Stronger password encryption and new InstantOn-supported features in 25.0.0.1-beta

David Mueller on Dec 17, 2024

announcements , release , beta , security , performance-enhancements ,

Post available in languages:

The 25.0.0.1-beta release includes 256-bit AES password encryption and new additions to the collection of InstantOn-supported features.

Support for AES-256 password encryption
InstantOn support for Batch and Connectors Inbound Security features

Support for AES-256 password encryption

Open Liberty supports Advanced Encryption Standard (AES) encryption for passwords that are stored in the server.xml file. This AES encryption now uses an AES-256 bit key. For AES decryption, Open Liberty supports both AES-128 and AES-256. Previously, Open Liberty AES password encryption and decryption used only a 128-bit key. The 256-bit key provides stronger encryption, making encrypted passwords more secure.

To encrypt a password with AES-256 encryption, run the securityUtility encode command from the wlp/bin directory with the --encoding=aes option.

securityUtility encode --encoding=aes superAES256password

The response is a 256-bit AES encrypted password, similar to the following example:

{aes}ARD63x6FQx6+JHq11ngCKqzBXgel9Hc2XfgGGQ1SZHqmpsDFOCIVGke/55Hd9vca0/iktghLeI/bm+/vH8voezWMSk4+6qayrBNU0JeHnLwEIVtjLo0Xd+/BbHhJgsINQOr0zhT1WHSVFjvzYU3vFNYe473cZA==

You can now use this password in your server.xml file, for example in your keystore definition:

<keyStore id="MyKeyStore" password="{aes}ARD63x6FQx6+JHq11ngCKqzBXgel9Hc2XfgGGQ1SZHqmpsDFOCIVGke/55Hd9vca0/iktghLeI/bm+/vH8voezWMSk4+6qayrBNU0JeHnLwEIVtjLo0Xd+/BbHhJgsINQOr0zhT1WHSVFjvzYU3vFNYe473cZA==" />

For more information, see the following resources:

InstantOn support for Batch and Connectors Inbound Security features

Open Liberty InstantOn provides fast startup times for MicroProfile and Jakarta EE applications. InstantOn supports a subset of Open Liberty features. As of the 25.0.0.1-beta release, the following features are enhanced to support InstantOn:

Batch API (batch-1.0)
Jakarta Batch 2.0 (batch-2.0)
Jakarta Batch 2.1 (batch-2.1)
Java Connector Architecture Security Inflow 1.0 (jcaInboundSecurity-1.0)
Jakarta Connectors Inbound Security 2.0 (connectorsInboundSecurity-2.0)

This enhancement enables you to rapidly deploy applications that use these features by using Open Liberty InstantOn. For more information, see Faster startup for containerized applications with Open Liberty InstantOn.

Try it now

To try out these features, update your build tools to pull the Open Liberty All Beta Features package instead of the main release. The beta works with Java SE 23, 21, 17, 11, and 8.

If you’re using Maven, you can install the All Beta Features package using:

<plugin>
    <groupId>io.openliberty.tools</groupId>
    <artifactId>liberty-maven-plugin</artifactId>
    <version>3.11.1</version>
    <configuration>
        <runtimeArtifact>
          <groupId>io.openliberty.beta</groupId>
          <artifactId>openliberty-runtime</artifactId>
          <version>25.0.0.1-beta</version>
          <type>zip</type>
        </runtimeArtifact>
    </configuration>
</plugin>

You must also add dependencies to your pom.xml file for the beta version of the APIs that are associated with the beta features that you want to try. For example, the following block adds dependencies for two example beta APIs:

<dependency>
    <groupId>org.example.spec</groupId>
    <artifactId>exampleApi</artifactId>
    <version>7.0</version>
    <type>pom</type>
    <scope>provided</scope>
</dependency>
<dependency>
    <groupId>example.platform</groupId>
    <artifactId>example.example-api</artifactId>
    <version>11.0.0</version>
    <scope>provided</scope>
</dependency>

Or for Gradle:

buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'io.openliberty.tools:liberty-gradle-plugin:3.9.1'
    }
}
apply plugin: 'liberty'
dependencies {
    libertyRuntime group: 'io.openliberty.beta', name: 'openliberty-runtime', version: '[25.0.0.1-beta,)'
}

Or if you’re using container images:

FROM icr.io/appcafe/open-liberty:beta

Or take a look at our Downloads page.

If you’re using IntelliJ IDEA, Visual Studio Code or Eclipse IDE, you can also take advantage of our open source Liberty developer tools to enable effective development, testing, debugging, and application management all from within your IDE.

For more information on using a beta release, refer to the Installing Open Liberty beta releases documentation.

We welcome your feedback

Let us know what you think on our mailing list. If you hit a problem, post a question on StackOverflow. If you hit a bug, please raise an issue.

See all blog posts