This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.

Runtime environment known issues and restrictions

There are some known issues and restrictions that apply when working with the Liberty runtime environment.

List of known issues and restrictions:

Minimum supported Java levels

Liberty is supported with any compliant Java™ SE 6, Java SE 7, or Java SE 8 runtime environment (JRE) or Java SDK, subject to the minimum supported levels shown for the following specific implementations.
Java SE 6 runtime environment
For the Java SDK from IBM®, the minimum supported level is 6.0 (J9 2.6) SR 1. For the JDK from Oracle, the minimum supported level is Java 6 update 26.
Java SE 7 runtime environment
For the Java SDK from IBM, the minimum supported level is IBM Runtime Environment, Java Technology Edition 7.0.4.1. For the JDK from Oracle on Windows and Linux, the minimum supported level is Java SDK/JRE/JDK 7.0.17. For the JDK from Oracle on Mac OS X, the minimum supported level is Java SDK/JRE/JDK 7.0 Update 15.
[8.5.5.5 or later]Java SE 8 runtime environment
For the Java SDK from IBM, the minimum supported level is IBM SDK, Java Technology Edition, Version 8. For the JDK from Oracle, the minimum supported level is Java 8 update 25.

For distributed platformsOn distributed platforms, 32-bit or 64-bit Java is supported.

For distributed platformsFor Windows and Linux systems, you can use either the JDK from Oracle or the JDK from IBM. If you are developing applications on Windows or Linux, and you plan to deploy those applications to a server running on WebSphere Application Server classic, you should use the JDK from IBM. For HP systems and Mac OS, use the JDK from Oracle.

For IBM i platformsNote: To obtain the minimum supported Java level for IBM iSeries, install IBM J2SE 6.0 32-bit JVM (5761-JV1 option 11 [8.5.5.2 or later] or 5770-JV1 option 11) or IBM SE 6.0 64 bit (5761-JV1 option 12 [8.5.5.2 or later] or 5770-JV1 option 12), and also install Java PTF group SF99572 level 8 (or later) for IBM i 7.1.

The installation directory name and path cannot include non-ASCII characters

Recent JVMs do not fully support use of non-ASCII characters with the -jar and -javaagent commands. You should use only ASCII characters in your installation directory names and paths.

Changing the JDBC data source at run time might result in JPA failures

If the database dictionary type is not specified through properties, it is detected and calculated by OpenJPA when the first entity manager is created and the database connection is made. This database dictionary type is used for all entity managers that are subsequently created. If the JDBC data source is changed while an application is running, the entity manager factory does not detect this change and continues to use the old dictionary for operations against the new data source. This can result in failures if the database is changed to a different vendor.

When you change a database to a different vendor, restart the application.

Modifying the dataSource, jdbcDriver, connectionManager, and JDBC vendor properties at run time might result in JPA failures

If you update the configuration of dataSource, jdbcDriver, connectionManager or any of the JDBC vendor properties lists (for example, properties.db2.jcc or properties.oracle) while the server is running, you might see J2CA8040E failures. These failures state that multiple dataSource elements cannot be associated with a single connectionManager. These failures are generated even if your configuration associates only one connectionManager with the dataSource element.

When you make updates to the configuration of any of these JDBC resources, restart the server.

An application that relies on a result being returned by getRealPath must be deployed as an expanded application, not as a WAR file

The Java EE specification states that the getRealPath() method returns a null value if the content is being made available from a web archive (WAR) file. When you deploy a WAR file to Liberty, Liberty does not automatically extract the archive file into a directory structure. Therefore the application might fail to start. If your application relies on a result being returned by getRealPath(), you must deploy the application as an expanded web application, not as a WAR file. For example, you can manually extract the WAR file and copy the expanded application to the dropins directory.

WebSphere Application Server traditional scripts do not work with Liberty

You cannot use any of the scripts under the bin directory of the WebSphere Application Server traditional to administer Liberty.

Fileset restrictions

The following restriction applies to Filesets:
  • Filesets do not recursively explore subdirectories of the base directory. For example, the following instructions are not supported:
    <fileset id="testFileset" dir="\temp" includes="**\a.jar"/> 
    <fileset id="testFileset" dir="\temp" includes="a\a.jar"/>
    <fileset id="testFileset" dir="\temp" includes="*\a.jar"/>
    <fileset id="testFileset" dir="\temp" includes="a\b\a.jar"/>

Overriding classes from the Java SDK

Some Java EE 6 technologies supported by Liberty require newer versions of APIs that are provided by Java SE 6. JAX-WS, JAXB and the javax.annotation.Resource annotation are all examples where a Java 6 SDK contains older classes than those required by Java EE 6. When compiling your application code against these APIs using Java SDK version 6, you need to use classes that are provided by Liberty rather than the Java SDK. You must take one of the following actions:
  • If you are using javac to build from the command line, compile your code by using the javac -endorseddirs option and the JAR files in the ${wlp.install.dir}/dev/specs directory.
  • If you are using Apache Ant to build, compile your code by using the <compilerarg> child element of the javac task and the JAR files in the ${wlp.install.dir}/dev/specs directory. In the build script, specify the -endorseddirs option and the ${wlp.install.dir}/dev/specs directory as separate <compilerarg> elements. For example:
    <javac srcdir="src" destdir="classes"/>
        <compilerarg value="-endorseddirs"/>
        <compilerarg value="${wlp.install.dir}/dev/specs"/>
    </javac>
  • If you are using Apache Maven to build, compile your code by using the endorseddirs element of the Maven compiler plug-in and the JAR files in the ${wlp.install.dir}/dev/specs directory. For example:
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-compiler-plugin</artifactId>
      <configuration>
        <source>1.6</source>
        <target>1.6</target>
        <compilerArguments>
          <endorseddirs>${wlp.install.dir}/dev/specs</endorseddirs>
        </compilerArguments>
      </configuration>
    </plugin>
For Windows platforms

When you unpublish a shared library, it cannot be deleted until the server is stopped

When you unpublish a shared library from a server, the library JAR file is not immediately released from the server. Therefore the operating system does not know that the file is no longer in use, and does not let you delete the file. When you next stop the server, the library JAR file is released and you can delete the file.

java:global lookups restrictions

Resources defined in applications with java:global lookups can only be used to access names declared by applications deployed in the current server.

appSecurity-2.0 feature restrictions

For the appSecurity-2.0 feature, the following restrictions apply:
  • For EJB applications, the run-as-mode of SYSTEM_IDENTITY is not supported in the extension settings of the ibm-ejb-jar-ext.xml file.
  • The getCallerIdentity API is not supported for Singleton session beans.
  • Role names can be referenced by the HttpServletRequest.isUserInRole and EJBContext.isCallerInRole APIs or by elements in the deployment descriptor without first declaring the role names using the @DeclareRoles annotation or the <security-role/> element in the deployment descriptor. However, roles must be declared before being used in WebSphere Application Server traditional.

Applications not starting in an embedded Liberty server

Ensure that the Java process that starts the embedded Liberty server was started with the -javaagent JVM argument that pointed to the libertyInstallDir/bin/tools/ws-javaagent.jar. If the -javaagent JVM argument is not used the server runtime starts, but applications fail to start with no obvious exceptions.

[8.5.5.6 or later]

WebSphere MQ resource adapter and generic JCA support related restrictions

The WebSphere® MQ resource adapter can be used within the WebSphere Application Server Liberty by using either the wmqJmsClient-1.1 or wmqJmsClient-2.0 feature or by using generic JCA support.

You can use the WebSphere MQ resource adapter version 7.5 with Liberty version 8.5.5 and later. If you want to use WebSphere MQ resource adapter version 8.0, which is based on JMS 2.0 resource adapter, you must ensure that you are using the latest Liberty version that is compatible with the JMS 2.0 resource adapter.

Notes:
  • With Liberty version 8.5.5.2, the wmqJmsClient-1.1 feature must be used with a IBM MQ resource adapter version 7.5.0.5 or later.
  • With Liberty version 8.5.5.6, the wmqJmsClient-2.0 feature must be used with a IBM MQ resource adapter version 8.0.0.3 or later

To know more about the version compatibility information between WebSphere MQ resource adapter and Liberty, see the Reference to obtain the WebSphere MQ resource adapter.

If you are using generic JCA support, the following restrictions apply:
  • To run the IBM® WebSphere MQ resource adapter on z/OS®, you must use the wmqJmsClient-1.1 or wmqJmsClient-2.0 feature.
  • Tracing and logging are not integrated within the Liberty trace system using generic JCA. Trace is written to a separate file, and it must be enabled by setting the system properties. The procedure to enable tracing is the same as configuring the WebSphere MQ classes for JMS trace facility for a Java Standard Environment. See Java Standard Environment Trace stanza.
  • The IBM MQ classes for Java are not supported in Liberty. They must not be used with either the IBM MQ Liberty messaging feature or with the generic JCA support. For more information, see Using WebSphere MQ Java Interfaces in J2EE/JEE Environments.

Versioning is not possible for applications in the "dropins" directory

For applications in the "dropins" directory, the file name and file extension are used by the application monitor to determine the type of application, and to generate the application id and application name. It is therefore not possible to specify the version number for the application by using the file name or file extension. In a production environment, you are not recommended to use the "dropins" directory.

Shared session applications must store session objects in shared libraries

When you are using the shared-session-context application extension, or <shared-session-context value="true"/> in ibm-application-ext.xml, all objects that are stored in the session must be available in the shared libraries that are associated with the application so that the session can be invalidated.

Configuring session persistence

There is only one server.xml file for each server, not a server.xml file for each EAR or WAR file. You set session persistence in a database by adding:

<httpSessionDatabase id="SessionDB" dataSourceRef="SessionDS" ... /> 

In Liberty, this setting for the database applies to all EAR and WAR files. It is not possible to set up some databases with session persistence and others without.

Ported locally transacted JMS sessions do not work in Liberty

In WebSphere Application Server traditional, you can develop applications to take advantage of locally transacted JMS sessions. When you port these applications to Liberty, these applications behave differently or do not work at all.

Even though WebSphere Application Server traditional allows locally transacted JMS sessions, porting a WebSphere Application Server traditional locally transacted JMS session to Liberty is not allowed.

Admin Center feature restrictions

For the adminCenter-1.0 feature, the following restriction applies:
  • [8.5.5.2 or later]Using an IBM Java virtual machine (JVM) available with a WebSphere Application Server traditional product, such as Network Deployment, can cause WebSphere Liberty Administrative Center ("Admin Center") to not display in a browser. By default, the IBM JVM available with the WebSphere Application Server traditional product points to security classes that are available only with the WebSphere Application Server traditional product, and not to security classes needed by Admin Center, which requires Secure Sockets Layer (SSL). Use a JVM that supports Liberty products and SSL.
    [8.5.5.4 or later]You can get a JVM that supports Liberty products and SSL from Installation Manager offerings or developerWorks:
    • Using Installation Manager, select the Liberty product first and then select WebSphere SDK for Liberty. Use Installation Manager to install the Liberty product and software development kit (SDK). The WebSphere SDK for Liberty includes the needed support for Liberty products and SSL and offers a Java client, JConsole.
    • Go to http://www.ibm.com/developerworks/java/jdk/index.html on the developerWorks website and download an IBM Java development kit (JDK) for your operating system. The developerWorks website does not have a JVM for all operating systems. For example, you have to get the JDK from Eclipse for Windows operating systems.
  • [8.5.5.4 or later]From the Admin Center Deploy tool, you cannot use the Use the connection method and credentials configured for each target host option of Remote Management Credentials to deploy Liberty 8.5.5.3 or earlier server package to a registered host. The server package must support Liberty 8.5.5.4 or later.
  • [8.5.5.5 or later]The CPU Usage chart of the Admin Center Monitor view shows either 0% or null% CPU usage for JVMs that do not supply process CPU statistics. For information about the chart, see Monitoring metrics in Admin Center.

Bean validation feature restrictions

For the beanvalidation-1.0 feature, the following restriction applies:
  • There is no support for bean validation inside OSGi applications.
[8.5.5.6 or later]For the beanValidation-1.1 feature, the following restrictions apply:
  • There is no support for bean validation inside OSGi applications.
  • Applications that provide a custom ConstraintValidatorFactory implementation in a validation.xml file with the beanValidation-1.0 feature do not compile against the Bean Validation 1.1 API.
  • [Updated in September 2015]If a validation.xml file is not located in the module it is associated with, then there can be only one validation.xml file and the com.ibm.ws.beanvalidation.allowMultipleConfigsPerApp property must be set to false in either of the following files:
    • jvm.options
      -Dcom.ibm.ws.beanvalidation.allowMultipleConfigsPerApp=false
    • bootstrap.properties
      com.ibm.ws.beanvalidation.allowMultipleConfigsPerApp=false
    [Updated in September 2015]

Dynamic cache feature restrictions

The following dynamic cache features are not available or have limited availability:
  • Cache replication is not supported.
  • Only high performance disk caching mode is supported with random and size based eviction techniques.
  • There is no support for Web Services client and server side caching as well as portlet cache in the cachespec.xml file.
  • There is no support for servlet caching of SingleThreadModel servlets.
  • Defining cache configuration by using properties files is not supported for JAR files that contain only Enterprise JavaBeans (EJBs).
  • Limiting a heap cache size works only for 32-bit Java virtual machines (JVM).

ejbLite-3.1 feature restrictions

For the ejbLite-3.1 feature, the following restrictions apply:
  • EJB modules prior to version 3.0 are not supported. This restriction also means that bindings and extensions using the .xmi file format rather than the .xml file format are not supported.
  • Session beans are not bound to the ejblocal namespace, which means JNDI lookups and ejb-ref binding names must use java:global, java:app, or java:module names. The simple-binding-name and interface binding-name elements are ignored in ibm-ejb-jar-bnd.xml files.
  • The stateful bean passivation directory is not configurable. Files are passivated to the server work area.
[8.5.5.6 or later]

jpa-2.1 feature restrictions

For the jpa-2.1 feature, JPA entity exchange over CORBA/RMI-IIOP requires that both participants in the communication must enable identical JPA feature levels.

jsp-2.2 feature restrictions

For the jsp-2.2 feature, the following restriction applies:
  • There is no support for the useInMemory configuration option to only store the translated JSP file in memory.
[8.5.5.9 or later]

logstashCollector-1.0 feature restrictions

The following limitations apply to the logstashCollector-1.0 feature:
  • Data Loss – Some events that are generated in Liberty might not be forwarded to Logstash as expected. Data loss might occur under the following scenarios:
    1. Starting the Liberty server before the Logstash server is started. It is recommended that you start the Logstash server before starting the Liberty server.
    2. Heavy load conditions. Events might be dropped in cases where events are created in Liberty faster than they can be processed by Liberty's event pipeline, Logstash, and any other downstream consumers. Liberty uses buffers to avoid data loss when event creation is briefly faster than event consumption.
  • The logstashCollector-1.0 feature is tested and is compatible with Logstash V2.x.

monitor-1.0 feature restriction

For the monitor-1.0 feature, the following restriction applies:
  • When the feature is removed from the server.xml file, you must restart the server to make the JAX-WS applications work.
[8.5.5.6 or later]

requestTiming-1.0 feature restrictions

For the requestTiming-1.0 feature, the following restriction applies:
  • The requestTiming-1.0 feature, when activated, has been shown to have an 4% impact on maximum possible application throughput when measured with the DayTrader application. While the impact on your application might be more or less than that, you should be aware that some performance degradation might be noticeable.
[8.5.5.6 or later]

restConnector-1.0 feature restriction

For the restConnector-1.0 feature, the following restriction applies:

  • Users of the restConnector-1.0 feature or any feature that includes restConnector-1.0, such as collectiveMember-1.0 and collectiveController-1.0, who want to run applications containing a custom JAXRS 2.0 runtime must add the jaxrs-2.0 feature to that server.
[8.5.5.8 or later]

scim-1.0 feature restrictions

The following restrictions apply for the scim-1.0 feature:
  • The members attributes are not retrieved while searching for groups.
  • The groups attributes of users are not retrieved while searching for users.
  • The Canonical type of direct/indirect cannot be set for groups attribute of users.
  • Only one email attribute of user of Canonical type, work, can be defined.
  • Only one ims attribute of user of Canonical type, work, can be defined.
  • Extended schema attributes of SCIM such as entitlements, roles and x509Certificates cannot be set or returned.
  • The userName attribute cannot be used with some other attibutes in a filter.
  • For users in Basic and SAF registries, only userName, displayName, id, schema, meta.location and groups can be set. The userName and displayName will have the same value.
  • List/query with Basic and SAF registries does not work the same as the ldapRegistry registry.
  • Operators like pr, gt, ge, lt, le, and, or, and () will not work with Basic and SAF registries. Also, only one operator must be used in the filter for Basic and SAF registries.
  • Basic and SAF are read only registries.
  • While creating user, groups attribute cannot be set.

wmqJmsClient-1.1 feature restrictions

For the wmqJmsClient-1.1 feature, the following restrictions apply:
  • You must manually set the PATH variable in the Windows environment variables to point to the IBM MQ installation bin directory. You must set this path variable when the application uses the BINDING connection mode.
  • The IBM MQ classes for Java (generally called the Base Java) are not included in the wmqJmsClient-1.1 feature. This is included in the Resource Adapter for other application servers but is not recommended for the Base Java APIs in the Java Enterprise Edition environments. For more information, see Using IBM MQ Java Interfaces in J2EE/JEE Environments.
  • The BINDINGS_THEN_CLIENT transport type of IBM MQ resource adapter is not supported for the wmqJmsClient-1.1 feature.
  • The Advanced Messaging Security (AMS) feature is not included for the wmqJmsClient-1.1 feature.
[8.5.5.6 or later]

wmqJmsClient-2.0 feature restrictions

For the wmqJmsClient-2.0 feature, the following restrictions apply:
  • You must manually set the PATH variable in the Windows environment variables to point to the IBM MQ installation bin directory. You must set this path variable when the application uses the BINDING connection mode.
  • The IBM MQ classes for Java (generally called the Base Java) are not included in the wmqJmsClient-2.0 feature. This is included in the Resource Adapter for other application servers but is not recommended for the Base Java APIs in the Java Enterprise Edition environments. For more information, see Using IBM MQ Java Interfaces in J2EE/JEE Environments.
  • The BINDINGS_THEN_CLIENT transport type of IBM MQ resource adapter is not supported for the wmqJmsClient-2.0 feature.

concurrent-1.0 feature restrictions

[8.5.5.4 or later]For the concurrent-1.0 feature, the following restrictions apply:

For the thread context of type securityContext, any custom information in the subject that was not added by using a JAAS login module will not be propagated. For example, if the submitter's subject contains a custom Principal that was added by a TAI, the propagated subject will not contain this custom Principal.

[8.5.5.6 or later]

jacc-1.5 feature restrictions

For the jacc-1.5 feature, the following configurations are ignored:
  • Authorization information (the users and groups attributes of the authorizations attribute) in an ibm-application-bnd.xml file or an ibm-application-bnd.xmi file of the application's ear file.
  • Authorization information (the user, group and special-subject attributes of the security-role attribute in the application-bnd element) in the server.xml file.

Icon that indicates the type of topic Reference topic



Timestamp icon Last updated: Tuesday, 12 December 2017
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=rwlp_restrict
File name: rwlp_restrict.html