Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Versionless feature - 2 versions of appSecurity enabled #30427

Open
krismarc opened this issue Dec 17, 2024 · 7 comments
Open

Versionless feature - 2 versions of appSecurity enabled #30427

krismarc opened this issue Dec 17, 2024 · 7 comments
Labels
Needs member attention

Comments

@krismarc
Copy link

krismarc commented Dec 17, 2024
edited
Loading

Hey,

I'm testing versionless feature. As administrator of many OLs in centralized way. I want to determinate java platform by setting specific appSecurity feature version. It worked. However, I've noticed that 2 versions of appSecurity (appSecurity-2.0, appSecurity-3.0) were installed anyway. How it comes?

In configDropins I've enabled appSecurity-3.0 and jsonp-1.1 as indicator/determinator for javaee8 platform:
CWWKF0053I: Feature resolution selected the [javaee-8.0] platforms.

CWWKF0051I: The [jaxrs, jsonp, jsp, servlet, javaMail, cdi, jca, mdb, jdbc, ejbLite, wasJmsClient, jsf, wasJmsServer] versionless features resolved to [jaxrs-2.1, jsonp-1.1, jsp-2.3, servlet-4.0, javaMail-1.6, cdi-2.0, jca-1.7, mdb-3.2, jdbc-4.2, ejbLite-3.2, wasJmsClient-2.0, jsf-2.3, wasJmsServer-1.0]

Please pay attention to the list of installed features:
CWWKF0012I: The server installed the following features: [appSecurity-2.0, appSecurity-3.0, bells-1.0, cdi-2.0, distributedMap-1.0, ejbLite-3.2, el-3.0, javaMail-1.6, jaxrs-2.1, jaxrsClient-2.1, jca-1.7, jdbc-4.2, jndi-1.0, jsf-2.3, json-1.0, jsonp-1.1, jsp-2.3, localConnector-1.0, logstashCollector-1.0, mdb-3.2, servlet-4.0, spnego-1.0, ssl-1.0, wasJmsClient-2.0, wasJmsServer-1.0].

Basically, I want to utilize this option:
https://openliberty.io/docs/latest/reference/feature/versionless-features.html#feat

Best regards,
K.M.
@krismarc
Copy link
Author

and another observation.., while using appSecurity-3.0 the versionless feature determinates platform as javaee8. However, while using appSecurity-2.0 it doesn't recognize it as javaee7, and not versioned features are skipped, why?

E CWWKF0055E: The [jaxrs, jsonp, jsp, servlet, javaMail, cdi, jca, mdb, jdbc, ejbLite, wasJmsClient, jsf, wasJmsServer] versionless features do not have a configured platform.

A CWWKF0012I: The server installed the following features: [appSecurity-2.0, bells-1.0, distributedMap-1.0, jndi-1.0, json-1.0, localConnector-1.0, logstashCollector-1.0, servlet-3.1, spnego-1.0, ssl-1.0].

@krismarc
Copy link
Author

Ok, I see. It's probably because appSecurity-2.0 belongs to 2 platforms ee6 and ee7

open-liberty/dev/com.ibm.websphere.appserver.features/visibility/public/appSecurity-2.0/com.ibm.websphere.appserver.appSecurity-2.0.feature

Line 19 in ee72891

WLP-Platform: javaee-6.0,javaee-7.0

..however, you have not even listed javaee6 as supported platform with versionless feature here:
https://openliberty.io/docs/latest/reference/platform/JavaEE.html

@jhanders34
Copy link
Member

Ok, I see. It's probably because appSecurity-2.0 belongs to 2 platforms ee6 and ee7

open-liberty/dev/com.ibm.websphere.appserver.features/visibility/public/appSecurity-2.0/com.ibm.websphere.appserver.appSecurity-2.0.feature

Line 19 in ee72891

WLP-Platform: javaee-6.0,javaee-7.0

..however, you have not even listed javaee6 as supported platform with versionless feature here: https://openliberty.io/docs/latest/reference/platform/JavaEE.html

Let me reply to this one first. javaee-6.0 is supported with WebSphere Liberty, but not with Open Liberty which is why it is not included in the Open Liberty documentation, but it is listed in the WebSphere Liberty documentation as an additional platform to what is available in Open Liberty. There are some features in Open Liberty that are common for EE 6 and EE 7 so that is why you will find javaee-6.0 platform listed even in Open Liberty features since they are common to both Open Liberty and WebSphere Liberty.

@jhanders34
Copy link
Member

jhanders34 commented Dec 17, 2024
edited
Loading

I'm testing versionless feature. As administrator of many OLs in centralized way. I want to determinate java platform by setting specific appSecurity feature version. It worked. However, I've noticed that 2 versions of appSecurity (appSecurity-2.0, appSecurity-3.0) were installed anyway. How it comes?

Secondarily let me reply to this question. The appSecurity features 1.0, 2.0 and 3.0 are special in that they are not singleton features meaning that they can be enabled together even though they have the same base feature name. This is no longer the case for appSecurity-4.0 and new versions. In this case there are features in your list of features that have a dependency on appSecurity-2.0 with a tolerates of 3.0, but with them not being singleton features, both end up being allowed because 2.0 is preferred in the tolerate statement, it is selected and since you selected 3.0 explicitly it is also selected because of the features not being declared as singletons. The 2.0 feature is a subset of the 3.0 feature so it does not present a problem at runtime. Due to Liberty's zero migration policy, this could not be changed until a new version of the feature was created which we were able to rectify in 4.0 as mentioned earlier.

@jhanders34
Copy link
Member

@krismarc do the answers provided give you the information that you need? If so I can close out the issue.

@krismarc
Copy link
Author

Is there any out of liberty versionless resolver/option available? Which I could use to validate features? So it would tell me how to refactor my set of features to be versionless compliant or at least would tell me which ones are versionless? There are plenty of features which are not supported and needs to remain 'versioned' eg. logstashcollector, spnego, constrainedDelegation etc.

Otherwise, you need to be aware of all details and precisely set each feature, otherwise it wouldn't be found if you simply 'unversion' all of them. That's a bit messy. Might be pretty complicated for developers who are unaware how does it work.

@jhanders34
Copy link
Member

Versionless feature were created to handle Java EE, Jakarta EE and MicroProfile features in order to make it easier to figure out which versions goes with each other for the different EE / MP levels since it can be confusing since the numbers aren't all 7.0, 8.0, 9.0 etc, because each of the component specifications has its own versioning strategy.

In general for liberty value-add features that are not part of Java / Jakarta EE or MicroProfile, there is not usually many versions and most of the time there is just one. As such it isn't hard to determine which one to use. In general a value-add feature is made to work with all of the EE levels automatically to not cause this problems to have a value-add feature version for each EE level.

For documentation on which features are enabled to be versionless you can see the versionless feature page in the Open Liberty documentation. You can find for each of the Java / Jakarta EE and MP features there is a list of features for the different technology categories. Also all of the feature pages in the Open Liberty documentation include which platform(s) that the different features are associated with to know when you specify <platform/> in your <featureManager/> section of the server.xml or with the environment variable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs member attention
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhanders34 @LibbyBot @krismarc