Update prod#4777
Merged
navaneethsnair1 merged 8 commits intoprodfrom Apr 7, 2026
Merged
Conversation
First draft of 26.0.0.4-beta blog
Update to 26.0.0.4-beta blog
Updates to 26.0.0.4-beta blog
ayoho
reviewed
Apr 7, 2026
| ** <<jakarta_security, Application Security 6.0 (Jakarta Security 4.0)>> | ||
| * <<java_26, Beta support for Java 26>> | ||
| * <<mcp, Updates to `mcpServer-1.0`>> | ||
| * <<data_1.1, Preview of some Jakarta Data 1.1 M2 capability>> |
Member
There was a problem hiding this comment.
This anchor isn't working - I suspect having a . in it won't work.
| // Blog issue: https://github.com/OpenLiberty/open-liberty/issues/34299 | ||
| // Contact/Reviewer: njr-11 | ||
| // // // // // // // // | ||
| [#data_1.1] |
Member
There was a problem hiding this comment.
Don't forget to update the anchor name here.
|
|
||
| ===== Application Specification | ||
|
|
||
| The link:https://jakarta.ee/specifications/security/4.0/jakarta-security-spec-4.0#handling-multiple-authentication-mechanisms[Jakarta Security 4.0] specification allows multiple multiple HTTP Authentication Mechanisms (HAMs) to be defined within a single application, as shown in the following example: |
Member
There was a problem hiding this comment.
Suggested change
| The link:https://jakarta.ee/specifications/security/4.0/jakarta-security-spec-4.0#handling-multiple-authentication-mechanisms[Jakarta Security 4.0] specification allows multiple multiple HTTP Authentication Mechanisms (HAMs) to be defined within a single application, as shown in the following example: | |
| The link:https://jakarta.ee/specifications/security/4.0/jakarta-security-spec-4.0#handling-multiple-authentication-mechanisms[Jakarta Security 4.0] specification allows multiple HTTP Authentication Mechanisms (HAMs) to be defined within a single application, as shown in the following example: |
| @Inject @Fallback // this will be the Custom HAM | ||
| private HttpAuthenticationMechanism fallbackHAM; | ||
|
|
||
| public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, |
Member
There was a problem hiding this comment.
Suggested change
| public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, | |
| public AuthenticationStatus validateRequest(HttpServletRequest request, | |
| HttpServletResponse response, |
|
|
||
| Tools can now be registered dynamically through an API. This capability allows the set of available tools on the server to be adjusted based on configuration or environment. | ||
|
|
||
| Tools can be registered by injecting `ToolManager` and calling its methods to add, remove, and list the available tools on the server. The full Javadoc for `ToolManager` can be found within the liberty beta in `dev/api/ibm/javadoc/io.openliberty.mcp_1.0-javadoc.zip`. |
Member
There was a problem hiding this comment.
Suggested change
| Tools can be registered by injecting `ToolManager` and calling its methods to add, remove, and list the available tools on the server. The full Javadoc for `ToolManager` can be found within the liberty beta in `dev/api/ibm/javadoc/io.openliberty.mcp_1.0-javadoc.zip`. | |
| Tools can be registered by injecting `ToolManager` and calling its methods to add, remove, and list the available tools on the server. The full Javadoc for `ToolManager` can be found within the Liberty beta in `dev/api/ibm/javadoc/io.openliberty.mcp_1.0-javadoc.zip`. |
| === Bug fixes | ||
|
|
||
| * During cancellation of a tool call, we check that both the session id and the authenticated user match the session id and the user that made the tool call. Previously only the session id was checked. | ||
| * Messages that are returned to the MCP client no longer contain OpenLiberty message codes. |
Member
There was a problem hiding this comment.
Suggested change
| * Messages that are returned to the MCP client no longer contain OpenLiberty message codes. | |
| * Messages that are returned to the MCP client no longer contain Open Liberty message codes. |
| [#data_1.1] | ||
| == Preview of some Jakarta Data 1.1 M2 capability | ||
|
|
||
| Previews some new capability at the Jakarta Data 1.1 Milestone 2 level: `Constraint` subtype parameters for repository methods that constraints to repository `@Find` operations and limited use of `Restriction` with repository `@Find` operations. Also included from the prior beta are: retrieving a subset/projection of entity attributes and the `@Is` annotation. |
Member
There was a problem hiding this comment.
Suggested change
| Previews some new capability at the Jakarta Data 1.1 Milestone 2 level: `Constraint` subtype parameters for repository methods that constraints to repository `@Find` operations and limited use of `Restriction` with repository `@Find` operations. Also included from the prior beta are: retrieving a subset/projection of entity attributes and the `@Is` annotation. | |
| Previews some new capability at the Jakarta Data 1.1 Milestone 2 level: `Constraint` subtype parameters for repository methods that constrain to repository `@Find` operations and limited use of `Restriction` with repository `@Find` operations. Also included from the prior beta are: retrieving a subset/projection of entity attributes and the `@Is` annotation. |
|
|
||
| Jandex index support requires explicit enablement. See the `useJandex` property on `applicationManager` and on `application` elements. The new `useJandexUnderClasses` property is meaningful only if the `useJandex` property is `true`. | ||
|
|
||
| For compatibility with an earlier versions, reads of Jandex from the new location requires explicit enablement. See the new *useJandexUnderClasses* property, as documented previously. Explicit enablement is required to prevent applications from accidentally reading an out of date Jandex index from the new location. An out of date Jandex index might cause hard to detect application errors. |
Member
There was a problem hiding this comment.
Suggested change
| For compatibility with an earlier versions, reads of Jandex from the new location requires explicit enablement. See the new *useJandexUnderClasses* property, as documented previously. Explicit enablement is required to prevent applications from accidentally reading an out of date Jandex index from the new location. An out of date Jandex index might cause hard to detect application errors. | |
| For compatibility with earlier versions, reads of Jandex from the new location require explicit enablement. See the new *useJandexUnderClasses* property, as documented previously. Explicit enablement is required to prevent applications from accidentally reading an out of date Jandex index from the new location. An out of date Jandex index might cause application errors that are hard to detect. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Link to new beta blog here