Published on 15 Dec 2021
The December 2021 Payara Platform release is here! Payara Platform Enterprise 5.34.0 includes 7 improvements, 1 security fix, 8 bug fixes, and 1 component upgrade. The Payara Platform Community 5.2021.10 release offers 6 improvements, 1 security fix, 7 bug fixes, and 2 component upgrades.
You can download Payara Platform Community 5.2021.10 here and request Payara Platform Enterprise 5.34.0 here.
Read more below to learn more about the highlights of this release.
Security Connector 2.2
The December Payara Platform Enterprise and Community Edition release provide updates to the Security Connector.
Supports Azure AD as OpenID Connect Provider
The Azure AD OpenID Connect provider doesn’t support the user endpoint and thus the provider cannot be used with the previous version of the connector. In this new version, we have made the usage of the user endpoint configurable.
You can now define that the user claims are retrived from the ID token instead of the separate additional call to the user endpoint. The annotation to configure the integration should look like:
@AzureAuthenticationDefinition
(clientId = "...."
, clientSecret = "..."
,
tenantId = "...."
,
scope={OPENID_SCOPE, EMAIL_SCOPE, PROFILE_SCOPE, OFFLINE_ACCESS_SCOPE}
, userClaimsFromIDToken = true)
You can also define the property through the MicroProfile Configuration option as follows
payara.security.openid.claimsFromIDToken=true
Security Connectors 2.2 is embedded by default in the binaries to support Azure AD as OpenID Connect provider.
Additional Features for OpenID Connector Provider Support
The new version of the Security Connector also allows for defining all the meta data through the configuration, so you are less dependent on the /.well-known/openid-configuration endpoint. Have a look at the additional members of the @OpenIdProviderMetadata annotation.
Because not all providers report the supported scopes correctly, Security Connector 2.2 relaxes the scope validation, you can disable the scope validation. By setting the member disableScopeValidation of the @OpenIdProviderMetadata annotation, the scopes you have defined are not validated against the supported scoped reported by the server. This might lead to an error when the server receives a scope that it doesn't understand but allows for the fact that the provider does not report the supported scopes correctly.
You can read about all the features we support for the OpenId Connect integration on our documentation page.
Faster Logging Option
Logging is a two-step process. In the first step, the message and parameters are stored in a buffer, and in a second step on another thread, it is written out to the log file. Because of the two-step process, parameters used in the log messages may change between the time the log entry is created and when the log message is written when the parameters are mutable. The .toString() method was called to capture the value of the log parameters to ensure the log is accurate, but the .toString() method can have considerable effects on the performance overhead (on JPA entitles, for example).
In the December Payara Platform releases there is now an option to make the first step faster by not executing a .toString() on the parameters. The new logging property ‘ com.sun.enterprise.server.logging.GFFileHandler.fastLogging` skips this method for performance improvements, but beware that your logs may not be accurate if the log message uses some mutable parameters.
Performance Improvements When a Large Increase of Connection Pool Requested
The number of connections that are added to a connection pool when no more connections are available is configurable. In previous versions of the Payara Platform, when you specified a large increase of connections, like 32, the connection pool would be blocked during the entire time of the creation step (could be several seconds).
The performance is improved in the December Payara Platform releases by blocking only the retrieval of a connection itself, so the additional connections are added without blocking the entire connection pool. This improvement is most noticeable when you define a larger number but it is not considered good practice to define such large numbers as it most likely creates many connections that are dropped because they are idle.
Release Notes
The December 2021 Payara Enterprise Release (request here) includes 7 improvements, 1 security fix, 8 bug fixes, and 1 component upgrade, while the Community Release (direct download here) offers 6 improvements, 1 security fix, 7 bug fixes, and 2 component upgrades.
See a more detailed overview of the fixes and improvements in the Release Notes:
