What's New In WildFly 11? - Part 1


No, don’t get excited because there still isn’t a release date for the final WildFly 11.

Yes, get excited because while the new version of WildFly is still undergoing a controlled release it is feature complete and has a host of new and/or improvements elements to ponder.

Our admin oriented consultants and instructors are always keen to discover all the latest innovations in the platforms that they deal with day in, day out. Here are some of the highlights that we can look forward to with the final release of WildFly 11.

New Security Infrastructure: Elytron

Elytron represents the most significant change that the latest release will bring to the WildFly platform.

Where previous iterations of WildFly incorporated two separate security infrastructures, in the form of picketbox and security-realms, Elytron brings a new common security framework that works across the full application server. Picketbox and security-realms would work on different use cases and mostly worked as separate entities. Elytron brings unification and more efficiency.

Elytron also brings a range of advanced capabilities to the party:

  • Rich security policies
  • Identity switching
  • Pre-request TLS verification
  • Privilege propagation for multiple service invocations
  • Improved extensibility for better integration with SSO / IDP systems

The creators of WildFly 11 have been sensitive to the possible impacts of these changes and have done their best to merge old with new. Despite the new security infrastructure the existing security-domain and security-realm configurations will remain and have been mapped to Elytron. This goes for APIs too.

WildFly 11’s default configurations will use legacy security-domains and security-realms. A later release will transfer the defaults to the new configurations.

Request Oriented EJB/JNDI Over HTTP

HTTP Upgrade has been in use since WildFly 8. It is used to reduce the number of ports necessary on a server. All protocols (except IIOP) are able to use HTTP Upgrade to communicate over a smaller number of ports.

It has been a very useful element of WildFly for years but, because of the way HTTP Upgrade changes the connection, any HTTP load-balancers functioning as intermediaries have to balance on initial connection establishment.

Now with WildFly 11 a new solution will be introduced that will balance at the individual invocation level. Essentially this is a new protocol that makes use of standard HTTP characteristics, so it can be used by any load-balancer, not just that which is built into EAP.

Improved EJB / Naming Proxies

WildFly 11 sees major improvements to JNDI and EJB invocation due to the new naming client library: WildFly Naming Client.

Previously users would deploy the scoped context feature. However the WildFly Naming Client will allow users to use minimal properties and configuring to set up access to WildFly. Users will be able to access EJBs, amongst other resources, in a “dynamic discovery mode”. A new “point to point” mode will render EJB proxies locked to requested addresses.

The new Elytron system also means that user identities can be changed between requests.

EDC4IT has the instructors and materials to deliver an in-depth 4-day course that will address all your WildFly needs. Check out our popular course: JBoss EAP 7 (WildFly 10)

If you have any questions or would like to tailor the above course get in touch and we’ll be happy to talk.

Be sure to check in with us for Part 2 where we take a look at what else we should be looking forward to with WildFly 11.