Try out our early Java EE 8 implementation of features that include Servlet 4.0, CDI 2.0, Application Security, JPA 2.2, JSF 2.3, and more! It’s all in this November 2017 beta of WebSphere Liberty.

Thanks to your support for our regular beta programme, we are able to release new Liberty features every few months. Most recently, in October. Look out for more betas over the coming months. If you just can’t wait, take a look at the daily builds of Open Liberty. WebSphere Liberty is built on Open Liberty.

What’s new in this beta?

Get it now! Ask a question about the beta

Java EE 8 Full Platform and Web Profile

A first peek at all of Java EE 8 is finally here! And this month, you can even enable all of the Java EE 8 features at the same time. =)

You can now enable all of the Java EE 8 features (or the more lightweight set of Web Profile features) with a single feature in your server.xml .

The new features included in webProfile-8.0 (Java EE 8 Web Profile) are:

appSecurity-3.0

beanValidation-2.0

cdi-2.0

jaxrs-2.1

jpa-2.2

jsf-2.3

jsonb-1.0

jsonp-1.1

servlet-4.0

The webProfile-8.0 feature also contains the following existing features that have not been updated: ejbLite-3.2 , el-3.0 , jaspic-1.1 , jdbc-4.2 , jndi-1.0 , jsp-2.3 , managedBeans-1.0 , transaction-1.2 , websocket-1.1 .

The new features included in javaee-8.0 (Java EE 8 Full Platform) are:

webProfile-8.0 (see above)

(see above) javaMail-1.6

The javaee-8.0 feature also contains the following existing features that have not been updated: appClientSupport-1.0 , batch-1.0 , concurrent-1.0 , ejb-3.2 , jacc-1.5 , jaxws-2.2 , jca-1.7 , jms-2.0 , j2eeManagement-1.1 , wasJmsClient-2.0 , wasJmsSecurity-1.0 , wasJmsServer-1.0 .

To try it out, just add the relevant feature definition to your server.xml .

For Java EE 8 Web Profile:

<featureManager> <feature>webProfile-8.0</feature> </featureManager>

Or for Java EE 8 Full Platform:

<featureManager> <feature>javaee-8.0</feature> </featureManager>

Find out more here:

Servlet 4.0

Servlet 4.0 is the latest Java EE 8 version of the Servlet specification. The beta includes the following new features and functions:

Support for HTTP/2 push/promise

Support for HTTP trailers

HttpServletRequest.getServletMapping()

ServletContext.getSessionTimeout() and setSessionTimeout()

ServletContext.addJspFile()

Support for new elements in web.xml : default-context-path request-character-encoding response-character-encoding

:

To try it out, add the feature definition to server.xml :

<featureManager> <feature>servlet-4.0</feature> </featureManager>

For more info, see the Servlet 4.0 spec.

Security API 1.0

The appSecurity-3.0 feature provides support for the Java EE Security API 1.0 specification. The Java Specification Request (JSR) 375 specifies the requirement.

The specification promotes self-contained application security portability across all Java EE servers, and makes use of modern programming concepts such as expression language and context dependency injection (CDI). It defines annotations specific to various authentication mechanisms, identity stores to handle user authentication, and common programming API to do programmatic Java EE security. It reduces the dependency on the deployment descriptors and application server based configuration for securing Java EE web resources.

For example, you can create a custom token authentication mechanism that you can bundle in your web application without the need to configure the login-config element in the web.xml file with one of the predefined auth-method types. If you also include your own IdentityStore bean in your application, your IdentityStore can be used to verify your custom tokens without the need to configure a user registry in the server.xml . Your web application will use your custom tokens to authenticate the user and your own IdentityStore to validate them regardless of what application server it is deployed to.

Once you configure the appSecurity-3.0 feature, your application can annotate the authentication mechanisms and the identity stores that are needed. The applications can provide their own implementations to replace the application server provided ones. The application can also use the SecurityContext API to perform programmatic security checks. Here’s an example server.xml configuration:

<server description="Java EE Security API 1.0 sample configuration"> <featureManager> <feature>appSecurity-3.0</feature> </featureManager> <!-- Change password and application details --> <keyStore id="defaultKeyStore" password="myKeyStorePwd" /> <application type="war" id="MyWebApp" name="MyWebApp" location="MyWebApp.war"> <application-bnd> <security-role name="myAppRole"> <!-- Realm name in access id is tied to the identity store's id or defaultRealm if not provided --> <user name="someUser" access-id="user:defaultRealm/someUser" /> <group name="someGroup" /> </security-role> </application-bnd> </application> </server>

CDI 2.0

CDI 2.0 is shining new and implements the latest CDI spec. It contains quite a few nice capabilities, especially the very useful and powerful Configurator SPIs. The new feature cdi-2.0 pulls in the Weld bundle 3.0.1. The following features of CDI 2.0 are available for use:

Asynchronous events

Configurators for major SPI elements

Configure or veto observer methods

Add built-in annotation literals

Apply interceptor on producers

The support of common annotation 1.3 is not part of this beta so the observers ordering is not supported in this beta.

To enable the CDI 2.0 feature just add the following feature definition to your server.xml :

<featureManager> <feature>cdi-2.0</feature> </featureManager>

For more information about CDI 2.0, see the CDI spec.

Bean validation 2.0

With the Bean Validation 2.0 feature, Liberty is using Hibernate Validator as its bean validation implementation. Previously for bean val 1.0 and 1.1 we used Apache Validator. The bean val 2.0 feature provides basic support for, you guessed it, the bean validation 2.0 specification.

To try it out, just enable the beanValidation-2.0 feature in the server.xml :

<featureManager> <feature>beanValidation-2.0</feature> </featureManager>

You can find out more about bean validation on the Hibernate website and in the spec.

Java Persistence API 2.2 (JPA 2.2)

Updated to support new features introduced in Java 8, including the new Java Date and Time API, Query Result Collection streaming, repeatable JPA annotations. See the October beta for more details.

JavaServer Faces 2.3 (JSF 2.3)

JavaServer Faces 2.3 (JSF 2.3) is the latest version of the JSF specification. JSF 2.3 contains many new features and enhancements.

Take advantage of the latest JSF features and enhancements. The jsf-2.3 feature pulls in the Apache MyFaces implementation and integrates it into the Liberty runtime. The following features of JSF 2.3 have been tested and are available for use:

<f:importConstants/>

Enhanced component search facility

DataModel implementions can be registered

CDI replacement for @ManagedProperty

UIData and <ui:repeat> support for Map and Iterable

support for Map and Iterable <ui:repeat> condition check

condition check Java Time Support

WebSocket Integration via <f:websocket>

Multi-field Validation via <f:validateWholeBean>

Use CDI for evaluation of JSF-specific EL implicit Objects

Support @Inject on JSF specific artifacts

on JSF specific artifacts Ajax method invocation. See vdldoc for <h:commandScript>

To enable the JSF 2.3 feature just add the following feature definition to your server.xml :

<featureManager> <feature>jsf-2.3</feature> </featureManager>

The CDI 2.0 feature is now available in this beta and should be used with this JSF 2.3 feature.

For more information, see:

* Apache MyFaces

* JavaServerFaces 2.3 Specification

Concurrency

Application server administrators can now configure concurrency policies for managed executors for finer grained control over concurrency constraints and other behavior. This includes how many tasks are allowed to run in parallel, how many tasks can queue up, and what action to take when it is not possible to queue a task for execution, among other behaviors. Different policies can be assigned for long-running tasks (identified by the LONGRUNNING_HINT execution property) versus normal tasks. Managed executors continue to be backed by the Liberty global thread pool and continue to benefit from Liberty’s autonomic tuning but it is now possible to impose these constraints to individual managed executors or groups of managed executors (multiple can share a single concurrency policy).

To try this, configure one or more concurrency policies in server configuration. For example:

<concurrencyPolicy id="max10" max="10" maxQueueSize="30" maxWaitForEnqueue="20s" startTimeout="1m"/>

Managed executors can be configured to use the concurrency policy as follows:

<managedExecutorService jndiName="concurrent/executor1" concurrencyPolicyRef="max10"/> <managedScheduledExecutorService jndiName="concurrent/executor2" concurrencyPolicyRef="max10"/>

For more information, see the Knowledge Center documentation on managed executor service and managed scheduled executor service.

Other updates in this beta

JSF Container 2.2

This feature makes it possible to bring your own JSF 2.2 implementation (either Mojarra or MyFaces) and take advantage of CDI integrations provided by the cdi-1.2 feature.

To try this, enable the jsfContainer-2.2 feature in your server.xml , and package your own JSF API and implementation inside of your application and off you go!

<featureManager> <feature>jsfContainer-2.2</feature> </featureManager>

For more info, see the Knowledge Center docs.

Social Login

Server administrators can now configure multiple social media providers to protect a given web application so that users can choose which provider they want to use to authenticate with your application:

To enable this functionality, server administrators simply enable the feature in server.xml and configure multiple social media providers to protect an application. The social media providers can either protect all applications or use authentication filters to protect a specific endpoint. Additional configuration is not necessary.

<featureManager> <feature>socialLogin-1.0</feature> </featureManager>

Throttle events in logstashCollector and bluemixLogCollector

The maximum number of events being sent to logstash collector is unlimited, meaning that there is an unlimited amount of events that can be sent per second.

To limit the number of events being sent through per second, you can now customize the maximum events by setting the new attribute maxEvents in the logstashCollector and bluemixLogCollector element. The default value is 0 , meaning there is no limit to the number of events sent per second. If you would like to throttle the events, set the value to an integer greater than 0 .

What’s already in there?

The October Liberty beta included previews of some of our Java EE 8 features, including JPA 2.2 and JSF 2.3, plus OpenAPI 3.0.

This is our second beta release since the 17.0.0.3 release in October 2017.

Get it now! Ask a question on Stack Overflow