Chapter 3. New Features and Enhancements

3.1. Security and Elytron

Elytron and the elytron Subsystem

The elytron subsystem, which is based on the WildFly Elytron project, is new in JBoss EAP 7.1. Elytron is a security framework used to unify security across the entire application server. The elytron subsystem provides a single point of configuration for securing both applications and the management interfaces. It provides a set of APIs and SPIs for creating custom implementations of functionality and integration. To learn more about the various Elytron components, see Core Concepts and Components section of the Security Architecture guide.

The legacy security subsystem and legacy core management authentication are still present in JBoss EAP 7.1 and are used by default. You can find information on configuring the elytron subsystem in the Elytron Subsystem section of How to Configure Server Security.

Important features of the elytron subsystem include:

  • Stronger authentication mechanisms for HTTP and SASL authentication.
  • An improved architecture that allows security identities to be propagated across security domains and transparently transformed to make them ready to use for authorization. Transformation takes place using configurable role decoders, role mappers, and permission mappers.
  • A centralized point for SSL/TLS configuration, including cipher suites and protocols.
  • SSL/TLS optimizations such as eager secure identity construction and closely tying authorization to establishing an SSL/TLS connection. This enables permission checks to happen before the first request is received. Eager secure identity construction eliminates the need for a secure identity to be constructed on a per-request basis.
  • A secure credential store that replaces the legacy password vault implementation. The secure credential store can store multiple other encrypted credential types in addition to encrypted strings. You can find more information on credential stores in the Credential Store section of How to Configure Server Security. With the exception of the elytron subsystem, new and existing legacy password vaults can still be used with other subsystems.

Credential Stores

You can configure credential stores in the elytron subsystem for JBoss EAP 7.1. A credential store allows for secure storage and usage of credentials, and has many benefits compared to using a legacy password vault. Credentials stored in a credential store can be securely referenced by other JBoss EAP subsystems. This prevents credentials, such as passwords, from being stored in plain text. For more information, see Credential Store in How to Configure Server Security.

Mapping Identity for Authenticated Management Users

When using the elytron subsystem to secure the management interfaces, you can provide a security domain to the management interfaces for identity mapping of authenticated users. This allows authenticated users to appear with the appropriate identity when logged into the management interfaces. For more information, see Mapping Identity for Authenticated Management Users in How to Configure Server Security.

Automatic Self-signed Certificate Creation for Applications

JBoss EAP 7.1 provides automatic generation of a self-signed certificate for development purposes for legacy security realms. For more information, see Automatic Self-signed Certificate Creation for Applications in How to Configure Server Security.

Caching for Security Realms

Elytron provides a caching-realm which allows you to cache the results of a credential lookup from a security realm. For example, you could use this to configure a cache for credentials coming from LDAP or a database to increase performance for frequently queried users. For more information, see Set Up Caching for Security Realms in How to Configure Identity Management.

Container-Managed Single Sign-on

You can configure JBoss EAP 7.1 to use container-managed single sign-on for applications using the Elytron FORM authentication method. This allows users to authenticate once and access other resources secured by the FORM authentication method without having to reauthenticate. For more information, see Configure Applications to use Container-managed Single Sign-on in How to Configure Identity Management.

Propagating Security Identities for Remote Calls

JBoss EAP 7.1 introduces the ability to easily configure the server and your applications to propagate a security identity from a client to the server for remoting calls. You can also configure server components to run within the security identity of a given user.

For more information, see Propagating Security Identities for Remote Calls in How to Configure Server Security for JBoss EAP.

WildFly Elytron Tool

JBoss EAP 7.1 includes the WildFly Elytron Tool, which allows you to create and modify credential stores without needing a running JBoss EAP server. It can also be used to convert password vaults to credential stores by using the vault option.

See Create and Modify Credential Stores Offline with the WildFly Elytron Tool in How to Configure Server Security for information on how to use the WildFly Elytron Tool.

Script to Enable Elytron in Applicable Subsystems and Management Interfaces

A script is provided to enable the Elytron framework in applicable subsystems and management interfaces. This script, enable-elytron.cli is available in the EAP_HOME/docs/examples/ directory. The use of this script is optional; Elytron can also be enabled on individual subsystems as needed. For more information, see How Red Hat JBoss Enterprise Application Platform 7.1 Handles Security out of the Box in the Security Architecture guide.

Configuring the Elytron Subsystem Using the Management Console

You can configure the elytron subsystem using the management console by navigating to ConfigurationSubsystemsSecurity - Elytron. For more information, see Elytron Subsystem in How to Configure Server Security.

Elytron Integration With the JBoss EAP Subsystems

In JBoss EAP 7.1, you can use Elytron to secure various aspects of the following JBoss EAP subsystems:

batch-jberet
You can configure the batch-jberet subsystem to run batch jobs using an Elytron security domain. For more information, see Configure Security for Batch Jobs in Configuration Guide.
datasources
You can use a credential store or an Elytron security domain to provide authentication information in a datasource definition. For more information, see Datasource Security in Configuration Guide.
ejb3
You can create mappings for Elytron security domains in the ejb3 subsystem to be referenced by deployments. For more information, see Elytron Integration with the EJB Subsystem in Developing EJB Applications.
iiop-openjdk
You can configure the iiop-openjdk subsystem to use SSL/TLS to secure communication between clients and servers. For more information, see Configure IIOP to Use SSL/TLS with the Elytron Subsystem in the Configuration Guide.
jca
You can use the elytron-enabled attribute to enable Elytron security for a work manager. For more information, see Configuring the JCA Subsystem in the Configuration Guide.
jgroups
You can configure the SYM_ENCRYPT and ASYM_ENCRYPT protocols to reference keystores or credential stores defined in the elytron subsystem. The AUTH protocol can also be configured to reference elytron-managed credential stores and keystores. For more information, see Securing a Cluster in the Configuration Guide.
mail
You can use a credential store to provide passwords for the mail subsystem. For more information, see Use a Credential Store for Passwords in the Configuration Guide.
messaging-activemq
You can use Elytron security to secure the messaging-activemq subsystem. For more information, see the Using the Elytron Subsystem section of Configuring Messaging.
modcluster
You can use an Elytron client ssl-context to communicate with a load balancer using SSL/TLS. For more information, see Elytron Integration with the ModCluster Subsystem in How to Configure Server Security.
remoting
You can configure inbound and outbound connections in the remoting subsystem to reference authentication contexts, SASL authentication factories, and SSL contexts defined in the elytron subsystem. For more information, see Elytron Integration with the Remoting Subsystem in How to Configure Server Security.
resource-adapters
You can secure connections to the resource adapter using Elytron. You can enable security inflow to establish security credentials when submitting work to be executed by the work manager. For more information, see Configure Resource Adapters to Use the Elytron Subsystem in the Configuration Guide.
undertow
You can use the elytron subsystem to configure both SSL/TLS and application authentication. For more information, see Using SSL/TLS in How to Configure Server Security and Configure Web Applications to Use Elytron or Legacy Security for Authentication in How to Configure Identity Management.

3.2. Server Management

Starting Servers in a Suspended State

During the startup process, JBoss EAP 7.1 servers are left in a suspended state until all services are started. While in this state, the server does not accept any requests. Once all required services have started, the server is placed into a normal running state to start accepting requests.

It is also possible to start servers in a suspended state and keep them suspended until the resume operation is invoked. To start the server in a suspended state, set the start-mode argument to suspend for the appropriate operation.

  • For a standalone server, pass the --start-mode=suspend argument to the standalone.sh script:

    Example: Start a Standalone Server in a Suspended State

    $ EAP_HOME/bin/standalone.sh --start-mode=suspend

  • In a managed domain, pass the start-mode=suspend argument to the start management CLI operation:

    Example: Start a Managed Domain Server in a Suspended State

    /host=HOST_NAME/server-config=SERVER_NAME:start(start-mode=suspend)

Monitoring Server Lifecycle Events Using the Core Management Subsystem

In JBoss EAP 7.1, you can register a listener to the JBoss EAP core-management subsystem to monitor for server lifecycle events. For more information, see Monitor Server Lifecycle Events Using the Core Management Subsystem in the Configuration Guide.

Monitoring Server Lifecycle Events Using JMX Notifications

In JBoss EAP 7.1, you can register a JMX notification listener to monitor for server lifecycle events. For more information, see Monitor Server Lifecycle Events Using JMX Notifications in the Configuration Guide.

Tracking and Viewing Configuration Changes from the Management CLI

In a managed domain, configuration changes are tracked at the host level for host and server-related modifications. Enabling configuration changes for a host controller enables it for all of its managed servers. Configuring tracking configuration changes has been moved to the new core-management subsystem. For more information, see View Configuration Changes in the Configuration Guide.

Monitoring Worker Statistics

You can view a worker’s runtime statistics using the management CLI. This exposes worker statistics such as connection count, thread count, and queue size.

The following command displays runtime statistics for the default worker:

/subsystem=io/worker=default:read-resource(include-runtime=true,recursive=true)

For more information, see Configuring Workers in the Performance Tuning Guide.

Improved Resource Monitoring for Slave Host Controllers

In JBoss EAP 7.1, host controllers that are configured as slaves can ignore resources in the domain-wide configuration that are not required. Resources can be irrelevant if they are not associated with the servers managed by the slave host controllers.

You can ignore unused configuration by setting the ignore-unused-configuration attribute to true in the JBoss EAP 7.0 host controller’s connection configuration to the remote domain controller. By default, the ignore-unused-configuration attribute is not defined.

For more information and an example configuration, see Configure a JBoss EAP 7.1 Domain Controller to Administer JBoss EAP 7.0 Instances in the Configuration Guide.

You can also use the --backup command line flag along with ignore-unused-configuration set to true, which allows a slave host controller to start using a backup copy of the domain configuration if the domain controller is not available. The slave host controller does not require the full domain.xml to do this.

Host Controllers Started Using a Cached Configuration Automatically Reconnect to the Domain Controller

In JBoss EAP 7.1, a host controller that has been started using a cached configuration because the domain controller was unreachable will automatically reconnect once the domain controller becomes available.

Setting the Server Locale

You can use the org.jboss.logging.locale property to override the locale for messages logged using JBoss Logging, including any messages from JBoss EAP and its owned dependencies.

For more information, see Set the Server Locale Using the org.jboss.logging.locale Property in the Configuration Guide.

New Attribute: parse-group-name-from-dn

In JBoss EAP 7.1, the parse-group-name-from-dn attribute is now available at /core-service=management/security-realm=realm/authorization=ldap/group-search=principal-to-group. The attribute is provided in place of the org.jboss.as.domain.management.security.parseGroupNameFromLdapDN system property.

For more information, see Enabling the LDAP Security Realm to Parse Roles from a DN in the Migration Guide.

Managing JBoss EAP Using JBoss Operations Network

You can monitor JBoss EAP 7.1 servers and manage their configuration using Red Hat JBoss Operations Network.

Important

JBoss Operations Network does not include support for configuring the new JBoss EAP 7.1 elytron subsystem. The monitoring support is limited to the features of the JBoss Operations Network JBoss EAP plugin that were available for JBoss EAP 6.4, with the addition of the JBoss EAP undertow, iiop-openjdk, io, and messaging-activemq subsystems.

3.3. Management CLI

Displaying and Saving Attachments

In JBoss EAP 7.1, you can use the attachment command to display or save the contents of an attached stream. This works for management resources that can expose contents as a stream.

Use the following management CLI command to display the contents of an attachment:

attachment display --operation=/subsystem=logging/log-file=server.log:read-attribute(name=stream)

Use the following management CLI command to save the contents of an attachment to a file:

attachment save --operation=/subsystem=logging/log-file=server.log:read-attribute(name=stream) --file=test.log
Note

If a file name is not provided, then the EAP_HOME/bin/STREAM_UUID is used as the file path.

See Display the Contents of an Attachment and Save the Contents of an Attachment in the Management CLI Guide for more information.

Attaching Files to Management Operations

In JBoss EAP 7.1, you can use the management CLI to attach a file to a management operation. You can use the add-content operation to add content to an existing exploded deployment or the remove-content operation to remove content. For example:

/deployment=test.war:add-content(content=[{input-stream-index=/path/to/a.txt,target-path=a.txt}])

You can use the browse-content operation to browse the contents of a deployment.

Setting a Timeout for Commands

JBoss EAP 7.1 allows you to set the maximum time, in seconds, to wait for a management CLI command to complete. A value of 0 means no timeout. By default, there is no timeout. For example:

command-timeout set 30

Include the Prompt and Command in the Output in Non-Interactive Mode

In JBoss EAP 7.1, the --echo-command argument displays the prompt and command with the output for commands executed in non-interactive mode. This can be useful when resolving failures by matching the output to the command that was executed.

$ EAP_HOME/bin/jboss-cli.sh --connect --file=/path/to/cli_commands.txt --echo-command

The command and its output are displayed as it executes.

[standalone@localhost:9990 /] :read-attribute(name=running-mode)
{
    "outcome" => "success",
    "result" => "NORMAL"
}
[standalone@localhost:9990 /] ls /deployment
helloworld.war

Specifying Exported Dependencies for a Custom Module

JBoss EAP 7.1 provides the --export-dependencies argument to specify exported dependencies for a module. For example:

module add --name=com.mysql --resources=/path/to/mysql-connector-java-5.1.36-bin.jar --export-dependencies=javax.api,javax.transaction.api
Important

Using the module management CLI command to add and remove modules is provided as technology preview only. This command is not appropriate for use in a managed domain or when connecting to the management CLI remotely. Modules should be added and removed manually in a production environment. For more information, see the Create a Custom Module Manually and Remove a Custom Module Manually sections of the JBoss EAP Configuration Guide.

Setting an Alternative Module Directory During Module Creation

If you have defined an external JBoss EAP modules directory to use instead of the default EAP_HOME/modules/ directory, you can use the --module-root-dir argument to specify the directory to use during module creation.

module add --module-root-dir=/path/to/my-external-modules/ --name=com.mysql --resources=/path/to/mysql-connector-java-5.1.36-bin.jar --dependencies=javax.api,javax.transaction.api
Important

Using the module management CLI command to add and remove modules is provided as technology preview only. This command is not appropriate for use in a managed domain or when connecting to the management CLI remotely. Modules should be added and removed manually in a production environment. For more information, see the Create a Custom Module Manually and Remove a Custom Module Manually sections of the JBoss EAP Configuration Guide.

Starting a Management CLI Session Using the IBM JDK

The jboss-cli scripts set the com.ibm.jsse2.overrideDefaultTLS property to true. This setting is important if you are using the IBM JDK, to prevent authentication issues when using SSL configured by Elytron. Be sure to set this property if you are using the IBM JDK and using another method to start a CLI session, for example, programmatically using the classes available in EAP_HOME/bin/client/jboss-cli-client.jar.

3.4. Management Console

Application Deployment Updates

JBoss EAP 7.1 includes an updated user interface for managing application deployments. The Deployments tab in the management console now has the following features for deployments:

  • An Explode drop-down option, which lets you unzip a disabled deployment.
  • A Browse Content drop-down option, which lets you browse the files in the deployment. Navigation is not supported.
  • Details about whether the application is an archive or an exploded deployment.

Transaction Monitoring Support

JBoss EAP 7.1 provides enhanced transactions subsystem metrics as well as metrics of JDBC and JMS transaction resources in the management console.

Viewing and Managing Messaging Prepared Transactions

You can use the management console to view, commit, or roll back prepared transactions for the messaging-activemq subsystem. For more information, see Manage Prepared Transactions Using the Management Console in Configuring Messaging.

Text Field Suggestions

As you type in some text fields in the management console, values from elsewhere in the configuration may appear as suggestions.

Adding a JMS Bridge

You can use the management console to add a JMS bridge by navigating to ConfigurationSubsystemsMessaging - ActiveMQJMS BridgeViewAdd. Provide the required information and click Save.

Tracking and Viewing Configuration Changes

To enable tracking of configuration changes from the management console, navigate to the Runtime tab, select the standalone server or managed domain host, and select Configuration Changes from the drop down. Click the Enable button and provide a maximum history value.

The table on this page then lists each configuration change made, with the date, origin, outcome, and operation details.

Configuring Filters

You can configure Undertow filters using the management console by navigating to ConfigurationSubsystemsWeb/HTTP - UndertowFiltersView.

Managing Batch Jobs

In JBoss EAP 7.1, you can manage batch jobs from the management console. Navigate to the Runtime tab, select the server, and select SubsystemsBatchView. Open the Jobs tab and start, stop, or restart jobs as necessary.

Testing Datasource Connections

When using the Create Datasource wizard in the management console, you have the opportunity to test the connection before creating the datasource. On the Test Connection screen of the wizard, click the Test Connection button.

Using Datasource Templates

When creating a datasource using the management console, the Create Datasource wizard provides templates with default values for the supported databases. This is newly supported for JBoss EAP 7.1.

Subsystem Support

In JBoss EAP 7.1, it is now supported to configure the following subsystems using the management console:

  • BeanValidation
  • IO
  • Jaxrs
  • Jdr
  • Jsf
  • Jsr77
  • Naming
  • Pojo
  • Remoting
  • RequestController
  • Sar
  • Security - Elytron
  • Singleton
  • Weld

3.5. Web Server

HTTP/2 Support

JBoss EAP 7.1 supports secure HTTP/2 on all supported operating systems, with the exception of HP-UX. There are two supported ways to enable HTTP/2 in JBoss EAP 7.1:

  • Using JBoss EAP 7.1 internal support for ALPN, which uses the reflection API. This works out of the box, but is limited to only OpenJDK and Oracle JDK.
  • Using ALPN support from the new JBoss Core Services OpenSSL, which works on all supported operating systems with the exception of HP-UX.

3.6. Logging

Improved Reporting for Boot Errors Caused by Invalid Server Configuration Files

Prior to JBoss EAP 7.1, boot errors that occurred when parsing invalid server configuration files provided little feedback and were difficult to debug. JBoss EAP 7.1 uses XSD analysis to produce more informative error messages when encountering XML parsing errors. It now shows where the error occurred, provides feedback about the validation error, and, when possible, pulls and displays supporting documentation from the XSD to describe the issue. The enhanced validation of XML configuration does not include deployment descriptors of deployments.

Server Log Includes Patch Information

Patch-related information is now logged in the server.log file during startup. This information is useful while debugging issues.

3.7. Deployments

Managing Exploded Deployments

In JBoss EAP 7.1, you can create exploded managed deployments and manipulate their contents using deployment management operations.

For more information, see Managing Exploded Deployments in the Configuration Guide.

Support for Browsing the Content Repository

In JBoss EAP 7.1, you can view the contents of managed deployments using deployment management operations. For more information, see Viewing Deployment Content in the Configuration Guide.

Undeploying All Deployments

In JBoss EAP 7.1, you can now undeploy all deployments from the management CLI by using a wildcard (*). For example:

undeploy *

Redeploying All Disabled Deployments

In JBoss EAP 7.1, you can now deploy all disabled deployments from the management CLI by using a wildcard (*). For example:

deploy --name=*

3.8. Class Loading

Using Absolute Paths for Resources in module.xml Files

In JBoss EAP 7.1, using absolute paths in the resource-root path element of the module.xml file for modules is now supported. This allows your resource libraries to be accessible without needing to move them to the EAP_HOME/modules/ directory.

3.9. Naming

Changing JNDI Bindings Dynamically

In JBoss EAP 7.1, you can use the rebind operation to update JNDI bindings dynamically without needing to reload or restart services. However, this does not work for external context bindings, as they require services to be restarted.

For more information, see the Dynamically Change JNDI Bindings section of the Configuration Guide.

3.10. Transactions

Graceful Shutdown for Transactions

Once suspended, the server will not accept new requests, but in-flight transactions and requests are allowed to continue until they complete or until the timeout period expires. This also applies for web service requests associated with an XTS transaction. See Suspend and Shut Down JBoss EAP Gracefully in the Configuration Guide for more information.

Enhanced Transaction Monitoring

JBoss EAP 7.1 provides enhanced statistics for transaction resources in the datasources, transactions, and messaging-activemq subsystems.

See Datasource Statistics and View Transaction Statistics in the Configuration Guide, and Monitoring Messaging Statistics in Configuring Messaging for information on viewing the available statistics.

Forget Call When Deleting a Transaction

When using the delete operation on a transaction log, the forget call is now triggered so that XA resource vendor logs are cleaned correctly. For more details and how to configure the forget call behavior, see Delete a Transaction in the Configuration Guide.

3.11. JCA

Distributed Work Manager Support

JBoss EAP 7.1 supports the use of distributed work managers to reschedule work execution on another work manager instance. For more information, see the Distributed Work Managers section of the Configuration Guide.

3.12. Datasources

Flushing Datasource Connections

You can flush datasource connections using the management CLI or management console. For details, see the Flushing Datasource Connections section of the Configuration Guide.

Recording of Enlistment Traces is Disabled

In JBoss EAP 7.1, by default, the enlistment-trace attribute is set to false for datasources. You can enable the recording of enlistment traces by setting the enlistment-trace attribute to true.

Warning

Enabling enlistment tracing makes tracking down errors during transaction enlistment easier, but comes with a performance impact.

3.13. Resource Adapters

Configuring the Generic JMS Resource Adapter

JBoss EAP 7.1 allows you to configure a generic JMS resource adapter for use with JMS providers.

Flushing Resource Adapter Connections

You can flush resource adapter connections using the management CLI. For details, see the Flushing Resource Adapter Connections section of the Configuration Guide.

Recording of Enlistment Traces is Disabled

In JBoss EAP 7.1, by default, the enlistment-trace attribute is set to false for resource adapters. You can enable the recording of enlistment traces by setting the enlistment-trace attribute to true.

Warning

Enabling enlistment tracing makes tracking down errors during transaction enlistment easier, but comes with a performance impact.

3.14. EJB

Clustered Singleton MDB Support

JBoss EAP 7.1 now supports the use of clustered singleton MDBs. When an MDB is identified as a clustered singleton and deployed in a cluster, it will only be active on one node at a time. When the server node fails or is shut down, the clustered singleton MDB is activated on a different node and starts consuming messages on that node.

For more information, see Clustered Singleton MDBs in Developing EJB Applications.

Rebalancing of All Inbound MDB Connections

In JBoss EAP 7.0, you could use the rebalanceConnections activation configuration property for MDBs to allow for rebalancing of all inbound MDB connections when the underlying Artemis cluster topology changes.

In JBoss EAP 7.1, you can now set this behavior by using the rebalance-connections attribute in the pooled-connection-factory configurations in the messaging-activemq subsystem.

Legacy EJB Client Compatibility

JBoss EAP 7.1 ships with two EJB clients:

EJB client
The new EJB client is mostly, but not fully, backward compatible with the EJB client from JBoss EAP 7.0. This EJB client supports dynamic identity switching and remoting has been enhanced to support multiple identities over a single connection, instead of requiring a new connection per identity.
Legacy EJB client

The legacy EJB client provides full binary backward compatibility. This legacy EJB client can run with the client applications that were initially compiled using the EJB client from JBoss EAP 7.0. All the APIs that were present in the EJB client for JBoss EAP 7.0 are present in the legacy EJB client for JBoss EAP 7.1.

For more information, see Legacy EJB Client Compatibility in Developing EJB Applications.

EJB Client Code Simplification

In JBoss EAP 7.1, you can simplify the EJB client code when invoking the EJB server-side clustered components.

For more information, see EJB Client Code Simplification in Developing EJB Applications.

Configuring the EJB Client Address

In JBoss EAP 7.1, you can bind the EJB client’s socket to a particular address and port. Then, the target EJB can read the source address and port of the remote client that invoked it.

For more information, see Configure the EJB Client Address in Developing EJB Applications.

Single artifactID for jboss-ejb-client Dependencies

Including the jboss-ejb-client dependency, with its version managed using wildfly-ejb-client-bom, includes all the required dependencies for the EJB client.

In the previous releases of JBoss EAP, the dependencies had to be included manually in the pom.xml. In JBoss EAP 7.1, this is not required.

For more information, see Project Dependencies for Remote EJB Clients in Developing EJB Applications.

Regular Expression Support in Interceptor Bindings

In JBoss EAP 7.1, you can set the allow-ejb-name-regex attribute of the ejb3 subsystem to true to allow regular expressions in interceptor bindings. This allows interceptors to be mapped to all beans that match the specified regular expression.

For more information, see Configure a Container Interceptor in Developing EJB Applications.

3.15. JSF

Multi-JSF Support

JBoss EAP 7.1 provides full support for Multi-JSF. This feature enables a user to replace the JSF implementation provided with JBoss EAP with a user-supplied JSF implementation. This feature also enables a user to install multiple JSF implementations and easily switch the default implementation.

Be aware that the following issue may occur when providing and installing your own JSF implementations:

Mojarra/MyFaces 2.1.x/2.0.x

JBoss EAP 7 is a certified implementation of Java EE 7. However, if you install an alternative JSF implementation of version 2.1 or older, JBoss EAP 7 is no longer compliant with Java EE 7. These older versions are compliant with the JSF 2.0 specification defined in JSR-314, so features from the JSF 2.2 specification defined in JSR-344 will be missing.

For more information, see Multi-JSF Implementation of JavaServer Faces in the Configuration Guide.

3.16. Hibernate

Upgraded to Hibernate ORM 5.1

JBoss EAP 7.1 now includes Hibernate ORM 5.1. The Hibernate ORM 5.1 release includes many performance improvements and bug fixes. It also introduces the following new features and improvements:

Hibernate ORM 5.1 Features
  • In Hibernate Query Language (HQL), you can define a join to an entity, not just a mapped association. For example:

    select ...
    from FinancialRecord f
        left join User u
            on r.lastUpdateBy = u.username
  • In addition to providing the ability to load a single identity by identifier, the API now also supports loading multiple entities of same type by identifier by using the Hibernate native API Session interface. For example:

    // Load Users 1, 2 and 3 at one shot
    List<User> users = session.byMultipleIds(User.class).multiLoad( 1, 2, 3 );
  • This release offers improvements in CDI integration, including solutions to the issue that occurs when Hibernate attempts to access the CDI BeanManager too soon. For more information, see HHH-8706 and HHH-10477.
  • When defining an Envers audit query, you can now refer across one-to-one and many-to-one associations.

Upgraded to Hibernate Validator 5.3.x

JBoss EAP 7.1 now includes Hibernate Validator 5.3.x. Notable highlights include:

  • Bug fixes
  • The ability to add dynamic payloads to constraint violations
  • A new programmatic API for constraint definition and declaration
  • New translations of the built-in constraint messages

For more information, see New Features of Hibernate Validator 5.3.x in the Development Guide.

Access to Properties of Associations in Envers Queries

In JBoss EAP 7.1, you can access properties of associated entities in Envers queries. For more information, see Traversing Entity Associations Using Properties of Referenced Entities in Developing Hibernate Applications.

Define Lazy Loading Attribute Fetch Groups

In JBoss EAP 7.1, if you are using bytecode enhanced lazy loading, you can define the groupings of attributes to be fetched when one of the group is accessed. For more information, see Lazy Attribute Loading in Developing Hibernate Applications.

3.17. High Availability

New Load Balancer Profile

JBoss EAP 7.1 includes a new load balancer profile that is preconfigured to allow a server to run as a load balancer. The standalone server configuration file for this profile is standalone-load-balancer.xml, located in the EAP_HOME/standalone/configuration/ directory. The managed domain profile is load-balancer, defined in the EAP_HOME/domain/configuration/domain.xml file. For information on using this profile, see Configure Undertow as a Load Balancer Using mod_cluster in the Configuration Guide.

3.18. RESTEasy

Display Resource Details of REST Endpoints

In JBoss EAP 7.1, you can use the read-resource management CLI operation on the jaxrs subsystem for deployments to view details about RESTEasy endpoints. For more information, see Viewing RESTEasy Endpoints in Developing Web Services Applications.

Jackson Module Support for Java 8

JBoss EAP 7.1 provides support for the Jackson modules needed for Java 8 features. For more information, see Jackson Module Support for Java 8 in Developing Web Services Applications.

JSON Filter Support

In JBoss EAP 7.1, you can annotate classes with @JsonFilter to perform dynamic filtering. For more information, see JsonFilter Support in RESTEasy Jackson2 in Developing Web Services Applications.

Logging RESTEasy Providers and Interceptors

RESTEasy logs the used providers and interceptors at the DEBUG logging level. For more information, see Logging RESTEasy Providers and Interceptors in Developing Web Services Applications.

3.19. Messaging

Messaging JDBC Persistence Store

In JBoss EAP 7.1, you can use JDBC to persist messages and binding data to a database instead of the default file-based journal.

Important

JBoss EAP 7.1 currently supports only Oracle Database 12c and excludes high availability (HA) topologies.

For more information, see the Messaging Journal Persistence Using a JDBC Database section of Configuring Messaging.

Setting the Client Thread Pool Size Using System Properties

The following system properties can be used to set the size of a client’s global thread pool and global scheduled thread pool.

  • activemq.artemis.client.global.thread.pool.max.size
  • activemq.artemis.client.global.scheduled.thread.pool.core.size

For more information, see the Client Thread Management section of Configuring Messaging.

Access an AMQ Broker Using the Integrated ActiveMQ Artemis Resource Adapter

You can use the integrated ActiveMQ Artemis resource adapter in the messaging-activemq subsystem of JBoss EAP to access an external Red Hat JBoss AMQ 7 broker.

For more information, see Using the Integrated Artemis Resource Adapter for Remote Connections in Configuring Messaging.

3.20. Client Configuration

New Client Configuration File

JBoss EAP 7.1 introduces a wildfly-config.xml configuration file that allows you to specify various client configurations, such as EJB, Elytron authentication, and remoting, in a single configuration file.

See Client Configuration Using the wildfly-config.xml File in the Development Guide for information on the clients and types of configuration that can be done using the wildfly-config.xml file.

3.21. JBoss Server Migration Tool

JBoss Server Migration Tool Available

The JBoss Server Migration Tool is now available with the JBoss EAP 7.1 distribution. This assists you in migrating your JBoss EAP 6.4 or 7.0 server configuration to JBoss EAP 7.1. It can convert both standalone server and managed domain configurations.

For more information on using the JBoss Server Migration Tool, see Use the JBoss Server Migration Tool to Migrate Server Configurations in the JBoss EAP Migration Guide.

3.22. Documentation

Performance Tuning Guide Available

The Performance Tuning Guide is now available for JBoss EAP 7.1. This guide provides optimization recommendations for common JBoss EAP use cases, as well as instructions for monitoring performance and diagnosing performance issues.

3.23. Graphical Installer

Graphical Installer Provides Custom JSF Installation Option

You can install a custom JSF implementation when using the graphical installer to install JBoss EAP 7.1. On the Configure Runtime Environment page of the installer wizard, select Perform advanced configurationInstall JSF implementation and click Next. Provide the required details on the JSF Setup page and complete the rest of the installation.

Note

The JBoss EAP 7.1 installer supports installing MyFaces v2.1.x/v2.2.x and Mojarra v2.1.x/v2.2.x. The MyFaces implementation itself is not supported.

3.24. Quickstarts

New Quickstart Available: ha-singleton-deployment

The ha-singleton-deployment quickstart is shipped with JBoss EAP 7.1. This is a complete working example of a service packaged in an application as a cluster-wide singleton using singleton deployments.

New Quickstart Available: messaging-clustering-singleton

The messaging-clustering-singleton quickstart is shipped with JBoss EAP 7.1. This quickstart demonstrates clustering using ActiveMQ Artemis with MDB singleton configuration.

Quickstart Updates for Elytron Security

The following quickstarts are new for JBoss EAP 7.1 and demonstrate how Elytron can be used to secure applications.

  • ejb-security-context-propagation
  • ejb-security-jaas
  • ejb-security-programmatic-auth
  • helloworld-mutual-ssl
  • helloworld-mutual-ssl-secured
  • helloworld-ssl

The following existing quickstarts were updated to use Elytron security:

  • ejb-asynchronous
  • ejb-multi-server
  • ejb-remote
  • ejb-security
  • helloworld-jms
  • servlet-security
  • shopping-cart