Upgrade to Payara 6 and from EE 8 to EE 10 (end of Payara 5 Community Edition security patches Q2/2022)

[pdurbin]

As a "bklog: Deliverable" This is decomposed into smaller issues, grouped under D: Payara 6 Upgrade

---

Hat tip to @poikilotherm who posted in chat a link to a video in which Steve Millidge, founder of Payara, answered a question about how long Payara 5 Community Edition (which we recommend in the guides) will receive security patches: https://youtu.be/juD0XNNq344?t=1972

I've transcribed the question and answer:

Q: "For the Community Edition, when will v5 stop getting security patches?"

A: "Payara 5 in Community was basically... when we switch the main branch over to 6, which will be on the point of 6 release, then Community will march forward on Payara 6. So Payara 5 patches, if you like, will stop at that point through Community. So then it will be Enterprise where you'll get patches and security fixes for Payara 5. Payara Community essentially is a marching version so whenever the latest release is the latest release."

I didn't watch the whole video but @poikilotherm says Payara plans to switch the main branch to 6 in Q2/2022.

(By the way, #8064 is the issue where we're tracking the next 5.x upgrade from Payara. As of this writing we are advising installations to use Payara 5.2021.5: https://guides.dataverse.org/en/5.9/installation/prerequisites.html#payara )

[pdurbin]

At https://youtu.be/Bm8aNy2bcJ4?t=1121 some dates were shown for Payara 6. Here' are some screenshots:

[pdurbin]

Payara Server Community 6.2022.1 Alpha 2 is available for download from https://www.payara.fish/downloads/payara-platform-community-edition/

Based on https://github.com/payara/Payara/releases/tag/payara-server-6.2022.1.Alpha2 it looks like it came out on Feb 17.

[donsizemore]

Current state of develop on payara-6.2022.1.Alpha2 (openjdk 11.0.14):

[INFO] Building war: /tmp/dataverse/target/dataverse-5.9.war
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------

Deploying the application (dataverse.war)
Failed to deploy the application!

5,341 "Invalid signature file digest" SEVEREs, then:

org.xml.sax.SAXParseExceptionpublicId: file:/usr/local/payara6/glassfish/lib/schemas/web-fragment_3_1.xsd; lineNumber: 8; columnNumber: 27; Deployment descriptor file META-INF/web-fragment.xml in archive [omnifaces-3.8.jar].  TargetNamespace.1: Expecting namespace 'https://jakarta.ee/xml/ns/jakartaee', but the target namespace of the schema document is 'http://xmlns.jcp.org/xml/ns/javaee'
org.xml.sax.SAXParseException; systemId: file:/usr/local/payara6/glassfish/lib/schemas/web-fragment_3_1.xsd; lineNumber: 8; columnNumber: 27; TargetNamespace.1: Expecting namespace 'https://jakarta.ee/xml/ns/jakartaee', but the target namespace of the schema document is 'http://xmlns.jcp.org/xml/ns/javaee'

[donsizemore]

@pdurbin asked for the commit (1487650) and full server.log (attached as
payara6_server_log.zip )

[donsizemore]

I changed all instances of http://xmlns.jcp.org/xml/ns/javaee to https://jakarta.ee/xml/ns/jakartaee in uncch-rdmc@91ef326 but still get the namespace error on deployment.

@pdurbin notes the omnifaces error, and suggests an upgrade. OmniFaces 3.13 produces the same namespace error on deployment; omnifaces.org tells me "use 4.0-M13 instead. It’s the Jakartified version of 3.13."

A mvn package using OmniFaces 4.0.M-13 yields

[ERROR] /tmp/dataverse/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java:[89,50] cannot access jakarta.servlet.http.HttpServletRequest
  class file for jakarta.servlet.http.HttpServletRequest not found

I suppose I could drop back to OmniFaces 4.0.M-3 "(25 Oct 2020, Jakartified 3.8.1, still using Java 1.8)" but this seems wrong to me. Suggestions from smarter minds most welcomed.

[donsizemore]

Current state: Jim has an EE9 branch and Oliver has a Jakarta branch

• Oliver graciously used his commercial IntelliJ "migrate javax to jakarta" function, as a global search and replace isn't advised since not all javax packages will be migrated.
• Jakarta namespace change will require an OmniFaces upgrade and possibly a commons-fileupload upgrade/replacement
• Currently blocked by SWORD2 work, as the current SWORD implementation expects javax.*

One thing to note or to ignore: as of Nov 2021 Payara runs on the 17 LTS JDK.

[qqmyers]

In this upgrade, we need to see if #8064 (comment) is still relevant as an upgrade issue.

[Kris-LIBIS]

Payara just announced 5.2022.2 with the following remark:

"Please note: This is the penultimate Payara 5 Community release. Payara 6 Community will soon take its place, to be used with Jakarta EE 10. If you want to keep using earlier Java EE/Jakarta EE versions – we encourage you to move to Payara 5 Enterprise."

AFAIK, JDK 17 is not a must for Jakarta EE 10, but would be recommended.