JBoss EAP 8 provides support for Jakarta EE 10 and implements the Jakarta EE 10 Core Profile, Web Profile and Full Platform standards, including:

Jakarta EE 10 has many changes when compared to Jakarta EE 8. For more information, see How to migrate your JBoss EAP applications from Jakarta EE 8 to Jakarta EE 10.

Package Namespace Change

The packages used for all EE APIs have changed from javax to jakarta. This follows the move of Java EE to the Eclipse Foundation and the establishment of Jakarta EE.

JBoss EAP 8.0 version onward contains the Red Hat Insights Java client. The Red Hat Insights Java client is enabled for JBoss EAP only if JBoss EAP is installed on Red Hat Enterprise Linux (RHEL), and the RHEL system has Red Hat Insights client installed, configured, and registered. For more information, see the Client Configuration Guide for Red Hat Insights.

The Red Hat Insights dashboard for Runtimes will be available in a future release on Red Hat Hybrid Cloud Console. Similar to the RHEL dashboard which is available on the Red Hat Hybrid Cloud Console, the Runtimes dashboard will show the inventory of the Runtimes installations, CVE details, and help you select the JVM options.

You can opt-out of the Red Hat Insights client by setting the environment variable RHT_INSIGHTS_JAVA_OPT_OUT to true. For more information, see the knowledge base article Red Hat Insights for Runtimes.

Inclusive language, label changes

Toward Red Hat’s commitment to replacing problematic language in our code, documentation, and web properties, beginning with 8.0, the JBoss EAP management console will display more inclusive wording and labels. Specifically, you will notice the following changes to the management console resource addresses and user interface elements:

Adding, editing, and removing constant HTTP headers to response messages

In the JBoss EAP 8.0 management console, you can now add, edit, or remove constant HTTP response headers. To add a new path and header, from the Server page, select Constant Headers, then click Add. To edit or remove an existing path header, select the path whose header you want to modify, then click either Edit or Remove.

Displaying Java Message Service bridge statistics for processed messages

A message bridge consumes messages from a source queue or topic, then sends them on to a target queue or topic, usually on a different server. A bridge can also send messages from one cluster to another. The Java Message Service (JMS) bridge provides statistics about messages that the bridge processed. Specifically, it collects the following data:

With this update, the JBoss EAP 8.0 management console includes a new JMS Bridge column to display these statistics in the Runtime section. Note that this new feature affects the /subsystem=messaging-activemq/jms-bridge=* resource.

Configuring enhanced audit logging

In the JBoss EAP 8.0 management console, you can configure the following two additional audit logging attributes in your /subsystem=elytron/syslog-audit-log=* resource:

/deployment subresources require include-runtime=true

With Red Hat JBoss Enterprise Application Platform 8.0, the submodel of /deployment has changed to runtime. For management operations that use /deployment subresources you must add include-runtime=true.

Starting servers in suspended mode

You can now use the JBoss EAP 8.0 management console to start servers in suspended mode. Select the new Start in suspended mode option, available in the following drop-down menus:

Configuring the certificate-authority attribute for the certificate-authority-account resource

With JBoss EAP 8.0, you can use any certificate authority for your certificate-authority-account Elytron resource. Previously, JBoss EAP supported only the Let’s Encrypt certificate authority, and the certificate-authority attribute was not configurable.

With this update, you can add, configure, or remove any certificate authority by opening the JBoss EAP management console and clicking Configuration > Subsystems > Security > Other Settings > Other Settings > Certificate Authority. From there, click Add to add a new certificate authority. To modify one you already have, select it, then click Edit. To remove a certificate authority, select it, then click Remove.

Configuring the OCSP as an Elytron trust manager

With JBoss EAP 8.0, you can configure the Online Certificate Status Protocol (OCSP) as the trust manager for the Elytron undertow subsystem. Previously, JBoss EAP supported only a certificate revocation list (CRL) as trust manager.

With this update, you can configure the OCSP as your trust manager by opening the JBoss EAP management console and clicking Configuration > Subsystems > Elytron > Other Settings > SSL > Trust Manager. Next, either select or create a trust manager and then, from the Trust Manager window, select the OCSP tab and click Add.

Pausing Java Message Service topics

From the JBoss EAP 8.0 management console, you can now navigate to Runtime > Messaging > Server > Server Name > Destination to select and then pause a Java Message Service (JMS) topic. After you address the related messaging issue, you can also resume the paused topic. JMS previously sent messages to all active subscribers without any way to interrupt them.

Non-heap memory usage added to server status preview

With JBoss EAP 8.0, you can see more information in the server status preview about the memory consumption of your server. Previously, the preview displayed only heap memory usage: Used and Committed. With this update, it also displays the same information for non-heap memory usage.

Automatically add or update credential store passwords when you add or update a datasource

Beginning with JBoss EAP 8.0, when you create a datasource from the management console, you can automatically add a password for that datasource to your credential store. From the management console, select Configuration > Subsystems > Datasources, then click Add to add a new datasource. Next, enter the credential store name where you want to save the password for the new datasource, an alias for the credential, and the plain text password you want to use. To modify an existing datasource, select it, then click Edit.

Create, read, update, and delete Elytron resources

From the JBoss EAP 8.0 management console, you can now create, read, update, or delete any of the following four evidence decoders:

To take one of these actions, navigate to Configuration > Subsystems > Security > Mappers & Decoders > Evidence Decoder.

Viewing the deployment hash value

The JBoss EAP 8.0 management console can now display your deployment hash value in the deployment preview. This means that you can determine at a glance whether your deployment was valid and successful.

Adding and configuring interceptors in the EJB 3 subsystem

From the JBoss EAP 8.0 management console, you can now add and configure system-wide, server-side interceptors in the ejb3 subsystem. From the console, select Configuration > EJB > Container to make your additions or changes.

Configuring Infinispan distributed web session affinity

With JBoss EAP 8.0, in the distributable-web subsystem, you now have more control over the affinity, or load balancer "stickiness", of a distributed web session. To change your session affinity to something other than the Primary-owner default, in the management console, click Configuration > Distributable Web > View > Infinispan Session. Next, choose a session and select Affinity to make your changes. Affinity options now include the following:

Previously, the only available affinity was Primary-owner.

Configuring global directories in EE subsystem

With the JBoss EAP 8.0 management console, you can now configure a new ee subsystem resource, /subsystem=ee/global-directory=*. You can use a global directory to add content to a deployment class path without listing the contents of the directory. To configure a global directory resource, navigate to Configuration > Subsystems > EE > Globals.

Configuring cipher suites in Elytron

With the JBoss EAP 8.0 management console, you can now enable TLS 1.3 cipher suites using the cipher-suite-names attribute to secure your network connection. Specifically, you can now configure the following elytron subsystem resources:

To configure the cipher-suite-names attribute for the /subsystem=elytron/client-ssl-context=* resource from the management console, navigate to Configuration > Subsystems > Security > Other Settings > SSL > Client SSL Context.

To configure the cipher-suite-names attribute for the /subsystem=elytron/server-ssl-context=* resource from the management console, navigate to Configuration > Subsystems > Security > Other Settings > SSL > Server SSL Context.

Securing applications and management console with OIDC

With the JBoss EAP 8.0, you can secure applications deployed to JBoss EAP, and the JBoss EAP management console with OpenID Connect (OIDC) from the management console. JBoss EAP 8.0 provides native support for OpenID Connect (OIDC) with the elytron-oidc-client subsystem.

To configure the elytron-oidc-client subsystem from the management console, navigate to Configuration > Subsystems > Elytron OIDC Client.

To secure applications deployed to JBoss EAP, configure the following resources:

For more information, see Securing applications with OIDC in the Using single sign-on with JBoss EAP guide.

To secure the JBoss EAP management interfaces, configure the following resources:

Additionally, you can configure role-based access control (RBAC) for management console when securing it with OIDC by navigating to Access Control and clicking Enable RBAC.

For more information, see Securing the JBoss EAP management console with an OpenID provider in the Using single sign-on with JBoss EAP guide.

Registering web context when deploying an application

You can use the deployment deploy-file command from the management command-line interface (CLI) to deploy applications to a standalone server or in a managed domain.

deployment deploy-file /path/to/test-application.war

deployment deploy-file /path/to/test-application.war --all-server-groups

deployment deploy-file /path/to/test-application.war --server-groups=main-server-group,other-server-group

In the preceding examples, the default value for the runtime-name attribute is test-application.war.

When specifying the runtime-name attribute with the --runtime-name option, you must include the .war extension in the name or the web context will not be registered by JBoss EAP. For example:

--runtime-name=my-application.war

JAAS realm in the elytron subsystem

In JBoss EAP 8.0, the legacy security subsystem has been removed. To continue using your custom login modules with the elytron subsystem, use the new Java Authentication and Authorization Service (JAAS) security realm, jaas-realm.

Although elytron subsystem provides jaas-realm, it is preferable to use other existing security realms that the subsystem provides. These include jdbc-realm, ldap-realm, token-realm, and others. You can also combine different security realms by configuring aggregate-realm, distributed-realm, or failover-realm. If none of these suits your purpose, implement a custom security realm and use it instead of custom login module.

The following are cases where you should use jaas-realm instead of implementing a custom security realm:

For more information, see Creating a JAAS realm in the Securing applications and management interfaces using multiple identity stores guide.

Configure multiple certificate revocation lists in Elytron and Elytron client

You can now configure multiple certificate revocation lists (CRL) in the elytron subsystem and WildFly Elytron client when you use several Certificate Authorities (CA). You can specify the list of CRLs to use in the certificate-revocation-lists attribute in the trust-manager.

For more information, see Configuring certificate revocation checks in Elytron in the Configuring SSL/TLS in JBoss EAP guide.

Keycloak SAML adapter feature pack

The archive distribution of Keycloak SAML adapter is no longer provided with JBoss EAP. Instead, you can use the Keycloak SAML adapter feature pack to install the keycloak-saml subsystem and related configurations.

The Keycloak SAML adapter feature pack provides the following layers that you can install depending on your use case:

For more information, see Using single sign-on with JBoss EAP guide.

Native OpenID Connect client

JBoss EAP now provides native support for OpenID Connect (OIDC) with the elytron-oidc-client subsystem. Therefore, Red Hat build of Keycloak Client Adapter is not provided in this release. The elytron-oidc-client subsystem acts as the Relying Party (RP). The elytron-oidc-client subsystem supports bearer-only authentication, and also provides multi-tenancy support. You can use the multi-tenancy support, for example, to authenticate users for an application from multiple Red Hat build of Keycloak realms.

You can use the elytron-oidc-client subsystem to secure applications deployed to JBoss EAP and the JBoss EAP management console with OIDC.

Additionally, you can propagate the security identity, obtained from an OIDC provider, from a Servlet to Jakarta Enterprise Beans in both of the following cases:

For more information, see Using single sign-on with JBoss EAP guide.

New hash-encoding and hash-charset attributes for hashed passwords

You can now specify the character set and the string format for the hashed passwords that are stored in elytron subsystem security realms by using the hash-charset and hash-encoding attributes. The default hash-charset value is UTF-8. You can set the hash-encoding value to either base64 or hex; base64 is the default for all realms except the properties-realm where hex is the default.

The new attributes are included in the following security realms:

For more information, see the Securing applications and management interfaces using an identity store guide.

New encoding attribute for Elytron file-based audit log

You can now specify the encoding for file-based audit logs in Elytron by using the encoding attribute. The default value is UTF-8. The following values are possible:

For more information, see Elytron audit logging in the Securing applications and management interfaces using an identity store guide.

SSLv2Hello

Beginning with JBoss EAP 8.0 Beta, you can specify the SSLv2Hello protocol for server-ssl-context and client-ssl-context in the elytron subsystem.

Updates to filesystem-realm

You can now encrypt the clear passwords, hashed passwords, and attributes associated with identities in a filesystem-realm for better security. You can do this in two ways:

You can now also enable integrity checks for a filesystem-realm to ensure that the identities in the filesystem-realm were not tampered with since the last authorized write. You can do this by referencing a key pair when you create the filesystem-realm using the add operation. WildFly Elytron generates a signature for the identity file using the key pair. An integrity check runs whenever an identity file is read.

For more information, see Filesystem realm in Elytron in the Securing applications and management interfaces using an identity store guide.

Updates to distributed-realm

You can now configure distributed-realm to continue searching the referenced security realms even when the connection to any identity store fails by setting the new attribute ignore-unavailable-realms to true.

By default, in case the connection to any identity store fails before an identity is matched, the authentication fails with an exception RealmUnavailableException as before.

When you set ignore-unavailable-realms to true, a SecurityEvent is emitted in case any of the queried realms are unavailable. You can configure this behavior by setting emit-events to false.

For more information, see the following resources in the Securing applications and management interfaces using multiple identity stores guide:

Elytron support provided for SSLContexts in Artemis

In JBoss EAP 8, Elytron support is provided to instantiate the SSLContext variable in Messaging subsystem. This feature saves you from configuring SSLContext in multiple places as Elytron instantiates this variable. The connectors for the SSLContext must be defined on the elytron subsystem of the client’s JBoss EAP server, which means that you cannot define it from a standalone messaging client application.

New Elytron client java security provider

Elytron client now provides a Java security provider, org.wildfly.security.auth.client.WildFlyElytronClientDefaultSSLContextProvider, that you can use to register a Java virtual machine (JVM)-wide default SSLContext.

When you register the provider in your JVM with high enough priority, then all client libraries that use SSLContext.getDefault() method obtain an instance of the SSL context that is configured to be default in Elytron client configuration. This way you can make use of Elytron client’s SSL context configuration without interacting with Elytron API directly.

For more information, see Using Elytron client default SSLcontext security provider in JBoss EAP clients in the Configuring SSL/TLS in JBoss EAP guide.

Ability to obtain custom principal from Elytron

In JBoss EAP 8.0, you can now obtain a custom principal from Elytron. Previously, Elytron required principal to be an instance of NamePrincipal for authentication. While it was possible to use SecurityIdentity obtained from the current SecurityDomain and utilize SecurityIdentity attributes to obtain information from realms, it required reliance on SecurityDomain and SecurityIdentity instead of more generic and standardized methods like jakarta.security.enterprise.SecurityContext.getCallerPrincipal().

You can now obtain a custom principal from the getCallerPrincipal() method when using Elytron. If your application code using legacy security relies on getting a custom principal from the getCallerPrincipal() method, you can migrate your application without requiring code changes.

Configuring web session replication using a ProtoStream

You can now configure web session replication using a ProtoStream instead of JBoss Marshalling in JBoss EAP 8.0.

See How to configure web session replication to use ProtoStream instead of JBoss Marshalling in JBoss EAP 8.0.

Stopping batch job execution from a different node

You can now stop batch job execution from a different clustered node in JBoss EAP 8.0. For more information see using Batch Processing JBeret with a clustering of nodes sharing the same job repository in JBoss EAP 8.0.

Jakarta EE Core Profile

Jakarta EE 10 Core Profile is now available in JBoss EAP 8.0. The Core Profile is a small, lightweight profile that provides Jakarta EE specifications suitable for smaller runtimes, such as microservices and cloud services. The Jakarta EE 10 Core Profile is available as a Galleon provisioning layer, ee-core-profile-server.

For more information about the Core Profile Galleon layer, see Capability trimming in JBoss EAP for OpenShift: Base layers.

Configuring custom exception-sorter or valid-connection-checker for a datasource

You can now configure a custom exception-sorter or valid-connection-checker for a datasource using a JBoss Module.

See How to configure a custom exception-sorter or valid-connection-checker for a datasource in JBoss EAP 8.

Support for eap-datasources-galleon-pack for JBoss EAP 8.0

You can now use the eap-datasources-galleon-pack Galleon feature-pack to provision a JBoss EAP 8.0 server that can connect to your databases.

Hibernate Search 6 replaces Hibernate Search 5 APIs

Hibernate Search 5 APIs have been removed and are replaced with Hibernate Search 6 APIs in JBoss EAP 8.0.

To view a list of the removed features, see Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 and removed in EAP 8.0.

The latest version of Hibernate Search 6 included in JBoss EAP 8.0 is 6.2. If you are migrating from Hibernate Search 5, you should take into account the migration to version 6.0, 6.1, and 6.2.

See the following migrations guides for more information:

Hibernate Search 6 supports Elasticsearch

JBoss EAP 8.0 also provides support for using an Elasticsearch backend in Hibernate Search 6 to index data into remote Elasticsearch or OpenSearch clusters.

To see a list of possible Hibernate Search architectures and backends, see Table 2. Comparison of architectures in the Hibernate Search 6.2 reference documentation.

For more information about configuring Hibernate Search 6, see Using Hibernate Search in the WildFly Developer guide.

Support for Infinispan distributed query, counter, and lock APIs and CDI modules

You can now use the Infinispan APIs for distributed query, counters, and locks in JBoss EAP 8.0.

The Infinispan CDI module is also available in JBoss EAP 8.0 for creating and injecting caches.

For more information, see EAP 8 now supports Infinispan query, counters, locks, and CDI.

Addition of a new Galleon layer

A new Galleon layer is added to provide support for the Jakarta Messaging Service (JMS) integration with an embedded ActiveMQ Artemis broker. For more information, refer to the section Galleon layer for embedded broker messaging in the Migration Guide.

Configuring a cookie for web request affinity

You can now configure a separate cookie to store session affinity information for load balancers by using the affinity-cookie resource at the address /subsystem=undertow/servlet-container=default/setting=affinity-cookie.

For more information, see the Red Hat Knowledgebase solution How to configure the affinity-cookie and session-cookie in JBoss EAP 8.

JBoss EAP 8.0 server interoperability with JBoss EAP 7 and JBoss EAP 6

In JBoss EAP 8.0 you can enable interoperability between JBoss EAP 8.0 and older versions of your JBoss EAP server. JBoss EAP supports Jakarta EE 10 whose API class uses the jakarta package namespace. However, older versions of JBoss EAP use the javax package namespace.

For more information about how to enable interoperability between JBoss EAP 8.0 and older versions of JBoss EAP see, how to enable interoperability.

Infinispan-based distributed timers

In JBoss EAP 8.0, you can now use Infinispan-based distributed timers to schedule persistent Jakarta Enterprise Bean timers within a cluster, which you can scale to large clusters. For more information, see EAP 8 - how to configure Infinispan based distributed timers.

Distributable EJB subsystem

Use the distributable-ejb subsystem to configure clustering abstractions providers required for ejb3 subsystem functionalities, such as:

You can currently define these providers at a system-wide level. It is planned to develop functionality to enable deployment-specific providers by customizing the ejb3 subsystem. For more information, see What is the distributable-ejb subsystem in EAP 8.

Red Hat build of Keycloak SAML support for JBoss EAP 8.0

Using Red Hat build of Keycloak SAML adapters with JBoss EAP 8.0 Source-to-Image (S2I) image will be supported when the adapters are released. For more information, see OpenShift, SSO SAML support for EAP 8.

Provisioning a JBoss EAP server using the Maven plug-in

You can now use the JBoss EAP Maven plug-in on OpenShift to:

For more information, see Provisioning a JBoss EAP server using the Maven plug-in.

OpenID Connect support for JBoss EAP source-to-image

You can now secure applications deployed to JBoss EAP with OpenID Connect (OIDC) using the new elytron-oidc-client subsystem instead of installing the previously required Red Hat build of Keycloak Client Adapter. You can configure an elytron-oidc-client subsystem by using the environment variables to secure the application with OIDC. The Red Hat build of Keycloak Client Adapter is not provided in this release. For more information, see Using OpenID Connect to secure JBoss EAP applications on OpenShift.

Building application images using Source-to-Image

In JBoss EAP 8.0, an installed server has been removed from Source-to-Image (S2I) builder images. Galleon feature-packs and layers are now used to provision the server during the S2I build phase. To provision the server, include and configure the JBoss EAP Maven plug-in in the pom.xml file of your application. For more information, see Building application images using source-to-image in OpenShift.

Override management attributes with environment variables

To more easily adapt your JBoss EAP server configuration to your server environment, you can use an environment variable to override the value of any management attribute, without editing your configuration file. You cannot override management attributes of type LIST, OBJECT, or PROPERTY. In JBoss EAP 8.0 OpenShift runtime image, this feature is enabled by default. For more information, see Overriding management attributes with environment variables.

Environment variable checks for resolving management model expressions

JBoss EAP now supports environment variable checks when resolving management model expressions. In previous versions of JBoss EAP, the JBoss EAP server only checked for Java system properties in the management expression. Now, the server checks for relevant environment variables and system properties. If you use both, JBoss EAP will use the Java system property, rather than the environment variable, to resolve the management model expression. For more information about using environment variables to resolve management model expressions, see Using environment variables and model expression resolution.

Maven compatibility

Maven, versions 3.8.5 or earlier, include a version of the Apache Maven WAR plugin that is earlier than 3.3.2. This causes packaging errors with eap-maven-plugin. To resolve this issue, you must upgrade to Maven version 3.8.6 or later. Alternatively, you can add the maven-war-plugin dependency, version 3.3.2 or later, to your application pom.xml.

Enhancements to node naming

The value of the jboss.node.name system property is generated from the pod hostname and can be customized by using the JBOSS_NODE_NAME environment variable. This system property does not serve anymore as a transaction ID and does not have a limit of 23 characters in length, as it used to be in previous versions of JBoss EAP.

However, in JBoss EAP 8.0, a new system property, jboss.tx.node.id, is also generated from the pod hostname and can be customized by using the JBOSS_NODE_NAME environment variable. This system property is now limited to 23 characters in length and serves as the transaction ID.

Changes to Java options in JBoss EAP 8.0 images

The JVM automatically tunes the memory and cpu limits and Garbage Collector configuration in JBoss EAP 8.0 images. Instead of computing -Xms and -Xmx options, images use -XX:InitialRAMPercentage and -XX:MaxRAMPercentage options to achieve the same capability dynamically. CONTAINER_CORE_LIMIT and JAVA_CORE_LIMIT have been removed. Additionally, -XX:ParallelGCThreads, -Djava.util.concurrent.ForkJoinPool.common.parallelism, and -XX:CICompilerCount are no longer used.

Deploying a third-party application on OpenShift

With JBoss EAP 8.0, you can create application images for OpenShift deployments by using compiled WAR files or EAR archives. By using a Dockerfile, you can deploy these archives to a JBoss EAP server with the complete runtime stack, including the operating system, Java, and JBoss EAP components. You can create the application image without depending on Source-to-Image (S2I).

Excluded files in the JBoss EAP 8.0 server installation on OpenShift

When installing JBoss EAP 8.0 server on OpenShift, the following files are not required and are intentionally excluded:

Enhanced Health Probe configuration with JBoss EAP 8.0 Operator

The JBoss EAP 8.0 Operator now offers improved configuration options for health probes, focusing on better probe customization and compatibility between JBoss EAP 8.0 and JBoss EAP 7.4 images. This enhancement ensures smooth interoperability between both images, allowing probes to adjust their execution method flexibly.

apiVersion: wildfly.org/v1alpha1
kind: WildFlyServer
metadata:
  name: ...
spec:
  applicationImage: '...'
  livenessProbe:
    httpGet:
      path: /health/live
      port: 9990
      scheme: HTTP
    initialDelaySeconds: 30
  readinessProbe:
    httpGet:
      path: /health/ready
      port: 9990
      scheme: HTTP
    initialDelaySeconds: 10
  replicas: 1
  startupProbe:
    httpGet:
      path: /health/started
      port: 9990
      scheme: HTTP
    initialDelaySeconds: 60

Supported EAP 8 quickstarts

All supported JBoss EAP 8 quickstarts are located at jboss-eap-quickstarts.

New JBoss EAP BOMs for Maven

JBoss EAP BOMs provide the Maven BOM files that specify the versions of JBoss EAP dependencies that are needed for building or testing your Maven projects. In addition, Jakarta EE 10 BOMs provide dependency management for related frameworks such as Hibernate, RESTasy, and proprietary components like Infinispan and Client BOMs.

JBoss EAP Server Migration Tool

The Server Migration Tool is now a standalone migration tool and is no longer included with JBoss EAP 8.0. You can download the migration tool separately.

Failure to add bridge on the ActiveMQ server

In JBoss EAP 7, you could create a Java Message Service (JMS) bridge in the messaging-activemq subsystem before creating the source queue. The bridge remained inactive until the source queue was created.

In JBoss EAP 8, you must create the source queue before creating a JMS bridge with the bridge:add command. If you create the JMS bridge before you create the source queue, the bridge:add command will fail.

Adding a new connector in the messaging-activemq subsystem

In JBoss EAP 8.0, when a new connector is added to a configuration model using the CLI in the messaging-activemq subsystem, you must restart or reload the server so that the connector can be accessed by the other parts of the system. In JBoss EAP 7.4, a connector would be added and referenced by other parts of the system but it cannot be used without restarting or reloading the server.

Changes in Jakarta Faces implementation for MyFaces

In previous releases, you could replace the Jakarta Faces implementation with an alternative. However, for MyFaces in JBoss EAP 8.0, this functionality has been moved to an external feature pack that requires provisioning by using the Galleon tool. If you want to use a non-default Mojarra version, manual configuration is necessary. For more information, see How to configure the Multi-JSF feature in EAP 8.

Updates to the JGroup protocol stack

A new "RED" protocol has been added to the JGroup protocol stack in JBoss EAP 8.0. Additionally, the existing protocols have been upgraded.

The following table lists the protocol updates:

While the old protocol stack will still work in JBoss EAP 8.0, use the upgraded stack for optimal results.

You can now install and update JBoss EAP 8.0 using the jboss-eap-installation-manager. You can also perform server management operations, including updating, reverting, and various channel management tasks.

For more information, see The Installation guide.

In JBoss EAP 8.0, a significant enhancement has been introduced with the integration of the jboss-eap-installation-manger with the Management CLI under the installer command. This enhancement allows you to seamlessly perform a wide range of server management operations such as updating, reverting, and managing channel operations in a standalone or a managed domain mode.

For more information, see The Update guide.

In JBoss EAP 8.0, you can now use the web console to update, revert, and manage channels in your JBoss EAP installation. However, it is recommended to use the jboss-eap-installation-manager.

For more information, see The Update guide.

If you have used the galleon/provisioning.xml configuration file, to provision your JBoss EAP 7.4 installation with a valid S2I and you want to convert the file to a valid configuration for JBoss EAP 8 you must take note of the following changes:

The following features are not supported by Red Hat.

Logging

JBoss EAP 8.0 does not support Apache Log4j version 1 APIs. If your applications do not package log4j.jar and Log4j configuration as part of the application, then you must update them. For more information about migrating or updating your applications, see the Red Hat Knowledgebase solution Migration: Apache Log4j version 1 is no longer provided in EAP 8.

Agroal subsystem

JBoss EAP 8.0 no longer supports the Agroal subsystem.

Some features are deprecated with this release. This means that no enhancements will be made to these features, and they might be removed in a future release. For more information, see Deprecated in Red Hat JBoss Enterprise Application Platform (EAP) 8.

Red Hat will continue providing full support and bug fixes under our standard support terms and conditions. For more information about the Red Hat support policy, see the Red Hat JBoss Middleware Product Update and Support Policy located on the Red Hat Customer Portal.

The following features are deprecated:

JBoss Tools

JBoss Tools is deprecated in JBoss EAP 8.0.

JBoss EAP 8.0 removes the following features.

Jolokia and Prometheus

Jolokia and Prometheus have been removed in this release. These features have been dropped and will no longer be supported by Red Hat. JBoss EAP server exposes metrics through the server metrics endpoint: <server address>:<management port>/metrics.

Environment variables

Red Hat has removed the following environment variables in JBoss EAP 8.0:

JDK 8

JDK 8 has been removed from Red Hat JBoss Enterprise Application Platform 8.0. JDK 11 or JDK 17 is now required.

Legacy security realms

The legacy security realms have been removed from JBoss EAP 8.0. Use the security realms provided in the elytron subsystem instead.

For more information, see the Securing applications and management interfaces using an identity store, and Securing applications and management interfaces using multiple identity stores guides.

Picketbox

PicketBox has been removed from Red Hat JBoss Enterprise Application Platform 8.0. Any legacy security configurations must be migrated to the elytron subsystem. For more information about migrating your security configurations to the elytron subsystem, see Migrating to Elytron.

PicketBox vault

PicketBox vault has been removed from JBoss EAP 8.0. Use the credential store provided by the elytron subsystem to store sensitive strings instead.

For more information, see Credentials and credential stores in Elytron in the Secure storage of credentials in JBoss EAP guide.

PicketLink Subsystem

The PicketLink subsystem has been removed from JBoss EAP 8.0. Use Red Hat build of Keycloak instead of the PicketLink identity provider, and the Galleon layers provided by the Keycloak SAML adapter feature instead of the PicketLink service provider.

For more information, see Securing applications with SAML in the Using single sign-on with JBoss EAP guide.

discovery-group and broadcast-group resources

Red Hat JBoss Enterprise Application Platform 7.4 removed the discovery-group and broadcast-group resources. These resources are still removed in JBoss EAP8.0.

Additionally, Red Hat JBoss Enterprise Application Platform 7.4 reduced the impact to its web console by replacing all instances of discovery-group and broadcast-group resources with jgroups-discovery-group and socket-discovery-group resources.

JBoss EAP 7.3 deprecated the following resources in the messaging subsystem:

JBoss EAP 7.3 replaced these deprecated resources with jgroups-discovery-group and socket-discovery-group resources. Each deprecated resource included an attribute from each replacement resource, with one attribute set to null and the other attribute set to a value greater than 0. These settings caused both discovery-group and broadcast-group to remain active, but still assign all their functionality to the jgroups-discovery-group and socket-discovery-group resources.

Quickstarts

The following outdated or redundant quickstarts have been removed from JBoss EAP 8.0:

Red Hat build of Keycloak Client Adapter

Red Hat JBoss Enterprise Application Platform 8.0 does not provide the Red Hat build of Keycloak Client Adapter. Use the new elytron-oidc-client subsystem to secure applications deployed to JBoss EAP with OpenID Connect (OIDC).

Java service on Red Hat Enterprise Linux

Java service (JSVC) running on Red Hat Enterprise Linux (RHEL) has been removed from JBoss EAP 8.0.

BOMs

The following BOMs have been removed:

For more information, see Migrate a JBoss EAP Application’s Maven Project to JBoss EAP 8.0 in the Migration Guide.

Connector attribute

In JBoss EAP 7.4, the modcluster subsystem deprecates the connector attribute on the proxy element and replaces it with the listener attribute to avoid confusion. The management schema in JBoss EAP 7.4 uses the listener attribute, but also allows setting the connector attribute. In JBoss EAP 8.0, the deprecated connector attribute is removed, and you must now use the listener attribute instead. For more information, see Deprecated in Red Hat JBoss Enterprise Application Platform (EAP) 7.

Changes to the iiop-openjdk subsystem

In JBoss EAP 8.0, the legacy security subsystem has been removed and replaced by the elytron subsystem. You can install the elytron subsystem as the security interceptor for Object resource broker (ORB).

To maintain interoperability with JBoss EAP 7 , for example when running JBoss EAP as a managed domain with a JBoss EAP 8.0 host controller managing a JBoss EAP 7 secondary host controller, the ability to configure legacy security interceptors has been retained.

However, when running JBoss EAP as a standalone server, setting the values client and identity, for iiop-openjdk/security attribute is not supported.

Hibernate Search 5 APIs

Hibernate Search 5 APIs were deprecated in JBoss EAP 7.4 and have been removed in JBoss EAP 8.0 and replaced with Hibernate Search 6 APIs.

To view a list of the removed APIs, see Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 and removed in EAP 8.0.

Apache Log4j version 1

JBoss EAP 8.0 does not support Apache Log4j version 1 APIs. If your applications do not package log4j.jar and Log4j configuration as part of the application, then you must update these packages. For more information about migrating or updating your applications, see the Red Hat Knowledgebase solution Migration: Apache Log4j version 1 is no longer provided in EAP 8.

For more information, see Removal of Apache Log4j version 1 APIs.

Apache Xerces and Apache Xalan

The Apache Xerces and Apache Xalan JBoss Modules, implementing JAXP version 1.5, have been removed from JBoss EAP 8.0. Use the default JAXP implementation provided by the java.xml JPMS module of JDK instead, which implements JAXP version 1.6. For more information, see Use JAXP implementation provided by the JDK in JBoss EAP.

The /subsystem=distributable-web/infinispan-session-management=*:add operation may fail when executed on a default non-HA server configuration

HotRod cannot create distributed sessions for externalization to Infinispan

MsSQL connection resiliency is not supported

Liveness probe :9990/health/live does not restart pod in case of Deployment Error

Deprecation of org.apache.activemq.artemis module and warning messages

Limitations and known issues of IBM MQ resource adapters

IBM MQ resource adapters are supported with some limitations. See Deploying the IBM MQ Resource Adapter for more information.

Revised on 2024-02-27 10:08:25 UTC