Try out our early Java EE 8 implementation of features that include Servlet 4.0, CDI 2.0, Application Security, JPA 2.2, JSF 2.3, and more! It’s all in this November 2017 beta of WebSphere Liberty.
Thanks to your support for our regular beta programme, we are able to release new Liberty features every few months. Most recently, in October. Look out for more betas over the coming months. If you just can’t wait, take a look at the daily builds of Open Liberty. WebSphere Liberty is built on Open Liberty.
What’s new in this beta?
- Java EE 8 Full Platform and Web Profile
- Other updates in this beta
Java EE 8 Full Platform and Web Profile
A first peek at all of Java EE 8 is finally here! And this month, you can even enable all of the Java EE 8 features at the same time. =)
You can now enable all of the Java EE 8 features (or the more lightweight set of Web Profile features) with a single feature in your
The new features included in
webProfile-8.0 (Java EE 8 Web Profile) are:
webProfile-8.0 feature also contains the following existing features that have not been updated:
The new features included in
javaee-8.0 (Java EE 8 Full Platform) are:
javaee-8.0 feature also contains the following existing features that have not been updated:
To try it out, just add the relevant feature definition to your
For Java EE 8 Web Profile:
<featureManager> <feature>webProfile-8.0</feature> </featureManager>
Or for Java EE 8 Full Platform:
<featureManager> <feature>javaee-8.0</feature> </featureManager>
Find out more here:
- Java EE 8 technologies list (Oracle)
- Open Liberty GitHub issue for this work
- What’s new in Java EE 8 (developerWorks)
Servlet 4.0 is the latest Java EE 8 version of the Servlet specification. The beta includes the following new features and functions:
- Support for HTTP/2 push/promise
- Support for HTTP trailers
ServletContext.getSessionTimeout() and setSessionTimeout()
- Support for new elements in
To try it out, add the feature definition to
<featureManager> <feature>servlet-4.0</feature> </featureManager>
For more info, see the Servlet 4.0 spec.
Security API 1.0
appSecurity-3.0 feature provides support for the Java EE Security API 1.0 specification. The Java Specification Request (JSR) 375 specifies the requirement.
The specification promotes self-contained application security portability across all Java EE servers, and makes use of modern programming concepts such as expression language and context dependency injection (CDI). It defines annotations specific to various authentication mechanisms, identity stores to handle user authentication, and common programming API to do programmatic Java EE security. It reduces the dependency on the deployment descriptors and application server based configuration for securing Java EE web resources.
For example, you can create a custom token authentication mechanism that you can bundle in your web application without the need to configure the
login-config element in the
web.xml file with one of the predefined auth-method types. If you also include your own
IdentityStore bean in your application, your IdentityStore can be used to verify your custom tokens without the need to configure a user registry in the
server.xml. Your web application will use your custom tokens to authenticate the user and your own IdentityStore to validate them regardless of what application server it is deployed to.
Once you configure the
appSecurity-3.0 feature, your application can annotate the authentication mechanisms and the identity stores that are needed. The applications can provide their own implementations to replace the application server provided ones. The application can also use the SecurityContext API to perform programmatic security checks. Here’s an example
<server description="Java EE Security API 1.0 sample configuration"> <featureManager> <feature>appSecurity-3.0</feature> </featureManager> <!-- Change password and application details --> <keyStore id="defaultKeyStore" password="myKeyStorePwd" /> <application type="war" id="MyWebApp" name="MyWebApp" location="MyWebApp.war"> <application-bnd> <security-role name="myAppRole"> <!-- Realm name in access id is tied to the identity store's id or defaultRealm if not provided --> <user name="someUser" access-id="user:defaultRealm/someUser" /> <group name="someGroup" /> </security-role> </application-bnd> </application> </server>
CDI 2.0 is shining new and implements the latest CDI spec. It contains quite a few nice capabilities, especially the very useful and powerful Configurator SPIs. The new feature
cdi-2.0 pulls in the Weld bundle 3.0.1. The following features of CDI 2.0 are available for use:
- Asynchronous events
- Configurators for major SPI elements
- Configure or veto observer methods
- Add built-in annotation literals
- Apply interceptor on producers
The support of common annotation 1.3 is not part of this beta so the observers ordering is not supported in this beta.
To enable the CDI 2.0 feature just add the following feature definition to your
<featureManager> <feature>cdi-2.0</feature> </featureManager>
For more information about CDI 2.0, see the CDI spec.
Bean validation 2.0
With the Bean Validation 2.0 feature, Liberty is using Hibernate Validator as its bean validation implementation. Previously for bean val 1.0 and 1.1 we used Apache Validator. The bean val 2.0 feature provides basic support for, you guessed it, the bean validation 2.0 specification.
To try it out, just enable the
beanValidation-2.0 feature in the
<featureManager> <feature>beanValidation-2.0</feature> </featureManager>
Java Persistence API 2.2 (JPA 2.2)
Updated to support new features introduced in Java 8, including the new Java Date and Time API, Query Result Collection streaming, repeatable JPA annotations. See the October beta for more details.
JavaServer Faces 2.3 (JSF 2.3)
JavaServer Faces 2.3 (JSF 2.3) is the latest version of the JSF specification. JSF 2.3 contains many new features and enhancements.
Take advantage of the latest JSF features and enhancements. The jsf-2.3 feature pulls in the Apache MyFaces implementation and integrates it into the Liberty runtime. The following features of JSF 2.3 have been tested and are available for use:
- Enhanced component search facility
- DataModel implementions can be registered
- CDI replacement for
- UIData and
<ui:repeat>support for Map and Iterable
- Java Time Support
- WebSocket Integration via
- Multi-field Validation via
- Use CDI for evaluation of JSF-specific EL implicit Objects
@Injecton JSF specific artifacts
- Ajax method invocation. See vdldoc for
To enable the JSF 2.3 feature just add the following feature definition to your
<featureManager> <feature>jsf-2.3</feature> </featureManager>
The CDI 2.0 feature is now available in this beta and should be used with this JSF 2.3 feature.
Application server administrators can now configure concurrency policies for managed executors for finer grained control over concurrency constraints and other behavior. This includes how many tasks are allowed to run in parallel, how many tasks can queue up, and what action to take when it is not possible to queue a task for execution, among other behaviors. Different policies can be assigned for long-running tasks (identified by the
LONGRUNNING_HINT execution property) versus normal tasks. Managed executors continue to be backed by the Liberty global thread pool and continue to benefit from Liberty’s autonomic tuning but it is now possible to impose these constraints to individual managed executors or groups of managed executors (multiple can share a single concurrency policy).
To try this, configure one or more concurrency policies in server configuration. For example:
<concurrencyPolicy id="max10" max="10" maxQueueSize="30" maxWaitForEnqueue="20s" startTimeout="1m"/>
Managed executors can be configured to use the concurrency policy as follows:
<managedExecutorService jndiName="concurrent/executor1" concurrencyPolicyRef="max10"/> <managedScheduledExecutorService jndiName="concurrent/executor2" concurrencyPolicyRef="max10"/>
Other updates in this beta
JSF Container 2.2
This feature makes it possible to bring your own JSF 2.2 implementation (either Mojarra or MyFaces) and take advantage of CDI integrations provided by the
To try this, enable the
jsfContainer-2.2 feature in your
server.xml, and package your own JSF API and implementation inside of your application and off you go!
<featureManager> <feature>jsfContainer-2.2</feature> </featureManager>
For more info, see the Knowledge Center docs.
Server administrators can now configure multiple social media providers to protect a given web application so that users can choose which provider they want to use to authenticate with your application:
To enable this functionality, server administrators simply enable the feature in
server.xml and configure multiple social media providers to protect an application. The social media providers can either protect all applications or use authentication filters to protect a specific endpoint. Additional configuration is not necessary.
<featureManager> <feature>socialLogin-1.0</feature> </featureManager>
Throttle events in logstashCollector and bluemixLogCollector
The maximum number of events being sent to logstash collector is unlimited, meaning that there is an unlimited amount of events that can be sent per second.
To limit the number of events being sent through per second, you can now customize the maximum events by setting the new attribute
maxEvents in the
bluemixLogCollector element. The default value is
0, meaning there is no limit to the number of events sent per second. If you would like to throttle the events, set the value to an integer greater than
What’s already in there?
The October Liberty beta included previews of some of our Java EE 8 features, including JPA 2.2 and JSF 2.3, plus OpenAPI 3.0.
This is our second beta release since the 22.214.171.124 release in October 2017.