How to enable GZIP compression in Wildfly 8.2

Front-End Application performance is the key to improve user experience. Users expect pages to be loaded in two seconds. With large JavaScript libraries used for dynamic sites this is even more challenging. To speed up page loading and data transmission it is highly recommended (Google PageSpeed Rules, YSlow) to enable transparent gzip compression on the web-server. All modern browser support it.

Activate gzip compression in wildfly configuration file (e.g. standalone.xml) using the gzip filter as follows:

<subsystem xmlns="urn:jboss:domain:undertow:1.2">
  <server name="default-server">
    <host name="default-host" alias="localhost">
      <filter-ref name="gzipFilter" predicate="exists['%{o,Content-Type}'] and regex[pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true]"/>
      <filter-ref name="Vary-header"/>
    </host>
  </server>
  <filters>
    <gzip name="gzipFilter"/>
    <response-header name="Vary-header" header-name="Vary" header-value="Accept-Encoding"/>
  </filters>
</subsystem>

This enables compression based on resource content type for javascript, html and css.
Important:
To make proxy servers happy, you have to add the Vary: Accept-Encoding header as shown above if you use gzip compression. For details see here.

Check the site using Google PageSpeed Insights, Firebug plugin for Firefox or Chrome developer tools. Or use online tools like Pingdom Website Speed Test.

How to disable SSLv3 on WildFly 8.1

SSL 3 is dead.
Because of POODLE attacks it is better security practice to disable SSLv3 and adopt only TLS. To disable SSLv3 on WildFly 8.1 set the enabled-protocols attribute of the https-listener node of the undertow subsystem in the wildfly configuration file (e.g. standalone.xml) accordingly:

<subsystem xmlns="urn:jboss:domain:undertow:1.1">
  <server name="default-server">
    <https-listener name="https" socket-binding="https" security-realm="SSLRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>

Possible values for the enabled-protocols attribute in WildFly 8.1 are:

• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2

Multiple values can be separated by comma, e.g.:
enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"

Install JDK 8 manually on Windows

To install the JDK manually on a windows system:

• Download the JDK Executable from Oracle
• Extract the content of the installer exe to an empty folder (e.g. c:\jdk8)
• Extract the extracted tools.zip into the same folder
• Delete the tools.zip after successfull extraction 
• Open a command line and change into the folder (cd c:\jdk8)
• In the extraction directory execute (one line):
  

  for /r %x in (*.pack) do .\bin\unpack200 -r "%x" "%~dx%~px%~nx.jar"

• Set the JAVA_HOME environment variable if required

Update Glassfish 3.1.2.2 Eclipselink Version to 2.5.1

Glassfish 3.1.2.2 ships with EclipseLink 2.3.2 as JPA Provider. To update the bundled version to a newer (2.5.1 in this case) do the following:

1) Download the new EclipseLink OSGi Bundles from the EclipeLink download site and unzip the archive to a folder on your disk.

2) Make a backup of your current Glassfish modules folder. Assuming you have installed Glassfish in C:\glassfish-3.1.2.2 the modules folder is C:\glassfish-3.1.2.2\glassfish\modules.

3) Delete all JAR files in your current Glassfish modules folder beginning with org.eclipse.persistance.* and the JAR file javax.persistence.jar.

 4) From the downloaded OSGi bundles archive copy all JAR files beginning with org.eclipse.persistance.* but not the source files (containing source in their name) to your Glassfish modules folder. And copy the JAR file beginning with javax.persistance.* to your Glassfish modules folder, too.

5) Clear the contents of the OSGi cache for each domain from the domains osgi-cache folder. Assuming you have installed Glassfish in C:\glassfish-3.1.2.2 the domains OSGi cache folder for domain1 is C:\glassfish-3.1.2.2\glassfish\domains\domain1\osgi-cache.

You can simply delete the whole osgi-cache folder. It will be recreated during next startup of the domain.

You can now start your Glassfish server with updated EclipseLink modules.