What’s New

What’s New in Java Agent 5.9.1

Encoding of extended characters in not-enforced rules

By default, Java Agent uses UTF-8 to encode extended characters in the resource paths of not-enforced rules.

The following new properties are available to change the character encoding in the resource paths and HTTP query parameters of not-enforced rules:

For more information, see Not Enforced Rules.

What’s New in Java Agent 5.9

JBOSS Installer Allows Profiles in Standalone Mode

In previous releases, the JBoss installer requested a profile only when the deployment mode was domain. From this release, the JBoss installer also requests a profile when the deployment mode is standalone.

For more information, see Install JBoss Java Agent.

Profile, Response, and Session Attributes Take Multiple Values

The following properties can now take multiple values:

In previous releases, these properties could take only one value.

Responding to AM Unavailability During Runtime

When the agent is not in autonomous mode, the following properties configure how Java Agent responds if AM becomes unavailable at runtime (for example, due to network errors):

Better Management of Agent Session Retirement

A problem was identified when an active agent session was retired, and Profile Attribute Fetch Mode was NONE. The first call made on behalf of an unauthenticated user was to retrieve session information. In these circumstances, AM returned an HTTP 200, with a reduced property set.

From this release, the agent monitors session notifications for destruction of its own session. Additionally, the agent assumes that if it has not received an HTTP 200 response to any request from AM for more than one minute, its token might have been subject to idle timeout retirement. In these circumstances, the agent validates its own token before retrieving the session information.

Improved Performance

In previous releases, the agent automatically maintained an internal not-enforced list, populated with all entries in the logout URI map, all entries in the access denied URI map, optionally the favicon.ico, and so on. For every incoming request, the agent searched the list without using the customary not-enforced caches.

The following improvements in this release improve results in ForgeRock’s performance testing framework:

  • More efficient matching of entries in the list

  • Optimized use of regular expressions in the remaining not-enforced code

  • Improved canonicalization of incoming URLs

Support for Multi-Byte Characters

Support for multibyte characters has been developed as follows:

  • Multibyte users are supported

  • Events are correctly audited for multibyte users

  • Correct local auditing of events associated with multibyte users, to files specified with multibyte paths

  • Correct remote auditing of events associated with multibyte users

  • Multibyte agent profile name

  • Multibyte agent password

  • Multibyte agent realm

  • Multibyte webapps

  • Multibyte not-enforced rules successfully match resources

  • Agent debug log can be specified with a multibyte path

  • Agent monitoring directory can be specified with a multibyte path