test

Sun Java System Application Server 9.1 Update 1 Upgrade and Migration Guide

Chapter 1 Application Server Compatibility Issues

Application Server 9.1 Update 1 is binary compatible with Application Server 9.1, 8.2, 8.1, 8.0, and 7.x. Java applications that run on versions 8.1, 8.0, and 7.x also work on Application Server 9.1 except for the incompatibilities listed in this chapter.

The topics in this chapter discuss the incompatibilities in the following areas:

Application Client Interoperability

Application clients use EJBs, web services, or other enterprise components that are in the application server (on the server side). The application client and the application server must use the same version and implementation of the RMI-IIOP protocol. Application Server 9.1 Update 1 does not support communication between different versions of the protocol implementation. You cannot run application clients with one version of the application server runtime with a server that has a different version. Most often, this would happen if you upgraded the server but had not upgraded all the application client installations.

You can use the Java Web Start support to distribute and launch the application client. If the runtime on the server has changed since the end-user last used the application client, Java Web Start automatically retrieves the updated runtime. Java Web Start enables you to keep the clients and servers synchronized and using the same runtime.

HTTP File Caching

HTTP file caching, which was present in Application Server 8, has been discontinued in Application Server 9.1 Update 1.

Default Admin Port

The default admin port in Application Server 7 was 4848. The default port in Application Server 8.x was 4849. In Application Server 9.1 Update 1, the default port is 4848.

domain.xml Elements

If you have not configured message-level security providers for a server instance, Application Server 8 applies default configurations from the Domain Administration Server (DAS). Application Server 9.1 Update 1 does not apply default configurations. You need to manually introduce the message-level security providers — ClientProvider and ServerProvider — for each server instance that wants to use message-level security. If you have upgraded from an older version to Application Server 9.1 Update 1, the Upgrade tool does not add these missing elements in the domain.xml file.

Deprecated Attributes

The anonymous-role attribute is present in the DTD but the use of this attribute is deprecated. This attribute has been removed from the template that generates domain.xml. The forced-response-type and default-response-type attributes are deprecated. Use forced-type and default-type instead.

System Properties

The default security policy of Application Server 9.1 Update 1 does not allow you to change some system properties. For example, in Application Server 8, the read/write permission of java.util.PropertyPermission property is "*", "read,write";. In Application Server 9.1 Update 1 the read/write permission for java.util.PropertyPermission is "*", "read";.

Implicit URL Rewriting

Application Server 6.x supported implicit URL rewriting, in which the web connector plugin parsed the HTML stream being sent to the browser and appended session IDs to attributes such as href= and frame=. In Application Server 7,8, and Application Server 9.1 Update 1, this feature is not available. You need to review your applications and use encodeURL and encodeRedirectURL on every URL that the applications present to clients (such as mobile phones) that do not support cookies.

Web Server Features

The following web-server-specific features are no longer supported in version Application Server 9.1:

Realms

The upgrade tool transfers the realms and role mapping configurations, any custom realm classes, and file-based user keyfiles for each domain. The XML tag, security-service, defines the realms and role mapping configuration. This tag is defined in sun-server_1_0.dtd and sun-domain_1_0.dtd. For Application Server 8, the tag data resides in the server.xml and for in Application Server 9.1 Update 1, in domain.xml.

The upgrade tool locates the class file defined for custom realms and makes it available to the Application Server 9.1 Update 1 environment. The custom realm class is defined in the class name attribute of tag auth-realm. In the security-service tag, the default-realm attribute points to the realm the server is using. It must point to one of the configured auth-realm names. The default realm is file If the class name for default-realm cannot be found, the upgrade tool will log this as an error.

The package names of the security realm implementations have been renamed from com.iplanet.ias.security.auth.realm in Application Server 8 to com.sun.enterprise.security.auth.realm in Application Server 9.1 Update 1. Custom realms written using the com.iplanet.* classes must be modified.

The com.sun.enterprise.security.AuthenticationStatus class has been removed.

The com.sun.enterprise.security.auth.login.PasswordLoginModule authenticate method implementation has changed as follows:

/**
    * Perform authentication decision.
    * <P> Note: AuthenticationStatus and AuthenticationStatusImpl
    * classes have been removed.
    * Method returns silently on success and returns a LoginException
    * on failure.
    *
    * @return void authenticate returns silently on 
    *               successful authentication.
    * @throws LoginException on authentication failure.
    *
    */
abstract protected void authenticate()
    throws LoginException;

Sun Deployment Descriptor: sun-web.xml

In Application Server 8, the default value for the optional attribute delegate was false. In Application Server 9.1 Update 1, this attribute defaults to true. This change means that by default the Web application classloader first delegates to the parent classloader before attempting to load a class by itself.

The encodeCookies Property

URL encoding of cookies is performed, if the encodeCookies property of the sun-web-app element in the sun-web.xml file is set to true. In Application Server 8, the default value of the encodeCookies property was true. This property was not present in Application Server 8. In Application Server 9.1 Update 1, the default value is false.

URL encoding of cookies is unnecessary. Setting this property to true is strongly discouraged. This property is provided only for those rare applications that depended on this behavior in Application Server 8.

CORBA Performance Option

In Application Server 8, users were able to specify the following system property to optionally turn on some Object Request Broker (ORB) performance optimization:

-Djavax.rmi.CORBA.UtilClass=com.iplanet.ias.util.orbutil.IasUtilDelegate

The ORB performance optimization is turned on, by default, in Application Server 9.1 Update 1. If you are using the preceding system property reference, you must remove it to avoid interfering with the default optimization.

File Formats

In Application Server 9.1 Update 1, domain.xml is the main server configuration file. In Application Server 7, the main server configuration file was server.xml. The DTD file of domain.xml is found in lib/dtds/sun-domain_1_1.dtd. The upgrade tool included in Application Server 9.1 Update 1 can be used to move from server.xmlin Application Server 8 to domain.xml in Application Server 9.1 Update 1.

The lib/dtds/sun-domain_1_1.dtd file for Application Server 9.1 Update 1 is fully backward compatible with the corresponding file for Application Server 8, sun-domain_1_0.dtd.

In general, the configuration file formats are not backward compatible. The following configuration files are not supported:

Cluster Scripts

The clsetup and cladmin scripts in Application Server 8 are not supported in Application Server 9.1 Update 1. In Application Server 9.1 Update 1, the asadmin configure-ha-cluster command replaces the clsetup script, and asadmin commands that operate on clusters replace the commands supported by the cladmin script. For more information about the asadmin commands, see the Sun Java System Application Server 9.1 Update 1-9.1 Update 2 Reference Manual.

Primary Key Attribute Values

In Application Server 8, it was possible to change any field (in the Admin Console) or attribute (in the Command Line Interface (CLI)). In Application Server 9.1 Update 1, a field or attribute that is the primary key of an item cannot be changed. However, an item can be deleted and then recreated with a new primary key value. In most cases, the primary key is a name, ID, reference, or JNDI name. The following table lists the primary keys that cannot be changed.

Note –

In the domain.xml file, a field or attribute is called an attribute, and an item is called an element. For more information about domain.xml, see the Sun Java System Application Server 9.1 Administration Reference.

Table 1–1 Primary Key Attributes

Item  

Primary Key Field or Attribute  

admin-object-resource

jndi-name

alert-subscription

name

appclient-module

name

application-ref

ref

audit-module

name

auth-realm

name

cluster-ref

ref

cluster

name

config

name

connector-connection-pool

name

connector-module

name

connector-resource

jndi-name

custom-resource

jndi-name

ejb-module

name

external-jndi-resource

jndi-name

http-listener

id

iiop-listener

id

j2ee-application

name

jacc-provider

name

jdbc-connection-pool

name

jdbc-resource

jndi-name

jms-host

name

jmx-connector

name

lb-config

name

lifecycle-module

name

mail-resource

jndi-name

message-security-config

auth-layer

node-agent

name

profiler

name

element-property

name

provider-config

provider-id

resource-adapter-config

resource-adapter-name

resource-ref

ref

security-map

name

server

name

server-ref

ref

system-property

name

thread-pool

thread-pool-id

virtual-server

id

web-module

name

persistence-manager-factory-resource

jndi-name

Command Line Interface: hadbm

The following table lists options for the command line utility hadbm that are no longer supported. For more information about the hadbm commands, see the Sun Java System Application Server 9.1 Update 1-9.1 Update 2 Reference Manual.

Table 1–2 Unsupported hadbm Options

Option  

Unsupported in Subcommands  

--inetdsetup

Not supported for the addnodes subcommand.

--inetd

Not supported for the create subcommand.

--inetdsetupdir

Not supported for the create subcommand.

--configpath

Not supported for the create subcommand.

--set managementProtocol

Not supported for the create subcommand.

--set DataDeviceSize

--set TotalDatadeviceSizePerNode

Not supported for the create or set subcommand.

Command Line Interface: start-appserv and stop-appserv

The start-appserv and stop-appserv commands are deprecated. Use of these commands results in a warning. Use asadmin start-domain and asadmin stop-domain instead.

In Application Server 9.1 Update 1, the Log Messages to Standard Error field has been removed from the Admin Console. The log-to-console attribute in the domain.xml file is deprecated and ignored. The asadmin set command has no effect on the log-to-console attribute. Use the ---verbose option of the asadmin start-domain command to print messages to the window in which you executed the asadmin start-domain command. This option works only if you execute the asadmin start-domain command on the machine that has the domain you are starting.

Command Line Interface: asadmin

The following sections describe changes to the command line utility asadmin:

For more information about the asadmin commands, see the Sun Java System Application Server 9.1 Update 1-9.1 Update 2 Reference Manual.

asadmin Subcommands

Subcommands are backward compatible except as noted below.

The reconfigsubcommand is deprecated and ignored.

The following subcommands are not supported in Application Server 9.1 Update 1:

The following subcommands are no longer supported in Application Server 9.1 Update 1. The software license key and web core were removed, and Application Server 9.1 Update 1 no longer supports controlled functions from web server features.

Error Codes for Start and Stop Subcommands

For Application Server 8, the error codes for the start and stop subcommands of the asadmin command were based on the desired end state. For example, for asadmin start-domain, if the domain was already running, the exit code was 0 (success). If domain startup failed, the exit code was 1 (error).

For Application Server 9.1 Update 1, the exit codes are based on whether the commands execute as expected. For example, the asadmin start-domain command returns exit code 1 if the domain is already running or if domain startup fails. Similarly, asadmin stop-domain returns exit code 1 if the domain is already not running or cannot be stopped.

Deprecated and Unsupported Options

Options in the following table are deprecated or no longer supported.

Table 1–3 Deprecated and Unsupported asadmin Options

Option  

Deprecated or Unsupported in Subcommands  

--acceptlang

Deprecated for the create-virtual-server subcommand.

--acls

Deprecated for the create-virtual-server subcommand.

--adminpassword

Deprecated for all relevant subcommands. Use --passwordfile instead.

--blockingenabled

Deprecated for the create-http-listener subcommand.

--configfile

Deprecated for the create-virtual-server subcommand.

--defaultobj

Deprecated for the create-virtual-server subcommand.

--domain

Deprecated for the stop-domain subcommand.

--family

Deprecated for the create-http-listener subcommand.

--instance

Deprecated for all remote subcommands. Use --target instead.

--mime

Deprecated for the create-virtual-server subcommand.

--optionsfile

No longer supported for any commands. 

--password

Deprecated for all remote subcommands. Use --passwordfile instead.

--path

Deprecated for the create-domain subcommand. Use --domaindir instead.

--resourcetype

Deprecated for all relevant subcommands. Use --restype instead.

--storeurl

No longer supported for any commands. 

--target

Deprecated for all jdbc-connection-pool, connector-connection-pool, connector-security-map, and resource-adapter-config subcommands.

--type

Deprecated for all relevant subcommands. 

Dotted Names

The following use of dotted names in asadmin get and set subcommands are not backward compatible:

In Application Server 9.1 Update 1, the --passwordfile option of the asadmin command does not read the password.conf file, and the upgrade tool does not upgrade this file. For information about creating a password file in Application Server 9.1 Update 1, see the Sun Java System Application Server 9.1 Administration Guide.

This table displays a one-to-one mapping of the incompatibilities in dotted names between Application Server 8 and 9.1. The compatible dotted names are not listed in this table.

Table 1–4 Incompatible Dotted Names Between Versions

Application Server 7 Dotted Names 

Application Server 9.1 Dotted Names 

server_instance.http-listener.listener_idserver_instance.http-service.http-listener.listener_id

server_instance.http-service.http-listener.listener_idconfig_name.http-service.http-listener.listener_id

server_instance.orbserver_instance.iiop-service

server_instance.iiop-serviceconfig_name.iiop-service

server_instance.orblistenerserver_instance.iiop-listener

server_instance.iiop-service.iiop-listener.listener_idconfig_name.iiop-service.iiop-listener.listener_id

server_instance.jdbc-resource.jndi_name

server_instance.resources.jdbc-resource.jndi_namedomain.resources.jdbc-resource.jndi_name

server_instance.jdbc-connection-pool.pool_id

server_instance.resources.jdbc-connection-pool.pool_iddomain.resources.jdbc-connection-pool.pool_id

server_instance.external-jndi-resource.jndi_nameserver_instance.jndi-resource.jndi_name

server_instance.resources.external-jndi-resource.jndi_namedomain.resources.external.jndi-resource.jndi_name

server_instance.custom-resource.jndi_name

server_instance.resources.custom-resource.jndi_namedomain.resources.custom-resource.jndi_name

server_instance.web-container.logLevel

(see note below) 

server_instance.log-service.module-log-levels.web-containerconfig_name.log-service.module-log-levels.web-container

server_instance.web-container.monitoringEnabled

(see note below) 

server_instance.monitoring-service.module-monitoring-levels.web-containerconfig_name.monitoring-service.module-monitoring-levels.web-container

server_instance.j2ee-application.application_nameserver_instance.application.application_name

server_instance.applications.j2ee-application.application_namedomain.applications.j2ee-application.application_name

server_instance.ejb-module.ejb-module_name

server_instance.applications.ejb-module.ejb-module_namedomain.applications.ejb-module.ejb-module_name

server_instance.web-module.web-module_name

server_instance.applications.web-module.web-module_namedomain.applications.web-module.web-module_name

server_instance.connector-module.connector_module_name

server_instance.applications.connector-module.connector_module_namedomain.applications.connector-module.connector_module_name

server_instance.lifecycle-module.lifecycle_module_name

server_instance.applications.lifecycle-module.lifecycle_module_namedomain.application.lifecycle-module.lifecycle_module_name

server_instance.virtual-server-class

N/A* 

server_instance.virtual-server.virtual-server_id

server_instance.http-service.virtual-server.virtual-server_idconfig_name.http-service.virtual-server.virtual-server_id

server_instance.mime.mime_id

N/A* 

server_instance.acl.acl_id

N/A* 

server_instance.virtual-server.virtual-server_id.auth-db.auth-db_id

N/A* 

server_instance.authrealm.realm_idserver_instance.security-service.authrealm.realm_id

server_instance.security-service.auth-realm.realm_idconfig_name.security-service-auth-realm.realm_id

server_instance.persistence-manager-factory-resource.jndi_nameserver_instance.resources.persistence-manager-factory-resource.jndi_name

server_instance.resources.persistence-manager-factory-resource.jndi_namedomain.resources.persistence-manager-factory-resource.jndi_name

server_instance.http-service.acl.acl_id

N/A* 

server_instance.mail-resource.jndi_name

server_instance.resources.mail-resource.jndi_namedomain.resources.mail-resource.jndi_name

server_instance.profiler

server_instance.java-config.profilerconfig_name.java-config.profiler

* — These attribute names in Application Server 7 do not correspond directly with Application Server 8.2 dotted names.

Tokens in Attribute Values

The asadmin get command shows raw values in Application Server 9.1 Update 1 instead of resolved values as in Application Server 8. These raw values may be tokens. For example, execute the following command:

asadmin get domain.log-root

The preceding command displays the following value:

${com.sun.aas.instanceRoot}/logs

Nulls in Attribute Values

In Application Server 8, attributes with no values contained null. This caused problems in attributes that specified paths. In Application Server 9.1 Update 1, attributes with no values contain empty strings, as they did in Application Server 8.