JBoss Enterprise Application Platform-6.4-6.4.0 Release Notes-En-US

JBoss Enterprise Application
Platform 6.4
6.4.0 Release Notes
For Use with Red Hat JBoss Enterprise Application Platform 6
Red Hat Customer Content Services
JBoss Enterprise Application Platform 6.4 6.4.0 Release Notes
For Use with Red Hat JBoss Enterprise Application Platform 6
Legal Notice
Co pyright 20 15 Red Hat, Inc..
This do cument is licensed by Red Hat under the Creative Co mmo ns Attributio n-ShareAlike 3.0
Unpo rted License. If yo u distribute this do cument, o r a mo dified versio n o f it, yo u must pro vide
attributio n to Red Hat, Inc. and pro vide a link to the o riginal. If the do cument is mo dified, all Red
Hat trademarks must be remo ved.
Red Hat, as the licenso r o f this do cument, waives the right to enfo rce, and agrees no t to assert,
Sectio n 4 d o f CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shado wman lo go , JBo ss, MetaMatrix, Fedo ra, the Infinity
Lo go , and RHCE are trademarks o f Red Hat, Inc., registered in the United States and o ther
co untries.
Linux is the registered trademark o f Linus To rvalds in the United States and o ther co untries.
Java is a registered trademark o f Oracle and/o r its affiliates.
XFS is a trademark o f Silico n Graphics Internatio nal Co rp. o r its subsidiaries in the United
States and/o r o ther co untries.
MySQL is a registered trademark o f MySQL AB in the United States, the Euro pean Unio n and
o ther co untries.
No de.js is an o fficial trademark o f Jo yent. Red Hat So ftware Co llectio ns is no t fo rmally
related to o r endo rsed by the o fficial Jo yent No de.js o pen so urce o r co mmercial pro ject.
The OpenStack Wo rd Mark and OpenStack Lo go are either registered trademarks/service
marks o r trademarks/service marks o f the OpenStack Fo undatio n, in the United States and o ther
co untries and are used with the OpenStack Fo undatio n's permissio n. We are no t affiliated with,
endo rsed o r spo nso red by the OpenStack Fo undatio n, o r the OpenStack co mmunity.
All o ther trademarks are the pro perty o f their respective o wners.
Abstract
These release no tes co ntain impo rtant info rmatio n related to Red Hat JBo ss Enterprise
Applicatio n Platfo rm 6 .4 . Read these Release No tes in their entirety befo re installing the
pro duct.
T able of Cont ent s
T able of Contents
. .. .O. verview
1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . .
. .. .New
2
. . . .Feat
. . . .ures,
. . . . Enhancement
. . . . . . . . . . . . .s. and
. . . .T. ech
. . . .Previews
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . .
2 .1. New Features
2 .2. Enhanc ements
2 .3. Features Pro vid ed as Tec h Preview O nly
2
10
11
. . .Resolved
3
. . . . . . . . and
. . . .Known
. . . . . . Issues
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 2. . . . . . . . . .
3 .1. Res o lved Is s ues
12
3 .2. Kno wn Is s ues
34
. .. .Unsupport
4
. . . . . . . . . ed
. . .and
. . . .Deprecat
. . . . . . . .ed
. . Feat
. . . . ures
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. 4. . . . . . . . . .
4 .1. Uns up p o rted Features
44
Us ing STSClientPo o lFac to ry
46
4 .2. Dep rec ated Features
47
. . Frequent
5
. . . . . . . . ly
. . Asked
. . . . . .Q
. .uest
. . . .ions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4. 8. . . . . . . . . .
. .. .Revision
A
. . . . . . . .Hist
. . . ory
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
...........
JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es
1. Overview
Red Hat JBoss Enterprise Application Platform 6 (JBoss EAP 6) is Red Hat's response to significant
changes in the way organizations develop and deploy enterprise applications. As organizations
seek to lower operational costs and reduce time to market for new applications, JBoss EAP 6 has
been rebuilt for a vision of the future, boasting an innovative modular, cloud-ready architecture,
powerful management and automation, and world class developer productivity.
JBoss EAP 6 is Java EE 6 certified and features powerful yet flexible management, improved
performance and scalability, and many new features to improve developer productivity. All with Red
Hat's market-leading reputation for certification and support, ensuring your administration and
development needs continue to drive forward into the future and beyond.
Report a bug
2. New Feat ures, Enhancement s and T ech Previews

2.1. New Feat ures
The following new features and enhancements are available in JBoss EAP 6.4.
Ap ach e Server an d C o n n ect o rs
mo d _sn mp an d mo d _rt n o w availab le o n p p c6 4
As of JBoss EAP 6.4, mo d _sn mp and mo d _rt are available on ppc64 Red Hat Enterprise
Linux systems.
API
En ab le co n f ig u rat io n o f t h e g lo b al sessio n t imeo u t f o r t h e web co n t ain er
t h ro u g h t h e man ag emen t APIs
The global HTTP session timeout may now be configured using the Management APIs.
Exp o se p u b lic API f o r Web So cket s u se cases.
All classes in the javax. webso cket and javax. webso cket. server packages of the
Websockets API are now publicly exposed.
Au t h en t icat io n Man ag er
A lo g o u t ( ) met h o d was ad d ed t o o rg .jb o ss.secu rit y.Au t h en t icat io n Man ag er
in t erf ace
A logout method has been added to o rg . jbo ss. securi ty. Authenti cati o nManag er
interface. Be aware of this if you have implemented a custom
o rg . jbo ss. securi ty. ServerAuthenti cati o nManag er, like the following example.
<valve>
<classname>org.jboss.as.web.security.jaspi.WebJASPIAuthenticator</classname>
<param>
1 . O verview
<param-name>serverAuthenticationManagerClass</param-name>
<param-value>com.acme.ServerAuthenticationManager</param-value>
</param>
</valve>
C lu st erin g
f ail_o n _st at u s f o r mo d _clu st er
Support for fai l _o n_status has been added to mod_cluster. fai l _o n_status can be
used to specify one or more HTTP status codes, so that if a worker node in a cluster returns
one of the specified status codes, it will cause that worker to fail. The load balancer will then
send future requests to another worker node in the cluster.
D o main Man ag emen t
Su p p o rt n est ed exp ressio n s
Expressions may be nested, which allows for more advanced use of expressions in place of
fixed values. Nested expressions are permitted anywhere that expressions are permitted,
with the exception of Management CLI commands. As for normal expressions, the supported
sources for resolving nested expressions are: system properties, environment variables and
the Vault.
Ab ilit y t o read b o o t erro rs via t h e ad min APIs
A new Management CLI command has been created, which outputs details of any errors
which occurred on bootup. The command is read -bo o t-erro rs and has no parameters.
K erb ero s au t h f o r man ag emen t o ver H T T P/H T T PS
It is now possible to configure authentication of management operations made via
HTTP/HTTPS using Kerberos. This means it is now possible to authenticate to the
Management Console using Kerberos.
EE
Ab ilit y t o sp ecif y a reso u rce ad ap t er ref eren ce in jb o ss- ejb 3.xml wit h o u t t h e
ear n ame
In the jbo ss-ejb3. xml deployment descriptor you can specify a resource adapter for a
message driven bean (MD B) to use, without specifying the name of the EAR, in cases where
the deployment descriptor is in the same EAR as the resource adapter.
EJB
N ew imp lemen t at io n o f St rict MaxPo o l
Contention within the EJB StrictMaxPool has been eliminated by changing the underlying
data structure.
Ab ilit y t o u se alt ern at e p ersist en t st o res f o r u n clu st ered EJB t imers
EJB timers' data may now be stored in a database and shared between clustered server
instances. Advantages of this method include suitability to high availability.
En ab le wild card f o r <ejb - n ame> in jb o ss- ejb 3.xml
Support for use of wildcards (*) has been enabled for <ejb-name> in jboss-ejb3.xml.
H ib ern at e
D eliver n ew H ib ern at e D ialect f o r MySQ L 5.7
A new dialect has been added to Hibernate to support MySQL 5.7. To prevent issues as a
result of rounding fractional digits in date and time, the dialect currently has the following
limitations: Hibernate will assume d ateti me(6 ) for " timestamp" columns, and Hibernate
will assume ti me(0 ) for " time" columns.
H o rn et Q
Ab ilit y t o clo se all co n su mers o n a d est in at io n an d t h e co n n ect io n s f o r t h ese
co n su mers
The ability to close all consumers on a destination and the connections for those
consumers has been added. This command is available via the Management CLI,
management API and JMX.
Ab o rt slo w H o rn et Q co n su mers
The rate of consumption for message consumers may now be monitored automatically, and
action taken if the rate does not meet specific criteria. A minimum consumption rate is
specified in messages per second and if it is not met, either the consumer's connection is
killed or a management notification is raised, which can be handled by an application. By
default this feature is disabled.
Ab ilit y t o t ermin at e a co n n ect io n b y JMS U ser
HornetQ now supports termination of connections with the JMS user as the criteria.
Previously it was only possible to terminate connections according to the client ID or IP
address.
H ib ern at e Search
D eliver H ib ern at e Search as a d ef au lt mo d u le
Hibernate Search is now a standard component of JBoss EAP.
In st aller
T est d at aso u rce an d LD AP co n n ect io n s in t h e in st aller
When installing JBoss EAP in either GUI or console mode, the installer now provides the
option to verify LD AP and datasource connectivity during the installation process. This
ensures that the parameters provided during installation are valid.
JB o ss Web
Lo ad t ag lib s f ro m jars in a JB o ss Mo d u le
Tag Library D escriptors (TLD s) may be separated from their respective applications,
allowing for easier additions and updates. To use this feature, create a custom JBoss EAP
6 module that contains the TLD JARs, and declare a dependency on that module in the
applications.
Ab ilit y t o co n f ig u re H t t p O n ly SSO co o kies
1 . O verview
A new attribute has been added to the SSO configuration of a virtual server: http-o nl y.
When set to true, this attribute adds HttpO nl y to the Cookie header, indicating that the
browser should restrict access from non-HTTP APIs.
Users should be aware that the option to support this restriction rests with the client (the
web browser).
This action may mitigate the risk of security vulnerabilities by restricting access from nonHTTP APIs (such as JavaScript).
JC A
Su p p o rt en ab led f o r "d at aso u rce_class" syst em p ro p ert y
By default, when a database driver JAR contains a servi ces/javax. sq l . D ri ver file,
the datasource_class attribute in the datasource definition is ignored and the D river class
in the JAR used instead. To override this default behavior and use the datasource_class
attribute, set the property -D i ro njacamar. jd bc. prefer_d ataso urce_cl ass= true.
D et ect an d t h ro w d ep lo ymen t excep t io n f o r JC A 1.7 reso u rce ad ap t ers
An exception is thrown if JCA 1.7 deployments are detected as they belong in an EE 7 based
platform.
Ad d leak d et ect o r p o o l
IronJacamar now features a connection pool implementation which monitors connections
and provides feedback if they are never released by the application. When either the pool is
shut down or flushed, a stack trace is output to the system logs. To enable the connection
pool, set the system value ironjacamar.mcp to
o rg . jbo ss. jca. co re. co nnecti o nmanag er. po o l . mcp. LeakD umperManag ed C o n
necti o nP o o l . To have the stack trace output to a separate file, set the system value
ironjacamar.leaklog to the name and path of the desired file.
Dironjacamar.mcp=org.jboss.jca.core.connectionmanager.pool.mcp.Le
akDumperManagedConnectionPool
-Dironjacamar.leaklog=leaks.txt
JMS O p erat io n s
Ad d remo ve- jn d i o p erat io n f o r JMS reso u rces
The remo ve-jnd i operation is now enabled for JMS resources.
JMX
En ab le JMX MB ean R eg ist rat io n an d U n reg ist rat io n n o t if icat io n s f o r JB o ss'
f acad e MB ean s in EAP 6
MBeans in the jbo ss. as and jbo ss. as. expr domains are not truly MBeans but instead
facades. As a result, MBean registration and unregistration events were not available.
Registration and unregistration events for these domains have now been enabled, allowing
these events to be monitored.
Lo g g in g
R eq u est in g su f f ix su p p o rt f o r siz e- b ased lo g f ile ro t at io n

Size-based log file rotation has been enhanced with support for a timestamp suffix which is
appended to each log file when it is rotated. The format of the timestamp is configurable
according to your requirements. Previously it was only possible to have a numeric suffix
added to rotated log files, which made finding the relevant log file difficult in some
circumstances.
Imp lemen t java.u t il.lo g g in g .Lo g Man ag er.g et Lo g g erN ames( ) in JB o ss Lo g g in g
A getLoggerNames() method has been added to java.util.logging.LogManager which
returns the names of all loggers.
Au d it syslo g h an d ler sh o u ld b e ab le t o au t o mat ically reco n n ect
The audit syslog handler has been enhanced with a new attribute - reconnect-timeout which specifies the time period between attempts to reconnect to the syslog server.
Make Perio d icSiz eR o t at in g FileH an d ler co n f ig u rab le d irect ly via C LI/web
co n so le
The P eri o d i cSi zeR o tati ng Fi l eHand l er is now able to be configured via either the
Management Console or Management CLI. Previously such a handler was only able to be
configured by using a custom handler. The new configuration methods are easier and less
prone to error.
Mask "p asswo rd " Syst em Pro p ert ies
Any system property which contains the text passwo rd (regardless of case) is replaced
with the text red acted when output via logging. This improves security by avoiding having
passwords output in plain text in log files.
Man ag emen t C LI
T h e C LI sh o u ld su p p o rt p ro p ert y su b st it u t io n f o r n ames o f elemen t s an d n o t
o n ly f o r p aramet ers
Property substitution for names of elements has been added. Previously the Management
CLI only supported property substitution for parameters.
Ad d ech o co mman d f o r u se in C LI scrip t in g
A new management CLI command - echo - has been added. It outputs verbatim any text
which follows the command.
Man ag emen t C o n so le
D isp lay server lo g s in g rap h ical co n so le
You can now view server and application logs in the JBoss EAP Management Console to
help diagnose errors, performance problems, and other issues. For a log to be viewable in
the Management Console Log Viewer, it must be located in the server's
jbo ss. server. l o g . d i r directory. The Log Viewer also respects user RBAC role
assignments, so a user logged in to the Management Console can only view logs that they
are authorized to access.
Access R ed H at p lu g in
1 . O verview
Access to commonly used features of the Red Hat Customer Portal are now available from
within the Management Console. The top navigation bar of the Management Console
contains a drop-down menu: Red Hat Access. Clicking on this menu will reveal three taskspecific links to the Customer Portal: Search C u st o mer Po rt al, O p en C ase and Mo d if y
C ase.
Exp o se web co n t ain er g lo b al sessio n t imeo u t in t h e C o n so le
The global HTTP session timeout may now be configured using the Management Console.
N amin g
U se ext ern al- co n t ext f o r remo t e T IB C O ems lo o ku p
When using the generic JMS resource adapter to connect to an external messaging server,
an external context may be used instead of writing a custom ObjectFactory. The following is
an extract of an example use of <external-context>. Replace the example properties
with those appropriate for your JMS provider.
<external-context name="java:global/tibco"
module="com.tibco.tibjms" class="javax.naming.InitialContext">
<environment>
<property name="java.naming.factory.initial"
value="com.tibco.tibjms.naming.TibjmsInitialContextFactory"/>
<property name="java.naming.provider.url"
value="TIBCO_EMS_SERVER_HOST_NAME:PORT"/>
<property name="java.naming.factory.url.pkgs"
value="com.tibco.tibjms.naming"/>
<property name="org.jboss.as.naming.lookup.by.string"
value="true"/>
</environment>
</external-context>
Pat ch in g
Access t o d et ails o f p at ch es h as b een imp ro ved
The Management CLI command patch has two additional arguments: inspect and info.
The info argument outputs information on installed patches. The inspect argument
outputs information about a downloaded patch.
The P atch Manag ement panel of the Management Console has been improved to include
a brief description of each patch and a link to a more detailed article.
Perf o rman ce
B ackp o rt Ab st ract Po o l in it Lo ck( ) syn ch ro n iz at io n elimin at io n f ro m 1.2
A lock was created when calling to register a transaction after getting a connection from the
pool. Since the transaction registry already handled locking, as it already used a
concurrent collection, the additional lock handling was unnecessary, and so removed.
N ew man ag ed co n n ect io n p o o l
A new managed connection pool in JCA subsystem has been created that improves
performance and eliminates thread contention within the server.
Picket Lin k
C o n so le p lu g in t o in t eg rat e Picket Lin k su b syst ems in t o EAP co n so le
PicketLink's subsystems are now configurable via the JBoss EAP Management Console,
resulting in easier configuration.
Mo d if y t h e Picket Lin k ID P t o su p p o rt SAML 2.0 u n so licit ed resp o n ses
The PicketLink Identity Provider (ID P) has been enhanced so that it can now send SAML
2.0 unsolicited responses to the Service Provider.
Picket Lin k sh o u ld b e co n f ig u rab le t o ig n o re ajax calls
In case the user is not authenticated and sends a request to both IdP and SP using AJAX,
PicketLink will respond with a 403 HTTP status code instead of the login page. AJAX
requests are identified by checking the presence of the X-R eq uested -Wi th header with
value XMLHttpR eq uest.
R EST Easy
R EST Easy lo g g in g t h ro u g h JB o ssLo g g in g
RESTEasy logging functionality is now handled by JBossLogging. The benefits of this
change include support for internationalization of log messages.
N ew secu rit y p aramet ers
RESTEasy has two new parameters intended to improve security in processing
o rg . w3c. d o m. D o cument documents. Both parameters are co ntext-param parameters
and can be set up in the web. xml of the application.
The parameter resteasy.document.secure.processing.feature imposes security
constraints in processing o rg . w3c. d o m. D o cument documents and JAXB object
representations.
The parameter resteasy.document.secure.disableDTDs prohibit D TD s in
o rg . w3c. d o m. D o cument documents and JAXB object representations.
The default value for resteasy. d o cument. secure. pro cessi ng . feature and
resteasy. d o cument. secure. d i sabl eD T D s is true. To disable one of them or both,
add following to the application's web. xml file.
<context-param>
<param-name>resteasy.document.secure.processing.feature</paramname>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>resteasy.document.secure.disableDTDs</param-name>
<param-value>false</param-value>
</context-param>
R PM In st allat io n an d U p d at es
There is now a choice of RPM channels or repositories to which to subscribe for installation
and updates of JBoss EAP via RPM. The current JBoss EAP channel provides the latest
1 . O verview
version, while a minor channel provides a specific minor release and all applicable
patches. This allows you to maintain the same minor version of JBoss EAP 6, while still
staying current with high severity and security patches. For further details of the available
channels, see https://access.redhat.com/solutions/1346093.
Secu rit y
SSLValve allo ws f o r u ser- co n f ig u rab le h ead er n ames
The names of HTTP headers that SSLValve uses for passing SSL/TLS information from the
originator were predefined, for example: ssl_client_cert, ssl_cipher, ssl_session_id and
ssl_cipher_usekeysize. With this change, the names of the headers are now customizable
so that the originator can use an arbitrary name of the HTTP header, with the name
specified in the SSLValve configuration.
K erb ero s b ased au t h en t icat io n f o r R emo t in g
Support for Kerberos authentication for EJBs and EJB clients has now been enabled.
Man ag emen t secu rit y realms sh o u ld cach e LD AP d at a
The management security realm now caches LD AP data, which helps reduce the number of
LD AP requests.
Au t h o riz at io n wit h st at ic K erb ero s cred en t ials t o O racle D B o n O racle JVM
Authorization using static Kerberos credentials in an Oracle D B datasource on Oracle JVM
has been added. Note that Oracle D B driver version 11.2.0.3 or newer is required, also
security domain cache must be enabled.
Au t h o riz at io n wit h st at ic K erb ero s cred en t ials t o SQ LServer o n O racle JVM
Authorization using static Kerberos credentials in a Microsoft SQL Server datasource has
been added. Note that this feature is only supported for non-XA connections.
Ad d su p p o rt f o r ext ern al p asswo rd o f keyst o re t o Picket B o xVau lt
imp lemen t at io n
The Vault feature now supports the option of having the keystore password provided via an
external command or a custom class.
Ad d "remo ve vau lt en t ry" o p t io n t o vau lt t o o l
The Vault CLI tool has been improved with the addition of the ability to remove a value
stored in a vault.
U se o f t h e - secmg r f lag f o r t h e co n f ig u rat io n o f a Java Secu rit y Man ag er
Running JBoss EAP within the Java Security Manager is now enabled by either adding the
-secmgr parameter to the startup script, or enabling the option SEC MG R = "true" in the
configuration file. Enabling the Java Security Manager with the Djava.security.manager Java system property is no longer possible. As a result of this
change, custom security managers cannot be used. Starting JBoss EAP with a custom
security manager enabled will result in JBoss EAP exiting with a non-zero exit code on
startup. See the Security Guide for details of the changes required to enable the Java
Security Manager.
Su p p o rt ed C o n f ig u rat io n s
O racle JD K 8
Oracle Java Platform, Standard Edition 1.8 (JD K 8) has been added to the list of supported
configurations.
IB M JD K 8
IBM JD K 8 has been added to the list of supported configurations.
D B MS
The following D BMS have been certified and are now fully supported:
Enterprise D B Postgres Plus Advanced Server 9.3
MySQL 5.7
IBM D B2 10.5
Microsoft SQL Server 2014
PostgreSql 9.3
D eliver mo d _sn mp f o r t est ed R H EL versio n s o n PPC
The Simple Network Management Protocol (SNMP) module mo d _snmp is now supported on
PowerPC64 Architecture running Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux
7.
Web So cket s 1.0
The WebSocket 1.0 protocol provides two way communication between web clients and
servers. Communications between clients and the server are event-based, allowing for
faster processing and smaller bandwidth compared with polling-based methods.
The JBoss EAP 6.4 WebSocket implementation provides full dependency injection support
for server endpoints, however, it does not provide CD I services for client endpoints. CD I
support is limited to that required by the EE6 platform, and as a result, EE7 features such as
interceptors on endpoints are not supported.
Report a bug
2.2. Enhancement s
In st aller
B Z #116 9 4 6 2 - In st aller sh o u ld lo o k au t o mat ically lo o k f o r variab les f ile d u rin g
au t o mat ed in st alls
In JBoss EAP 6.4 the installer now automatically looks for a variables file during
installation.
The installer will look for the . vari abl es file only if an automated installation is being run
and no variables are passed in through the -vari abl es or -vari abl efi l e tags.
The installer will look in the location of the auto . xml file first. If nothing is found there it
will look in the current working directory for the user.
10
1 . O verview
If the user specifies a remote auto . xml file the installer will only look for the . vari abl es
file in the location user's current working directory.
The . vari abl es file will also only be detected if it follows this naming convention;
<NAME_OF_AUTO.xml>. vari abl e.
T ran sact io n Man ag er
B Z #116 89 73 - JT S p art icip an t s are n o t sh o win g u p in t h e t o o lin g
This release of JBoss EAP 6 contains an enhancement to the Transaction Manger
component. Previously, not all particpants were appearing in the log viewer.
Now, the following types of participants will be shown:
AssumedCompleteHeuristicTransaction
AssumedCompleteHeuristicServerTransaction
AssumedCompleteTransaction
AssumedCompleteServerTransaction
See http://bugzilla.redhat.com/show_bug.cgi?id=1168973
Report a bug
2.3. Feat ures Provided as T ech Preview Only

The following configurations and features are known to have issues and are provided as technology
previews only. They are not supported in a production environment.
WS- T ru st /ST S wit h JB o ss Web Services
JBoss Web Services now exposes WS-Trust/STS capabilities from the underlying CXF
implementation.
Ap ach e C XF 2.7.13 ch an g es SAML/WS- T ru st
The Security Token Service (STS) now validates ActAs tokens too, while it was previously
validating OnBehalfOf tokens only; as a consequence, valid username/password have to
be specified in the UsernameToken that is provided as ActAs token.
The SAML Bearer tokens are now required to have an internal signature; additionally, the
o rg . apache. ws. securi ty. val i d ate. Saml Asserti o nVal i d ato r has a
setR eq ui reBearerSi g nature method to enable/disable this signature verification.
Ad d in g an d R emo vin g Mo d u les wit h t h e JB o ss C LI
The CLI offers new commands to add and remove modules.
R est Easy Valid at io n wit h t h e H ib ern at e Valid at o r
RestEasy now includes a validation provider to support the Hibernate Validator delivered
with JBoss EAP 6.
Mu lt i- JSF
This feature enables a user to replace the JSF implementation provided with JBoss EAP 6
with a user-supplied JSF implementation.
11
mo d _jk an d IPv6
The mod_jk version has been updated. This new version contains support for IPv6,
however this feature has not been fully tested.
Report a bug
3. Resolved and Known Issues

3.1. Resolved Issues
Pat ch in g
B Z #1110117 - Q u eryin g p at ch in g MB ean s d u rin g sh u t d o wn resu lt s in
Illeg alSt at eExcep t io n
An attempt to query the patch status of a JBoss EAP instance could previously result in an
Il l eg al StateExcepti o n error being thrown. The root cause of this error was that the
Instal l ati o nManag erServi ce was not available as it had already been shut down.
This issue has now been resolved by first checking if the
Instal l ati o nManag erServi ce is available and if so, the query proceeds.
EJB
B Z #1172856 - Server sid e EJB H an d ler n o t co mp ressio n resp o n se
When using EJB compression in previous versions of JBoss EAP 6, the client was sending
a compressed request, but the server was sending an uncompressed response, even
though it was configured to return a compressed response.
In this release, the server will respond with a compressed response as it should.
B Z #11184 32 - java.u t il.co n cu rren t .R eject ed Execu t io n Excep t io n if a remo t e- n amin g
In it ialC o n t ext sh o u ld b e clo sed
If remote naming is used to lookup an EJB it creates an ejb-cl i ent context. If the remote
naming context object was closed when done, the client logged the error shown below,
because the ejb-cl i ent context was already shut down and it tried to do so again. The
underlying cause of this error has been resolved by checking the ejb-cl i ent context
before being closed.
ERROR [org.jboss.remoting.handler-errors] Close handler threw an
exception: java.util.concurrent.RejectedExecutionException
B Z #1156 6 20 - Memo ry leak o n u n d ep lo y & t o o man y ch an n els cau sed b y ejb clien t
n o t d isasso ciat in g
This release of JBoss EAP 6 fixes a memory leak caused by an application deployed that is
using jbo ss-ejb-cl i ent. xml to configure remote EJB clients connections.
12
3 . Resolved and Known Issues
This fix also resolves another issue wherein scoped context was used and too many
channels occurred (as a result of channels not being closed until all channels to a given
host are closed). The channel is now closed when C o ntext. cl o se() is called, even if
other channels are open to the same host.
B Z #10884 6 3 - If larg e p aramet ers are g iven t o an EJB met h o d in vo cat io n t h e clien t
sh o w a EJB C LIEN T 000032 Excep t io n - t h e O u t O f Memo ryErro r is swallo wed
In the previous version of JBoss EAP 6, when a large value is passed in a parameter for
EJB invocation, the channel crashed and the out of memory error was not displayed on the
server. On the ejb-client, an exception indictating the error occurred during the
unmarshalling of some parameter with a possible OOM cause is displayed. This issue is
now fixed in the current version of JBoss EAP 6. When a large value is passed in a
parameter for EJB invocation, an out of memory exception is displayed on the server and a
hint is displayed on the client side.
C D I/Weld
B Z #1159 570 - C D I in ject ed t o p ic d o es n o t wo rk
In previous versions of JBoss EAP 6, the injection of a JMS Topic into a CD I bean failed
with the following error:
javax.jms.InvalidDestinationException: Not a HornetQ
Destination:HornetQTopic[EventTopic]
@ javax.inject.Inject
private javax.jms.Topic topic
In this release, the injection succeeds without error.
B Z #116 6 133 - B ean p ro xy class h as n o n - vararg s met h o d f o r o rig in al vararg s
met h o d
In previous versions of EAP, varargs methods were misrepresented in bean proxies as nonvarargs methods with an array argument. This caused problems in frameworks which
depend on reflection.
The issue was resolved by adding the missing vararg flag in bytecode of the proxied
method. As a result, vararg methods are now represented correctly in bean proxies.
B Z #114 6 853 - Pro xy n amin g co n f lict wh en u sin g st at ic n est ed classes wit h t h e
same n ame an d p ackag e
In previous versions of EAP if two static nested classes with equal names enclosed by
different classes were used as beans, Weld generated proxies with equal class names for
both such beans and C l assC astExcepti o n were thrown when such beans were used.
This was fixed by amending the proxy class name generation procedure to include the
name of the enclosing class. Two static nested classes can now have the same simple
class name even when enclosed by two different classes in the same package.
13
B Z #1054 876 - Pro xy creat io n f ails wh en a su p erclass d o es n o t h ave a n o - arg
co n st ru ct o r
Previous versions of JBoss EAP included an implementation of Weld that performed an
unnecessarily strict check that constructors of all superclasses have public no-arg
constructors.
This issue has been resolved in this release. Now only the proxiability of the bean itself is
checked, not all supertypes.
B Z #114 9 6 4 4 - C D I In t ercep t o r can n o t in ject EJB sessio n co n t ext .
In previous versions of JBoss EAP there was an omission in the Weld integration code as a
result of which it was not possible to inject an EJB session context into a CD I interceptor.
This was fixed in the integration code by providing the proper EJBContext JND I location to
injection points for all EJB contexts.
B Z #113819 2 - Packag e- p rivat e memb ers n o t wo rkin g o n C D I b ean s in st at ic
mo d u les
In previous versions of JBoss EAP there was a classloading optimization in the Weld
integration code which caused an Il l eg al AccessExcepti o n to be thrown when any
normal-scoped bean from a static module which declared a package-private no-arg
constructor got injected into a bean from a deployment.
This was fixed by limiting the optimization and using a static modules ClassLoader for
proxies of classes originating from the given static module.
The Il l eg al AccessExcepti o n is no longer thrown for beans with package-private
constructors in static modules.
B Z #1086 555 - Weld - Sp ecializ at io n o f g en eric b ean s t h ro ws in ap p ro p riat e
excep t io n
In a previous release of JBoss EAP 6, setting a specialization on a generic bean resulted in
a D efi ni ti o nExcepti o n being thrown.
This behavior was not intended as has been addressed in this release. Setting a
specialization on a generic bean now operates as expected.
B Z #1111575 - su b n et - mat ch is d o es n o t resp ect ' valu e' at t rib u t e
Previous releases of JBoss EAP 6 carried a bug that prevented subnet-match from
respecting the val ue attribute.
In this release of the product, the issue has been resolved and the val ue attribute works as
expected.
14
B Z #1159 709 - IO erro r d u rin g d ep lo ymen t scan n in g t rig g ers u n d ep lo ymen t
In previous versions of JBoss EAP 6,
Fi l eSystemD epl o ymentServi ce. scanD i recto ry() method treated the null return
value of Fi l e. l i stFi l es() as an empty list rather than an error.
As a result, IO errors occurring during deployment scanning could trigger the undeployment of applications.
This issue has been addressed and in this release of the product, deployed applications
are no longer undeployed if file limit is reached.
B Z #1133328 - R u n t ime u p d at es t o o u t b o u n d LD AP co n n ect io n s n o t p erf o rmed o n
h o st co n t ro ller.
JBoss EAP 6s domain management operation handlers can specify if a runtime update
should be performed as a result of an update to the model. In previous versions, the
operation handler was only requesting runtime updates for outbound LD AP connection
definitions if running in a server process.
As a result, changes made to outbound LD AP connections within a host controller process
were not leading to immediate runtime updates for that process.
In this release of the product, the affected operation requests runtime updates are applied in
all process types and changes made to outbound LD AP connections are reflected
immediately for both application server processes and non-application server processes.
B Z #114 856 5 - Man ag emen t H T T P server clo sin g id le co n n ect io n s p remat u rely.
JBoss EAPs management HTTP server contains a timeout handler which is intended to
terminate idle connections after 5 minutes.
In previous versions of the product the timeout was terminating connections after 30
seconds. Any active SSL sessions were also terminated as a side effect of the connection
being terminated. When the clients web browser reconnected for a subsequent invocation
the a fresh SSL session had to be created.
In this release of the product, the idle connection timeout is now set correctly to 5 minutes.
Web browser initiated shut down of keep alive connections can now happen as intended,
leaving any underlying SSL sessions intact and allowing the web browser to resume its
previous session the next time it connects.
B Z #1106 39 3 - Man ag ed server sh u t d o wn u n exp ect ed ly wh en t imeo u t d u rin g
co n n ect io n req u est t o H C
In a previous version of JBoss EAP 6, after a managed servers connection to its Host
Controller failed, it would only make a single re-connection attempt.
This could cause the product to shut down unexpectedly if the re-connection failed.
In this release, connections to the Host Controller are re-tried indefinitely. Server instances
no longer shut down due to loss of connection to the Host Controller.
15
B Z #11056 77 - N o n exist en t ld ap g ro u p cau ses au t h en t icat io n t o f ail in secu rit yrealm
In previous release of JBoss EAP 6, a user containing a reference to a non-existent group
returned a failure in authentication while performing principal-to-group searches of LD AP
to load a users group membership information. The users authentication was aborted.
In JBoss EAP 6.4, this issue has been fixed by defining a skip-missing-groups attribute as
" true" on the principal-to-group configuration, which allows missing groups to be ignored.
B Z #107386 6 - Ad d in g server- id en t it y= ssl t o Secu rit yR ealm t h ro ws N PE in 6 .3.0.D R 2
In the previous release of JBoss EAP 6, the runtime updates returned a
NullPointerException for the list of services being added, thus making the roll back of
services, when needed, very difficult.
In JBoss EAP 6.4, this error is fixed and the list of service references is provided for runtime
updates.
B Z #11514 34 - T h e o u t b o u n d - co n n ect io n s elemen t d o esn ' t valid at e ag ain st XSD
af t er remo vin g co n n ect io n
Within the management mode, when a new outbound LD AP connection is defined, a
resource is instantiated to hold the child ldap connections.
In previous versions of JBoss EAP 6, this resource was not removed after the last child
connection is removed.
The behavior was encountered because the XML marshalling saw the outbound ldap
connections in the model as being defined, and so wrote the <outbound-connections>
element to contain them. As there were no connections in the model this element remained
empty, which is invalid according to the schema.
Note: The parser is tolerant to this and this does not prevent a subsequent server start up.
In this release of the product the resource is removed once the last child has been removed
and the parser now sees there are no defined outbound connections so an empty
<outbound-connections> element is no longer written.
B Z #9 08236 - D ef in in g a secu re so cket f o r h t t p man ag emen t wit h o u t a secu rit y
realm resu lt s in a N u llPo in t erExcep t io n
In previous versions of JBoss EAP 6, model validation was not being performed to ensure
an HTTP management interface configured to enable SSL also referenced a security realm
to obtain its SSLContext.
Without the validation, the SecurityRealm was null, which lead to a
Nul l P o i nterExcepti o n.
In this release the time updates are applied to the management model and additional
checks are performed to ensure a security realm is associated with the HTTP management
interface is SSL is being enabled.
16
If a user attempts to define a HTTP management interface with SSL but no SecurityRealm an
error message is reported instead of the Nul l P o i nterExcepti o n.
B Z #1129 4 00 - U n ab le t o creat e reso u rce- ad ap t er u sin g H T T P man ag emen t
in t erf ace
In previous versions of JBoss EAP 6, the logic in the operation to add a resource-adapter
resource required that the target address be represented as a list of elements of D MR
ModelType.PROPERTY.
This meant that HTTP-based management clients that used JSON could not reliably create
operations using the expected format (as representing the $PROPERTY element in JSON
syntax can be problematic).
In this release of JBoss EAP 6, the handler for the resource-adapter ad d operation has
been updated to use standard address parsing code which is more forgiving of formatting
differences. As a result, operations that add a resource-adapter using the HTTP interface
and JSON similar to the example above now succeed as expected.
B Z #11339 6 1 - XML p arsin g man d at in g t h e ' f o rce' at t rib u t e o n u sern ame- t o - d n even
t h o u g h it h as a d ef au lt valu e.
In JBoss EAP 6, where a username-to -d n element is defined for LD AP based
authorization with security realms, the schema describes an optional attribute; fo rce.
In previous versions of the product the parser was implemented to assume this attribute was
mandatory.
This caused configurations which were valid according to the schema to be rejected by the
parser if the optional attribute was omitted.
In this release the parser has been updated to reflect the fact that the attribute is optional
and configurations that omit the fo rce attribute will now be correctly parsed by the parser.
B Z #1052821 - U n n ecessary D N S lo o ku p wh en accessin g web co n so le wit h h t t p s
If a client connects to the server and the SSL session is initiated there is an attempt to
resolve the clients host name. If the clients name is an address this involves a D NS look up
to attempt to discover the name. This caused performance hit on every connection from a
remote client while the D NS lookup is performed, in addition to this if the D NS server is
unavailable this can introduce a long delay.
This issue has ben fixed in JBoss EAP 6.4. A D NS lookup is now eliminated on the server
when a client attempts to connect and establish a SSL session.
B Z #116 2882 - JB T M- 2188 - So me co d e t h at writ es t o t h e f ile st o re is missin g
Privilid g ed Act io n b lo cks
In previous releases of JBoss EAP 6, if Security Manager was enabled then Narayana
Transaction Manager could not be allowed read or write from the files of object store
managed by FileSystemStore class.
17
managed by FileSystemStore class.

This was because, when the security manager is used, it verifies that the code has
permissions to access the file system. This process checks the entire method call chain,
meaning there is a chance that some classes do not have permission to access the
filesystem.
The fix implemented in this release is to access the file system as a privileged entity
(AccessC o ntro l l er. d o P ri vi l eg ed ()), which reduces the stack to classes that the
security manager recognizes as privileged to have file system access.
B Z #113334 6 - XA R eco very scan s can st all JB o ss st art u p
In JBoss EAP 6, transaction recovery operates by asking resources for their view of indoubt transaction branches using " RecoveryHelpers" provided by other subsystems. When
a deployment registers one of these helpers, a lock is taken. The same lock is acquired
when recovering a resource.
If the resource is slow to complete a recovery request, then the subsystem deployment
(which is waiting for the lock) is similarly delayed.
In this release the contention on the lock is broken and subsystems deploy as expected.
B Z #1113225 - C MR : T X lo g d o es n o t sh o w p art icip an t s af t er crash .
In previous releases of JBoss EAP 6, the tooling for reading transaction logs did not
expose CMR records.
THis issue has been addressed in this release.
B Z #1077156 - N o t p o ssib le t o st art XT S t ran sact io n o n IPv6 wit h server b o u n d t o
::1
In a previous release of JBoss EAP 6, it was not possible to start an XST transaction on
IPv6 with a server bound to address : : 1. This was because this part of the address must
be wrapped in square brackets; [: : 1].
This issue has been resolved by splitting the URL into discrete sections and inserting
square brackets as required before it is passed to the XTS core.
Note that if you are using the -b switch in a CLI comment, do not wrap the address portion
of the URL in square brackets as this is contrary to the the specification and will prevent
Webservices from starting.
B Z #10326 4 1 - Illeg alSt at eExcep t io n f ro m p erio d ic reco very wh en server is relo ad ed
wit h XA d at aso u rce b ein g d ef in ed
Previous versions of JBoss EAP 6 could encounter an Il l eg al StateExcepti o n during
some transaction recovery operations.
The transaction recovery system operates by querying resources for their view of 'in-doubt'
transaction branches. It uses a " RecoveryHelper" which JCA registers to achieve this.
18
When a resource is removed from the system, the RecoveryHelper is de-registered. In

previous versions of the product there was a race condition in the code whereby if the
removal happened during a " recovery scan" then the helper was not removed.
This resulted in the possibility that transaction recovery would continue using resources
even though they had been removed from the server (which could produce the
Il l eg al StateExcepti o ns).
In this release, if the current recovery scan is using the resource, it waits for it to finish and
then remove the helper.
B Z #1124 86 1 - Issu e wit h issu e reco verin g AA wit h C MR , reco vers O K b u t via o rp h an
d et ect io n
In previous releases of JBoss EAP 6, if the server crashed during an XA transaction, the XA
resource did not always roll back immediately.
This issue has been corrected by an upgrade of o rg . jbo ss. jbo ssts. Transactions now
roll back and logs are cleaned as expected.
B Z #9 00289 - D o main man ag emen t API d o es n o t exp o se JT S o rp h an s f ro m t h e
t ran sact io n o b ject st o re
The transaction subsystem contained in JBoss EAP 6 maintains a log of pending
transactions. This log is exposed to the console user.
In some circumstances a resource has a log of an in-doubt transaction branch for which
there is no corresponding top level transaction log (but on disk there is a participant log).
Such logs are called " orphans" and by default these were not exposed in previous
versions.
As a result, if the transaction subsystem was configured to use JTS then these orphan
records were not automatically removed resulting in a leak of available storage space.
In this release, the console user can override the default by setting the transaction
subsystem property expo se-al l -l o g s to true. Then the console user has the option to
manually delete these logs, preventing the leak.
JMX
B Z #111324 2 - R emo t in g C o n n ect o r & Versio n ed C o n ect io n Fact o ry n eed
co n f ig u rab le co n n ect io n , ch an n el & versio n ed co n n ect io n t imeo u t s
Previous versions of JBoss EAP 6 contained several hard-coded JMX connection timeouts.
In this release of the product, those intervals can now be configured via a system property
or properties passed in when creating the JMXConnectorFactory:
JMXC o nnecto rFacto ry. co nnect(servi ceUR L, envi ro nment);
The order of priority of these settings is as follows:
1. The default is 30 seconds.
2. The Env map property overrides default.
19
3. The system property overrides values passed into the env map.
Order of specificity:
Specific timeout properties:
1. Channel timeout: o rg . jbo ss. remo ti ng -jmx. ti meo ut. channel
2. Connection timeout: o rg . jbo ss. remo ti ng -jmx. ti meo ut. co nnecti o n
3. Versioned Connection timeout: o rg . jbo ss. remo ti ng jmx. ti meo ut. versi o ned . co nnecti o n
If the o rg . jbo ss. remo ti ng -jmx. ti meo ut property is set and the specific property is
not set, the generic value will be used instead of the default.
B Z #1185118 - ran d o m N PE in R o o t R eso u rceIt erat o r
In previous versions of JBoss EAP 6, the logic in the facade that exposes management
resources as JMX MBeans made an unnecessary duplicate read of child resources. It was
possible for this second read to return a null child if the resource was dynamic and could
be removed due to non-management action (a resource for a temporary JMS queue added
or removed by an application, for example).
As a result, calling remote JMX server methods such as g etMBeanC o unt() by remote
clients could intermittently lead to random NullPointerExceptions with a log message similar
to the following.
[0m[33m18:38:11,612 WARN
[org.jboss.remotingjmx.protocol.v2.ServerCommon] (pool-2-thread12) Unexpected internal error: java.lang.NullPointerException
at
org.jboss.as.jmx.model.RootResourceIterator.doIterate(RootResource
Iterator.java:49)
In this release of the product, the duplicate read of child resources has been removed, with
the value from the initial read (which will never be `null`) used. This ensures the
NullPointerExceptions no longer occur.
R emo t in g
B Z #1126 4 89 - Marsh allin g f ails o n o b ject s t h at req u ire p ermissio n s in t h eir
read O b ject
With the Java Security manager enabled, the java.security.AccessControlException was
thrown when a java.util.Calendar object was passed as an argument or response from an
EJB method, even with a java security policy that provides the necessary permissions. This
issue has been fixed in this release. The exception is no longer thrown and the marshalling
and EJB call succeed.
B Z #116 14 30 - JB o ss Marsh allin g N u llPo in t erExcep t io n o ccu rs wh en o b ject b ein g
clo n ed h as writ eO b ject
20
The JBoss Marshalling NullPointerException used to occur when an object being cloned
has writeObject. This issue has been fixed in this release.
B Z #1153281 - Excessive lo g g in g wh en a JMS messag e is received
The INFO log event was seen every time a JMS message was sent to the server. This issue
has been fixed in this release.
Web C o n so le
B Z #110786 9 - Web C o n so le erro rs o u t an d en d s t h e jb o ssas p ro cess co mp let ely
When JTS is enabled in the `Transactions` section of the web management console, it is
necessary to also set the attribute `transactions` to the value `on` in the JacORB
subsystem.
In previous JBoss EAP 6 versions the user was not notified about this dependency by the
management console.
The behavior has been corrected in this release by adding a validation check to the
console.
B Z #1026 823 - Pro vid e a reliab le way t o clear "R O LE" h ead ers set b y "R u n as" d ialo g
In previous releases of JBoss EAP 6, it was found that when a SuperUser acted on behalf of
another user (with the R u n As link), their role was not reset after the action was taken.
This issue has been addressed and users no longer need to close the browser window and
re-access the Web Console for roles to be reset.
B Z #10176 55 - Web services co n f ig u rat io n valid at io n erro rs
In previous releases of JBoss EAP 6, invalid values for WSD L H o st , WSD L Po rt and
WSD L Secu re Po rt under Profiles > Web > Web Services were not rejected by the web
console.
This issue has been resolved in this release which honors the validation rules from the
management model. Incorrect values are no longer saved.
B Z #1029 851 - man ag emen t co n so le - even af t er can cel t h e p ro cess t o u p lo ad a
d ep lo ymen t f ile, t h e co n t en t is ad d ed t o d at a d irect o ry
An issue present in previous releases of JBoss EAP 6 that caused the upload of files
through the Manage D eployments screen to complete, even if the upload was canceled by
the user, has been corrected in this release.
The issue presented because older versions of the product allowed users to cancel a file
upload operation after the file copy had occurred but before the deployment entry had been
added to d o mai n. xml .
21
In this release of the product, the console workflow has been redesigned to remove the
cancel option during the operation, preventing incomplete operations and inconsistent
states between saved files and <deployment> entries in d o mai n. xml .
H o rn et Q
B Z #116 54 56 - H o rn et Q : D isallo w SSLv3 [ d ef en se- in - d ep t h ]
In this release of JBoss EAP 6, SSLv3 has been disabled due to the recently uncovered
POOD LE vulnerability. More information about POOD LE can be found in in Oracles
security topics: http://www.oracle.com/technetwork/topics/security/poodlecve-2014-35662339408.html
Server
B Z #11106 35 - D ep lo ymen t o verlay f eat u re d o es n o t wo rk if a lead in g / is p resen t o n
t h e o verlay p at h
In previous release of JBoss EAP 6, adding a deployment overlay prefixed with a '/' did not
work.
In JBoss EAP 6.4, this has been fixed. The deployment-overlay works with or with out a
leading '/'
deployment-overlay add --name=example-overlay -content=/lib/example.jar=eap6-overlay-example.jar -deployments=example.ear
Web Services
B Z #11574 82 - EJB 3 Web Service ret u rn s In valid U ser o n p arallel in vo cat io n s
The EJB3 Web Service using username token for authentication would fail if it was loaded
with parallel invocations. If the EJB3 Web Service was using username token for
authentication, it would fail on parallel invocations. This issue has been fixed in this
release.
B Z #1115214 - C XF- 56 79 , C XF- 5724 - WS- S af t er u p g rad e f ails wit h
o rg .ap ach e.ws.secu rit y.WSSecu rit yExcep t io n : T h e sig n at u re o r d ecryp t io n was
in valid
Previous versions of JBoss EAP 6 carried a regression that was introduced in Apache CXF
2.7.10 which failed with the error:
org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
This issue has been resolved and signature verification of WS-Security SOAP messages is
correctly performed.
22
B Z #1121223 - En su re En cryp t ed K ey ref eren ces B in arySecu rit yT o ken b ef o re it
In previous releases of JBoss EAP 6, CXF placed the Bi narySecuri tyT o ken referenced
by the EncryptedKey element after the EncryptedKey element when the WSS timestamp was
not included in the SOAP message.
This could cause receivers that expect the Bi narySecuri tyT o ken referenced by the
EncryptedKey to be above the EncryptedKey element to fail as they had not processed the
Bi narySecuri tyT o ken when attempting to look it up while processing the EncryptedKey
element.
This issue has been resolved by moving the BinarySecurityToken higher in the SOAP
message. Now Encrypted Key elements always reference Bi narySecuri tyT o kens that
have already been found while parsing the SOAP message.
B Z #11554 9 0 - Memo ry leak in JB o ss WS C XF C lien t ' s H an d lerC h ain So rt In t ercep t o r
If the JAX-WS client was implemented with one JAX-WS handler, on invoking the service
port method indefinitely, it resulted in a memory leak. This issue has been fixed in this
release.
EE
B Z #1029 26 0 - C an n o t u se a ear- su b d ep lo ymen t s- iso lat ed at t rib u t e set t in g wit h a
jb o ss- d ep lo ymen t - st ru ct u re.xml
If you configure a ear-subdeployments-isolated attribute with jbo ss-d epl o ymentstructure. xml and put under a <EAR >/MET A-INF directory, the isolation flag was
overwritten by the sub-system configuration.
In JBoss EAP 6.4, this issue is fixed. The order of processing has been updated.
JPA
B Z #1131711 - H t t p Man ag emen t Service- t h read s co n su mes h ig h cp u o n
o rg .jb o ss.as.jp a.h ib ern at e4 .man ag emen t .Q u eryN ame.d isp layab le( )
In the previous version of JBoss EAP 6, HttpManag ementServi ce-thread s on
o rg . jbo ss. as. jpa. hi bernate4 . manag ement. Q ueryName. d i spl ayabl e()
slowed down the performance due to high CPU usage. This was cause due to multiple calls
to Stri ng . repl ace(). This issue is fixed in the current version of JBoss EAP 6.
B Z #1114 726 - JPA en t it y class en h an cemen t may n o t wo rk f o r su b - d ep lo ymen t s
wh en o t h er su b - d ep lo ymen t s ref eren ce t h e en t it y classes
In the previous versions of JBoss EAP 6, entity classes in user applications which are
expected to be rewritten by the persistence provider during application deployment may not
be rewritten. D ue to this, when sub-deployments are deployed in parallel and there are
references to entity classes in other sub-deployments beyond the deployment that contains
23
the persistence unit, the entity class definition is loaded before it is rewritten by the
persistence provider. Thus affecting the performance. This issue is fixed in the current
version of JBoss EAP 6.
JMS
B Z #1070106 - G en eric JMS ad ap t er d o es n o t d ep lo y co rrect ly in d o main mo d e.
In the previous version of JBoss EAP 6, contextual information was not correctly checked
during the add operation. As a result, generic JMS adapter was deployed correctly in
domain mode. This issue is now fixed in the current version of JBoss EAP 6. Generic JMS
adapter can now be deployed in domain mode.
JC A,JMX
B Z #1150821 - JMX D at aso u rce p o o l & jd b c st at ist ics d isap p ear if yo u en ab le
valid at io n
In the previous version of JBoss EAP 6, JMX D atasource pool and jdbc statistics may
disappear if validation was enabled. This was due to a reference to part of the resource
model was held, which became invalid if the model was modified. This issue is fixed in the
current version of JBoss EAP 6. The reference to part of the resource model is not longer
held across operations.
Result: D ataSource statistics do not disappear.
Lo g g in g
B Z #109 6 053 - Syslo g H an d ler d o esn ' t h an d le mu lt i- b yt e ch aract ers co rrect ly
In previous versions of JBoss EAP 6, using
o rg . jbo ss. l o g manag er. hand l ers. Sysl o g Hand l er to log multi-byte characters
may result in corrupted output recorded in the log. For example:
Mar 8 17:29:09 UNKNOWN_HOSTNAME java[9896]: SyslogHandler:
????????????
This issue has been resolved in this release and now characters are output to the log as
expected.
B Z #10314 4 8 - lo g g in g - p ro f ile wo rks f o r a servlet , b u t d o esn ' t f o r a JSP
In a previous release of JBoss EAP 6, logging profiles worked as expected for a servlet, but
did not work for a JSP; all log messages from a JSP went to the system log context.
This issue presented because the class loader that was checked was
o rg . apache. jasper. servl et. JasperLo ad er with a parent class loader of the class
loader that was registered for the log context.
This issue has been resolved by adding an option to the log manager to recursively check
a class loaders parent for a LogContext.
24
B Z #10716 9 5 - In f in it e recu rsio n wh en excep t io n st ack f rame class lo o ku p f ails
The JBoss LogManager when configured with the % E formatter, prints out where the jar
classes are from. If there is a problem loading the class, JBoss Modules prints a warning. In
some circumstances, the exception formatter will trigger infinite recursion between the log
manager loading a class and modules printing a warning.
This issue has been fixed in JBoss EAP 6.4. The situation no longer triggers infinite
recursion and logging.
C lass Lo ad in g
B Z #1155823 - Packag e cert if icat e Secu rit yErro rs t rig g ered b y MO D U LES- 19 2
In previous releases of JBoss EAP 6, the JarFi l eR eso urceLo ad er attempted to retrieve
the certificates before rather than after reading the class stream, which resulted in the
certificates not being loaded.
This would cause a Securi tyErro r to occur when signed classes were loaded
concurrently by multiple threads.
In this release the JarFi l eR eso urceLo ad er retrieves the certificates after reading the
class stream and the Securi tyErro r no longer occurs.
B Z #1172577 - In clu d e ad d it io n al su n .jd k d ep en d en cies
In previous versions of JBoss EAP 6 some classes in the JD K were not exposed to the
application via the sun.jdk that should have been when using JD K
javax. sq l . ro wset. R o wSetP ro vi d er and
java. l ang . i nvo ke. Metho d Hand l eP ro xi es and depending on sun. jd k module.
In this release, applications will find classes in these packages visible when depending on
the sun. jd k module:
com.sun.rowset
com.sun.rowset.providers
sun.invoke
D o main Man ag emen t ,Secu rit y
B Z #1150024 - H ead erParser f ails t o h an d le d elimit ers in D ig est Au t h en t icat o r
Previous versions of JBoss EAP 6 carried a bug in the D igest authenticator which caused it
to not correctly handle escaped delimiters within values contained in the authentication
header.
Additionally, the add-user utility was not correctly escaping usernames that contained the
'backslash' character (\).
As a result, valid authentication requests were being incorrectly rejected.
25
In this release, the parsing of the headers has been re-worked within the D igest
authentication mechanism and the add-user utility now correctly escapes the 'backslash'
character in usernames allowing authentication to occur as expected.
B Z #1153854 - Man ag emen t In t erf ace: SSL co n f ig u rat io n d o es n o t allo w d isab lin g
p ro t o co ls
In previous versions of JBoss EAP 6, it was found that while it was possible to specify the
protocol to request when creating the SSLContext when configuring security realms to
supply a SSLContext it was not possible to specify the protocols or cipher suites to be
supported on the underlying SSLEngine.
This meant that it was not possible to select a strong set of protocols and cipher suites to
be used for SSL connections.
In this release users are now able to specify a set of enabled protocols and cipher suites
within the security realm definition. These will be matched against the supported protocols
and cipher suites to configure the underlying SSLEngine.
In addition, the enabled protocols will be TLSv1, TLSv1.1 and TLSv1.2 by default if no
configuration is specified. SSLv3 and earlier is no longer enabled by default and it is
possible for the protocols and cipher suites to be configured further.
C lu st erin g
B Z #9 9 304 1 - R u n t imeExcep t io n in
o rg .jb o ss.as.web .sessio n .C lu st ered Sessio n .access
Previous versions of JBoss EAP 6, when a distributed web session was being accessed
while another node was abruptly leaving the cluster, a lock acquisition could, in some
instances, fail. When this occurred it resulted in the following exception:
RuntimeException: JBAS018060: Exception acquiring ownership of
<session-id>
The root cause of this issue was that the lock acquisition did not take into account that a
cluster node might leave the cluster at exactly the same time, resulting in the lock
acquisition failure.
This issue has been addressed and the exception no longer presents.
Secu rit y
B Z #1150020 - ad d - u ser u t ilit y d o esn ' t escap e n ames co rrect ly
JBoss EAP 6s add user utility iterates the value being used as the key in a properties file
and escapes all occurrences of special characters.
In previous versions of the product, an error in how the characters were checked caused
only the first instance of the 'equals' character (=) to be escaped. If a username contained a
subsequent 'equals' character, it was not properly escaped, causing the generated
properties file to be unusable.
26
In this release, the special character handling is now corrected to handle all occurrences of
the 'equals' character and usernames containing more than one are correctly written to the
properties file.
B Z #9 79 36 9 - D if f eren t b eh avio rs o f H t t p Sessio n creat io n wit h p ro g rammat ic
lo g in ( )
In the previous versions of JBoss EAP 6, the behavior of HttpSession creation differs when
used together with a following programmatic login:
Without SSO: session is not created while calling the l o g i n() method. Thus,
subsequent requests are unauthenticated
With non-clustered SSO: session is created while calling the l o g i n() method, but the
first call does not set the authentication status. The subsequent requests are
unauthenticated and the user is authenticated after the second call of l o g i n()
method, because the session is already present.
With clustered SSO: session is created while l o g i n() method and subsequent
requests are authenticated
This issue is fixed in the current version of JBoss EAP 6. The
o rg . apache. catal i na. authenti cato r. Authenti cato rBase. ALWAY S_USE_SESSI
O N class has a new option to always create a session.
B Z #9 4 9 737 - Sessio n rep licat io n b ro ken b y N eg o t iat io n Au t h en t icat o r valve
Previous versions of JBoss EAP 6 did not include an option to define global authentication
mechanisms as there was in JBoss EAP 5. To overcome this limitation the advice for
enabling SPNEGO authentication was to manually add the Valve to the jbo ss-web. xml
of the affected deployment.
The consequence of this was that the valve was invoked much earlier in the call and
preceded the valve responsible for clustering. This meant that the JBoss Negotiation valve
created a new HTTP session and the clustering valve did not receive any notifications
regarding the life-cycle of the sessions. As the clustering valve was not receiving the
notification it needed the session was not clustered and replication was affected.
This release of JBoss EAP 6 now supports defining authentication mechanisms globally.
This approach deprecates adding the valve manually to the web applications jbo ssweb. xml .
The SPNEGO authentication valve will now be called after the clustering valve so that the
clustering valve will receive the required notifications relating to session life-cycle and will
replicate the session correctly.
D o main Man ag emen t ,IPv6 su p p o rt
B Z #114 9 6 12 - U ser is ab le t o u se an y- ip v6 - ad d ress in t erf ace o n IPv4 en viro n men t
In previous version s of JBoss EAP 6, the logic for checking for, and rejecting, the
combination of an any-i pv6 -ad d ress configuration for an interface and the
java. net. preferIP v4 Stack= true system property was done when installing the
network interface service rather than waiting until the service was starting.
27
As a result, the check could run on host controller processes that did not need the interface
service, resulting in spurious failures if the server process that would actually use the
interface configuration did not have java. net. preferIP v4 Stack= true set.
In this release, the consistency check is been deferred until the interface service is started,
ensuring it only occurs if the service is actually in use on that process.
Now a server that does not have java. net. preferIP v4 Stack= true set can use anyi pv6 -ad d ress in the configuration of one of its interfaces even if the domain controller or
its own host controller does have java. net. preferIP v4 Stack= true set.
mo d _clu st er
B Z #108356 3 - Mo d _clu st er d rain in g p en d in g req u est s co u d f ail sin ce d ep lo ymen t s
are missin g d ep en d en cy o n mo d _clu st er service ( seen o n JD K 8)
The mod_cluster subsystem was draining and this would fail pending requests. This issue
has been fixed in this release.
B Z #104 4 879 - If "B alan cer n ame in clu d es" u p p ercase let t er in n ame t h en
mo d _clu st er will n o t main t ain st icky sessio n s
In a previous release of JBoss EAP 6, the modcluster module did not maintain sticky
sessions if a load balancers name included upper-case letters.
This issue has been corrected in this release by making the validation of load-balancer
names case-insensitive.
R EST Easy
B Z #109 04 87 - R est easy secu re p ro cessin g t o b e t u rn o n b y d ef au lt t o ap p ly en t it y
exp an sio n limit
Two new RESTEasy parameters have been created to improve security in processing
o rg . w3c. d o m. D o cument documents. Both are co ntext-param parameters and
configured in the web. xml configuration file of the application.
Name: resteasy.document.secure.processing.feature D efault value: true D escription: Impose
security constraints in processing org.w3c.dom.D ocument documents and JAXB object
representations
Name: resteasy.document.secure.disableD TD s D efault value: true D escription: Prohibit
D TD s in org.w3c.dom.D ocument documents and JAXB object representations
Note that Xerces 2.9.1.redhat-6 included in EAP 6.4.0 doesnt support Max attributes limit.
B Z #10889 56 - Malf o rmed B yt eSeq u en ceExcep t io n in N amesp ace t est o n Win d o ws
In a previous release of JBoss EAP 6, when encoding was not specified in the body of a
client request, RESTeasy returned a response in the encoding of the server, not in the
encoding of the original request.
28
This issue has been resolved in this release by setting UTF-8 as the default encoding if no
encoding is requested by the client.
B Z #89 9 6 6 6 - R EST Easy: Emp t y cf g . p aram javax.ws.rs.Ap p licat io n p ro d u ces
excep t io n
The RESTEasy component shipped with previous versions of JBoss EAP 6 threw an
java. l ang . Stri ng Ind exO utO fBo und sExcepti o n: Stri ng i nd ex o ut o f
rang e: 0 error when the javax.ws.rs.Application configuration option in the WEBINF/web. xml file was left empty.
The issue has been corrected in this release with an upgrade to the RESTeasy component.
In st aller
B Z #9 77805 - St art in g JB o ss Ad min ist rat io n C o n so le f ro m st art men u is n o t
wo rkin g o n So laris
D ue to a gvfs-open issue on Solaris, start menu shortcuts for the Administration Console
on Solaris do not work for a JBoss EAP 6 instance that has been installed using the
installer.
From JBoss EAP 6.4 and onwards, start menu shortcuts for the Administration Console will
not be created for JBoss EAP 6 instances that have been installed using the installer on
Solaris.
The Administration Console can be accessed directly in a web browser. If configured with
the default ports, the URLs for the Administration Console are below: For standalone mode:
http://localhost:8080/console For domain mode: http://localhost:9990/console
B Z #103289 2 - U n ab le t o u se t ab f illin g f o r p at h st art in g wit h a d rive let t er o n
win d o ws.
In previous versions of JBoss EAP 6, tab completion for directory paths which start with a
drive letter was not working in the console installer of JBoss EAP 6 on Microsoft Windows
Server.
When entering a path which starts with a drive letter, for example `C:\`, and pressing the
+Tab+ key, nothing was shown. In this situation, it is expected that it will show the contents
of that directory.
This issue has been fixed in this release and tab-completion works as expected.
C D I/Weld ,T ran sact io n Man ag er
B Z #109 8127 - "Failu re wh ile n o t if yin g an o b server o f even t " in C D I t ran sact io n al
o b server met h o d s wit h remo t e EJB call u sin g JT S
In previous versions of JBoss EAP 6, firing a CD I event from a remote EJB client using JTS
transactions resulted in a failure in invocation of transactional observers on the server.
29
This was fixed by correcting the JND I namespace selection for transaction synchronization
callbacks in the Weld integration code.
Transactional observers are now properly invoked in distributed transaction scenarios.
N amin g
B Z #11316 26 - ER R O R : remo t e lo o ku p C h an n el en d n o t if icat io n received , clo sin g
ch an n el C h an n el ID is seen wh en lo o kin g u p a remo t e q u eu e
In previous versions of JBoss EAP 6, an error could be encountered when performing a
lookup on a remote queue from within an EJB, even though the operation executed
successfully.
An upgrade to the jboss-remote-naming has resolved this issue.
D o main Man ag emen t ,T est su it e
B Z #107806 2 - Man ag emen t C lien t C o n t en t T est C ase is so met imes f ails ( d if f eren t
JD K d o r mast er an d slave)
In previous release of JBoss EAP 6, map used in the storage mechanism for managementclient-content returned different values of the 'hash' attribute for the management-clientcontent=rollout-plans resource on different processes in a domain.
In JBoss EAP 6.4, this error is fixed by updating the map with consistent ordering used for
storing management-client-content. The 'hash' attribute for the management-clientcontent=rollout-plans resource returns the same value on all processes in a domain.
JC A
B Z #1107120 - Failu res wh en d ep lo yin g MySQ L JD B C d river t o EAP 6 .x
A previous release of JBoss EAP 6 carried a bug that prevented the MySQL JD BC driver
being depoyed under certain circumstances.
The deployment would fail, informing the user that the deployment already existed. Any
attempt to remove an existing deployment also failed.
This issue has been resolved and the driver deploys as expected.
Web C o n so le - U X
B Z #1016 54 6 - R B AC : U n clear erro r messag e wh en t ryin g t o co n f ig u re Au d it o r ro le
as Ad min ist rat o r
In previous releases of JBoss EAP 6, if a user attempted to perform an operation which they
did not have permission to execute, they would receive the following error message:
Yo u d o n ' t h ave t h e p ermissio n s t o access t h is reso u rce!
30
This message could be confusing to users as they were attempting to perform an operation,
not attempting to access a resource. This error text has been clarified and now reads:
Yo u d o n ' t h ave t h e p ermissio n s t o p erf o rm t h is o p erat io n !
Secu rit y,Web
B Z #9 52518 - ru n - as d o es n o t wo rk f o r Servlet in it ( ) an d d est ro y( ) met h o d s
Previous versions of JBoss EAP 6 carried an issue where the run-as identity was not
being used for Servl et. i ni t(), which was contrary to the Java Servlet 2.4 specification.
This was caused by the R unAsLi stener not existing in JBoss EAP 6 as it had previously
in JBoss EAP 5.
This issue has been addressed in this release and the product now adheres to the
specification in this regard.
Scrip t s an d C o mman d s,Secu rit y
B Z #9 0119 3 - ad d - u ser ch eck is n o t i18n , wh ile p ro mp t is
The add-user utility in JBoss EAP 6 prompts users to confirm the action they are about to
take based on the current locale. Where user input was being compared with the different
translations, the user input was being converted to lower case whilst the translated value
was not.
This meant the add-user utility was not able to identify which option the user had selected
due to the difference in case for comparison and was reporting an error to the user to tell
them they had not selected a valid value.
In this release both the users input and the translated values being compared are
converted to lower case before comparison. Internationalized responses are now correctly
accepted for the confirmation dialogues within the add-user utility.
IPv6 su p p o rt
B Z #9 0056 4 - Wro n g f o rmat o f IPv6 ad d resses in lo g en t ries
Logged IPv6 addresses in previous releases of JBoss EAP 6, were not wrapped in square
brackets as required. In this release, the handling of IPv6 addresses has been addressed
and they are bracketed in logs as expected.
Ap ach e Server ( h t t p d ) an d C o n n ect o rs
B Z #118876 9 - sn mp d .co n f isn ' t lo ad ed o n Win d o ws excep t it is in co n f
It was found that the SNMP C o nf configuration settings were ignored in previous versions of
JBoss EAP 6 installed on Windows systems, causing the agent to start on port 161.
In this release, the snmpd.conf.sample configuration has been added to etc/httpd /co nf
and is honored as expected.
31
Picket Lin k
B Z #117079 2 - SAML11T o ken Pro vid er an d SAML20T o ken Pro vid er d o n o t t ake
C LO C K _SK EW in t o acco u n t
In previous versions of JBoss EAP 6, the `SAML11TokenProvider` and
`SAML20TokenProvider` did not take the `CLOCK_SKEW` attribute into account when
validating the tokens.
As a result, if the clock on the validating host and the STS are not synchronized,
authentication could fail.
In this release, the `SAML11TokenProvider` and `SAML20TokenProvider` have been
modified to honor the `CLOCK_SKEW` during token validation. The clocks on the validating
host and STS can be misaligned within the `CLOCK_SKEW` limit and authentication will
succeed.
C LI
B Z #1139 515 - cli d ep lo y co mman d wit h u n p aired q u o t at io n mark cau ses
St rin g In d exO u t O f B o u n d sExcep t io n
When running previous versions of Jboss EAP 6 on Windows, using jbo ss-cl i . bat to
deploy an application would throw an exception when trying to tab complete an open quote
(" ).
Attempting this action would result in the following error:
java.lang.StringIndexOutOfBoundsException: String index out of
range: -1
In this release, the exception will not occur.
H ib ern at e
B Z #1132207 - H H H - 9 389 Fo reig n key co lu mn n ame f o r t ab le map p in g
@ Elemen t C o llect io n u ses en t it y class n ame in st ead o f sp ecif ied en t it y n ame
In previous releases of JBoss EAP 6, the name attribute for @Entity(name=" ..." ) is ignored in
computing the prefix for foreign key columns used to join the entity table to tables mapping
@ElementCollection properties
As a result, the computed foreign key prefix is the entity class name rather than the name
supplied in the @Entity annotation
In this release, the @Entity annotation name property is used to compute the foreign key
name prefix. For example, the ``@Entity(name=" prod" )` public class Product will result in a
computed foreign key (for the @ElementCollection table) with the prefix 'prod' rather than
'Product'.
R PM
32
R PM
B Z #1124 516 - File sn mp d .co n f .samp le is missin g in rp m
The 'httpd/conf.d/snmpd/snmpd.conf.sample' file was missing from the following versions of
the 'mod_snmp' RPMs:
mod_snmp-2.4.1-7.GA.ep6.el5.i386.rpm
mod_snmp-2.4.1-7.GA.ep6.el5.x86_64.rpm
mod_snmp-2.4.1-8.GA.ep6.el6.i386.rpm
This issue has been resolved in this release of the product.
T ab le 1. O t h er R eso lved Issu es
BZ #1187027: D eprecation of :enable / :disable operations for datasources
BZ #1168836: Back port of JBTM-2279 in to JBoss EAP 6.4
BZ #1152477: Annotation @RolesAllowed doesn't work for generic types in EJBs
BZ #1151526: SAAJ SOAPConnection doesn't return SoapFault for HTTP 400
BZ #1148728: Property substitution for username in remote-outbound-connection doesn't work
BZ #1147715: use JCA XidWrapper only if needed
BZ #1139102: The node-identifier default value uses invalid dash char '-'
BZ #1138595: Can't get implementing classname for JSR77 MBean
BZ #1132207: Foreign key column name for table mapping @ElementCollection uses entity class
name instead of specified entity name
BZ #1127999: JBOSS JSP class loading problem due to case insensitivity
BZ #1127329: Invalid boolean values are set to 'false' instead of null
BZ #1127318: JAXB Unmarshaller sets the incorrect element as nil
BZ #1104691: Hosted page is not served properly (jsp headers not taken into account, served as
text)
BZ #1103735: Classloader leak in JBossCachedAuthenticationManager
BZ #1098074: AccountID PMapProvider parameter of AccountChooserValve is ignored
BZ #1085500: JBoss Negotiation should fallback to form authentication instead of returning 401
BZ #1064217: SAML Assertion parsing - empty AttributeValue raises exception
BZ #1062104: JAAS login module's logout() method is not invoked with cache-type=" infinispan"
BZ #1062101: JAAS login module's logout() method is not invoked removing cache-type
BZ #1057835: JBoss EAP6 is not able to parse ejb-jar.xml of version 2.0
BZ #1054556: AuditProvider mentions " [Success]" even if username/password is invalid
BZ #1024239: Strange behaviour of connection-properties=hoge:remove, :disable and :remove of a
datasource
BZ #1018026: Fail to remove the content file from the domain/servers/serverName/data/content
folder when undeploying application from a stopped server
BZ #900984: Setting transaction timeout on UserTransaction leaks to the thread and doesn't get
cleared
BZ #1149020: EJB Compression missing Server Side Handler
BZ #1090406: Server fails to start when transactions subsystem attribute process-id-uuid is set to
false
33
BZ #1080140: JTS transaction log record type PREPARED is not changed to HEURISTIC after
connection to db is restored
BZ #1080035: Inconsistency for recovery when db connection fails for Oracle database when
running on JTS
BZ #1001909: Last resources is not committed prior to other resources
BZ #1188643: PicketLink throws java.lang.RuntimeException: PLFED 000092: Null Value:
D estination is null
BZ #1188642: SAML11TokenProvider and SAML20TokenProvider do not take CLOCK_SKEW into
account
BZ #1187026: D eprecation of -ds.xml deployments
BZ #1172419: EAP6 unable to use ports > 32767
BZ #1171863: Backport WFLY-4140: In some case :activate on resource-adapter fails if id !=
archive_name
BZ #1170359: InitialContext re-wrapping specific NamingExceptions with more generic
NamingException
BZ #1163646: Setting " org.jboss.as.jaxrs.enableSpringIntegration" to " true" causes
JaxrsSpringProcessor to throw NullPointerException
BZ #1158498: Cannot enable NamingStrategyD elegator implementations using entity manager
BZ #1155815: Array of size 0 causes java.lang.ClassCastException
BZ #1154936: Add optional fastinfoset dependency in org.apache.cxf
BZ #1148603: Hibernate AbstractCollectionPersister method processQueuedOps calls a
deprecated method which has negative impact on the performance
BZ #1147412: D atasource recreated upon delete or disable if max connections InUse
BZ #1140278: Logging application constraints don't allow D eployers to modify logging in web
console
BZ #1132188: Prefill does not work for the last url in connection-url when HA D atasource failover is
enabled
BZ #1131691: JBoss Remoting version (unknown) in AS log
BZ #1131612: PickletLink IdP Filter eating cookies added to response by other filters
BZ #1131225: Fallback to FORM authentication when an invalid kerberos token is used
BZ #1130863: Setting some locales causes missing buttons on console and throws errors
BZ #1128278: HQL FromElement is not reused in some cases resulting in an additional join
BZ #1125004: vault.sh / VaultSession fail when using specific keystore password / salt / iteration
count combination
BZ #1124086: Vault should throw exception if different alias name is specified to vault
BZ #1117364: Setting " Socket Timeout" or " Stop Context Timeout" to 0 in mod_cluster
configuration yields " Unknown error"
BZ #1115650: jboss-remote-naming thread does not shutdown even if calling
" javax.naming.InitialContext#close()"
BZ #1192088: - Reserve static gid/uid for jboss user
Report a bug
3.2. Known Issues

JSF
B Z #109 6 9 05 - In st an t iat io n Excep t io n o n Weld Ap p licat io n Fact o ry wh en swit ch in g
t o JSF 1.2 in EAP 6 .2.
JBoss EAP 6 allows users to choose a JSF version for a deployment using descriptors
bundled with the deployment.
34
This, however, currently does not work correctly when the deployment also uses CD I. It is
currently not possible to have two different deployments use different versions of JSF if both
deployments also use CD I.
When this is attempted, an exception is thrown and the deployment fails with the following
error:
java.lang.InstantiationException:
org.jboss.as.weld.webtier.jsf.WeldApplicationFactory
Though using JSF 1.2 with CD I is not officially supported, since JSF 1.2 is an EE5
technology and CD I is an EE6 technology, it is still possible to make JSF 1.2 work with CD I
for all deployments using the following workaround:
1. Set 1.2 as the default JSF version in EAP by executing the following command in
jboss-cli: /subsystem= jsf/: wri te-attri bute(name= d efaul t-jsf-i mpl sl o t,val ue= 1. 2)
2. Configure JSF 1.2 dependency for the Weld module in both
/mo d ul es/system/l ayers/base/o rg /jbo ss/wel d /co re/mai n/mo d ul e. x
ml and
`/mo d ul es/system/l ayers/base/o rg /jbo ss/as/wel d /mai n/mo d ul e. xm
l by changing the line <mo d ul e name= "javax. faces. api "/> to <mo d ul e
name= "javax. faces. api " sl o t= "1. 2" />
3. Restart the server.
EJB
B Z #11884 20 - EJB Asyn ch ro n o u s p ass PO JO b y ref eren ce lead in g t o
C lassC ast Excep t io n erro rs in remo t e in vo cat io n s
In this release of JBoss EAP 6, an Asynchronous EJB call via the EJB's Remote Interface
from a client to an EJB running in the same JVM fails with a ClassCastException.
This is because the request/response are not being marshalled as they should and the
client and EJB are not using the same classloader.
This is expected to be resolved in a future release and the request/response will be
marshalled as it should since it is a Remote interface call, allowing the client and EJB to
use different classloaders and not fail with a ClassCastException.
B Z #1020074 - EJB clien t s d o n o t at t emp t t o reco n n ect t o an y receivers u n t il all
receivers h ave f ailed
This release of JBoss EAP 6 carries an issue in the EJB component.
EJB clients should attempt to reconnect to receivers when they detect a failed connection.
Instead the connection attempt is not made until there are no available receivers.
As a result, this makes it ineffective to use this method in a load balancing configuration.
The cause of this problem is still under investigation.
35
B Z #9 5274 6 - Fix t ran sact io n reco very f ailu res in vo lvin g remo t e EJB reso u rce
In this release of JBoss EAP 6, transaction recovery operations can fail if they involve
remote EJB resources that may have crashed.
The issue presents because when a connection breaks down between the server and the
client (specifically when the client crashes and is restarted); the server and the client will not
automatically communicate with each other.
In these scenarios, the server will have no knowledge that the client has started again,
effectively meaning that the EJB tx recovery process will not know which EJB nodes to
communicate with.
This issue is under investigation and a solution is being developed.
B Z #1036 04 0 - C allin g EJB wit h "R EQ U IR ES_N EW" t ran sact io n at t rib u t e creat es t wo
t ran sact io n s.
In this release of JBoss EAP 6, an issue in the EJB component causes transaction statistics
to show an incorrect number of processed transactions.
This is becuase the C MT T xIntercepto r and Li fecycl eC MT T xIntercepto r
interceptors create two transactions when handling EJB requests. One is a dummy
transaction and other is used for managing resources. This results in the one EJB request
being counted twice in statistics.
There is no workaround available at this time.
B Z #9 9 0102 - C o n cu rren t access t imeo u t - - co u ld n o t o b t ain lo ck wit h in 5000
MILLISEC O N D S
This release of JBoss EAP 6 carries a bug that could produce a co ncurrent access
ti meo ut when an EJB client invoking a method on a stateful bean in a " forwarding"
cluster; this bean forwards the call to stateful beans in a " target" cluster, and then back
again. Invocations are serial; the client will not invoke a method on a bean until it got a
response to previous invocation. When one of the servers in the cluster is shut down, the
error occurs.
Web
B Z #1076 4 39 - N IO 2 C o n n ect o r is n o t p ro p erly relo ad ed d u rin g relo ad o p erat io n o n
IB M JD K ( IB M JD K 1.7 an d 1.8)
If this release of JBoss EAP 6 is started on IBM JD K 1.7 or IBM JD K 1.8 and an attempt is
made to reload the server, following error message appears in logs.
ERROR [org.apache.coyote.http11.Http11NioProtocol] (MSC service
thread 1-6) JBWEB003043: Error initializing endpoint:
java.net.BindException: Address already in use
36
This error is caused by an issue with the IBM JD K which results in the NIO2 connector not
reloading properly and the original remaining running. To work around this issue, either
use different connector (note that each connector has its own capabilities) or use a different
JD K.
This issue is expected to be resolved in a future release of the product.
B Z #9 18130 - JB o ssWeb co n n ect o rs st art b ef o re ap p licat io n d ep lo ymen t s are
co mp let ed in EAP 6
A timing issue with JBossWeb connectors on startup has been discovered, in which the
connectors start and accept requests before applications are fully deployed.
In these circumstances, client connections via either a load balancer or direct to JBoss EAP
are returned a 4 0 4 message. This issue affects JBoss EAP versions 6.0.1 and greater.
No workaround is available but the issue is under investigation.
B Z - 1086 39 9 - Web So cket s sh o u ld su p p o rt C D I as p er JSR - 356
The JBoss EAP 6.4 WebSocket implementation provides full dependency injection support
for server endpoints, however, it does not provide CD I services for client endpoints.
CD I support is limited to that required by the EE6 platform, and as a result, EE7 features
such as interceptors on endpoints are not supported.
R PMs
O p en jd k p ackag es n o t p ro vid in g ' java' in met ad at a
Several Openjdk packages (1.6.0, 1.7.0 and 1.8.0) do not provide " java" in the RPM
metadata, which breaks compatibility with packages that require Java and are available
from the JBoss EAP channel. To work around this problem, install another package that
provides " java" in the RPM metadata before installing one of the above Openjdk packages.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1189530
Web C o n so le
B Z #1180206 - U n ab le t o u n set wsd l- p o rt an d wsd l- secu re- p o rt if wro n g valu e is
en t ered f irst
It is not possible to change values of WSD L attributes port and secure port back to
und efi ned via console if they already have any value set. Input fields for these attributes
currently allows only numeric values and don't handle empty string as und efi ned .
Workaround: To unset these attributes, use one of the following command in the
management CLI:
37
/subsystem=webservices:undefine-attribute(name=wsdl-port)
/subsystem=webservices:undefine-attribute(name=wsdl-secure-port)
B Z #1014 04 8 - R B AC : Lo g in rig h t af t er lo g o u t wo n t clear U I p ro p erly in d o main
mo d e
In some cases, when logging out of the Web Console, the console is partially rendered
before logging in as another user. This leads to " mixed" content where parts of the screen
are rendered as if the old user was logged in and parts of the screen as the new user was
logged in.
This issue is not a security risk and no sensitive data will be revealed.
As a workaround, close the browser window (not just the active tab) and log in as the new
user.
B Z #1027586 - R B AC : Web co n so le is t o o co arse- g rain ed wit h ap p licat io n reso u rces
In this release of JBoss EAP 6, when a resource is defined as an application resource, the
console may not reflect that definition. This is because the console often groups several
resources under one view. The controls in the views are available if all related resources
are writable. If any of these resources is configured as an application resource, however,
the related controls will still be disabled.
The current workaround is to, if possible, configure all resource types associated with a
subsystem as application resources.
JMS
B Z #1033008 - G en eric JMS R A is n o t co n sist en t wit h t h e EE sp ec - it d o es *n o t *
ig n o re t h e p aramet ers wh en sessio n is creat ed in t h e t ran sact io n co n t ext
This release of JBoss EAP 6 carries the following issue in the JMS component.
When a session is created in a transactions context and parameters are passed to the
generic JMS resource adapter, a Nul l P o i nterExcepti o n (NPE) occurs.
The issue occurs because the processing of parameters is attempted, when the Java EE
specification states that they are n o t to be processed.
The root cause of the issue is under investigation, but until then a workaround is to set the
session to be transacted, as per the following example. With this workaround, the NPE will
not occur.
connection.createSession(true, Session.SESSION_TRANSACTED);
Secu rit y
B Z #11036 84 - U n ab le t o sh are Id en t it y Secu rit y D o main acro ss d at aso u rces
38
This release of JBoss EAP 6 carries a bug that presents the error
javax. reso urce. R eso urceExcepti o n: No matchi ng cred enti al s i n
Subject! when multiple datasources are defined backed by the same security domain.
This issue is being investigated and is expected to be resolved in a future release of the
product.
B Z #10526 4 4 - Ld ap Ext Lo g in Mo d u le can n o t f in d cu st o m ld ap so cket f act o ry
In this release of JBoss EAP 6 the Ld apExtLo g i nMo d ul e does not set the TCCL to the
classloader of a (configurable) JBoss module. The JBoss module would contain a custom
socket factory.
As a consequence the Ld apExtLo g i nMo d ul e cannot use custom socket factories for
creating connections to the ldap server. A C l assNo tFo und Excepti o n will be thrown
when attempting to use a custom socket factory with the Ld apExtLo g i nMo d ul e.
This issue will be resolved in a future release of the product.
B Z #114 54 9 0 - FIPS 14 0- 2 co mp lian t mo d e d o esn ' t wo rk in JD K - 8
This release of JBoss EAP 6 carries the following JD K8 issue:
When using an RSA client key exchange in SSL/TLS protocols, the SunJSSE provider
cannot work in FIPS 140 compliant mode. This issue does not impact the default mode of
SunJSSE.
More information can be found at: http://www.oracle.com/technetwork/java/javase/8-knownissues-2157115.html
B Z #1015524 - R B AC : u n ab le t o d ep lo y t h e same d ep lo ymen t wh ich was alread y
d ep lo yed b y u ser f ro m d if f eren t server- g ro u p sco p e
When role-based access controls are enabled, management users with server-group
scoped roles might have new deployments fail with the following message:
"JBAS014807: Management resource '[(\"deployment\" =>
\"example.war\")]' not found"
This occurs because a deployment with the same name already exists in the domain. This
is correct behaviour. However because the management user is scoped to a server group,
they will be unable to see if such a deployment already exists in another server group. This
makes it difficult to avoid this confusing error.
To workaround this limitation, Red Hat recommends that either non-scoped roles are
assigned to the users responsible for adding deployments to a domain, or that a list of
deployment names is maintained so that management users are aware of them.
B Z #10216 07 - R B AC : T h e t wo kin d s o f n o n - ad d ressab ilit y
Some resources are non-addressable to server-group and host scoped roles in order to
39
provide a simplified view of the management model to improve usability. This is distinct from
resources that are non-addressable to protect sensitive data.
For server-group scoped roles this means that resources in the pro fi l e, so cket
bi nd i ng g ro up, d epl o yment, d epl o yment o verri d e, server g ro up, server
co nfi g and server portions of the management model will not be visible if they are not
related to the server-groups specified for the role.
For host-scoped roles this means that resources in the /ho st= * portion of the
management model will not be visible if they are not related to the server groups specified
for the role.
However in some cases this simplified view can hide information that while it is outside the
scope of what the user is managing, it can provide guidance to the user as to a course of
action. An example of this is BZ # 1015524.
In a future release, some of these non-addressable resources might be changed to be
addressable but non-readable. This will not affect the security of the server because they
were not non-addressable for security reasons. Red Hat recommends that you do not rely
on the non-addressability of resources to hide information unless the non-addressability is
defined in a sensitivity constraint.
C lu st erin g
B Z #9 176 35 - Failed t o lo ad sessio n : N u llPo in t erExcep t io n
A Known Issue in this release can cause a NullPointerException with a 'Failed to load
session' message to be encountered after application deployment in some circumstances.
This issue is expected to be resolved in a later release of the product.
B Z #9 59 9 51 - C ach eExcep t io n : java.lan g .R u n t imeExcep t io n : Failu re t o marsh al
arg u men t ( s) at server sh u t d o wn
On shutdown of a server the following message may be logged:
CacheException: java.lang.RuntimeException: Failure to marshal
argument(s) at server shutdown
This message occurs because Infinispan does not yet support clean shutdown and can be
safely ignored. This issue is being investigated but no known workaround is available.
B Z #9 0116 2 - T imeo u t Excep t io n : U n ab le t o acq u ire lo ck
A Known Issue exists in this release of JBoss EAP 6 that produces a
T i meo utExcepti o n: Unabl e to acq ui re l o ck under some circumstances.
This issue is expected to be resolved in a later release.
B Z #9 004 83 - St ale sessio n d at a received wh en u sin g D IST SYN C o n jvm kill
D uring testing, some cases showed that stale session data was received when a node shut
40
down and D IST SY NC or D IST ASY NC cache mode was used. This issue is still under
investigation.
B Z #9 009 4 6 - Illeg alSt at eExcep t io n : C ach e is in ' T ER MIN AT ED ' /' ST O PPIN G ' st at e.
This release of JBoss EAP 6 carries a bug that may cause an Il l eg al StateExcepti o n
to appear after an application is undeployed on one node within 5 seconds of having been
deployed on another node within the cluster.
This issue in under investigation and is expected to be resolved in a future release.
B Z #9 00378 - C D I b ean s wit h SET rep licat io n t rig g er are n o t rep licat in g
D ue to a bug in the Weld component, the setAttri bute method is not called correctly.
This causes CD I beans with the SET replication trigger to fail to be replicated.
The workaround is to use the SET _AND _NO N_P R IMIT IVE_G ET trigger for these beans.
This will be fixed in a future release.
B Z #9 226 9 9 - Illeg alSt at eExcep t io n : At o micMap st o red u n d er key X h as b een
co n cu rren t ly remo ved !
An IllegalStateException can be thrown in rare cases when routine processing expiration
and passivation accesses a session that is concurrently removed. This causes an
exception to be thrown and logged.
The exception can be ignored. However, disabling session passivation will ensure the
problem is avoided.
B Z #1039 081 - Please remo ve "p at h " an d "relat ive- t o " at t rib u t es f ro m C LI.
D ue to functionality not included in JBoss EAP 6, the path and rel ati ve-to attributes
have no use in the transactions subsystem of the CLI. These attributes have been
deprecated in this release of the product and will be removed entirely in a future release.
JD R
B Z #9 176 83 - Jd r u t ilit y g en erat es wro n g arch ive en t ry n ame ru n n in g o n Win d o ws
A bug has been found in the JD R utility when used in Windows environments. It has been
reported that the utility will append the last character of the originating $JBOSS_HOME
directory to the JBOSS_HOME directory created inside the archive.
For example, for an originating JBOSS_HOME directory named 'jboss-eap-6.2' the JD R
utility would produce an archive directory called 'JBOSS_HOME2'.
The cause of this bug is still being investigated and no workaround to prevent it exists.
41
XML Framewo rks
B Z #106 5128 - Perf o rman ce issu e wit h Xalan t ran sf o rmer an d very larg e t ext n o d es
A bug has been found in this release of JBoss EAP 6 that causes performance issues when
attempting to convert large text nodes using the Xalan Transformer. When using the
Transfomer to convert a StreamSource to D OMResult, the performance of the Transformer
decreases as the size of the character data increases. This is a Known Issue and will be
corrected in a later release of the product.
C LI
B Z #1054 874 - jb o ss- cli.sh cyg win su p p o rt
This release of JBoss EAP 6 contains a bug that may create problems using the product in
a Cygwin environment.
D ifferences in the POSIX and Microsoft Windows pathing implementations may cause the
path variables in the jboss-cli.sh shell script to not function as expected.
Web Services
B Z #1079 04 9 - Pro b lem u sin g @ Sch emaValid at io n in co mb in at io n wit h wsrm 1.1
If a client sends a WS-RM 1.1 message that references C reateSeq uence to an endpoint
that utilizes WS-RM along with schema validation, the application throws the following
error:
Unmarshalling Error: cvc-elt.1: Cannot find the declaration of
element 'CreateSequence'.
C reateSeq uence is not found in the fG rammerP o o l in
o rg . apache. xerces. i mpl . xs. XMLSchemaLo ad er because CXF and JBossWS do
not yet fully support WS-RM 1.1.
B Z #1074 36 8 - Sch ema elemen t g en erat ed f ro m excep t io n class d o esn ' t h o n o r
@ XmlElemen t an n o t at io n
A bug has been found in this release of JBoss EAP 6 wherein Schema generated from
exception classes do not honor the @XmlElement annotation. This issue will be resolved in
a future release of the product.
mo d _clu st er
B Z #9 0004 7 - Syst emMemo ryU sag eLo ad Met ric is n o t co rrect o n Lin u x/U n ix
The SystemMemo ryUsag eLo ad Metri c does not show useful information on Linux or
42
UNIX operating systems. For these systems, HeapMemo ryUsag eLo ad Metri c provides
more useful information. The solution to this problem will be to change the algorithm of
SystemMemo ryUsag eLo ad Metri c to subtract the buffers/cache value from the used
number.
The best method for doing this is under investigation.
B Z #10854 27 - St ickySessio n s d o n ' t wo rk f o r Pro xyPass f ro m u n en ab led co n t ext
This release of JBoss EAP 6 carries a bug that prevents StickySessions from working for
ProxyPass from unenabled context. This issue is expected to be resolved in a future
release.
B Z #9 01170 - Ap ach e wit h mo d _clu st er ref u ses t o st art ( man ag er.n o d e)
Customers have reported that in Windows Server 2008 environments with User Account
Control (UAC) enabled, files and directories required for mo d _cl uster are not created.
As a result, the Apache httpd process fails to start in JBoss EAP 6 installations that utilize
mo d _cl uster. The following error is produced:
[Tue Nov 06 07:55:18 2012] [emerg] create_mem_node C:/tmp/jbossews-2.0/var/cache/mod_cluster/manager.node failed: Access is
denied.
Configuration Failed
While disabling UAC prevents this issue from occurring, it has been concluded that this
issue is caused by a Windows administration error.
If the correct path is set in MemManag erFi l e, the issue only presents when user/service
permissions are misconfigured.
This scenario could most likely occur in D omain Controlled environments where the
D omain Administrator must grant the proper D omain permissions so that UAC does not
consider MemManag erFi l e as a threat.
No further action will be taken on this issue.
R EST Easy
B Z #89 9 6 6 4 - R EST Easy: B o o lean co n f ig u rat io n p aramet ers d o n ' t reject n o n - sen se
co n t en t
This release of JBoss EAP 6 carries a bug that allows invalid Boolean configuration
parameters to be set. This behavior is unintended as invalid parameters should be rejected
and the application should not be deployed.
This issue is expected to be resolved in future release of the product.
JC A
43
B Z #1184 6 10 - R ace co n d it io n reg ist erin g reso u rce ad ap t ers at st art u p

This release of JBoss EAP contains a race condition when registering resource adapters
where multiple threads may attempt to create the resource adapters subsystem.
Where multiple resource adapters have been defined, two or more threads may try to create
the resource adapters subsystem in memory (e.g. during server startup). Only one thread
can successfully complete this task. Other threads will fail, leaving one or more resource
adapters in an non-deployed state.
T ab le 2. O t h er K n o wn Issu es
BZ #1018705: MOD CLUSTER000022: Failed to drain n remaining pending requests
BZ #1097211: JBossWS testsuite failures on Solaris11 and JD K7 with BC and unlimited
cryptography
BZ #1110515: mod_cluster Connected count shows improper inflation
BZ #1125934: access-log does not log 404 for non-existent context when enable-welcome-root is
set to false in EAP
BZ #1142804: PicketLink SAML based SSO using RED IRECT binding: redirect to SP is sent with
non-zero content-length header without a content
BZ #1146238: Can't login to admin console with JAAS secured management interfaces with -admin-only
BZ #1147352: Overlay does not work for subunits in exploded deployments
BZ #1157766: VirtualHosts share pointer to mod_proxy configuration, results in: CreateBalancers
behave the same with option 0 or 2
BZ #1166881: SPFilter needs to updated to match functionality of SP valve
BZ #1168441: CovalentSNMP/2.3.0, mod_snmp Apache HTTP Server doesn't start with the sample
file on Windows
BZ #1184956: Session draining difference between EAP 6.3 and EAP 6.4
BZ #1185060: Infinispan JAAS cache implementation does not call logout on eviction/removal
BZ #1193459: error-info\n messages with CovalentSNMP/2.3.0, mod_snmp Apache HTTP Server
BZ #901164: Servlet @Inject-ing SFSB timeouts/receives stale data/sessions are lost after failover
BZ #1181036: Change in AdvertiseSecurityKey on the httpd side shouldn't be ignored by running
workers
BZ #1168921: Kerberos authentication for Management CLI does not work with IBM JD K
BZ #1187092: Kerberos authentication for remoting EJB does not work with IBM JD K
Report a bug
4 . Unsupport ed and Deprecat ed Feat ures

4 .1. Unsupport ed Feat ures
The following features are not currently supported in JBoss EAP 6.4.
mo d _jk an d mo d _clu st er wit h Ap ach e o n R H EL 7
Apache HTTP Server version 2.4.6, which ships with Red Hat Enterprise Linux 7, is not
supported for use with mo d _clu st er and mo d _jk delivered as a part of the JBoss EAP 6
installation (either zip or RPM).
44
In order to use mo d _clu st er and/or mo d _jk, install the Apache HTTP Server (version
2.2.26) included as part of the JBoss EAP zip or RPM distribution.
mo d _rt an d mo d _sn mp
The mod_rt (mo d _rt. so ) and mod_snmp (snmpmo nag t. so ) modules that are shipped
with JBoss EAP 6's Apache HTTP Server distribution are not supported.
More information about support for these modules can be found in the Enterprise Web
Server 2.1 documentation.
fail_on_status p aramet er u n u sab le wit h H P- U X v11.3 h p ws h t t p d B .2.2.15.15.
The fail_on_status ProxyPass parameter is not provided in the H P- U X v11.3 h p ws
h t t p d B .2.2.15.15 Ap ach e H T T P Server published by HP. Therefore this parameter
cannot be used with mo d _clu st er implementations using this HTTP server.
Red Hat offers a patched version of httpd 2.2.15 in Red Hat Enterprise Linux 6 that supports
this parameter. Read more about the patch at:
http://pkgs.devel.redhat.com/cgit/rpms/httpd/tree/httpd-2.2.15-proxy-failonstatus.patch?
h=rhel-6.7&id=295e30e7413300d714cce1d983ecf25ec08ae17c
ST O MP Pro t o co l wit h H o rn et Q
HornetQ has community level support for the STOMP protocol. That protocol has not
received testing from Red Hat and is not supported by JBoss EAP.
R EST Pro t o co l wit h H o rn et Q
HornetQ has community level support for the REST protocol. That protocol has not received
testing from Red Hat and is not supported by JBoss EAP.
IPv6 Limit at io n s o f JD K 6
The following IPv6 limitations are caused by JD K 6, and are not defects in JBoss EAP 6.
On Microsoft Windows Server, JD K 6 has only a partial IPv6 implementation. This
implementation is not sufficient to run JBoss EAP 6. Full IPv6 support on Microsoft
Windows Server requires JD K 7.
On Red Hat Enterprise Linux, a bug in Oracle JD K 6 means that any address specified
on a client (the network point establishing the connection) which contains a zone-id will
fail. To use a zone-id, either upgrade to JD K 7, or use IcedTea/OpenJD K 6, which is
available for Red Hat Enterprise Linux, and does not exhibit this bug. For more
information about the bug, refer to http://bugs.sun.com/bugdatabase/view_bug.do?
bug_id=6800096 and https://issues.jboss.org/browse/JBPAPP-8833.
JPA 2.0 C o n t ext Pro p ag at io n O u t sid e o f a JT A T ran sact io n
The propagation of Extended Persistence Contexts (XPC) was not taking into account the
existence of a transaction, with the XPC always being propagated. That behaviour is not in
accordance with the JPA 2.0 specification. The handling of XPC has been modified so that
when there is no transaction active the XPC's propagation is ignored and the bean being
invoked has its own Persistence Context instead of the XPC.
If your application expects extended persistence contexts to be propagated outside of JTA
transactions, you need to consider if your application needs to be modified. Refer to the
JBoss EAP 6 Migration Guide for instructions on updating your application.
45
JBoss Enterprise Application Platform 5 provided a system property (JBP AP P 9 23. al waysP ro pag ate) to enable this behaviour. This system property is not available
in JBoss EAP 6.
For more information about this decision, refer to https://issues.jboss.org/browse/AS7-1663.
Picket Lin k Man ag emen t su b syst ems
The PicketLink Management subsystems for Identity Management and Federation are not
supported in JBoss EAP 6.
ST S C lien t Po o lin g
The PicketLink Federation Subsystem provides a pool of STS clients on the server. This
removes STS Client creation as a bottleneck.
Client pooling can be utilized from login modules that need an STS client to obtain SAML
tickets.
Login Modules that can utilize STS client pooling:
org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
org.picketlink.trust.jbossws.jaas.JBWSTokenIssuingLoginModule
The default number of clients in the pool for each login module is configured via the
i ni ti al NumberO fC l i ents login module option.
The STSClientPoolFactory class
o rg . pi cketl i nk. i d enti ty. fed erati o n. bi nd i ng s. stspo o l . ST SC l i entP o o l
Facto ry provides client pool functionality to applications.
Using ST SClie nt Po o lFact o ry

STS clients are inserted into sub pools using their configuration as a key. Obtain
STSClientPool instance and then initialize a sub pool based on configuration, optionally
with initial number of STS clients or rely on default number.
final STSClientPool pool =

STSClientPoolFactory.getPoolInstance();
p ool.createPool(20, stsClientConfig);
final STSClient client = pool.getClient(stsClientConfig);
When you are done with a client, you can return it to the pool like so:
pool.returnClient();
To check if a subpool already exists for a given configuration:
if (! pool.configExists(stsClientConfig) {
pool.createPool(stsClientConfig);
}
46
When the PicketLink Federation subsystem is enabled, all client pools created for a
deployment are destroyed automatically during the undeploy process. To manually destroy
a pool:
pool.destroyPool(stsClientConfig);
T an u ki Service Wrap p er
The Tanuki Service Wrapper is not supported with JBoss EAP 6. More information can be
found at https://issues.jboss.org/browse/JBPAPP-8651.
XA R eco very o n Micro so f t SQ L Server 2008
XA recovery does not work with Microsoft SQL Server 2008 R1. This features does work with
Microsoft SQL Server 2008 R2 SP2. For more information refer to the following URLs:
https://issues.jboss.org/browse/JBPAPP-8983
https://community.jboss.org/thread/145358
XA R eco very o n MySQ L
The MySQL JD BC driver does not implement XA recovery properly and returns incorrect
error codes for exceptions when the connection to the database is halted.
For more information refer to https://issues.jboss.org/browse/JBPAPP-2576 and
http://bugs.mysql.com/bug.php?id=72890
JB o ss O SG i
JBoss OSGi, an implementation of the OSGi specification, was demoted from Technology
Preview to Unsupported. For additional information refer to
https://access.redhat.com/site/solutions/362814.
Q u ickst art s
Various quickstarts (hel l o wo rl d -o sg i , wi cket-war and wi cket-ear) that were
available in JBoss EAP 6.2, were removed from the product in the 6.3 release and remain
unavailable in 6.4.
Picket Lin k
The PicketLink ID M (Identity Management) is not supported in JBoss EAP 6.
In f in isp an API
D irect use of the Infinispan API is not supported in JBoss EAP 6. Infinispan is used as an
implementation detail for various clustering technologies internal to JBoss EAP 6. D irect
use of the Infinispan API requires a subscription to Red Hat JBoss D ata Grid and the
installation of the JBoss D ata Grid packages. The Red Hat JBoss D ata Grid download is
available at https://access.redhat.com/downloads.
Report a bug
4 .2. Deprecat ed Feat ures
47
Some features have been deprecated with the release of JBoss EAP 6.4. This means that no
enhancements will be made to these features, and they may be removed in the future, usually the next
major release.
Red Hat will continue providing full support and bug fixes under our standard support terms and
conditions. For more information about the Red Hat support policy, see the article Red Hat JBoss
Middleware and Red Hat JBoss Operations Network Product Update and Support Policy at
https://access.redhat.com/support/policy/updates/jboss_notes/.
For details of which features have been deprecated, see the article JBoss Enterprise Application Platform
Component Details at https://access.redhat.com/articles/112673.
Report a bug
5. Frequent ly Asked Quest ions

Q:
Wh at h as ch an g ed in t h is release?
A:
JBoss EAP 6.4.0 includes many improvements and fixes. For specific details see Changes in this
Release.
Q:
Wh ere is t h e co mp let e su it e o f d o cu men t at io n ?
A:
The full JBoss EAP 6.4.0 documentation suite can be found at

https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/.
Q:
Wh ere are t h e u p g rad e in st ru ct io n s ?
A:
The upgrade instructions can be found in the Installation Guide.
Q:
Wh at co mp o n en t s make u p JB o ss EAP? An d wh at versio n s o f t h o se co mp o n en t s
are in t h is release?
A:
The JBoss EAP 6 component matrix is available at the following location:

https://access.redhat.com/knowledge/articles/112673.
Q:
Wh at o p erat in g syst ems, Java Virt u al Mach in es, an d d at ab ase servers is t h is
p ro d u ct su p p o rt ed o n ?
A:
Q:
48
See https://access.redhat.com/site/articles/111663 for a complete list of the operating system,

Java Virtual Machine, database server and JD BC driver combinations that have been tested
and verified with JBoss EAP 6.4.0.
5 . Frequent ly Asked Q uest ions
Is t h e in clu d ed H 2 d at ab ase su p p o rt ed in p ro d u ct io n ?
A:
No. The H2 database is included only for evaluation, testing and demonstration purposes. It is
not a supported configuration for a production environment. See
https://access.redhat.com/site/solutions/148633 for additional information.
Q:
Wh at in d u st ry st an d ard s d o es JB o ss EAP 6 .4 .0 su p p o rt ?
A:
See https://access.redhat.com/site/articles/113373 for a complete list of supported specifications

and standards.
Q:
Wh at issu es mig h t I en co u n t er wh en mig rat in g t o t h is release?
A:
See Changes in this Release to learn about the differences between this release of JBoss EAP
and previous releases that may cause difficulties when migrating your applications to this
version.
Q:
Wh at co mp o n en t s are in clu d ed in t h is release an d wh at versio n are t h ey?
A:
See https://access.redhat.com/site/articles/112673 for a complete list of the included

components.
Q:
Wh at T ech Previews are in clu d ed in t h is release?
A:
JBoss EAP 6.4.0 includes a number of tech preview features. These features are not supported,
may not be functionally complete, and are not intended for production use. They are included to
provide customers with early access to upcoming product innovations, enabling them to test
functionality and provide feedback during the development process.
See Features Provided as Tech Preview Only for a complete list of Technology Preview features in
this release.
Q:
Wh ere can I f in d o u t mo re d et ails ab o u t my su p p o rt co n t ract ?
A:
D etails of support policies are located at the following URLs:

Su p p o rt Pro cesses
https://access.redhat.com/site/support/policy/support_process
Pro d u ct io n Su p p o rt Sco p e o f C o verag e
https://access.redhat.com/site/support/offerings/production/soc
Pro d u ct io n Su p p o rt Service Level Ag reemen t
https://access.redhat.com/site/support/offerings/production/sla
49
D evelo p er Su p p o rt Sco p e o f C o verag e

https://access.redhat.com/site/support/offerings/developer/soc/
D evelo p er Su p p o rt Service Level Ag reemen t
https://access.redhat.com/site/support/offerings/developer/sla/
Pro d u ct U p d at e an d Su p p o rt Po licy b y Pro d u ct
https://access.redhat.com/site/support/policy/updates/jboss_notes/
JB o ss En d U ser Licen se Ag reemen t
http://www.redhat.com/licenses/jboss_eula.html
Q:
I f o u n d a mist ake in t h is d o cu men t . H o w d o I rep o rt it ?
A:
To provide feedback on this document, file a bug at https://bugzilla.redhat.com and specify the
product JBo ss Enterpri se Appl i cati o n P l atfo rm 6 , version 6 . 4 . 0 , and component
D o cumentati o n.
The following URL fills in the product, version, and component fields automatically:
https://bugzilla.redhat.com/enter_bug.cgi?
component=D ocumentation&product=JBoss% 20Enterprise% 20Application% 20Platform% 206
&version=6.4.0
Report a bug
50
A. Revision Hist ory
A. Revision Hist ory

R evisio n 6 .4 .0- 19
Updated build for QE.
T h u Ap r 16 2015
Sco t t Mu mf o rd
51

JBoss Enterprise Application Platform-6.4-6.4.0 Release Notes-En-US

Uploaded by

Copyright:

Available Formats

JBoss Enterprise Application Platform-6.4-6.4.0 Release Notes-En-US

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

JBoss Enterprise Application Platform-6.4-6.4.0 Release Notes-En-US

Uploaded by

Copyright:

Available Formats

JBoss Enterprise Application

For Use with Red Hat JBoss Enterprise Application Platform 6

Red Hat Customer Content Services

JBoss Enterprise Application Platform 6.4 6.4.0 Release Notes

For Use with Red Hat JBoss Enterprise Application Platform 6

T able of Cont ent s

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

2. New Feat ures, Enhancement s and T ech Previews

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

R eq u est in g su f f ix su p p o rt f o r siz e- b ased lo g f ile ro t at io n

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

2.3. Feat ures Provided as T ech Preview Only

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3. Resolved and Known Issues

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

managed by FileSystemStore class.

3 . Resolved and Known Issues

When a resource is removed from the system, the RecoveryHelper is de-registered. In

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3.2. Known Issues

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

3 . Resolved and Known Issues

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

B Z #1184 6 10 - R ace co n d it io n reg ist erin g reso u rce ad ap t ers at st art u p

4 . Unsupport ed and Deprecat ed Feat ures

4 . Unsupport ed and Deprecat ed Feat ures

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es

Using ST SClie nt Po o lFact o ry

final STSClientPool pool =

4 . Unsupport ed and Deprecat ed Feat ures

4 .2. Deprecat ed Feat ures

JBoss Ent erprise Applicat ion Plat form 6 .4 6 .4 .0 Release Not es