This release solves all issues to run SwiftMQ Streams on GraalVM. As you know, the JS scripting engine Nashorn, which is part of the JDK, is outdated and has been deprecated. So it will be removed from future JDKs.
GraalVM is a polyglot JVM, developed by Oracle and based on the JDK. It is mostly compatible with Nashorn but needs some porting effort which we have done. One quite complicated issue was even worth publishing on Medium.
SwiftMQ 12.2.0 is both compatible with GraalVM 20.1.0 or greater and Nashorn bundled with Java 8 or later. SwiftMQ 12.2.0 docker distributions are based on GraalVM 20.2.0.
Anonymous Client Access
In previous releases, anonymous clients could always connect to a router, even if authentication was enabled. But they required specific grants on resources (queues, topics) to perform any further action.
This has been changed with this release. Now, anonymous clients are not allowed to log in when authentication is enabled. There is no change for normal JMS connection as you have to specify username and password anyway if authentication is enabled.
However, there is a BREAKING change in JNDI connections. These are internally established over anonymous JMS connections. Since the default
public group contains a grant on topic
swiftmq.jndi, a JNDI lookup is possible.
This does not work with 12.2.0 anymore. You are now required to add a username and password to the JNDI-URL:
So before you upgrade:
Verify authentication is enabled or disabled (default).
If enabled, add username and password to the JNDI-URLs of your JMS clients.
A JNDI-URL with username and password works also in prior releases, so you can first change your clients and then do the upgrade.
Password Check Only
Since we now reject anonymous clients when authentication is enabled, we are now able to only perform the authentication by verifying the password and then let the client perform anything without specifying grants for resources. To enable this, add the following attributes to the Authentication Swiftlet configuration:
<swiftlet name="sys$authentication" authentication-enabled="true" password-check-only="true">