr flag for the configuration of a Java Security Manager
Running JBoss EAP within the Java Security Manager is now enabled by either adding the
-secmgrparameter to the startup script, or enabling the option
SECMGR="true"in the configuration file. Enabling the Java Security Manager with the
-Djava.security.managerJava system property is no longer possible. As a result of this change, custom security managers cannot be used. Starting JBoss EAP with a custom security manager enabled will result in JBoss EAP exiting with a non-zero exit code on startup. See the Security Guide for details of the changes required to enable the Java Security Manager.
- Supported Configurations
- Oracle JDK 8
Oracle Java Platform, Standard Edition 1.8 (JDK 8) has been added to the list of supported configurations.IBM JDK 8
IBM JDK 8 has been added to the list of supported configurations.DBMS
The following DBMS have been certified and are now fully supported:
Deliver mod_snmp for tested RHEL versions on PPC
- Enterprise DB Postgres Plus Advanced Server 9.3
- MySQL 5.7
- IBM DB2 10.5
- Microsoft SQL Server 2014
- PostgreSql 9.3
The Simple Network Management Protocol (SNMP) module
mod_snmpis now supported on PowerPC64 Architecture running Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
- WebSockets 1.0
- The WebSocket 1.0 protocol provides two way communication between web clients and servers. Communications between clients and the server are event-based, allowing for faster processing and smaller bandwidth compared with polling-based methods.The JBoss EAP 6.4 WebSocket implementation provides full dependency injection support for server endpoints, however, it does not provide CDI services for client endpoints. CDI support is limited to that required by the EE6 platform, and as a result, EE7 features such as interceptors on endpoints are not supported.
- BZ#1169462 - Installer should look automatically look for variables file during automated installs
- In JBoss EAP 6.4 the installer now automatically looks for a variables file during installation.The installer will look for the
.variablesfile only if an automated installation is being run and no variables are passed in through the
-variablefiletags.The installer will look in the location of the
auto.xmlfile first. If nothing is found there it will look in the current working directory for the user.If the user specifies a remote
auto.xmlfile the installer will only look for the
.variablesfile in the location user's current working directory.The
.variablesfile will also only be detected if it follows this naming convention;
- BZ#1168973 - JTS participants are not showing up in the tooling
- This release of JBoss EAP 6 contains an enhancement to the Transaction Manger component. Previously, not all particpants were appearing in the log viewer.Now, the following types of participants will be shown:
2.3. Features Provided as Tech Preview Only
- WS-Trust/STS with JBoss Web Services
- JBoss Web Services now exposes WS-Trust/STS capabilities from the underlying CXF implementation.
- Apache CXF 2.7.13 changes SAML/WS-Trust
- The Security Token Service (STS) now validates ActAs tokens too, while it was previously validating OnBehalfOf tokens only; as a consequence, valid username/password have to be specified in the UsernameToken that is provided as ActAs token.The SAML Bearer tokens are now required to have an internal signature; additionally, the
setRequireBearerSignaturemethod to enable/disable this signature verification.
- Adding and Removing Modules with the JBoss CLI
- The CLI offers new commands to add and remove modules.
- RestEasy Validation with the Hibernate Validator
- RestEasy now includes a validation provider to support the Hibernate Validator delivered with JBoss EAP 6.
- This feature enables a user to replace the JSF implementation provided with JBoss EAP 6 with a user-supplied JSF implementation.
- mod_jk and IPv6
- The mod_jk version has been updated. This new version contains support for IPv6, however this feature has not been fully tested.