红帽全球峰会此内容没有您所选择的语言版本。
Chapter 2. New Features and Enhancements
2.1. Security
Using TLS Protocol Version 1.3 with JDK 11
Elytron now provides the ability to use Transport Layer Security (TLS) Protocol version 1.3 for JBoss EAP running against JDK 11.
TLS 1.3 is disabled by default. You can enable TLS 1.3 by configuring the new cipher-suite-names attribute in the SSL Context resource definition in the elytron subsystem.
Compared with TLS 1.2, you might experience reduced performance when running TLS 1.3 with JDK 11. Diminished performance might occur when a very large number of TLS 1.3 requests are being made. A system upgrade to a newer JDK version can improve performance. Test your setup with TLS 1.3 for performance degradation before enabling it in production.
2.2. Server Management
Use a Global Directory to Distribute Shared Libraries Across Deployments
In JBoss EAP 7.3 and earlier versions, you could not create and configure a global directory to distribute shared libraries across deployments running on a server. These capabilities have been added to the ee subsystem.
A global directory offers a better alternative to the global module approach. For example, if you want to change the name of a library listed in a global module, you must remove the global module, change the library’s name, and then add the library to a new global module. If you change the name of a library that is listed in the global directory, you only need to restart the server to make the library name change available for all deployments.
Using a global directory is also a better solution if you want to share multiple libraries across deployed applications.
2.3. Management CLI
Exposing Runtime Statistics for Managed Executor Services
In the previous JBoss EAP release, runtime statistics were not available for managed executor services in the ee subsystem.
You can now monitor the performance of managed executor services by viewing the runtime statistics generated with the new management CLI attributes. The following management CLI attributes have been added:
-
active-thread-count: the approximate number of threads that are actively executing tasks -
completed-task-count: the approximate total number of tasks that have completed execution -
hung-thread-count: the number of executor threads that are hung -
max-thread-count: the largest number of executor threads -
current-queue-size: the current size of the executor’s task queue -
task-count: the approximate total number of tasks that have been submitted for execution -
thread-count: the current number of executor threads
Using Property Replacement for Permissions Files
Users upgrading from JBoss EAP 6 to JBoss EAP 7 were unable to migrate file permissions in the Java policy file to the permissions.xml or jboss-permissions.xml files. It was not possible to use property replacement to migrate file permissions in the permissions.xml and jboss-permissions.xml files.
You can now use property replacement for the permissions.xml and jboss-permissions.xml files.
The property replacement for jboss-permissions.xml and permissions.xml files can be enabled or disabled using the jboss-descriptor-property-replacement and spec-descriptor-property-replacement attributes in the ee subsystem.
Configuring RESTEasy Parameters
You can now use the JBoss EAP management CLI to change the settings for RESTEasy parameters. A global change applies the updated settings to new deployments as web.xml context parameters.
You can modify the settings of a parameter by using the :write-attribute operation with the /subsystem=jaxrs resource in the management CLI. For example:
/subsystem=jaxrs:write-attribute(name=resteasy-add-charset, value=false)When you change the settings of a parameter, the updated settings only apply to new deployments. Restart the server to apply the new settings to current deployments.
Configuring RESTEasy Providers
In RESTEasy, certain built-in providers are enabled by default. You can now use the new RESTEasy parameter resteasy.disable.providers in the JBoss EAP management CLI to disable specific built-in providers.
The following example demonstrates how to disable the built-in provider FileProvider:
/subsystem=jaxrs:write-attribute(name=resteasy-disable-providers, value=[org.jboss.resteasy.plugins.providers.FileProvider])
You can use the resteasy.disable.providers parameter with the pre-existing parameter resteasy.use.builtin.providers to customize a specific provider configuration that applies to all new deployments.
When you change the settings of the resteasy.disable.providers parameter, the updated settings only apply to new deployments. Restart the server to apply the new settings to current deployments.
2.4. Web Services
Integrating Elytron with Web Services Clients
You can now configure web services clients to use Elytron automatically to obtain the credentials, the authentication method, and the SSL context.
If you use the web services client and assign configuration properties to it using the JBossWS API, you are not prompted for credentials or required to accept server certificates if the valid configuration is in the Elytron client. The following authentication methods are supported:
- Username Token Profile authentication
- HTTP Basic authentication
- TLS protocol
The configuration is specified by the <webservices/> element in wildfly-config.xml.
2.5. Eclipse MicroProfile
Support for Eclipse MicroProfile Fault Tolerance 2.1
JBoss EAP supports the Eclipse MicroProfile Fault Tolerance 2.1 specification.
The Eclipse MicroProfile Fault Tolerance 2.1 specification defines the following patterns for handling a failure:
- Timeout
- Fallback
- Retry
- CircuitBreaker
- Bulkhead
A new subsystem, microprofile-fault-tolerance-smallrye, provides the Eclipse MicroProfile Fault Tolerance 2.1 integration in JBoss EAP.
Support for Eclipse MicroProfile JWT RBAC 1.1
JBoss EAP supports the Eclipse MicroProfile JWT RBAC 1.1 specification.
With Eclipse MicroProfile JWT RBAC, you can authenticate an identity using a cryptographically-signed JSON Web Token (JWT) token that is received in an HTTP request. The claims of the authenticated identity are verified using role-based access control (RBAC) for accessing microservice endpoints.
Eclipse MicroProfile JWT RBAC provides the following benefits:
- Eclipse MicroProfile JWT RBAC requires only minimal configuration within a deployment for establishing an identity.
- Eclipse MicroProfile JWT RBAC does not rely on access to external repositories of identities, such as databases or directory servers.
A new subsystem, microprofile-jwt-smallrye, provides the Eclipse MicroProfile JWT RBAC integration in JBoss EAP.
Support for Eclipse MicroProfile OpenAPI 1.1
JBoss EAP supports the Eclipse MicroProfile OpenAPI 1.1 specification.
The Eclipse MicroProfile OpenAPI specification defines an HTTP GET /openapi endpoint that returns an OpenAPI v3 compliant document. This document describes the RESTful services provided by an application. The supported document formats are YAML and JSON.
A new subsystem, microprofile-openapi-smallrye, provides the Eclipse MicroProfile OpenAPI integration in JBoss EAP.
Currently, the /openapi endpoint for a virtual host can only document a single JAX-RS deployment. To use OpenAPI with multiple JAX-RS deployments that are registered with different context paths on the same virtual host, each deployment must use a distinct endpoint path.
Support for Eclipse MicroProfile Config 1.4
JBoss EAP supports the Eclipse MicroProfile Config 1.4 specification.
The microprofile-config-smallrye subsystem has been updated to integrate Eclipse MicroProfile version 1.4.
Support for Eclipse MicroProfile Health 2.2
JBoss EAP supports the Eclipse MicroProfile Health 2.2 specification.
The microprofile-health-smallrye subsystem has been updated to integrate Eclipse MicroProfile Health 2.2 in JBoss EAP.
Health checks in subdeployments of an Enterprise Application Archive (EAR) deployment are not supported.
Support for Eclipse MicroProfile Metrics 2.3
JBoss EAP supports the Eclipse MicroProfile Metrics 2.3 specification.
The microprofile-metrics-smallrye subsystem has been updated to integrate Eclipse MicroProfile Metrics 2.3. The updated subsystem provides a new optional base metric ProcessCpuTime.
Eclipse MicroProfile OpenTracing 1.3
JBoss EAP supports the Eclipse MicroProfile OpenTracing 1.3 specification.
The microprofile-opentracing-smallrye subsystem has been updated to provide the Eclipse MicroProfile OpenTracing 1.3 integration in JBoss EAP.
The updated microprofile-opentracing-smallrye subsystem includes support for tracing JAX-RS and CDI. The subsystem also allows configuration of Jaeger Java Client.
Support for Eclipse MicroProfile REST Client 1.4
JBoss EAP now supports the MicroProfile REST Client 1.4 specification. MicroProfile REST Client 1.4 adds the Contexts and Dependency Injection (CDI) capability to the class org.eclipse.microprofile.rest.client.ext.ClientHeadersFactory.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}