From b580a94b0f9ec6a6f39ab2f0df4d51b9e70b3734 Mon Sep 17 00:00:00 2001 From: dmuelle Date: Wed, 12 Jun 2024 13:07:26 +0000 Subject: [PATCH 01/14] 24.0.0.6 --- posts/2024-06-18-24.0.0.6.adoc | 447 +++++++++++++++++++++++++++++++++ 1 file changed, 447 insertions(+) create mode 100644 posts/2024-06-18-24.0.0.6.adoc diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc new file mode 100644 index 000000000..84b9d64d5 --- /dev/null +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -0,0 +1,447 @@ +--- +layout: post +title: "TITLE" +# Do NOT change the categories section +categories: blog +author_picture: https://avatars3.githubusercontent.com/dmuelle +author_github: https://github.com/dmuelle +seo-title: TITLE - makes sure it ends with - OpenLiberty.io +seo-description: DESCRIPTION +blog_description: DESCRIPTION +open-graph-image: https://openliberty.io/img/twitter_card.jpg +open-graph-image-alt: Open Liberty Logo +--- += TITLE +David Mueller +:imagesdir: / +:url-prefix: +:url-about: / +//Blank line here is necessary before starting the body of the post. + +// // // // // // // // +// In the preceding section: +// Do not insert any blank lines between any of the lines. +// Do not remove or edit the variables on the lines beneath the author name. +// +// "open-graph-image" is set to OL logo. Whenever possible update this to a more appropriate/specific image (For example if present a image that is being used in the post). However, it +// can be left empty which will set it to the default +// +// "open-graph-image-alt" is a description of what is in the image (not a caption). When changing "open-graph-image" to +// a custom picture, you must provide a custom string for "open-graph-image-alt". +// +// Replace TITLE with the blog post title eg: MicroProfile 3.3 is now available on Open Liberty 20.0.0.4 +// Replace dmuelle with your GitHub username eg: lauracowen +// Replace DESCRIPTION with a short summary (~60 words) of the release (a more succinct version of the first paragraph of the post). +// Replace David Mueller with your name as you'd like it to be displayed, eg: Laura Cowen +// +// Example post: 2020-04-09-microprofile-3-3-open-liberty-20004.adoc +// +// If adding image into the post add : +// ------------------------- +// [.img_border_light] +// image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"] +// ------------------------- +// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not +// around diagrams. Then double check how it looks. +// There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark +// backgrounds. +// Change "FILE_NAME" to the name of the image file. Also make sure to put the image into the right folder which is: img/blog +// change the "IMAGE CAPTION" to a couple words of what the image is +// // // // // // // // + +RELEASE_SUMMARY + +// // // // // // // // +// In the preceding section: +// Leave any instances of `tag::xxxx[]` or `end:xxxx[]` as they are. +// +// Replace RELEASE_SUMMARY with a short paragraph that summarises the release. Start with the lead feature but also summarise what else is new in the release. You will agree which will be the lead feature with the reviewers so you can just leave a placeholder here until after the initial review. +// // // // // // // // + +// // // // // // // // +// Replace the following throughout the document: +// Replace 24.0.0.6 with the version number of Open Liberty, eg: 22.0.0.2 +// Replace 24006 with the version number of Open Liberty wihtout the periods, eg: 22002 +// // // // // // // // + +In link:{url-about}[Open Liberty] 24.0.0.6: + +* <> +* <> +* <> +* <> + + +// // // // // // // // +// If there were updates to guides since last release, keep the following, otherwise remove section. +// // // // // // // // +Along with the new features and functions added to the runtime, we’ve also made <>. + +// // // // // // // // +// In the preceding section: +// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3 +// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3 +// Where the updates are grouped as sub-headings under a single heading +// (eg all the features in a MicroProfile release), provide sub-entries in the list; +// eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with +// Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4) +// // // // // // // // + +View the list of fixed bugs in link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A24006+label%3A%22release+bug%22[24.0.0.6]. + +Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Liberty GA release blog posts]. + + +[#run] + +// // // // // // // // +// LINKS +// +// OpenLiberty.io site links: +// link:{url-prefix}/guides/maven-intro.html[Maven] +// +// Off-site links: +//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] +// +// IMAGES +// +// Place images in ./img/blog/ +// Use the syntax: +// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"] +// // // // // // // // + +== Develop and run your apps using 24.0.0.6 + +If you're using link:{url-prefix}/guides/maven-intro.html[Maven], include the following in your `pom.xml` file: + +[source,xml] +---- + + io.openliberty.tools + liberty-maven-plugin + 3.8.2 + +---- + +Or for link:{url-prefix}/guides/gradle-intro.html[Gradle], include the following in your `build.gradle` file: + +[source,gradle] +---- +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'io.openliberty.tools:liberty-gradle-plugin:3.6.2' + } +} +apply plugin: 'liberty' +---- +// // // // // // // // +// In the preceding section: +// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin +// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin +// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins +// // // // // // // // + +Or if you're using link:{url-prefix}/docs/latest/container-images.html[container images]: + +[source] +---- +FROM icr.io/appcafe/open-liberty +---- + +Or take a look at our link:{url-prefix}/start/[Downloads page]. + +If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. + +[link=https://stackoverflow.com/tags/open-liberty] +image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/28572 +// Contact/Reviewer: dazavala +// // // // // // // // +[#SUB_TAG_0] +== [DRAFT]InstantOn support for Jakarta Messaging, Connectors, and MDB in Liberty 24.0.0.6 + +Please provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). + - Who is the target persona? Who do you expect to use the update? eg application developer, operations. + - What was the problem before and how does your update make their life better? (Why should they care?) + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + + + + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/28496 +// Contact/Reviewer: anjumfatima90 +// // // // // // // // +[#SUB_TAG_1] +== Instant On Support for Session Cache in Liberty 24.0.0.6 + +Please provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). + link:https://openliberty.io/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] (sessionCache-1.0) + + - Who is the target persona? Who do you expect to use the update? eg application developer, operations. + Application Developer + + - What was the problem before and how does your update make their life better? (Why should they care?) + + InstantOn supports a subset of the Open Liberty features. Any public features that are enabled outside of the supported set of features for InstantOn cause the checkpoint to fail with an error message. As of the `24.0.0.6` release, `sessionCache-1.0` feature is enhanced to support InstantOn. + + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + link:https://openliberty.io/docs/latest/instanton.html[Faster startup for containerized applications with Open Liberty InstantOn] + + + +// DO NOT MODIFY THIS LINE. + + +For more details, check the LINK[LINK_DESCRIPTION]. + +// // // // // // // // +// In the preceding section: +// Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list +// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list +// Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4 +// Replace LINK with the link for extra information given for the feature +// Replace LINK_DESCRIPTION with a readable description of the information +// // // // // // // // + +[#CVEs] +== Security vulnerability (CVE) fixes in this release +[cols="5*"] +|=== +|CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes + +|Link[CVE-XXXX-XXXXX] +|Score +|vulnerability +|Affected versions +|Affected Features and other notes +|=== +// // // // // // // // +// In the preceding section: +// If there were any CVEs addressed in this release, fill out the table. For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc. If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz. +// Note: When linking to features, use the +// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and +// NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[]) +// +// If there are no CVEs fixed in this release, replace the table with: +// "There are no security vulnerability fixes in Open Liberty [24.0.0.6]." +// // // // // // // // +For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. + + +[#bugs] +== Notable bugs fixed in this release + + +We’ve spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A24006+label%3A%22release+bug%22[full list of bugs fixed in 24.0.0.6]. + +* link:https://github.com/OpenLiberty/open-liberty/issues/28552[NoClassDefFoundError: org/apache/commons/io/input/NullInputStream when using collectives file transfer.] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/28493[restfulWS-3.1: Headers with multiple values in a multipart (EntityPart) object held are held in a List of size 1.] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/28479[Invalid JASPIC warning CWWKS1652A in log when AuthResult.SEND_SUCCESS is received from the JASPIC provider. ] ++ + +When the JASPIC provider returns SEND_SUCCESS, Liberty prints the following message that is not correct. +CWWKS1652A: Authentication failed with status {0} for the web request {1}. The user defined Java Authentication SPI for Containers (JASPIC) service {2} has determined that the authentication data is not valid. + +* link:https://github.com/OpenLiberty/open-liberty/issues/28475[Environment variables not available during service startup within Kubernetes/OpenShift] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/28459[GRPC connections hang with security enabled] ++ +With security enabled, GRPC connections intermittently hang and never respond back. This happens due to the mechanism of restore that Security has for re-authenticating a connection which in GRPC is not covered. + +* link:https://github.com/OpenLiberty/open-liberty/issues/28431[Generate Set-Cookie from the SessionCookieConfig may not include additional attributes] ++ + +Session-config attributes setting in web.xml are not included in the response Set-Cookie + +* link:https://github.com/OpenLiberty/open-liberty/issues/28421[Bump netty dependencies to 4.1.109.Final] ++ +Current Netty components in Open Liberty are of the version 4.1.100.Final released in October 2023. The latest version 4.1.109.Final contains various bug fixes and improvements over the current version. + +* link:https://github.com/OpenLiberty/open-liberty/issues/28414[Classloading issue involving JAXBContext and JAXBContextFactory with webProfile-10.0] ++ +I am having classloading problems with webProfile-10.0 and JAXB classes. My web application has jakarta.xml.bind-api 4.0.0 and jaxb-runtime 4.0.1 jars in its WEB-INF/lib. At startup, it attempts to create a JAXBContext using jakarta.xml.bind.JAXBContext.newInstance, but startup fails with an exception from there. ++ +Here is the full stack trace from messages.log: ++ +``` +[5/13/24, 15:31:24:991 EDT] 00000055 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: Failed to create JAXB context + at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:23) + at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) + at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) + at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) + at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) + at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) + at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) + at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) + at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) + at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) + at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) + at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) + at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) + at java.base/java.lang.Thread.run(Thread.java:1595) +Caused by: jakarta.xml.bind.JAXBException: Error while searching for service [jakarta.xml.bind.JAXBContextFactory] + - with linked exception: +[java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype] + at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:85) + at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:82) + at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:46) + at jakarta.xml.bind.ContextFinder.find(ContextFinder.java:319) + at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:392) + at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:349) + at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:260) + at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) + ... 19 more +Caused by: java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype + at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:601) + at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1263) + at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1292) + at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1328) + at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1412) + at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:39) + ... 24 more +``` +I turned on -verbose:class to see where classes are being loaded from, and here are the lines involving JAXBContextFactory (I've attached the full console.log and messages.log as liberty_problem_202405_with_jaxb_api_and_webprofile_feature_console.log and liberty_problem_202405_with_jaxb_api_and_webprofile_feature_messages.log): ++ +``` +class load: jakarta.xml.bind.JAXBContextFactory from: file:/c:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/usr/servers/default/apps/expanded/liberty_problem_202405_with_jaxb_api.war/WEB-INF/lib/jakarta.xml.bind-api-4.0.0.jar ++ +class load: jakarta.xml.bind.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/../dev/api/spec/io.openliberty.jakarta.xmlBinding.4.0_1.0.88.jar ++ +class load: org.glassfish.jaxb.runtime.v2.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/io.openliberty.xmlBinding.4.0.internal.tools_1.0.88.jar +``` ++ +The first two lines are both loading the jaxb-api interface for JAXBContextFactory, but strangely from two different locations: first from the jar included in my WEB-INF/lib, and then from one of Liberty's own directories. Then it loads the implementation class from an internal Liberty location, instead of from the jaxb-runtime jar that is in my WEB-INF/lib directory, and which also contains this implementation class. I think the fact that the interface is loaded from WEB-INF/lib but the implementation from an internal jar is confusing it into thinking that the implementation doesn't implement the interface, even though the JAXBContextFactory interfaces from the two locations appear to actually be identical. ++ +I would not have expected any Liberty interfaces or implementations to get loaded for this when using webProfile-10.0, because the Jakarta EE 10 XML Binding specification is not part of the Jakarta EE 10 Web Profile spec. I would have expected it to solely load classes from the jars where they are available in my WEB-INF/lib. ++ +I tried a few variations, and it got stranger. First, I tried removing the jakarta.xml.bind-api jar from my WEB-INF/lib, in hopes that it would then only load the interface once, from Liberty's own files. But that's not what happened. This time, it didn't ever load the api interfaces from anywhere at all, not even from Liberty's files as it did in the first situation. Instead, I got this different exception, and the classloader trace never shows it loading any JAXBContext* class: ++ +``` +[5/13/24, 15:27:26:287 EDT] 00000052 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: SRVE0207E: Uncaught initialization exception created by servlet + at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:370) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) + at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) + at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) + at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) + at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) + at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) + at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) + at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) + at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) + at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) + at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) + at java.base/java.lang.Thread.run(Thread.java:1595) +Caused by: java.lang.NoClassDefFoundError: jakarta.xml.bind.JAXBContext + at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) + at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) + at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) + ... 16 more +Caused by: java.lang.ClassNotFoundException: jakarta.xml.bind.JAXBContext + at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:742) + at com.ibm.ws.classloading.internal.AppClassLoader.findClass(AppClassLoader.java:327) + at com.ibm.ws.classloading.internal.AppClassLoader.findOrDelegateLoadClass(AppClassLoader.java:714) + at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:586) + at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:553) + at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:1104) + ... 20 more +``` ++ +So. in one case Liberty loaded the interface class from two places, and in the other case it didn't load it from anywhere at all. ++ +Next, I changed the featureManager section to specify jakartaee-10.0 instead of webProfile-10.0. In this variation, the web application launched correctly, and a classloader trace showed it was loading both the interface and implementation jars from Liberty's files and it never loaded anything from either the jakarta.xml.jaxb-api or jaxb-runtime jars in my WEB-INF/lib. ++ +Finally, I changed featureManager to just specify the minimal set of features that my web applicaiton actually needs: servlet-6.0, pages-3.1, ad websocket-2.1. The application also launched correctly in this configuration, but this time the classloader trace showed it loading all of the JAXBContext* classes from my WEB-INF/lib, and none of them from Liberty. + +* link:https://github.com/OpenLiberty/open-liberty/issues/28344[SSO should not use application/json on request to JWK] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/28280[If an application fails to start when doing a checkpoint the checkpoint still succeeds] ++ +If an application fails to start while doing a checkpoint `afterAppStart` the the checkpoint is still allowed to succeed and we are left with a application process checkpoint that will restore always with a failed application start. It would be better to fail the checkpoint in this case so that container image builds can reliably fail to build if the application fails to start when we are doing a container image build with InstantOn + +* link:https://github.com/OpenLiberty/open-liberty/issues/28235[Enabling openidConnectClient feature causes the body request not to be forwarded to the application's servlet (starting from WLP 24.0.0.3)] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/28176[IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)] ++ + +* link:https://github.com/OpenLiberty/open-liberty/issues/28118[Port MYFACES-4658] ++ +The MyFaces 4.0 JavaScript function `chain` is improperly coded when the JavaScript code was ported to a newer implementation. ++ +The spec states: +`A varargs function that invokes an arbitrary number of scripts. If any script in the chain returns false, the chain is short-circuited and subsequent scripts are not invoked. Any number of scripts may specified after the event argument.` ++ +However, false is never returned because the variable is not set and treated as undefined. + +* link:https://github.com/OpenLiberty/open-liberty/issues/27858[JspOption jdkSourceLevel Disabled Unintentionally] ++ +The jdkSourceLevel property was unintentionally disabled when the new javaSourceLevel option was introduced. The option still exists via the metatype, but it's input is not honored. It always uses Java 8 as the source. ++ +This only applies to JSPs that need their their code limited to Java 7 syntax or below. + + +// // // // // // // // +// In the preceding section: +// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. +// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. +// If the issue on Github is missing any information, leave a comment in the issue along the lines of: +// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" +// Feel free to message the owner(s) directly as well, especially if no action has been taken by them. +// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) +// // // // // // // // + + +// // // // // // // // +// If there were updates to guides since last release, keep the following, otherwise remove section. +// Check with Gilbert Kwan, otherwise Michal Broz or YK Chang +// // // // // // // // +[#guides] +== New and updated guides since the previous release +As Open Liberty features and functionality continue to grow, we continue to add link:https://openliberty.io/guides/?search=new&key=tag[new guides to openliberty.io] on those topics to make their adoption as easy as possible. Existing guides also receive updates to address any reported bugs/issues, keep their content current, and expand what their topic covers. + +// // // // // // // // +// In the following section, list any new guides, or changes/updates to existing guides. +// The following is an example of how the list can be structured (similar to the bugs section): +// * link:{url-prefix}/guides/[new/updated guide].html[Guide Title] +// ** Description of the guide or the changes made to the guide. +// // // // // // // // + + +== Get Open Liberty 24.0.0.6 now + +Available through <>. From fb408527a097813114bce79ef93c4c1937d449a3 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Wed, 12 Jun 2024 10:24:57 -0400 Subject: [PATCH 02/14] ID edits --- posts/2024-06-18-24.0.0.6.adoc | 348 +++++++++++++++++---------------- 1 file changed, 179 insertions(+), 169 deletions(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 84b9d64d5..16d5eeef0 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -41,7 +41,7 @@ David Mueller // [.img_border_light] // image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"] // ------------------------- -// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not +// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not // around diagrams. Then double check how it looks. // There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark // backgrounds. @@ -66,27 +66,12 @@ RELEASE_SUMMARY In link:{url-about}[Open Liberty] 24.0.0.6: -* <> -* <> +* <> +* <> +* <> * <> -* <> -// // // // // // // // -// If there were updates to guides since last release, keep the following, otherwise remove section. -// // // // // // // // -Along with the new features and functions added to the runtime, we’ve also made <>. - -// // // // // // // // -// In the preceding section: -// Replace the TAG_X with a short label for the feature in lower-case, eg: mp3 -// Replace the FEATURE_1_HEADING with heading the feature section, eg: MicroProfile 3.3 -// Where the updates are grouped as sub-headings under a single heading -// (eg all the features in a MicroProfile release), provide sub-entries in the list; -// eg replace SUB_TAG_1 with mpr, and SUB_FEATURE_1_HEADING with -// Easily determine HTTP headers on outgoing requests (MicroProfile Rest Client 1.4) -// // // // // // // // - View the list of fixed bugs in link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A24006+label%3A%22release+bug%22[24.0.0.6]. Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Liberty GA release blog posts]. @@ -99,7 +84,7 @@ Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Libe // // OpenLiberty.io site links: // link:{url-prefix}/guides/maven-intro.html[Maven] -// +// // Off-site links: //link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] // @@ -119,7 +104,7 @@ If you're using link:{url-prefix}/guides/maven-intro.html[Maven], include the fo io.openliberty.tools liberty-maven-plugin - 3.8.2 + 3.10.3 ---- @@ -132,17 +117,11 @@ buildscript { mavenCentral() } dependencies { - classpath 'io.openliberty.tools:liberty-gradle-plugin:3.6.2' + classpath 'io.openliberty.tools:liberty-gradle-plugin:3.8.3' } } apply plugin: 'liberty' ---- -// // // // // // // // -// In the preceding section: -// Replace the Maven `3.8.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-maven-plugin -// Replace the Gradle `3.6.2` with the latest version of the plugin: https://search.maven.org/artifact/io.openliberty.tools/liberty-gradle-plugin -// TODO: Update GHA to automatically do the above. If the maven.org is problematic, then could fallback to using the GH Releases for the plugins -// // // // // // // // Or if you're using link:{url-prefix}/docs/latest/container-images.html[container images]: @@ -153,61 +132,92 @@ FROM icr.io/appcafe/open-liberty Or take a look at our link:{url-prefix}/start/[Downloads page]. -If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. +If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. [link=https://stackoverflow.com/tags/open-liberty] image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26059 +// Contact/Reviewer: tjwatson +// // // // // // // // + +[#sbcrac] +== Faster startup of Spring Boot apps (Spring Boot 3.0 InstantOn with CRaC) + +Open Liberty InstantOn provides fast startup times for MicroProfile and Jakarta EE applications. With link:{url-prefix}/blog/2023/06/29/rapid-startup-instanton.html[InstantOn], your applications can start in milliseconds, without compromising on throughput, memory, development-production parity, or Java language features. InstantOn uses the Checkpoint/Restore In Userspace (link:https://criu.org/[CRIU]) feature of the Linux kernel to take a checkpoint of the JVM that can be restored later. + +The Spring Framework (version 6.1+) includes link:https://docs.spring.io/spring-framework/reference/6.1/integration/checkpoint-restore.html[support for Coordinated Restore at Checkpoint (CRaC)], which also uses CRIU to provide Checkpoint and Restore for Java applications. Spring Boot version 3.2+ uses Spring Framework version 6.1, enabling Spring Boot applications to also use CRaC to achieve rapid startup times. + +The link:docs/latest/reference/feature/springBoot-3.0.html[Open Liberty `springBoot-3.0` feature] allows Spring Boot 3.x-based applications to be deployed with Open Liberty. And now, with the new Open Liberty link:docs/latest/reference/feature/crac-1.4.html[Coordinated Restore at Checkpoint] (`crac-1.4`) feature, a Spring Boot 3.2+-based application can be deployed with Liberty InstantOn to achieve rapid startup times for your Spring Boot application. + +To use the CRaC 1.4 functionality with the `springBoot-3.0` feature, you must be running with Java 17 or higher and enable the `crac-1.4` feature in your `server.xml` file. Additionally, if your application uses Servlet, it needs to use the `servlet-6.0` feature. Configure these features are configured in the `server.xml` file, similar to the following example: + +[source,xml] +---- + + springBoot-3.0 + servlet-6.0 + crac-1.4 + +---- + +With these features enabled, you can containerize your Spring Boot 3.2+ application with Liberty InstantOn support by following the link:{url-prefix}/docs/latest/instanton.html[Liberty InstantOn documentation] and the Liberty recommendations for containerizing Spring Boot applications in the link:{url-prefix}/guides/spring-boot.html[Liberty Spring Boot guide]. + +For more information and an example Spring Boot application that uses the Liberty InstantOn `crac-1.4` feature, see the link:/blog/2023/09/26/spring-boot-3-instant-on.html[How to containerize your Spring Boot application for rapid startup] blog post. + + +You can also use the `crac-1.4` feature with other applications, such as applications using Jakarta EE or MicroProfile. Such applications can register resources with CRaC to get notifications for checkpoint and restore. This allows applications to perform actions necessary to prepare for a checkpoint as well as perform necessary actions when the application is restored. For more information on the `org.crac` APIs, see the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[org.crac] Javadoc. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/28572 // Contact/Reviewer: dazavala -// // // // // // // // +// // // // // // // // [#SUB_TAG_0] == [DRAFT]InstantOn support for Jakarta Messaging, Connectors, and MDB in Liberty 24.0.0.6 - -Please provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). - - Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - What was the problem before and how does your update make their life better? (Why should they care?) - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - - - - - -// DO NOT MODIFY THIS LINE. - -// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // + +Please provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). + - Who is the target persona? Who do you expect to use the update? eg application developer, operations. + - What was the problem before and how does your update make their life better? (Why should they care?) + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + + + + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/28496 // Contact/Reviewer: anjumfatima90 -// // // // // // // // +// // // // // // // // [#SUB_TAG_1] == Instant On Support for Session Cache in Liberty 24.0.0.6 - -Please provide a summary of the update, including the following points: - - - A sentence or two that introduces the update to someone new to the general technology/concept. - - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). - link:https://openliberty.io/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] (sessionCache-1.0) - - - Who is the target persona? Who do you expect to use the update? eg application developer, operations. - Application Developer - - - What was the problem before and how does your update make their life better? (Why should they care?) - - InstantOn supports a subset of the Open Liberty features. Any public features that are enabled outside of the supported set of features for InstantOn cause the checkpoint to fail with an error message. As of the `24.0.0.6` release, `sessionCache-1.0` feature is enhanced to support InstantOn. - - - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - link:https://openliberty.io/docs/latest/instanton.html[Faster startup for containerized applications with Open Liberty InstantOn] - - - -// DO NOT MODIFY THIS LINE. + +Please provide a summary of the update, including the following points: + + - A sentence or two that introduces the update to someone new to the general technology/concept. + - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). + link:https://openliberty.io/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] (sessionCache-1.0) + + - Who is the target persona? Who do you expect to use the update? eg application developer, operations. + Application Developer + + - What was the problem before and how does your update make their life better? (Why should they care?) + + InstantOn supports a subset of the Open Liberty features. Any public features that are enabled outside of the supported set of features for InstantOn cause the checkpoint to fail with an error message. As of the `24.0.0.6` release, `sessionCache-1.0` feature is enhanced to support InstantOn. + + + - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. + - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? + link:https://openliberty.io/docs/latest/instanton.html[Faster startup for containerized applications with Open Liberty InstantOn] + + + +// DO NOT MODIFY THIS LINE. For more details, check the LINK[LINK_DESCRIPTION]. @@ -215,7 +225,7 @@ For more details, check the LINK[LINK_DESCRIPTION]. // // // // // // // // // In the preceding section: // Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list -// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list +// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list // Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4 // Replace LINK with the link for extra information given for the feature // Replace LINK_DESCRIPTION with a readable description of the information @@ -236,11 +246,11 @@ For more details, check the LINK[LINK_DESCRIPTION]. // // // // // // // // // In the preceding section: // If there were any CVEs addressed in this release, fill out the table. For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc. If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz. -// Note: When linking to features, use the -// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and +// Note: When linking to features, use the +// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and // NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[]) // -// If there are no CVEs fixed in this release, replace the table with: +// If there are no CVEs fixed in this release, replace the table with: // "There are no security vulnerability fixes in Open Liberty [24.0.0.6]." // // // // // // // // For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. @@ -260,25 +270,25 @@ We’ve spent some time fixing bugs. The following sections describe just some o * link:https://github.com/OpenLiberty/open-liberty/issues/28479[Invalid JASPIC warning CWWKS1652A in log when AuthResult.SEND_SUCCESS is received from the JASPIC provider. ] + - -When the JASPIC provider returns SEND_SUCCESS, Liberty prints the following message that is not correct. -CWWKS1652A: Authentication failed with status {0} for the web request {1}. The user defined Java Authentication SPI for Containers (JASPIC) service {2} has determined that the authentication data is not valid. + +When the JASPIC provider returns SEND_SUCCESS, Liberty prints the following message that is not correct. +CWWKS1652A: Authentication failed with status {0} for the web request {1}. The user defined Java Authentication SPI for Containers (JASPIC) service {2} has determined that the authentication data is not valid. * link:https://github.com/OpenLiberty/open-liberty/issues/28475[Environment variables not available during service startup within Kubernetes/OpenShift] + * link:https://github.com/OpenLiberty/open-liberty/issues/28459[GRPC connections hang with security enabled] + -With security enabled, GRPC connections intermittently hang and never respond back. This happens due to the mechanism of restore that Security has for re-authenticating a connection which in GRPC is not covered. +With security enabled, GRPC connections intermittently hang and never respond back. This happens due to the mechanism of restore that Security has for re-authenticating a connection which in GRPC is not covered. * link:https://github.com/OpenLiberty/open-liberty/issues/28431[Generate Set-Cookie from the SessionCookieConfig may not include additional attributes] + - -Session-config attributes setting in web.xml are not included in the response Set-Cookie + +Session-config attributes setting in web.xml are not included in the response Set-Cookie * link:https://github.com/OpenLiberty/open-liberty/issues/28421[Bump netty dependencies to 4.1.109.Final] + -Current Netty components in Open Liberty are of the version 4.1.100.Final released in October 2023. The latest version 4.1.109.Final contains various bug fixes and improvements over the current version. +Current Netty components in Open Liberty are of the version 4.1.100.Final released in October 2023. The latest version 4.1.109.Final contains various bug fixes and improvements over the current version. * link:https://github.com/OpenLiberty/open-liberty/issues/28414[Classloading issue involving JAXBContext and JAXBContextFactory with webProfile-10.0] + @@ -286,57 +296,57 @@ I am having classloading problems with webProfile-10.0 and JAXB classes. My web + Here is the full stack trace from messages.log: + -``` -[5/13/24, 15:31:24:991 EDT] 00000055 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: Failed to create JAXB context - at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:23) - at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) - at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) - at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) - at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) - at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) - at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) - at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) - at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) - at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) - at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) - at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) - at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) - at java.base/java.lang.Thread.run(Thread.java:1595) -Caused by: jakarta.xml.bind.JAXBException: Error while searching for service [jakarta.xml.bind.JAXBContextFactory] - - with linked exception: -[java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype] - at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:85) - at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:82) - at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:46) - at jakarta.xml.bind.ContextFinder.find(ContextFinder.java:319) - at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:392) - at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:349) - at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:260) - at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) - ... 19 more -Caused by: java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype - at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:601) - at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1263) - at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1292) - at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1328) - at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1412) - at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:39) - ... 24 more -``` +``` +[5/13/24, 15:31:24:991 EDT] 00000055 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: Failed to create JAXB context + at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:23) + at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) + at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) + at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) + at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) + at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) + at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) + at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) + at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) + at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) + at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) + at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) + at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) + at java.base/java.lang.Thread.run(Thread.java:1595) +Caused by: jakarta.xml.bind.JAXBException: Error while searching for service [jakarta.xml.bind.JAXBContextFactory] + - with linked exception: +[java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype] + at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:85) + at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:82) + at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:46) + at jakarta.xml.bind.ContextFinder.find(ContextFinder.java:319) + at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:392) + at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:349) + at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:260) + at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) + ... 19 more +Caused by: java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype + at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:601) + at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1263) + at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1292) + at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1328) + at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1412) + at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:39) + ... 24 more +``` I turned on -verbose:class to see where classes are being loaded from, and here are the lines involving JAXBContextFactory (I've attached the full console.log and messages.log as liberty_problem_202405_with_jaxb_api_and_webprofile_feature_console.log and liberty_problem_202405_with_jaxb_api_and_webprofile_feature_messages.log): + -``` +``` class load: jakarta.xml.bind.JAXBContextFactory from: file:/c:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/usr/servers/default/apps/expanded/liberty_problem_202405_with_jaxb_api.war/WEB-INF/lib/jakarta.xml.bind-api-4.0.0.jar + class load: jakarta.xml.bind.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/../dev/api/spec/io.openliberty.jakarta.xmlBinding.4.0_1.0.88.jar + -class load: org.glassfish.jaxb.runtime.v2.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/io.openliberty.xmlBinding.4.0.internal.tools_1.0.88.jar +class load: org.glassfish.jaxb.runtime.v2.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/io.openliberty.xmlBinding.4.0.internal.tools_1.0.88.jar ``` + The first two lines are both loading the jaxb-api interface for JAXBContextFactory, but strangely from two different locations: first from the jar included in my WEB-INF/lib, and then from one of Liberty's own directories. Then it loads the implementation class from an internal Liberty location, instead of from the jaxb-runtime jar that is in my WEB-INF/lib directory, and which also contains this implementation class. I think the fact that the interface is loaded from WEB-INF/lib but the implementation from an internal jar is confusing it into thinking that the implementation doesn't implement the interface, even though the JAXBContextFactory interfaces from the two locations appear to actually be identical. @@ -345,53 +355,53 @@ I would not have expected any Liberty interfaces or implementations to get loade + I tried a few variations, and it got stranger. First, I tried removing the jakarta.xml.bind-api jar from my WEB-INF/lib, in hopes that it would then only load the interface once, from Liberty's own files. But that's not what happened. This time, it didn't ever load the api interfaces from anywhere at all, not even from Liberty's files as it did in the first situation. Instead, I got this different exception, and the classloader trace never shows it loading any JAXBContext* class: + -``` -[5/13/24, 15:27:26:287 EDT] 00000052 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: SRVE0207E: Uncaught initialization exception created by servlet - at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:370) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) - at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) - at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) - at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) - at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) - at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) - at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) - at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) - at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) - at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) - at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) - at java.base/java.lang.Thread.run(Thread.java:1595) -Caused by: java.lang.NoClassDefFoundError: jakarta.xml.bind.JAXBContext - at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) - at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) - at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) - ... 16 more -Caused by: java.lang.ClassNotFoundException: jakarta.xml.bind.JAXBContext - at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:742) - at com.ibm.ws.classloading.internal.AppClassLoader.findClass(AppClassLoader.java:327) - at com.ibm.ws.classloading.internal.AppClassLoader.findOrDelegateLoadClass(AppClassLoader.java:714) - at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:586) - at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:553) - at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:1104) - ... 20 more +``` +[5/13/24, 15:27:26:287 EDT] 00000052 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: SRVE0207E: Uncaught initialization exception created by servlet + at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:370) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) + at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) + at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) + at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) + at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) + at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) + at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) + at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) + at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) + at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) + at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) + at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) + at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) + at java.base/java.lang.Thread.run(Thread.java:1595) +Caused by: java.lang.NoClassDefFoundError: jakarta.xml.bind.JAXBContext + at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) + at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) + at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) + at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) + ... 16 more +Caused by: java.lang.ClassNotFoundException: jakarta.xml.bind.JAXBContext + at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:742) + at com.ibm.ws.classloading.internal.AppClassLoader.findClass(AppClassLoader.java:327) + at com.ibm.ws.classloading.internal.AppClassLoader.findOrDelegateLoadClass(AppClassLoader.java:714) + at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:586) + at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:553) + at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:1104) + ... 20 more ``` + So. in one case Liberty loaded the interface class from two places, and in the other case it didn't load it from anywhere at all. + Next, I changed the featureManager section to specify jakartaee-10.0 instead of webProfile-10.0. In this variation, the web application launched correctly, and a classloader trace showed it was loading both the interface and implementation jars from Liberty's files and it never loaded anything from either the jakarta.xml.jaxb-api or jaxb-runtime jars in my WEB-INF/lib. + -Finally, I changed featureManager to just specify the minimal set of features that my web applicaiton actually needs: servlet-6.0, pages-3.1, ad websocket-2.1. The application also launched correctly in this configuration, but this time the classloader trace showed it loading all of the JAXBContext* classes from my WEB-INF/lib, and none of them from Liberty. +Finally, I changed featureManager to just specify the minimal set of features that my web applicaiton actually needs: servlet-6.0, pages-3.1, ad websocket-2.1. The application also launched correctly in this configuration, but this time the classloader trace showed it loading all of the JAXBContext* classes from my WEB-INF/lib, and none of them from Liberty. * link:https://github.com/OpenLiberty/open-liberty/issues/28344[SSO should not use application/json on request to JWK] + * link:https://github.com/OpenLiberty/open-liberty/issues/28280[If an application fails to start when doing a checkpoint the checkpoint still succeeds] + -If an application fails to start while doing a checkpoint `afterAppStart` the the checkpoint is still allowed to succeed and we are left with a application process checkpoint that will restore always with a failed application start. It would be better to fail the checkpoint in this case so that container image builds can reliably fail to build if the application fails to start when we are doing a container image build with InstantOn +If an application fails to start while doing a checkpoint `afterAppStart` the the checkpoint is still allowed to succeed and we are left with a application process checkpoint that will restore always with a failed application start. It would be better to fail the checkpoint in this case so that container image builds can reliably fail to build if the application fails to start when we are doing a container image build with InstantOn * link:https://github.com/OpenLiberty/open-liberty/issues/28235[Enabling openidConnectClient feature causes the body request not to be forwarded to the application's servlet (starting from WLP 24.0.0.3)] + @@ -401,18 +411,18 @@ If an application fails to start while doing a checkpoint `afterAppStart` the th * link:https://github.com/OpenLiberty/open-liberty/issues/28118[Port MYFACES-4658] + -The MyFaces 4.0 JavaScript function `chain` is improperly coded when the JavaScript code was ported to a newer implementation. +The MyFaces 4.0 JavaScript function `chain` is improperly coded when the JavaScript code was ported to a newer implementation. + -The spec states: +The spec states: `A varargs function that invokes an arbitrary number of scripts. If any script in the chain returns false, the chain is short-circuited and subsequent scripts are not invoked. Any number of scripts may specified after the event argument.` + -However, false is never returned because the variable is not set and treated as undefined. +However, false is never returned because the variable is not set and treated as undefined. * link:https://github.com/OpenLiberty/open-liberty/issues/27858[JspOption jdkSourceLevel Disabled Unintentionally] + -The jdkSourceLevel property was unintentionally disabled when the new javaSourceLevel option was introduced. The option still exists via the metatype, but it's input is not honored. It always uses Java 8 as the source. +The jdkSourceLevel property was unintentionally disabled when the new javaSourceLevel option was introduced. The option still exists via the metatype, but it's input is not honored. It always uses Java 8 as the source. + -This only applies to JSPs that need their their code limited to Java 7 syntax or below. +This only applies to JSPs that need their their code limited to Java 7 syntax or below. // // // // // // // // @@ -420,7 +430,7 @@ This only applies to JSPs that need their their code limited to Java 7 syntax or // For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. // Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. // If the issue on Github is missing any information, leave a comment in the issue along the lines of: -// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" +// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" // Feel free to message the owner(s) directly as well, especially if no action has been taken by them. // For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) // // // // // // // // @@ -435,7 +445,7 @@ This only applies to JSPs that need their their code limited to Java 7 syntax or As Open Liberty features and functionality continue to grow, we continue to add link:https://openliberty.io/guides/?search=new&key=tag[new guides to openliberty.io] on those topics to make their adoption as easy as possible. Existing guides also receive updates to address any reported bugs/issues, keep their content current, and expand what their topic covers. // // // // // // // // -// In the following section, list any new guides, or changes/updates to existing guides. +// In the following section, list any new guides, or changes/updates to existing guides. // The following is an example of how the list can be structured (similar to the bugs section): // * link:{url-prefix}/guides/[new/updated guide].html[Guide Title] // ** Description of the guide or the changes made to the guide. From a18ba4b0324aa6bc58711f9f5cf82dbb31ca0ad7 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Wed, 12 Jun 2024 10:25:35 -0400 Subject: [PATCH 03/14] update crac feature version in standalone beta post --- posts/2023-09-26-spring-boot-3-instant-on.adoc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/posts/2023-09-26-spring-boot-3-instant-on.adoc b/posts/2023-09-26-spring-boot-3-instant-on.adoc index 2253882e9..0118797b7 100644 --- a/posts/2023-09-26-spring-boot-3-instant-on.adoc +++ b/posts/2023-09-26-spring-boot-3-instant-on.adoc @@ -27,13 +27,13 @@ For more information about Liberty InstantOn, see the link:/blog/2023/06/29/rapi == Spring Boot support for checkpoint/restore -The Spring Framework version 6.1 release will integrate with link:https://docs.spring.io/spring-framework/reference/6.1/integration/checkpoint-restore.html[JVM checkpoint/restore] by using the link:https://github.com/CRaC/org.crac[org.crac] project to allow capable systems to reduce the startup times of Spring-based Java applications. With the Liberty InstantOn 23.0.0.10-beta version, you can configure a new `crac-1.3` feature to provide an implementation of the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[org.crac API] that integrates with Liberty InstantOn. This allows Spring-based applications, including Spring Boot applications, to be deployed with Liberty InstantOn to achieve rapid startup times. +The Spring Framework version 6.1 release will integrate with link:https://docs.spring.io/spring-framework/reference/6.1/integration/checkpoint-restore.html[JVM checkpoint/restore] by using the link:https://github.com/CRaC/org.crac[org.crac] project to allow capable systems to reduce the startup times of Spring-based Java applications. With the Liberty InstantOn 23.0.0.10-beta version, you can configure a new `crac-1.4` feature to provide an implementation of the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[org.crac API] that integrates with Liberty InstantOn. This allows Spring-based applications, including Spring Boot applications, to be deployed with Liberty InstantOn to achieve rapid startup times. == Production-ready Liberty container images New link:https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image[Universal Base Image] container images are uploaded to the link:https://github.com/OpenLiberty/ci.docker/blob/main/docs/icr-images.md[IBM Container Registry] for each new release of Liberty. Starting with the 23.0.0.6 Liberty release, the Liberty UBI container images include the necessary prerequisites to checkpoint your applications with Liberty InstantOn. And now, starting with the 23.0.0.10-beta release, the UBI beta container image also includes the prerequisites to checkpoint your Spring Boot 3.2-based applications. -This beta release includes an implementation of the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[`org.crac`] APIs with the Liberty beta feature `crac-1.3`. The `crac-1.3` feature, along with the Spring Framework version 6.1 support for `org.crac`, allows you to checkpoint your Spring-based applications with Liberty InstantOn to achieve rapid startup times. +This beta release includes an implementation of the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[`org.crac`] APIs with the Liberty beta feature `crac-1.4`. The `crac-1.4` feature, along with the Spring Framework version 6.1 support for `org.crac`, allows you to checkpoint your Spring-based applications with Liberty InstantOn to achieve rapid startup times. The Liberty container images make it easy to develop InstantOn applications that are ready to deploy into production. An important benefit of using Liberty InstantOn is the ability to do a checkpoint of the application process inside the container without requiring the root user to be running the application process in the container. It is important, from a security perspective, to avoid running the application process in the container as the root user. This allows you to link:https://openliberty.io/docs/latest/instanton.html#_deploying_an_instanton_application_to_kubernetes_services[deploy your InstantOn container images] to existing Kubernetes services like AWS EKS and Azure EKS. @@ -60,9 +60,9 @@ After building the Spring Boot application, the next step is to containerize it. To build the application container image with InstantOn, you must be able to either run a privileged container or grant the container image build engine the necessary link:https://openliberty.io/docs/latest/instanton.html#linux-capabilities[Linux capabilities] to do the checkpoint. -=== Enabling the crac-1.3 Liberty feature +=== Enabling the crac-1.4 Liberty feature -Liberty is composed of features that you enable according to the requirements of your application. To use Liberty's implementation of `org.crac`, you must enable the `crac-1.3` feature in the Liberty configuration. For this example, we can do that by copying in the `src/main/liberty/config/crac.xml` file into the container image with the following Dockerfile command: +Liberty is composed of features that you enable according to the requirements of your application. To use Liberty's implementation of `org.crac`, you must enable the `crac-1.4` feature in the Liberty configuration. For this example, we can do that by copying in the `src/main/liberty/config/crac.xml` file into the container image with the following Dockerfile command: .Dockerfile [source] @@ -70,7 +70,7 @@ Liberty is composed of features that you enable according to the requirements of COPY src/main/liberty/config/crac.xml /config/configDropins/defaults ---- -The `crac.xml` Liberty configuration file enables the `crac-1.3` feature with the following content: +The `crac.xml` Liberty configuration file enables the `crac-1.4` feature with the following content: .crac.xml [source,xml] @@ -79,7 +79,7 @@ The `crac.xml` Liberty configuration file enables the `crac-1.3` feature with th - crac-1.3 + crac-1.4 @@ -185,7 +185,7 @@ You see the following output when the application process is restored: 2023-09-07T15:22:52.764Z INFO 118 --- [ecutor-thread-1] o.s.c.support.DefaultLifecycleProcessor : Spring-managed lifecycle restart completed in 80 ms [AUDIT ] CWWKC0452I: The Liberty server process resumed operation from a checkpoint in 0.263 seconds. [AUDIT ] CWWKZ0001I: Application thin-guide-spring-boot-0.1.0 started in 0.265 seconds. -[AUDIT ] CWWKF0012I: The server installed the following features: [crac-1.3, expressionLanguage-5.0, pages-3.1, servlet-6.0, springBoot-3.0, ssl-1.0, transportSecurity-1.0, websocket-2.1]. +[AUDIT ] CWWKF0012I: The server installed the following features: [crac-1.4, expressionLanguage-5.0, pages-3.1, servlet-6.0, springBoot-3.0, ssl-1.0, transportSecurity-1.0, websocket-2.1]. [AUDIT ] CWWKF0011I: The defaultServer server is ready to run a smarter planet. The defaultServer server started in 0.277 seconds. ---- @@ -208,7 +208,7 @@ InstantOn application images will be ready to deploy into existing public clouds // // OpenLiberty.io site links: // link:/guides/microprofile-rest-client.html[Consuming RESTful Java microservices] -// +// // Off-site links: // link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] // From 3c98a2ac0a7fef324ad98f1e6042ad1ba81d1531 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Wed, 12 Jun 2024 11:12:07 -0400 Subject: [PATCH 04/14] ID edits --- posts/2024-06-18-24.0.0.6.adoc | 425 ++++++++++----------------------- 1 file changed, 128 insertions(+), 297 deletions(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 16d5eeef0..cb8eff062 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -1,74 +1,31 @@ --- layout: post -title: "TITLE" +title: "Faster startup for Spring Boot 3.x applications and more in 24.0.0.6" # Do NOT change the categories section categories: blog author_picture: https://avatars3.githubusercontent.com/dmuelle author_github: https://github.com/dmuelle -seo-title: TITLE - makes sure it ends with - OpenLiberty.io -seo-description: DESCRIPTION -blog_description: DESCRIPTION +seo-title: Faster startup for Spring Boot 3.x applications and more in 24.0.0.6 - OpenLiberty.io +seo-description: The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. +blog_description: The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- -= TITLE += Faster startup for Spring Boot 3.x applications and more in 24.0.0.6 David Mueller :imagesdir: / :url-prefix: :url-about: / //Blank line here is necessary before starting the body of the post. -// // // // // // // // -// In the preceding section: -// Do not insert any blank lines between any of the lines. -// Do not remove or edit the variables on the lines beneath the author name. -// -// "open-graph-image" is set to OL logo. Whenever possible update this to a more appropriate/specific image (For example if present a image that is being used in the post). However, it -// can be left empty which will set it to the default -// -// "open-graph-image-alt" is a description of what is in the image (not a caption). When changing "open-graph-image" to -// a custom picture, you must provide a custom string for "open-graph-image-alt". -// -// Replace TITLE with the blog post title eg: MicroProfile 3.3 is now available on Open Liberty 20.0.0.4 -// Replace dmuelle with your GitHub username eg: lauracowen -// Replace DESCRIPTION with a short summary (~60 words) of the release (a more succinct version of the first paragraph of the post). -// Replace David Mueller with your name as you'd like it to be displayed, eg: Laura Cowen -// -// Example post: 2020-04-09-microprofile-3-3-open-liberty-20004.adoc -// -// If adding image into the post add : -// ------------------------- -// [.img_border_light] -// image::img/blog/FILE_NAME[IMAGE CAPTION ,width=70%,align="center"] -// ------------------------- -// "[.img_border_light]" = This adds a faint grey border around the image to make its edges sharper. Use it around screenshots but not -// around diagrams. Then double check how it looks. -// There is also a "[.img_border_dark]" class which tends to work best with screenshots that are taken on dark -// backgrounds. -// Change "FILE_NAME" to the name of the image file. Also make sure to put the image into the right folder which is: img/blog -// change the "IMAGE CAPTION" to a couple words of what the image is -// // // // // // // // -RELEASE_SUMMARY - -// // // // // // // // -// In the preceding section: -// Leave any instances of `tag::xxxx[]` or `end:xxxx[]` as they are. -// -// Replace RELEASE_SUMMARY with a short paragraph that summarises the release. Start with the lead feature but also summarise what else is new in the release. You will agree which will be the lead feature with the reviewers so you can just leave a placeholder here until after the initial review. -// // // // // // // // - -// // // // // // // // -// Replace the following throughout the document: -// Replace 24.0.0.6 with the version number of Open Liberty, eg: 22.0.0.2 -// Replace 24006 with the version number of Open Liberty wihtout the periods, eg: 22002 -// // // // // // // // +The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times for Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. In link:{url-about}[Open Liberty] 24.0.0.6: * <> -* <> -* <> +* <> +* <> * <> @@ -132,7 +89,7 @@ FROM icr.io/appcafe/open-liberty Or take a look at our link:{url-prefix}/start/[Downloads page]. -If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging and application management all from within your IDE. +If you're using link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] or link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE], you can also take advantage of our open source link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] to enable effective development, testing, debugging, and application management all from within your IDE. [link=https://stackoverflow.com/tags/open-liberty] image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] @@ -150,7 +107,7 @@ The Spring Framework (version 6.1+) includes link:https://docs.spring.io/spring- The link:docs/latest/reference/feature/springBoot-3.0.html[Open Liberty `springBoot-3.0` feature] allows Spring Boot 3.x-based applications to be deployed with Open Liberty. And now, with the new Open Liberty link:docs/latest/reference/feature/crac-1.4.html[Coordinated Restore at Checkpoint] (`crac-1.4`) feature, a Spring Boot 3.2+-based application can be deployed with Liberty InstantOn to achieve rapid startup times for your Spring Boot application. -To use the CRaC 1.4 functionality with the `springBoot-3.0` feature, you must be running with Java 17 or higher and enable the `crac-1.4` feature in your `server.xml` file. Additionally, if your application uses Servlet, it needs to use the `servlet-6.0` feature. Configure these features are configured in the `server.xml` file, similar to the following example: +To use the CRaC 1.4 functionality with the `springBoot-3.0` feature, you must be running with Java 17 or higher and enable the `crac-1.4` feature in your `server.xml` file. Additionally, if your application uses Servlet, it needs to use the `servlet-6.0` feature. Configure these features are configured in the `server.xml` file, similar to the following example: [source,xml] ---- @@ -166,23 +123,64 @@ With these features enabled, you can containerize your Spring Boot 3.2+ applicat For more information and an example Spring Boot application that uses the Liberty InstantOn `crac-1.4` feature, see the link:/blog/2023/09/26/spring-boot-3-instant-on.html[How to containerize your Spring Boot application for rapid startup] blog post. -You can also use the `crac-1.4` feature with other applications, such as applications using Jakarta EE or MicroProfile. Such applications can register resources with CRaC to get notifications for checkpoint and restore. This allows applications to perform actions necessary to prepare for a checkpoint as well as perform necessary actions when the application is restored. For more information on the `org.crac` APIs, see the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[org.crac] Javadoc. +You can also use the `crac-1.4` feature with other applications, such as applications that use Jakarta EE or MicroProfile. Such applications can register resources with CRaC to get notifications for checkpoint and restore. These notifications help applications to prepare for a checkpoint and to perform necessary actions when the application is restored. For more information on the `org.crac` APIs, see the link:https://javadoc.io/doc/org.crac/crac/latest/index.html[org.crac] Javadoc. // // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/28572 // Contact/Reviewer: dazavala // // // // // // // // -[#SUB_TAG_0] -== [DRAFT]InstantOn support for Jakarta Messaging, Connectors, and MDB in Liberty 24.0.0.6 +[#mq] +== Use InstantOn with IBM® MQ in Liberty -Please provide a summary of the update, including the following points: +The 24.0.0.6 release introduces InstantOn feature support for link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)]. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These "messaging client" applications can also manage message delivery to endpoints with message-driven bean listeners. - - A sentence or two that introduces the update to someone new to the general technology/concept. - - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). - - Who is the target persona? Who do you expect to use the update? eg application developer, operations. - - What was the problem before and how does your update make their life better? (Why should they care?) - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? +Here's a server configuration snippet to deploy applications that use the JakartaEE-10 Messaging API and require the link:https://repo1.maven.org/maven2/com/ibm/mq/wmq.jakarta.jmsra/9.3.5.0/wmq.jakarta.jmsra-9.3.5.0.rar[IBM® MQ resource adapter] to access external messaging resources. This configuration automatically includes the `connectors-2.1` feature, which supports the resource adapter configuration element. + +[source,xml] +---- + + messaging-3.1 + mdb-4.0 + servlet-6.0 + + + +---- + +You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] to stand up an IBM MQ server that provides the following resources: queue manager `QM1`, queue `DEV.QUEUE.1`, channel `DEV.APP.SVRCONN`, and listener `SYSTEM.LISTENER.TCP.1` on port `1414`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. + +InstantOn can dynamically update the messaging and connectors configuration elements to enable connections to external resources that are made available in any environment where a server is restored from checkpoint. + +In the following example, the messaging configuration elements use Liberty variables that are named `MQ_HOSTNAME` and `MQ_PORT` to specify the hostname and IP port of the system that the IBM MQ queue manager runs on. You can define these variables in the `server.env` file of a checkpointed server. When the server is restored, the queue connection factory and message endpoint activation configurations update to the environment-specific hostname and port values for the IBM MQ queue manager. + +[source,xml] +---- + + + + + + + + + + + + + + + + + + + +---- + +Enjoy the time savings and stay tuned for upcoming announcements regarding InstantOn support for Jakarta features. @@ -194,42 +192,80 @@ Please provide a summary of the update, including the following points: // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/28496 // Contact/Reviewer: anjumfatima90 // // // // // // // // -[#SUB_TAG_1] -== Instant On Support for Session Cache in Liberty 24.0.0.6 +[#jcache] +== InstantOn support for distributed HTTP session caching + +Open Liberty link:https://openliberty.io/docs/latest/instanton.html[InstantOn] provides fast startup times for MicroProfile and Jakarta EE applications. With InstantOn, your applications can start in milliseconds, without compromising on throughput, memory, development-production parity, or Java language features. InstantOn uses the Checkpoint/Restore In Userspace (link:https://criu.org/[CRIU]) feature of the Linux kernel to take a checkpoint of the JVM that can be restored later. + +The 24.0.0.6 release provides InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] feature. This feature uses a JCache provider to create a distributed in-memory cache. Distributed session caching is achieved when the server is connected to at least one other server to form a cluster. Open Liberty servers can behave in the following ways in a cluster. + +- Client-server model: An Open Liberty server can act as the JCache client and connect to a dedicated JCache server. +- Peer-to-Peer model: An Open Liberty server can connect with other Open Liberty servers that are also running with the JCache Session Persistence feature and configured to be part of the same cluster. + +To enable JCache Session Persistence, the `sessionCache-1.0` feature must be enabled in your `server.xml` file: + +[source,xml] +---- +sessionCache-1.0 +---- -Please provide a summary of the update, including the following points: +You can configure the client/server model in the `server.xml` file, similar to the following example. - - A sentence or two that introduces the update to someone new to the general technology/concept. - - The Human-readable name and short feature name for your feature- eg WebSockets feature (websockets-1.0). - link:https://openliberty.io/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] (sessionCache-1.0) +[source,xml] +---- + + + + + + + + +---- - - Who is the target persona? Who do you expect to use the update? eg application developer, operations. - Application Developer +You can configure the peer-to-peer model in the `server.xml` file, similar to the following example. - - What was the problem before and how does your update make their life better? (Why should they care?) +[source,xml] +---- + + + - InstantOn supports a subset of the Open Liberty features. Any public features that are enabled outside of the supported set of features for InstantOn cause the checkpoint to fail with an error message. As of the `24.0.0.6` release, `sessionCache-1.0` feature is enhanced to support InstantOn. + + + + +---- - - Briefly explain how to make your update work. Include screenshots, diagrams, and/or code snippets, and provide a `server.xml` snippet. - - Where can they find out more about this specific update (eg Open Liberty docs, Javadoc) and/or the wider technology? - link:https://openliberty.io/docs/latest/instanton.html[Faster startup for containerized applications with Open Liberty InstantOn] +**Note:** +To provide InstantOn support for the peer-to-peer model by using Infinispan as a JCache Provider, you must use Infinispan 12 or later. You must also enable link:{url-prefiux}/docs/latest/reference/feature/mpReactiveStreams-3.0.html[MicroProfile Reactive Streams 3.0] or later and link:{url-prefix}docs/latest/reference/feature/mpMetrics-4.0.html[MicroProfile Metrics 4.0] or later in the `server.xml` file, in addition to the JCache Session Persistence feature. +The environment can provide vendor-specific JCache configuration properties when the server is restored from the checkpoint. The following configuration uses server list, username, and password values as variables defined in the restore environment. +[source,xml] +---- + + + + + + + +---- -// DO NOT MODIFY THIS LINE. +// DO NOT MODIFY THIS LINE. -For more details, check the LINK[LINK_DESCRIPTION]. -// // // // // // // // -// In the preceding section: -// Replace TAG_X/SUB_TAG_X with the given tag of your secton from the contents list -// Replace SUB_FEATURE_TITLE/FEATURE_X_TITLE with the given title from the contents list -// Replace FEATURE with the feature name for the server.xml file e.g. mpHealth-1.4 -// Replace LINK with the link for extra information given for the feature -// Replace LINK_DESCRIPTION with a readable description of the information -// // // // // // // // [#CVEs] == Security vulnerability (CVE) fixes in this release @@ -237,219 +273,14 @@ For more details, check the LINK[LINK_DESCRIPTION]. |=== |CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes -|Link[CVE-XXXX-XXXXX] -|Score -|vulnerability -|Affected versions -|Affected Features and other notes +|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22354[CVE-2024-22354] +|7.0 +|XML External Entity (XXE) injection +|17.0.0.3 - 24.0.0.5 +| |=== -// // // // // // // // -// In the preceding section: -// If there were any CVEs addressed in this release, fill out the table. For the information, reference https://github.com/OpenLiberty/docs/blob/draft/modules/ROOT/pages/security-vulnerabilities.adoc. If it has not been updated for this release, reach out to Kristen Clarke or Michal Broz. -// Note: When linking to features, use the -// `link:{url-prefix}/docs/latest/reference/feature/someFeature-1.0.html[Some Feature 1.0]` format and -// NOT what security-vulnerabilities.adoc does (feature:someFeature-1.0[]) -// -// If there are no CVEs fixed in this release, replace the table with: -// "There are no security vulnerability fixes in Open Liberty [24.0.0.6]." -// // // // // // // // -For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. - - -[#bugs] -== Notable bugs fixed in this release - - -We’ve spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A24006+label%3A%22release+bug%22[full list of bugs fixed in 24.0.0.6]. - -* link:https://github.com/OpenLiberty/open-liberty/issues/28552[NoClassDefFoundError: org/apache/commons/io/input/NullInputStream when using collectives file transfer.] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/28493[restfulWS-3.1: Headers with multiple values in a multipart (EntityPart) object held are held in a List of size 1.] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/28479[Invalid JASPIC warning CWWKS1652A in log when AuthResult.SEND_SUCCESS is received from the JASPIC provider. ] -+ - -When the JASPIC provider returns SEND_SUCCESS, Liberty prints the following message that is not correct. -CWWKS1652A: Authentication failed with status {0} for the web request {1}. The user defined Java Authentication SPI for Containers (JASPIC) service {2} has determined that the authentication data is not valid. - -* link:https://github.com/OpenLiberty/open-liberty/issues/28475[Environment variables not available during service startup within Kubernetes/OpenShift] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/28459[GRPC connections hang with security enabled] -+ -With security enabled, GRPC connections intermittently hang and never respond back. This happens due to the mechanism of restore that Security has for re-authenticating a connection which in GRPC is not covered. - -* link:https://github.com/OpenLiberty/open-liberty/issues/28431[Generate Set-Cookie from the SessionCookieConfig may not include additional attributes] -+ - -Session-config attributes setting in web.xml are not included in the response Set-Cookie - -* link:https://github.com/OpenLiberty/open-liberty/issues/28421[Bump netty dependencies to 4.1.109.Final] -+ -Current Netty components in Open Liberty are of the version 4.1.100.Final released in October 2023. The latest version 4.1.109.Final contains various bug fixes and improvements over the current version. - -* link:https://github.com/OpenLiberty/open-liberty/issues/28414[Classloading issue involving JAXBContext and JAXBContextFactory with webProfile-10.0] -+ -I am having classloading problems with webProfile-10.0 and JAXB classes. My web application has jakarta.xml.bind-api 4.0.0 and jaxb-runtime 4.0.1 jars in its WEB-INF/lib. At startup, it attempts to create a JAXBContext using jakarta.xml.bind.JAXBContext.newInstance, but startup fails with an exception from there. -+ -Here is the full stack trace from messages.log: -+ -``` -[5/13/24, 15:31:24:991 EDT] 00000055 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: Failed to create JAXB context - at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:23) - at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) - at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) - at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) - at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) - at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) - at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) - at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) - at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) - at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) - at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) - at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) - at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) - at java.base/java.lang.Thread.run(Thread.java:1595) -Caused by: jakarta.xml.bind.JAXBException: Error while searching for service [jakarta.xml.bind.JAXBContextFactory] - - with linked exception: -[java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype] - at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:85) - at jakarta.xml.bind.ContextFinder$1.createException(ContextFinder.java:82) - at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:46) - at jakarta.xml.bind.ContextFinder.find(ContextFinder.java:319) - at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:392) - at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:349) - at jakarta.xml.bind.JAXBContext.newInstance(JAXBContext.java:260) - at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) - ... 19 more -Caused by: java.util.ServiceConfigurationError: jakarta.xml.bind.JAXBContextFactory: org.glassfish.jaxb.runtime.v2.JAXBContextFactory not a subtype - at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:601) - at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1263) - at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1292) - at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1328) - at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1412) - at jakarta.xml.bind.ServiceLoaderUtil.firstByServiceLoader(ServiceLoaderUtil.java:39) - ... 24 more -``` -I turned on -verbose:class to see where classes are being loaded from, and here are the lines involving JAXBContextFactory (I've attached the full console.log and messages.log as liberty_problem_202405_with_jaxb_api_and_webprofile_feature_console.log and liberty_problem_202405_with_jaxb_api_and_webprofile_feature_messages.log): -+ -``` -class load: jakarta.xml.bind.JAXBContextFactory from: file:/c:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/usr/servers/default/apps/expanded/liberty_problem_202405_with_jaxb_api.war/WEB-INF/lib/jakarta.xml.bind-api-4.0.0.jar -+ -class load: jakarta.xml.bind.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/../dev/api/spec/io.openliberty.jakarta.xmlBinding.4.0_1.0.88.jar -+ -class load: org.glassfish.jaxb.runtime.v2.JAXBContextFactory from: file:/C:/apps/liberty-24.0.0.4-jakarta-10-full/wlp/lib/io.openliberty.xmlBinding.4.0.internal.tools_1.0.88.jar -``` -+ -The first two lines are both loading the jaxb-api interface for JAXBContextFactory, but strangely from two different locations: first from the jar included in my WEB-INF/lib, and then from one of Liberty's own directories. Then it loads the implementation class from an internal Liberty location, instead of from the jaxb-runtime jar that is in my WEB-INF/lib directory, and which also contains this implementation class. I think the fact that the interface is loaded from WEB-INF/lib but the implementation from an internal jar is confusing it into thinking that the implementation doesn't implement the interface, even though the JAXBContextFactory interfaces from the two locations appear to actually be identical. -+ -I would not have expected any Liberty interfaces or implementations to get loaded for this when using webProfile-10.0, because the Jakarta EE 10 XML Binding specification is not part of the Jakarta EE 10 Web Profile spec. I would have expected it to solely load classes from the jars where they are available in my WEB-INF/lib. -+ -I tried a few variations, and it got stranger. First, I tried removing the jakarta.xml.bind-api jar from my WEB-INF/lib, in hopes that it would then only load the interface once, from Liberty's own files. But that's not what happened. This time, it didn't ever load the api interfaces from anywhere at all, not even from Liberty's files as it did in the first situation. Instead, I got this different exception, and the classloader trace never shows it loading any JAXBContext* class: -+ -``` -[5/13/24, 15:27:26:287 EDT] 00000052 com.ibm.ws.webcontainer.webapp E SRVE0276E: Error while initializing Servlet [helloServlet]: jakarta.servlet.ServletException: SRVE0207E: Uncaught initialization exception created by servlet - at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:370) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1403) - at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:1228) - at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:1196) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:1094) - at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:6722) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApp(DynamicVirtualHost.java:484) - at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost.startWebApplication(DynamicVirtualHost.java:479) - at com.ibm.ws.webcontainer.osgi.WebContainer.startWebApplication(WebContainer.java:1208) - at com.ibm.ws.webcontainer.osgi.WebContainer.access$100(WebContainer.java:113) - at com.ibm.ws.webcontainer.osgi.WebContainer$3.run(WebContainer.java:996) - at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:280) - at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) - at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) - at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) - at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) - at java.base/java.lang.Thread.run(Thread.java:1595) -Caused by: java.lang.NoClassDefFoundError: jakarta.xml.bind.JAXBContext - at com.example.liberty_problem_202405.HelloServlet.init(HelloServlet.java:20) - at jakarta.servlet.GenericServlet.init(GenericServlet.java:178) - at jakarta.servlet.http.HttpServlet.init(HttpServlet.java:107) - at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:301) - ... 16 more -Caused by: java.lang.ClassNotFoundException: jakarta.xml.bind.JAXBContext - at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:742) - at com.ibm.ws.classloading.internal.AppClassLoader.findClass(AppClassLoader.java:327) - at com.ibm.ws.classloading.internal.AppClassLoader.findOrDelegateLoadClass(AppClassLoader.java:714) - at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:586) - at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:553) - at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:1104) - ... 20 more -``` -+ -So. in one case Liberty loaded the interface class from two places, and in the other case it didn't load it from anywhere at all. -+ -Next, I changed the featureManager section to specify jakartaee-10.0 instead of webProfile-10.0. In this variation, the web application launched correctly, and a classloader trace showed it was loading both the interface and implementation jars from Liberty's files and it never loaded anything from either the jakarta.xml.jaxb-api or jaxb-runtime jars in my WEB-INF/lib. -+ -Finally, I changed featureManager to just specify the minimal set of features that my web applicaiton actually needs: servlet-6.0, pages-3.1, ad websocket-2.1. The application also launched correctly in this configuration, but this time the classloader trace showed it loading all of the JAXBContext* classes from my WEB-INF/lib, and none of them from Liberty. - -* link:https://github.com/OpenLiberty/open-liberty/issues/28344[SSO should not use application/json on request to JWK] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/28280[If an application fails to start when doing a checkpoint the checkpoint still succeeds] -+ -If an application fails to start while doing a checkpoint `afterAppStart` the the checkpoint is still allowed to succeed and we are left with a application process checkpoint that will restore always with a failed application start. It would be better to fail the checkpoint in this case so that container image builds can reliably fail to build if the application fails to start when we are doing a container image build with InstantOn - -* link:https://github.com/OpenLiberty/open-liberty/issues/28235[Enabling openidConnectClient feature causes the body request not to be forwarded to the application's servlet (starting from WLP 24.0.0.3)] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/28176[IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354 CVSS 7.0)] -+ - -* link:https://github.com/OpenLiberty/open-liberty/issues/28118[Port MYFACES-4658] -+ -The MyFaces 4.0 JavaScript function `chain` is improperly coded when the JavaScript code was ported to a newer implementation. -+ -The spec states: -`A varargs function that invokes an arbitrary number of scripts. If any script in the chain returns false, the chain is short-circuited and subsequent scripts are not invoked. Any number of scripts may specified after the event argument.` -+ -However, false is never returned because the variable is not set and treated as undefined. - -* link:https://github.com/OpenLiberty/open-liberty/issues/27858[JspOption jdkSourceLevel Disabled Unintentionally] -+ -The jdkSourceLevel property was unintentionally disabled when the new javaSourceLevel option was introduced. The option still exists via the metatype, but it's input is not honored. It always uses Java 8 as the source. -+ -This only applies to JSPs that need their their code limited to Java 7 syntax or below. - - -// // // // // // // // -// In the preceding section: -// For this section ask either Michal Broz or Tom Evans or the #openliberty-release-blog channel for Notable bug fixes in this release. -// Present them as a list in the order as provided, linking to the issue and providing a short description of the bug and the resolution. -// If the issue on Github is missing any information, leave a comment in the issue along the lines of: -// "@[issue_owner(s)] please update the description of this `release bug` using the [bug report template](https://github.com/OpenLiberty/open-liberty/issues/new?assignees=&labels=release+bug&template=bug_report.md&title=)" -// Feel free to message the owner(s) directly as well, especially if no action has been taken by them. -// For inspiration about how to write this section look at previous blogs e.g- 20.0.0.10 or 21.0.0.12 (https://openliberty.io/blog/2021/11/26/jakarta-ee-9.1.html#bugs) -// // // // // // // // - - -// // // // // // // // -// If there were updates to guides since last release, keep the following, otherwise remove section. -// Check with Gilbert Kwan, otherwise Michal Broz or YK Chang -// // // // // // // // -[#guides] -== New and updated guides since the previous release -As Open Liberty features and functionality continue to grow, we continue to add link:https://openliberty.io/guides/?search=new&key=tag[new guides to openliberty.io] on those topics to make their adoption as easy as possible. Existing guides also receive updates to address any reported bugs/issues, keep their content current, and expand what their topic covers. -// // // // // // // // -// In the following section, list any new guides, or changes/updates to existing guides. -// The following is an example of how the list can be structured (similar to the bugs section): -// * link:{url-prefix}/guides/[new/updated guide].html[Guide Title] -// ** Description of the guide or the changes made to the guide. -// // // // // // // // +For a list of past security vulnerability fixes, reference the link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list]. == Get Open Liberty 24.0.0.6 now From 864e81dbdf0b3e5b9edf21f77f4b2cf286c9cd90 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Wed, 12 Jun 2024 13:45:21 -0400 Subject: [PATCH 05/14] edits --- posts/2024-06-18-24.0.0.6.adoc | 35 +++++++++------------------------- 1 file changed, 9 insertions(+), 26 deletions(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index cb8eff062..59170e211 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -6,8 +6,8 @@ categories: blog author_picture: https://avatars3.githubusercontent.com/dmuelle author_github: https://github.com/dmuelle seo-title: Faster startup for Spring Boot 3.x applications and more in 24.0.0.6 - OpenLiberty.io -seo-description: The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. -blog_description: The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. +seo-description: The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times for Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. +blog_description: The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, which improves startup times for Spring Boot 3.x applications with Liberty InstantOn. This release also includes InstantOn support for applications that use distributed HTTP session caching and IBM MQ messaging. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo --- @@ -23,8 +23,8 @@ The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, w In link:{url-about}[Open Liberty] 24.0.0.6: -* <> -* <> +* <> +* <> * <> * <> @@ -36,21 +36,6 @@ Check out link:{url-prefix}/blog/?search=release&search!=beta[previous Open Libe [#run] -// // // // // // // // -// LINKS -// -// OpenLiberty.io site links: -// link:{url-prefix}/guides/maven-intro.html[Maven] -// -// Off-site links: -//link:https://openapi-generator.tech/docs/installation#jar[Download Instructions] -// -// IMAGES -// -// Place images in ./img/blog/ -// Use the syntax: -// image::/img/blog/log4j-rhocp-diagrams/current-problem.png[Logging problem diagram,width=70%,align="center"] -// // // // // // // // == Develop and run your apps using 24.0.0.6 @@ -103,11 +88,11 @@ image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="cent Open Liberty InstantOn provides fast startup times for MicroProfile and Jakarta EE applications. With link:{url-prefix}/blog/2023/06/29/rapid-startup-instanton.html[InstantOn], your applications can start in milliseconds, without compromising on throughput, memory, development-production parity, or Java language features. InstantOn uses the Checkpoint/Restore In Userspace (link:https://criu.org/[CRIU]) feature of the Linux kernel to take a checkpoint of the JVM that can be restored later. -The Spring Framework (version 6.1+) includes link:https://docs.spring.io/spring-framework/reference/6.1/integration/checkpoint-restore.html[support for Coordinated Restore at Checkpoint (CRaC)], which also uses CRIU to provide Checkpoint and Restore for Java applications. Spring Boot version 3.2+ uses Spring Framework version 6.1, enabling Spring Boot applications to also use CRaC to achieve rapid startup times. +The Spring Framework (version 6.1+) includes link:https://docs.spring.io/spring-framework/reference/6.1/integration/checkpoint-restore.html[support for Coordinated Restore at Checkpoint (CRaC)], which also uses CRIU to provide Checkpoint and Restore for Java applications. Spring Boot version 3.2+ uses Spring Framework version 6.1+, which enables Spring Boot applications to also use CRaC to achieve rapid startup times. -The link:docs/latest/reference/feature/springBoot-3.0.html[Open Liberty `springBoot-3.0` feature] allows Spring Boot 3.x-based applications to be deployed with Open Liberty. And now, with the new Open Liberty link:docs/latest/reference/feature/crac-1.4.html[Coordinated Restore at Checkpoint] (`crac-1.4`) feature, a Spring Boot 3.2+-based application can be deployed with Liberty InstantOn to achieve rapid startup times for your Spring Boot application. +The link:docs/latest/reference/feature/springBoot-3.0.html[Open Liberty springBoot-3.0 feature] allows Spring Boot 3.x-based applications to be deployed with Open Liberty. And now, with the new Open Liberty link:docs/latest/reference/feature/crac-1.4.html[Coordinated Restore at Checkpoint] (`crac-1.4`) feature, a Spring Boot 3.2+-based application can be deployed with Liberty InstantOn and achieve rapid startup times. -To use the CRaC 1.4 functionality with the `springBoot-3.0` feature, you must be running with Java 17 or higher and enable the `crac-1.4` feature in your `server.xml` file. Additionally, if your application uses Servlet, it needs to use the `servlet-6.0` feature. Configure these features are configured in the `server.xml` file, similar to the following example: +To use the CRaC 1.4 functionality with the `springBoot-3.0` feature, you must be running with Java 17 or higher and enable the `crac-1.4` feature in your `server.xml` file. Additionally, if your application uses Servlet, it needs to use the `servlet-6.0` feature. Configure these features in the `server.xml` file, similar to the following example: [source,xml] ---- @@ -132,7 +117,7 @@ You can also use the `crac-1.4` feature with other applications, such as applica [#mq] == Use InstantOn with IBM® MQ in Liberty -The 24.0.0.6 release introduces InstantOn feature support for link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)]. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These "messaging client" applications can also manage message delivery to endpoints with message-driven bean listeners. +The 24.0.0.6 release introduces InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)] features. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These "messaging client" applications can also manage message delivery to endpoints with message-driven bean listeners. Here's a server configuration snippet to deploy applications that use the JakartaEE-10 Messaging API and require the link:https://repo1.maven.org/maven2/com/ibm/mq/wmq.jakarta.jmsra/9.3.5.0/wmq.jakarta.jmsra-9.3.5.0.rar[IBM® MQ resource adapter] to access external messaging resources. This configuration automatically includes the `connectors-2.1` feature, which supports the resource adapter configuration element. @@ -195,9 +180,7 @@ Enjoy the time savings and stay tuned for upcoming announcements regarding Insta [#jcache] == InstantOn support for distributed HTTP session caching -Open Liberty link:https://openliberty.io/docs/latest/instanton.html[InstantOn] provides fast startup times for MicroProfile and Jakarta EE applications. With InstantOn, your applications can start in milliseconds, without compromising on throughput, memory, development-production parity, or Java language features. InstantOn uses the Checkpoint/Restore In Userspace (link:https://criu.org/[CRIU]) feature of the Linux kernel to take a checkpoint of the JVM that can be restored later. - -The 24.0.0.6 release provides InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] feature. This feature uses a JCache provider to create a distributed in-memory cache. Distributed session caching is achieved when the server is connected to at least one other server to form a cluster. Open Liberty servers can behave in the following ways in a cluster. +The 24.0.0.6 release also provides InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/sessionCache-1.0.html[JCache Session Persistence] feature. This feature uses a JCache provider to create a distributed in-memory cache. Distributed session caching is achieved when the server is connected to at least one other server to form a cluster. Open Liberty servers can behave in the following ways in a cluster. - Client-server model: An Open Liberty server can act as the JCache client and connect to a dedicated JCache server. - Peer-to-Peer model: An Open Liberty server can connect with other Open Liberty servers that are also running with the JCache Session Persistence feature and configured to be part of the same cluster. From aa4c8eadc099d082a2b08f8225740b6f7eb56cd3 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Wed, 12 Jun 2024 14:28:22 -0400 Subject: [PATCH 06/14] Update 2024-06-18-24.0.0.6.adoc --- posts/2024-06-18-24.0.0.6.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 59170e211..630f407e1 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -117,7 +117,7 @@ You can also use the `crac-1.4` feature with other applications, such as applica [#mq] == Use InstantOn with IBM® MQ in Liberty -The 24.0.0.6 release introduces InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)] features. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These "messaging client" applications can also manage message delivery to endpoints with message-driven bean listeners. +The 24.0.0.6 release introduces InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)] features. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These messaging client applications can also manage message delivery to endpoints with message-driven bean listeners. Here's a server configuration snippet to deploy applications that use the JakartaEE-10 Messaging API and require the link:https://repo1.maven.org/maven2/com/ibm/mq/wmq.jakarta.jmsra/9.3.5.0/wmq.jakarta.jmsra-9.3.5.0.rar[IBM® MQ resource adapter] to access external messaging resources. This configuration automatically includes the `connectors-2.1` feature, which supports the resource adapter configuration element. From 37c9cf290e2d8f7d8023190fa3fa0705a0513fe1 Mon Sep 17 00:00:00 2001 From: David Mueller <48686014+dmuelle@users.noreply.github.com> Date: Thu, 13 Jun 2024 09:19:56 -0400 Subject: [PATCH 07/14] Update posts/2024-06-18-24.0.0.6.adoc Co-authored-by: Thomas Watson --- posts/2024-06-18-24.0.0.6.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 630f407e1..4c5905ff3 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -90,7 +90,7 @@ Open Liberty InstantOn provides fast startup times for MicroProfile and Jakarta The Spring Framework (version 6.1+) includes link:https://docs.spring.io/spring-framework/reference/6.1/integration/checkpoint-restore.html[support for Coordinated Restore at Checkpoint (CRaC)], which also uses CRIU to provide Checkpoint and Restore for Java applications. Spring Boot version 3.2+ uses Spring Framework version 6.1+, which enables Spring Boot applications to also use CRaC to achieve rapid startup times. -The link:docs/latest/reference/feature/springBoot-3.0.html[Open Liberty springBoot-3.0 feature] allows Spring Boot 3.x-based applications to be deployed with Open Liberty. And now, with the new Open Liberty link:docs/latest/reference/feature/crac-1.4.html[Coordinated Restore at Checkpoint] (`crac-1.4`) feature, a Spring Boot 3.2+-based application can be deployed with Liberty InstantOn and achieve rapid startup times. +The link:docs/latest/reference/feature/springBoot-3.0.html[Open Liberty springBoot-3.0 feature] allows Spring Boot 3.x-based applications to be deployed with Open Liberty. And now, with the new Open Liberty link:docs/latest/reference/feature/crac-1.4.html[Coordinated Restore at Checkpoint] (`crac-1.4`) feature, a Spring Boot 3.2+ application can be deployed with Liberty InstantOn and achieve rapid startup times. To use the CRaC 1.4 functionality with the `springBoot-3.0` feature, you must be running with Java 17 or higher and enable the `crac-1.4` feature in your `server.xml` file. Additionally, if your application uses Servlet, it needs to use the `servlet-6.0` feature. Configure these features in the `server.xml` file, similar to the following example: From ede11481b58a47efadf659105a54921d91c96f73 Mon Sep 17 00:00:00 2001 From: David Mueller Date: Thu, 13 Jun 2024 14:33:06 -0400 Subject: [PATCH 08/14] edits per review --- posts/2024-06-18-24.0.0.6.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 4c5905ff3..e4351ee48 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -115,11 +115,11 @@ You can also use the `crac-1.4` feature with other applications, such as applica // Contact/Reviewer: dazavala // // // // // // // // [#mq] -== Use InstantOn with IBM® MQ in Liberty +== InstantOn support for IBM® MQ messaging The 24.0.0.6 release introduces InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)] features. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These messaging client applications can also manage message delivery to endpoints with message-driven bean listeners. -Here's a server configuration snippet to deploy applications that use the JakartaEE-10 Messaging API and require the link:https://repo1.maven.org/maven2/com/ibm/mq/wmq.jakarta.jmsra/9.3.5.0/wmq.jakarta.jmsra-9.3.5.0.rar[IBM® MQ resource adapter] to access external messaging resources. This configuration automatically includes the `connectors-2.1` feature, which supports the resource adapter configuration element. +For Jakarta EE 10 messaging applications that provide message-driven bean endpoints and access messaging resources that are provided by IBM® MQ, enable the `messaging-3.1` and `mdb-4.0` features and specify the path to the link:https://repo1.maven.org/maven2/com/ibm/mq/wmq.jakarta.jmsra/9.3.5.0/wmq.jakarta.jmsra-9.3.5.0.rar[IBM® MQ resource adapter]. The feature configuration automatically includes the `connectors-2.1` feature, which supports the `resourceAdapter` configuration element. [source,xml] ---- @@ -132,11 +132,11 @@ Here's a server configuration snippet to deploy applications that use the Jakart ---- -You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] to stand up an IBM MQ server that provides the following resources: queue manager `QM1`, queue `DEV.QUEUE.1`, channel `DEV.APP.SVRCONN`, and listener `SYSTEM.LISTENER.TCP.1` on port `1414`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. +> Tip: You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] to stand up an IBM MQ server that provides the following resources on port `1414`: queue manager `QM1`, queue `DEV.QUEUE.1`, channel `DEV.APP.SVRCONN`, and listener `SYSTEM.LISTENER.TCP.1`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. InstantOn can dynamically update the messaging and connectors configuration elements to enable connections to external resources that are made available in any environment where a server is restored from checkpoint. -In the following example, the messaging configuration elements use Liberty variables that are named `MQ_HOSTNAME` and `MQ_PORT` to specify the hostname and IP port of the system that the IBM MQ queue manager runs on. You can define these variables in the `server.env` file of a checkpointed server. When the server is restored, the queue connection factory and message endpoint activation configurations update to the environment-specific hostname and port values for the IBM MQ queue manager. +For example, the following messaging configuration declares Liberty variables to specify the hostname and IP port of the system that hosts the IBM® MQ queue manager. Define these variables in the restore environment of the server. When the server restores, the connection factory and message endpoint activation configurations will update to the environment-specific hostname and port values that enable Open Liberty to connect to the IBM® MQ queue manager. [source,xml] ---- @@ -165,7 +165,7 @@ In the following example, the messaging configuration elements use Liberty varia ---- -Enjoy the time savings and stay tuned for upcoming announcements regarding InstantOn support for Jakarta features. +Stay tuned for upcoming announcements regarding InstantOn support for Jakarta features. From 3929db1318717c8ff2fc6285a340e4a364cea0ad Mon Sep 17 00:00:00 2001 From: David Mueller Date: Thu, 13 Jun 2024 16:29:34 -0400 Subject: [PATCH 09/14] Update 2024-06-18-24.0.0.6.adoc --- posts/2024-06-18-24.0.0.6.adoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index e4351ee48..22474e97f 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -132,7 +132,11 @@ For Jakarta EE 10 messaging applications that provide message-driven bean endpoi ---- -> Tip: You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] to stand up an IBM MQ server that provides the following resources on port `1414`: queue manager `QM1`, queue `DEV.QUEUE.1`, channel `DEV.APP.SVRCONN`, and listener `SYSTEM.LISTENER.TCP.1`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. +[sidebar] +.Developer tip +-- +You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] to stand up an IBM MQ server that provides the following resources on port `1414`: queue manager `QM1`, queue `DEV.QUEUE.1`, channel `DEV.APP.SVRCONN`, and listener `SYSTEM.LISTENER.TCP.1`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. +-- InstantOn can dynamically update the messaging and connectors configuration elements to enable connections to external resources that are made available in any environment where a server is restored from checkpoint. From 29fbe378f5c9d2fb339cdf86b3dafcf85cff0bfc Mon Sep 17 00:00:00 2001 From: David Mueller Date: Thu, 13 Jun 2024 16:33:51 -0400 Subject: [PATCH 10/14] Update 2024-06-18-24.0.0.6.adoc --- posts/2024-06-18-24.0.0.6.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 22474e97f..7d3e4620c 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -135,7 +135,7 @@ For Jakarta EE 10 messaging applications that provide message-driven bean endpoi [sidebar] .Developer tip -- -You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] to stand up an IBM MQ server that provides the following resources on port `1414`: queue manager `QM1`, queue `DEV.QUEUE.1`, channel `DEV.APP.SVRCONN`, and listener `SYSTEM.LISTENER.TCP.1`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. +You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] IBM® MQ server that provides the following resources: queue manager `QM1` listening on port 1414, queue `DEV.QUEUE.1`, and channel `DEV.APP.SVRCONN`. -- InstantOn can dynamically update the messaging and connectors configuration elements to enable connections to external resources that are made available in any environment where a server is restored from checkpoint. From a294e4fb4beddd4d0d92bb308298a298582d321a Mon Sep 17 00:00:00 2001 From: David Mueller Date: Thu, 13 Jun 2024 16:54:58 -0400 Subject: [PATCH 11/14] Update 2024-06-18-24.0.0.6.adoc --- posts/2024-06-18-24.0.0.6.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index 7d3e4620c..f401c11ac 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -135,7 +135,7 @@ For Jakarta EE 10 messaging applications that provide message-driven bean endpoi [sidebar] .Developer tip -- -You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] IBM® MQ server that provides the following resources: queue manager `QM1` listening on port 1414, queue `DEV.QUEUE.1`, and channel `DEV.APP.SVRCONN`. +You can use the link:https://developer.ibm.com/tutorials/mq-connect-app-queue-manager-containers/[MQ in Container image] IBM® MQ server that provides the following resources: queue manager `QM1` listening on port 1414, queue `DEV.QUEUE.1`, and channel `DEV.APP.SVRCONN`. These resources can support a simple point-to-point messaging scenario and are named within the messaging feature configuration elements that are shown in the following example. -- InstantOn can dynamically update the messaging and connectors configuration elements to enable connections to external resources that are made available in any environment where a server is restored from checkpoint. From d01fb6615c826d74e64cf26217bf3d3f0a2bd51c Mon Sep 17 00:00:00 2001 From: David Mueller Date: Thu, 13 Jun 2024 17:15:40 -0400 Subject: [PATCH 12/14] Update 2024-06-18-24.0.0.6.adoc --- posts/2024-06-18-24.0.0.6.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/posts/2024-06-18-24.0.0.6.adoc b/posts/2024-06-18-24.0.0.6.adoc index f401c11ac..492b2c696 100644 --- a/posts/2024-06-18-24.0.0.6.adoc +++ b/posts/2024-06-18-24.0.0.6.adoc @@ -24,7 +24,7 @@ The 24.0.0.6 release introduces the Coordinated Restore at Checkpoint feature, w In link:{url-about}[Open Liberty] 24.0.0.6: * <> -* <> +* <> * <> * <> @@ -115,7 +115,7 @@ You can also use the `crac-1.4` feature with other applications, such as applica // Contact/Reviewer: dazavala // // // // // // // // [#mq] -== InstantOn support for IBM® MQ messaging +== InstantOn support for Jakarta Messaging with IBM® MQ The 24.0.0.6 release introduces InstantOn support for the link:{url-prefix}/docs/latest/reference/feature/messaging-3.0.html[Jakarta Messaging], link:{url-prefix}/docs/latest/reference/feature/connectors-2.1.html[Jakarta Connectors], and link:{url-prefix}/docs/latest/reference/feature/mdb-4.0.html[Jakarta Enterprise Beans Message-Driven Beans (MDB)] features. InstantOn now provides blazing fast startup times for applications that use resource adapters to access external EIS resources, including applications that use the Jakarta Messaging API to access external messaging systems like IBM® MQ. These messaging client applications can also manage message delivery to endpoints with message-driven bean listeners. From 8313988c62f04ff71989f7e31bf25debc3a5acbc Mon Sep 17 00:00:00 2001 From: Takakiyo Tanaka Date: Wed, 12 Jun 2024 10:51:49 +0900 Subject: [PATCH 13/14] add translated 2023-12-12-23.0.0.12.adoc to ja directory --- posts/2023-12-12-23.0.0.12.adoc | 3 + posts/ja/2023-12-12-23.0.0.12.adoc | 554 +++++++++++++++++++++++++++++ 2 files changed, 557 insertions(+) create mode 100644 posts/ja/2023-12-12-23.0.0.12.adoc diff --git a/posts/2023-12-12-23.0.0.12.adoc b/posts/2023-12-12-23.0.0.12.adoc index 331f0edcc..07d555aa5 100644 --- a/posts/2023-12-12-23.0.0.12.adoc +++ b/posts/2023-12-12-23.0.0.12.adoc @@ -10,6 +10,9 @@ seo-description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, which inclu blog_description: Open Liberty 23.0.0.12 introduces MicroProfile 6.1, which includes updates for MicroProfile Metrics and MicroProfile Telemetry. This release also coincides with new versions of the Liberty Maven and Gradle plug-ins, and includes enhancements for OpenID Connect, LTPA key management, and more. open-graph-image: https://openliberty.io/img/twitter_card.jpg open-graph-image-alt: Open Liberty Logo +blog-available-in-languages: +- lang: ja + path: /ja/blog/2023/12/12/23.0.0.12.html --- = MicroProfile 6.1, Liberty Tools updates, and more in Open Liberty 23.0.0.12 David Mueller diff --git a/posts/ja/2023-12-12-23.0.0.12.adoc b/posts/ja/2023-12-12-23.0.0.12.adoc new file mode 100644 index 000000000..895add331 --- /dev/null +++ b/posts/ja/2023-12-12-23.0.0.12.adoc @@ -0,0 +1,554 @@ +--- +layout: post +title: "Open Liberty 23.0.0.12におけるMicroProfile 6.1サポート, Liberty Toolsアップデート, 他" +# Do NOT change the categories section +categories: blog +author_picture: https://avatars3.githubusercontent.com/dmuelle +author_github: https://github.com/dmuelle +seo-title: Open Liberty 23.0.0.12におけるMicroProfile 6.1サポート, Liberty Toolsアップデート, 他 - OpenLiberty.io +seo-description: Open Liberty 23.0.0.12 では MicroProfile 6.1 が導入され、MicroProfile Metrics と MicroProfile Telemetry のアップデートが含まれています。このリリースは、Liberty MavenおよびGradleプラグインの新バージョンと同時にリリースされ、OpenID Connect、LTPAキー管理などの機能強化が含まれています。 +blog_description: Open Liberty 23.0.0.12 では MicroProfile 6.1 が導入され、MicroProfile Metrics と MicroProfile Telemetry のアップデートが含まれています。このリリースは、Liberty MavenおよびGradleプラグインの新バージョンと同時にリリースされ、OpenID Connect、LTPAキー管理などの機能強化が含まれています。 +open-graph-image: https://openliberty.io/img/twitter_card.jpg +open-graph-image-alt: Open Liberty Logo +additional_authors: +- name: 田中 孝清 (翻訳) + github: https://github.com/takakiyo + image: https://avatars.githubusercontent.com/takakiyo +blog-available-in-languages: +- lang: en + path: /blog/2023/12/12/23.0.0.12.html +--- += Open Liberty 23.0.0.12におけるMicroProfile 6.1サポート, Liberty Toolsアップデート, 他 +David Mueller +:imagesdir: / +:url-prefix: +:url-about: / +//Blank line here is necessary before starting the body of the post. + +Open Liberty 23.0.0.12 では MicroProfile 6.1 が導入され、MicroProfile Metrics と MicroProfile Telemetry のアップデートが含まれています。このリリースは、Liberty Tools、Liberty MavenおよびGradleプラグインの新バージョンと同時にリリースされ、OpenID Connect、LTPAキー管理などの機能強化が含まれています。 + +link:{url-about}[Open Liberty] 23.0.0.12では、 + +* <> + ** <> + ** <> + ** <> + * <> +* <> +* <> +* <> +* <> +* <> +* <> + + + +link:https://github.com/OpenLiberty/open-liberty/issues?q=label%3Arelease%3A230012+label%3A%22release+bug%22[23.0.0.12] で修正されたバグリストをご参照ください。 + +link:{url-prefix}/blog/?search=release&search!=beta[過去のOpen Liberty GAリリースのブログ記事] もご参照ください。 + +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26170 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Emily-Jiang +// // // // // // // // +== いますぐOpen Liberty 23.0.0.12を使用してアプリを実行するには + +<> から利用いただけます。 + +[link=https://stackoverflow.com/tags/open-liberty] +image::img/blog/blog_btn_stack.svg[Ask a question on Stack Overflow, align="center"] + +[#mp61] +== MicroProfile 6.1がサポートされました + +MicroProfile 6.1 はマイナーリリースで、MicroProfile 6.0 と互換性があります。MicroProfile 6.1 には、Jakarta EE 10 Core Profile API と以下の MicroProfile コンポーネント仕様が含まれます: + +* link:https://jakarta.ee/specifications/coreprofile/10/[Jakarta EE 10 Core Profile] +* link:https://github.com/eclipse/microprofile-config/releases/tag/3.1-RC1[MicroProfile Config 3.1] +* link:https://github.com/eclipse/microprofile-fault-tolerance/releases/tag/4.0.2[MicroProfile Fault Tolerance 4.0] +* link:https://github.com/eclipse/microprofile-metrics/releases/tag/5.1.0-RC1[MicroProfile Metrics 5.1] +* link:https://github.com/eclipse/microprofile-health/releases/tag/4.0.1[MicroProfile Health 4.0] +* link:https://github.com/eclipse/microprofile-telemetry/releases/tag/1.1-RC1[MicroProfile Telemetry 1.1] +* link:https://github.com/eclipse/microprofile-open-api/releases/tag/3.1[MicroProfile OpenAPI 3.1] +* link:https://github.com/eclipse/microprofile-jwt-auth/releases/tag/2.1[MicroProfile JWT Authentication 2.1] +* link:https://github.com/eclipse/microprofile-rest-client/releases/tag/3.0.1[MicroProfile Rest Client 3.0] + +次の 3 つの仕様がマイナーアップデートされ、他の 5 つの仕様に変更はありません: + +* MicroProfile Metrics 5.1 + +* MicroProfile Telemetry 1.1 + +* MicroProfile Config 3.1 (主な更新はTCKテストで、テストががCDI 3.xまたはCDI 4.0 Liteに対しても実行されるようになった) + + +各機能の変更の詳細と利用方法については、以下のセクションをご覧ください。 + +[#mpm51] +=== MicroProfile Metrics 5.1を使用して、ヒストグラムおよびタイマーメトリクスで追跡される統計情報を構成 + +MicroProfile Metrics 5.1 には、ヒストグラムおよびタイマー・メトリクスが追跡および出力する統計情報を構成するための新しい MicroProfile Config プロパティが含まれています。MicroProfile Metrics 5.0 では、ヒストグラムおよびタイマー・メトリクスは、_max_ 記録値、すべての値の _sum_、記録された値の _count_、および 50 パーセンタイル、75 パーセンタイル、95 パーセンタイル、98 パーセンタイル、99 パーセンタイル、99.9 パーセンタイルの静的なセットのみを追跡および出力します。これらの値は Prometheus フォーマットで `/metrics` エンドポイントに出力されます。 + +MicroProfile Metrics 5.1 で導入されたプロパティでは、ヒストグラムとタイマー・メトリクスのパーセンタイルのカスタム・セットとヒストグラム・バケットのカスタム・セットを定義できます。ヒストグラム・バケツのデフォルト・セットを有効にするための構成プロパティも含まれており、これにはバケツ・セットの上限と下限を定義するためのプロパティも含まれます。 + +以下の表のプロパティは、以下の構文を使用して、セミコロンで区切られた値定義のリストを定義できます: + + +[source] +---- +metric_name=value_1[,value_2…value_n] +---- + +[%header,cols="1,1"] +|=== +| Property |Description +| mp.metrics.distribution.percentiles +a| - 追跡および出力するヒストグラムとタイマー・メトリクスのマッチングのために、パーセンタイルのカスタム・セットを定義します。 +- メトリック名のペアに整数値と 10 進値のセットを受け付けます。 +- メトリック名のペアリングで値が提供されない場合、パーセンタイル出力を無効にするために使用できます。 + + +| mp.metrics.distribution.histogram.buckets +a| - 追跡および出力するヒストグラム・メトリクスに一致する(累積的な)ヒストグラム・バケツのカスタム・セットを定義します。 +- メトリック名のペアに整数値と 10 進値のセットを受け入れます。 + + +| mp.metrics.distribution.timer.buckets +a| - 追跡および出力するタイマー・メトリクスに一致する(累積)ヒストグラム・バケツのカスタム・セットを定義します。 + - メトリック名のペアに、時間単位(ms、s、m、h など)を付加した 10 進値のセットを受け入れます。 + + +|mp.metrics.distribution.percentiles-histogram.enabled +a| - 監視ツールでパーセンタイル構成を可能にするために、デフォルトのヒストグラムバケットの大規模なセットを提供するために、一致するヒストグラムまたはタイマーメトリックを構成します。 +- メトリック名のペアに true/false を指定します。 + + +| mp.metrics.distribution.histogram.max-value +a| - タイマーのパーセンタイル・ヒストグラムが有効な場合、このプロパティは報告されるバケットの上限を定義します。 +- メトリック名のペアには、単一の整数値または 10 進値を受け入れます。 + + +| mp.metrics.distribution.histogram.min-value +a| - タイマーのパーセンタイル・ヒストグラムが有効な場合、このプロパティは報告されるバケツの下限値を定義します。 +- メトリック名のペアに対して、単一の整数値または 10 進値を受け入れます。 + + +|mp.metrics.distribution.timer.max-value +a| - ヒストグラムでパーセンタイル・ヒストグラムが有効な場合、このプロパティは報告されるバケットの上限を定義します。 +- メトリック名のペアには、時間単位(ms、s、m、h など)を付加した単一の 10 進値を受け入れます。 + +|mp.metrics.distribution.timer.min-value +a| - ヒストグラムでパーセンタイル・ヒストグラムが有効な場合、このプロパティは報告されるバケットの下限を定義します。 +- メトリック名のペアに、時間単位(ms、s、m、h など)を付加した単一の 10 進値をを受け入れます。 + +|=== + +プロパティによっては、与えられたメトリック名に対して複数の値を受け入れることができるものもあれば、単一の値しか受け入れることができないものもあります。メトリック名の末尾には、ワイルドカードとしてアスタリスク (`*`) を使用できます。 +たとえば、`mp.metrics.distribution.percentiles`は次のように定義できます: + +[source] +---- +mp.metrics.distribution.percentiles=alpha.timer=0.5,0.7,0.75,0.8;alpha.histogram=0.8,0.85,0.9,0.99;delta.*= +---- + +この例では、50 パーセンタイル、70 パーセンタイル、75 パーセンタイル、80 パーセンタイルの値を追跡して出力する `alpha.timer` タイマーメトリックを作成します。ヒストグラムメトリクスの `alpha.histogram` は、80、85、90、99パーセンタイルの値を出力します。パーセンタイルは `delta.*` とマッチするヒストグラムやタイマーの指標では無効になります。 + + +次の例では、前の例を拡張して、 `mp.metrics.distribution.timer.buckets` プロパティを使用して、 `alpha.timer` タイマー・メトリックのヒストグラム・バケットを定義します: + + +[source,xml] +---- +mp.metrics.distribution.timer.buckets=alpha.timer=100ms,200ms,1s +---- + +この構成では、0~100ms、0~200ms、0~1秒に収まる継続時間のカウントを追跡して出力するように、メトリクスのランタイムに指示します。ヒストグラム・バケットは累積的に動作するため、これらの値は範囲を表します。 + + +RESTエンドポイントの `alpha.timer` メトリクスに対応するPrometheusの出力は次のようになります: + +[source] +---- +# HELP alpha_timer_seconds_max +# TYPE alpha_timer_seconds_max gauge +alpha_timer_seconds_max{scope="application",} 5.633 +# HELP alpha_timer_seconds +# TYPE alpha_timer_seconds histogram <1> +alpha_timer_seconds{scope="application",quantile="0.5",} 0.67108864 +alpha_timer_seconds{scope="application",quantile="0.7",} 5.603590144 +alpha_timer_seconds{scope="application",quantile="0.75",} 5.603590144 +alpha_timer_seconds{scope="application",quantile="0.8",} 5.603590144 +alpha_timer_seconds_bucket{scope="application",le="0.1",} 0.0 <2> +alpha_timer_seconds_bucket{scope="application",le="0.2",} 0.0 <2> +alpha_timer_seconds_bucket{scope="application",le="1.0",} 1.0 <2> +alpha_timer_seconds_bucket{scope="application",le="+Inf",} 2.0 <2><3> +alpha_timer_seconds_count{scope="application",} 2.0 +alpha_timer_seconds_sum{scope="application",} 6.333 +---- + +<1> Prometheus のメトリックタイプは `histogram` で、分位数またはパーセンタイルとバケットの両方がこのタイプで表現されます。 +<2> `le` タグは _less than_ を表し、秒に変換されてバケットを定義します。 +<3> Prometheusはすべてのヒットをカウントする `+Inf` バケットを必要とします。 + +さらに、`@RegistryScope` アノテーションはCDI修飾子になりました。 + +MicroProfile Metricsの詳細については、以下を参照してください: + +* link:https://github.com/eclipse/microprofile-metrics[MicroProfile Metrics repo] +* link:{url-prefix}/docs/latest/introduction-monitoring-metrics.html[Monitoring with metrics documentation] + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26945 +// Contact/Reviewer: yasmin-aumeeruddy +// // // // // // // // +[#mpt11] +=== Telemetry 1.1 での Java EE および Jakarta EE サポートの拡張 + +MicroProfile Telemetry 1.1 は、1.19.0 から更新された OpenTelemetry-1.29.0 を使用するため、最新の Open Telemetry テクノロジーを利用できます。 + +この機能は、以下のプログラミングモデルの組み合わせと互換性があります: + +* Java EE 7 と MicroProfile 1.4 の組合わせ +* Java EE 8 と MicroProfile 4.1 の組合わせ +* Jakarta EE 9 と MicroProfile 5.0 の組合わせ +* Jakarta EE 10 と MicroProfile 6.1 の組合わせ + +この機能を有効にするには、次の機能定義を `server.xml` ファイルに追加します: + +[source,xml] +---- + + mpTelemetry-1.1 + +---- + +また、`server.xml` ファイルでアプリケーションにたいしてサードパーティ API を可視化する必要があります: + +[source,xml] +---- + + + + +---- + +[#trace] +=== MicroProfile Telemetry 1.0 および 1.1 で受信 HTTP リクエストをトレース +また、Open Liberty 23.0.0.12 では、MicroProfile Telemetry 1.0 および 1.1 機能が強化され、受信 HTTP リクエスト(静的ファイル、Servlet および JSP)を自動的にトレースできるようになりました。 + +MicroProfile Telemetry の詳細については、次のリンクを参照してください: + +* link:https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/trace/api.md[Tracing API] +* link:https://openliberty.io/docs/latest/docs/latest/microprofile-telemetry.html[Enable distributed tracing with MicroProfile Telemetry] + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27046 +// Contact/Reviewer: abutch3r +// // // // // // // // +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26222 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Azquelt +// // // // // // // // + +[#mpoa] +== MicroProfile OpenAPI: OpenAPI doc のエンドポイントパス設定 + +MicroProfile OpenAPI は、Liberty サーバにデプロイされる RESTful Web サービス (または JAX-RS) アプリケーション用の OpenAPI ドキュメントを生成して提供します。OpenAPI ドキュメントは `/openapi` エンドポイントから提供され、このドキュメントを参照するためのユーザーインターフェースは `/openapi/ui` エンドポイントから提供されます。 + +MicroProfile の OpenAPI 機能を Open Liberty で使用する場合は、次の例のように `server.xml` に設定を追加して、これらのエンドポイントのパスを設定できます: + +[source,xml] +---- + +---- + +この設定をローカルのテストサーバーに設定すると、OpenAPI ドキュメントには `localhost:9080/my/openapi/doc/path` から、UI には `localhost:9080/docsUi` からアクセスできるようになります。 + + +この設定は、パスに基づいて異なるサービスにリクエストをルーティングする Kubernetes Ingress を通して OpenAPI ドキュメントを公開したい場合に特に便利です。例えば、以下の Ingress 設定では、 + +[source,yaml] +---- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: +name: my-ingress +spec: +rules: +- http: + paths: + - path: /appA + pathType: Prefix + backend: + service: + name: appA + port: + number: 9080 +---- + +以下の `server.xml` 設定を使って、OpenAPI UI が `/appA/openapi/ui` で利用できるようにします: + +[source,xml] +---- + +---- + +`uiPath` が設定されていない場合、デフォルトでは `docPath` に `/ui` を追加した値になります。 + +MicroProfile OpenAPI の詳細については、以下のリソースを参照してください: + +* link:{url-prefix}/docs/latest/reference/feature/mpOpenAPI-3.1.html#_configure_microprofile_openapi_documentation_endpoints[Configure MicroProfile OpenAPI documentation endpoints] +* link:https://github.com/eclipse/microprofile-open-api[MicroProfile OpenAPI repo] +* link:{url-prefix}/docs/latest/documentation-openapi.html[API documentation with OpenAPI] + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27048 +// Contact/Reviewer: Zech-Hein +// // // // // // // // + +// The following excerpt for issue https://github.com/OpenLiberty/open-liberty/issues/26138 was found in 2023-09-26-23.0.0.10-beta.adoc. +// ------ ------ +// Contact/Reviewer: Zech-Hein +// // // // // // // // + +[#ltpa] +== 計画停止を必要としないLTPAキーローテーションのサポート + +Open Liberty は、このリリースから、LTPAトークンの検証を続けながら、自動的に新しいプライマリーのLTPA鍵ファイルを生成できるようになりました。今回のアップデートによって、ユーザーからの利用を中断することなく、LTPA鍵をローテーションできるようになりました。以前は、LTPA鍵が変更されると、ユーザーはアプリケーションに再度ログインしなくてはなりませんでしたが、その必要がなくなりました。 + +プライマリーのLTPA鍵ファイルは、`ltpa.keys` という名前でLTPAトークンの作成ならびに、LTPAトークンの検証に使われます。ランタイムで使われるプライマリーLTPA鍵ファイルは `ltpa.keys` 一つだけです。 + +検証用の鍵ファイルは、プライマリー鍵ファイル`ltpa.keys`以外で、`.keys` の拡張子を持つファイルです。検証用の鍵ファイルは、LTPAトークンの検証のみに使われ、トークンの生成には使われません。全ての検証用鍵ファイルは、プライマリー鍵ファイルと同じディレクトリーに配置する必要があります。 + +メンテナンス期間を取らずにLTPA鍵のローテーションを有効にするには、プライマリー鍵ディレクトリを監視する方法と、検証鍵ファイルを指定する2つの方法があり、またこ2つを同時に使うこともできます。 + +プライマリ鍵ファイルのディレクトリを監視し、新しい検証鍵があれば使う方法:: ++ +下記のように `monitorValidationKeysDir` と `monitorInterval` の属性を有効にします。例えば、下記の構成を `server.xml` に追加します。 ++ +[source,xml] +---- + +---- ++ +上記の `monitorValidationKeysDir` 属性は、プライマリー鍵ファイルのディレクトリで.keys拡張ファイルがないか監視します。デフォルトでは、このディレクトリは `${server.config.dir}/resources/security/` ですが、構成することもできます。Liberty サーバーはこれらの LTPA 鍵ファイルを検証キーとして使用します + +モニタリングは `updateTrigger` が `polled` に設定され、 `monitorInterval` が0より大きい場合にのみ有効になります。 `updateTrigger` のデフォルト値は `polled` `monitorInterval` のデフォルト値は0です。 + +下記は、属性を省略せずに構成したものです。 +[source,xml] +---- + + +---- + + `ltpa.keys` のファイル名を変更すると、Libertyは自動的に新しいプライマリー鍵ファイルを生成します。たとえば、`validation1.keys` に名前を変更すると、Libertyは新しい `ltpa.keys` を作成して、これを使って新しいLTPAトークンを作ります。 `validation1.keys` 検証鍵ファイルにある鍵は引き続き、LTPAトークンの検証に使われます。. ++ + + `validation1.keys` が必要なくなったらファイルを削除するか、`monitorValidationKeysDir` を false に設定してディレクトリーのモニターを中止します。未使用の検証鍵ファイルを削除するとパフォーマンス向上につながります。 + +検証キーファイルを指定し、オプションで検証キーの使用を停止する日付を指定するには:: ++ +1. 主キーファイル(`ltpa.keys`)を検証キーファイル(`validation1.keys` など)にコピーする。 ++ +2. 'ltpa` 要素の下に `validationKeys` 要素を指定し、検証キーファイルを使用するようにサーバー設定を変更する。例えば、`server.xml` ファイルに以下の設定を追加する: ++ +[source,xml] +---- + + + +---- ++ +オプションの `validUntilDate` 属性を指定することで、`validation1.keys` ファイルの使用を将来の指定した日付に停止することができます。validUntilDate`を使用すると、一定期間後にバリデーションキーを無視することができ、パフォーマンスが向上するので推奨されます。 ++ +`validationKeys` 要素では `fileName` 属性と `password` 属性は必須であるが、 `validUntilDate` 属性はオプションです。 ++ +サーバ設定の更新でバリデーションキーファイルを読み込んだ後、元のプライマリキーファイル (`ltpa.keys`) を削除すると、バリデーションに `validation1.keys` を使い続けながら、新しいプライマリキーを作成することができます。 ++ +このようにしてバリデーションキーを指定すると、次の例のように、`server.xml` 構成で指定されていないバリデーションキーも同時に使用するように、モニターディレク トリを有効にすることができる: ++ +[source,xml] +---- + + + +---- +// 高宮追加 +// +// 入れ子になっているvalidationKeysだけを使うには、monitorValidationKeysDir=falseにする必要があるそうです。 +// +// +// + +詳細については、 link:{url-prefix}/docs/latest/reference/feature/appSecurity-5.0.html#validationkeys[Rotate LTPA keys without requiring users to reauthenticate] を参照してください。 + + +=== LTPA要素にupdateTrigger属性を追加 + +`updateTrigger` 属性が `polled` または `mbean` に設定されている場合、LTPAのキーファイルはサーバによってリロードされます。デフォルトは `polled` です。 `polled` に設定されている場合、サーバは `monitorInterval` 属性で設定された割合でキーファイルの変更を監視します。以下の例のように `updateTrigger` 属性が `mbean` に設定されている場合、サーバは `WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean` MBean から通知を受け取ると再読み込みします: + +[source,xml] +---- + +---- + +`updateTrigger` 属性が `disabled` に設定されていると、キーファイルは再読み込みされません。 + +サーバー構成要素の `ltpa` についての詳細は、 link:https://openliberty.io/docs/latest/reference/config/ltpa.html[LTPA configuration docs] を参照してください。 + + + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26970 +// Contact/Reviewer: kdcptkai31 +// // // // // // // // + +[#auth] +== 認可コードフローを使用する認可リクエストとともに、リソースパラメータを送信 + +認可リクエストは、暗黙フローまたは認可コードフローのいずれかを使用して行うことができます。リクエストが暗黙フローを使用する場合、すべてのトークンは認可エンドポイントから返され、トークン・エンドポイントは使用されません。リクエストが認可コードフローを使用する場合、すべてのトークンはトークン エンドポイントから返されます。 + +以前は、Libertyは暗黙フローリクエスト中にのみリソースパラメータを送信していました。そのため、リクエストにリソース・パラメータが必要なのに認可コード・フローしか使えない場合、リクエストは失敗していました。今回の更新により、認可コードフローと一緒にリソースパラメータを送信できるようになりました。 + +この更新を実装するために、暗黙フロー中にのみリソースパラメータを送信するチェックが削除されました。これにより、両方のフローでパラメータが送信されるようになりました。 + +さらなる詳細については、 link:https://github.com/OpenLiberty/open-liberty/issues/23126[GitHub上のIssue] を参照してください。 + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/26969 +// Contact/Reviewer: kdcptkai31 +// // // // // // // // + +[#oidc] +== OpenID Connectのアクセストークンからロール情報を取得 + +認証と認可のために、トークンは、リクエストを行ったプリンシパルの ID と、そのプリンシパルがどのようなアクセスを許可されているかについての情報を含むデジタル・オブジェクトです。一般的に、これらのトークンは、アクセストークンとIDトークンの2つのタイプのいずれかに分類されます。 + +IDトークンは、OpenID Connect仕様に準拠したJSON Webトークンです。以前は、ユーザーのロール情報はこのIDトークンからのみ取得できました。IDトークン内にロール情報が提供されていない場合、その情報は取得できませんでした。今回の更新では、IDトークン内にロール情報が見つからない場合に、アクセストークンからロール情報を取得しようとするチェックが提供されます。 + +IDトークン内にロール情報が見つからなかった場合に、アクセストークンからロール情報の取得を試みるチェックが追加されました。次の `sever.xml` ファイルの例のように、`tokensOrderToFetchCallerClaims` 属性を `AccessToken IDToken Userinfo` に設定することで、このチェックを有効にすることができます: + +[source,xml] +---- + +---- + +さらなる詳細については、 xref:/docs/latest/reference/feature/openidConnectClient-1.0.html#access-token[Check the access token for user and group information] を参照してください。 + +[#CVEs] +== セキュリティ脆弱性 (CVE) の修正 +[cols="5*"] +|=== +|CVE |CVSS Score |Vulnerability Assessment |Versions Affected |Notes + +|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487[CVE-2023-44487] +|7.5 +|Denial of service +|18.0.0.2 - 23.0.0.11 +|Affects the link:{url-prefix}/docs/latest/reference/feature/servlet-3.1.html[servlet-3.0], link:{url-prefix}/docs/latest/reference/feature/servlet-4.0.html[servlet-4.0], link:{url-prefix}/docs/latest/reference/feature/servlet-5.0.html[servlet-5.0] and link:{url-prefix}/docs/latest/reference/feature/servlet-6.0.html[servlet-6.0] features +|=== + +過去のセキュリティ脆弱性の修正については、 link:{url-prefix}/docs/latest/security-vulnerabilities.html[Security vulnerability (CVE) list] を参照してください。 + +// ------ ------ + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27087 +// Contact/Reviewer: yeekangc +// // // // // // // // +[#maven] +== Liberty Maven plug-in 3.10およびLiberty Gradle plug-in 3.8を公開 + +Liberty MavenとGradleプラグインの新しいリリースが利用可能になりました。以下の注目すべき新機能が含まれています: + +* Libertyの`springBoot-3.0` Featureを使うことで、ビルドプラグインを使用してSpring Boot 3アプリケーションのLibertyへのデプロイがサポートされました +* Java 21でのプラグイン実行のサポート + + +新しいMavenプラグインバージョンを使うには、Mavenの `pom.xml` ファイルに3.10リリースを指定します。 +Gradle の場合は、`build.gradle` ファイルに 3.8 リリースを指定してください。 + +これらのプラグインの詳細については、以下のリソースを参照してください: + +* link:https://github.com/OpenLiberty/ci.maven/releases[Liberty Maven plug-in 3.10 release notes] +* link:https://github.com/OpenLiberty/ci.gradle/releases[Liberty Gradle plug-in 3.8 release notes] + +Liberty MavenプラグインによるSpring Bootサポートの詳細については、 link:https://github.com/OpenLiberty/ci.maven/blob/main/docs/spring-boot-support.md[ci.maven: Spring Boot Support] を、 +Liberty GradleプラグインでのSpring Bootサポートの詳細については、 link:https://github.com/OpenLiberty/ci.gradle/blob/main/docs/spring-boot-support.md[ci.gradle: Spring Boot Support] を参照してください。 + + +// DO NOT MODIFY THIS LINE. + +// // // // DO NOT MODIFY THIS COMMENT BLOCK // // // // +// Blog issue: https://github.com/OpenLiberty/open-liberty/issues/27086 +// Contact/Reviewer: yeekangc +// // // // // // // // + +[#lt] +== Eclipse IDE, IntelliJ IDEA, およびVisual Studio CodeむけにLiberty Tools 23.0.12を公開 + +Liberty Toolsは、Eclipse IDE、IntelliJ IDEA、Visual Studio Codeの新しいリリースをサポートするようになりました。このリリースには、さまざまな機能強化や修正も含まれています。 + +使用しているIDEからLiberty Toolsの最新リリースに更新するか、IDEのマーケットプレイスから最新バージョンをダウンロードしてください。 + +* Liberty Tools for Eclipse IDE - link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse Marketplace] +* Liberty Tools for IntelliJ IDEA - link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[JetBrains Marketplace] +* Liberty Tools for Visual Studio Code - link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Marketplace] + +さらなる詳細については、以下のリリース・ノートを参照してください: + +* link:https://github.com/OpenLiberty/liberty-tools-eclipse/releases[Release notes for Liberty Tools for Eclipse IDE] +* link:https://github.com/OpenLiberty/liberty-tools-intellij/releases[Release notes for Liberty Tools for IntelliJ IDEA] +* link:https://github.com/OpenLiberty/liberty-tools-vscode/releases[Release notes for Liberty Tools for Visual Studio Code] + +[#run] +== 今すぐOpen Liberty 23.0.0.12 を入手する + +link:{url-prefix}/guides/maven-intro.html[Maven] を使用している場合は、 `pom.xml` ファイルに以下の記述を追加してください。 + +[source,xml] +---- + + io.openliberty.tools + liberty-maven-plugin + 3.10 + +---- + +また、 link:{url-prefix}/guides/gradle-intro.html[Gradle] を使用している場合は,`build.gradle` ファイルに以下の記述を追加してください。 + +[source,gradle] +---- +buildscript { + repositories { + mavenCentral() + } + dependencies { + classpath 'io.openliberty.tools:liberty-gradle-plugin:3.8' + } +} +apply plugin: 'liberty' +---- + +link:{url-prefix}/docs/latest/container-images.html[コンテナ・イメージ] の場合はこちらです。 + +[source] +---- +FROM icr.io/appcafe/open-liberty +---- + +または、 link:{url-prefix}/start/[ダウンロードページ] をご参照ください。 + +link:https://plugins.jetbrains.com/plugin/14856-liberty-tools[IntelliJ IDEA], link:https://marketplace.visualstudio.com/items?itemName=Open-Liberty.liberty-dev-vscode-ext[Visual Studio Code] または link:https://marketplace.eclipse.org/content/liberty-tools[Eclipse IDE] 使用している場合、オープンソースの link:https://openliberty.io/docs/latest/develop-liberty-tools.html[Liberty developer tools] を活用することで、IDE内から効率的な開発、テスト、デバッグ、アプリケーション管理を行うことができます。 From b46202bcb27fb3dfede8cfde525aae067aa0724d Mon Sep 17 00:00:00 2001 From: David Mueller Date: Fri, 14 Jun 2024 12:59:07 -0400 Subject: [PATCH 14/14] add 24006 tags --- blog_tags.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/blog_tags.json b/blog_tags.json index bca27f004..9a036cfd5 100644 --- a/blog_tags.json +++ b/blog_tags.json @@ -2,7 +2,7 @@ "blog_tags": [ { "name": "announcements", - "posts": ["24.0.0.6-beta", + "posts": ["24.0.0.6", "24.0.0.6-beta", "24.0.0.5", "24.0.0.5-beta", "24.0.0.4", "24.0.0.4-beta", "24.0.0.3", "24.0.0.2", @@ -160,7 +160,7 @@ }, { "name": "release", - "posts": ["24.0.0.6-beta", + "posts": ["24.0.0.6", "24.0.0.6-beta", "24.0.0.5", "24.0.0.5-beta", "24.0.0.4", "24.0.0.4-beta", "24.0.0.3", "24.0.0.2", @@ -293,7 +293,7 @@ }, { "name": "spring", - "posts": ["spring-boot-3", + "posts": ["24.0.0.6", "spring-boot-3", "23.0.0.12", "23.0.0.10-beta", "23.0.0.9", "23.0.0.9-beta", "23.0.0.8-beta", "running-spring-boot-3", @@ -527,7 +527,7 @@ }, { "name": "performance-enhancements", - "posts": ["24.0.0.3", + "posts": ["24.0.0.6", "24.0.0.3", "Java21-Images", "24.0.0.1", "23.0.0.10-beta", "23.0.0.6", "rapid-startup-instanton", "23.0.0.5-beta",