Merge branch 'release/3.0.0'

.gitignore

@@ -11,3 +11,5 @@
 target/
 
 pom.xml.versionsBackup
+
+.DS_Store

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2018-2019 Jesse Gallagher
+   Copyright 2018-2021 Jesse Gallagher
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NOTICE.md

@@ -1,6 +1,6 @@
 Domino Open Liberty Runtime
 
-(c) Copyright 2018-2020 Jesse Gallagher
+(c) Copyright 2018-2021 Jesse Gallagher
 
 This product includes software contributed to
 OpenNTF Alliance (http://www.OpenNTF.org/)
@@ -13,17 +13,38 @@ This product contains the following 3rd party code:
 - Classes derived from IBM Commons, which is available from https://github.com/OpenNTF/SocialSDK/tree/master/commons/com.ibm.commons and is licensed under the Apache License 2.0
 	- The original NOTICE is included in the "legal" directory, but none of the referenced third-party code is included
 - json-simple, which is available from https://github.com/fangyidong/json-simple and is licensed under the Apache License 2.0
-- Classes derived from the Darwino Domino API, which is available from https://github.com/darwino/domino-napi and is licensed under the Apache License 2.0
-	- The original NOTICE is included in the "legal" directory, but none of the referenced third-party code is included
 - Classes from Apache Commons Compress, which is available from https://commons.apache.org/proper/commons-compress/ and is licensed under the Apache License 2.0
 	- The original NOTICE is included in the "legal" directory, but none of the referenced third-party code is included
 - The Darwino Domino NAPI, which is available from https://github.com/darwino/domino-napi and is licensed under the Apache License 2.0
+	- The original NOTICE is included in the "legal" directory, but none of the referenced third-party code is included
 - XML classes from the OpenNTF Domino API, which is available from https://github.com/OpenNTF/org.openntf.domino, is copyright 2013-2020 the OpenNTF Domino API Team, and is licensed under the Apache License 2.0
 	- The original LICENSE and NOTICE are included in the "legal" directory with the "-ODA" suffix, but none of the referenced third-party code is included
+- Undertow, which is available from https://github.com/undertow-io/undertow, is copyright 2014-2021 Red Hat, Inc., and individual contributors, and is licensed under the Apache License 2.0
+- RestEasy, which is available from https://resteasy.github.io, is copyright Red Hat, Inc., and is licensed under the Apache License 2.0
+- JBoss Logging, which is available from https://github.com/jboss-logging/jboss-logging and is licensed under the Apache License 2.0
+- Apache HttpComponents Core and Client, which are available from https://hc.apache.org and are licensed under the Apache License 2.0
+- Apache Commons IO, which is available from https://commons.apache.org/proper/commons-io/ and is licensed under the Apache License 2.0
+- Apache Commons Codec, which is available from https://commons.apache.org/proper/commons-codec/ and is licensed under the Apache License 2.0
+- Apache Commons Logging, which is available from https://commons.apache.org/proper/commons-logging/ and is licensed under the Apache License 2.0
+- The Jakarta Activation API, which is available from https://projects.eclipse.org/projects/ee4j.jaf and is licensed under the Eclipse Public License
+- The Jakarta Bean Validation API, which is available from https://projects.eclipse.org/projects/ee4j.bean-validation and is licensed under the Eclipse Public License
+- The Jakarta Annotations API, which is available from https://projects.eclipse.org/projects/ee4j.ca and is licensed under the Eclipse Public License
+- The Jakarta REST API, which is available from https://projects.eclipse.org/projects/ee4j.jaxrs and is licensed under the Eclipse Public License
+- Reactive Streams, which is available from https://github.com/reactive-streams/reactive-streams-jvm and is licensed under MIT-0
 
 The runtime may automatically download and execute the following 3rd party code:
 
 - Open Liberty, which is available from https://openliberty.io and is licensed under the Eclipse Public License 1.0
 - AdoptOpenJDK, which is available from https://adoptopenjdk.net and is licensed as:
 	- The OpenJDK code is licensed under GPL v2 with Classpath Exception (GPLv2+CE)
-	- OpenJ9 is licensed under Eclipse Public License 2, with compatible sub-project licenses enumerated at https://github.com/eclipse/openj9/blob/master/LICENSE
+	- OpenJ9 is licensed under Eclipse Public License 2, with compatible sub-project licenses enumerated at https://github.com/eclipse/openj9/blob/master/LICENSE
+- GraalVM CD builds, which are available from https://github.com/graalvm/graalvm-ce-builds and contains components licensed with the following (https://github.com/oracle/graal/):
+	- [Truffle Framework](/truffle/) and its dependency [GraalVM SDK](/sdk/) are licensed under the [Universal Permissive License](truffle/LICENSE.md).
+	- [Tools](/tools/) project is licensed under the [GPL 2 with Classpath exception](tools/LICENSE).
+	- [TRegex](/regex/) project is licensed under the [Universal Permissive License](regex/LICENSE.md).
+	- [GraalVM compiler](/compiler/) is licensed under the [GPL 2 with Classpath exception](compiler/LICENSE.md).
+	- [Substrate VM](/substratevm/) is licensed under the [GPL 2 with Classpath exception](substratevm/LICENSE).
+	- [Sulong](/sulong/) is licensed under [3-clause BSD](sulong/LICENSE).
+	- [GraalWasm](/wasm/) is licensed under the [Universal Permissive License](wasm/LICENSE).
+	- [VM](/vm/) is licensed under the [GPL 2 with Classpath exception](vm/LICENSE_GRAALVM_CE).
+	- [VS Code](/vscode/) extensions are distributed under the [UPL 1.0 license](/vscode/graalvm/LICENSE.txt).

README-develop.md

@@ -0,0 +1,37 @@
+# Developer Readme
+
+The Domino Open Liberty Runtime is made up of several major components:
+
+## Domino Runtime
+
+The Domino runtime consists of most of the modules in the "bundles" directory, which are by default packaged as OSGi bundles. However, since the runtime can also be packaged as a RunJava extension, there are several rules the code attempts to follow:
+
+* Use ServiceLoader extensions for cross-module capabilities. To this end, most bundles are fragments attached to the `org.openntf.openliberty.domino` host so that their services will be available to the runtime in the same way regardless of context.
+* Avoid any assumptions about the presence of OSGi when at all possible. For example, only `org.openntf.openliberty.domino.httpservice` (the HTTP-task-bound runner) and `org.openntf.openliberty.domino.httpident` (the HTTP-based identity servlet) have any knowledge of OSGi or the Equinox servlet environment.
+* Limit dependencies and repackage necessary ones internally, as with Apache Commons Compress and portions of IBM Commons. Since RunJava deployment requires putting the packaged JAR in the global classpath, it's critical to avoid polluting it with dependencies that could reasonably show up at the OSGi or agent level.
+
+### Runtime Extensions
+
+The runtime has several extension points available, some of which are intended to represent a single provider of a vital capability and some of which are intended for multi-service extension.
+
+#### Required Services
+
+* `org.openntf.openliberty.config.RuntimeConfigurationProvider` is used to load global configuration for the runtime. The implementation for this is found in `org.openntf.openliberty.domino.adminnsf`, which reads the configuration from libertyadmin.nsf.
+* `org.openntf.openliberty.domino.runtime.RuntimeDeploymentTask` is used to find the location of the active Open Liberty installation. The implementation for this is found in the core module, which reads Liberty coordinates from the `RuntimeConfigurationProvider`, downloads it from Maven Central, and provides it to the runtime.
+* `org.openntf.openliberty.domino.reverseproxy.ext.ReverseProxyConfigProvider` is used by the Reverse Proxy service to find the configuration for the proxy. This is also provided in `org.openntf.openliberty.domino.adminnsf`, which reads the Domino server configuration from names.nsf and reverse-proxy config from libertyadmin.nsf.
+* `org.openntf.openliberty.domino.config.RuntimeAccessProvider` is used by services to check whether a given user has permission to perform a task. This is provided in `org.openntf.openliberty.domino.adminnsf`, which reads roles from the ACL of the libertyadmin.nsf database.
+* `org.openntf.openliberty.domino.runtime.AppDeploymentProvider` is used to deploy new and updated apps to the central configuration. This is also provided in `org.openntf.openliberty.domino.adminnsf`, which updates the server and app documents in libertyadmin.nsf.
+
+#### Extension Services
+
+* `org.openntf.openliberty.domino.jvm.JavaRuntimeProvider` is used to find the location of a Java runtime for a given version and type (such as "HotSpot"). Standard implementations of this, which provide the currently-running JVM and AdoptOpenJDK builds as options, are found in the core module.
+* `org.openntf.openliberty.domino.ext.RuntimeService` allows for an extended `Runnable` to be launched when the core starts, and to receive notifications about server lifecycles and other events.
+* `org.openntf.openliberty.domino.server.wlp.LibertyExtensionDeployer` allows for the deployment of ESA-based Liberty extensions into the runtime. It also provides the information needed by the "Integration Features" checkboxes in the admin NSF to auto-register in the deployed server.xml
+
+### Event Queue
+
+The `OpenLibertyRuntime` class has a small event-broker capability, where `org.openntf.openliberty.domino.event.EventRecipient` instances can register themselves to be notified of various events during runtime. These events are subclasses of `java.util.EventObject`, and so implementations should check for specific subclass instances to determine the nature of incoming events.
+
+## Liberty Extensions
+
+In addition to the core runtime, there are several Open Liberty extensions that may be deployed with the Liberty instances. These are denoted by "org.openntf.openliberty.wlp" prefixes in the "bundles" directory, and also make up all the modules in the "subsystems" directory. The Liberty extensions each have corresponding Domino bundles to deploy them. For example, `bundles/org.openntf.openliberty.wlp.notesruntime` is packaged into a Liberty subsystem by `subsystems/notesRuntime`, which in turn is provided to Domino by `bundles/org.openntf.openliberty.domino.notesruntime`.

README.md

@@ -42,40 +42,25 @@ The runtime supports several Domino console commands, all of which are prefixed
 * `restart`: Equivalent to `stop` followed by `start`
 * `help`: Get a listing of currently-supported options
 
-## Liberty Server Extensions
-
-Deployed Liberty servers are installed with several custom features, which can be enabled per-server in the server configuration document in the NSF.
-
-### Notes Runtime
-
-The `notesRuntime-1.0` feature handles initialization and termination of the Notes runtime for the Liberty process, allowing individual web apps to skip this step and not compete.  This feature sets the Java property `notesruntime.init` to `"true"` when enabled, so  apps can check for that and skip process initialization.
+## Reverse Proxy
 
-### Domino Proxy
+The installation contains a reverse proxy that can be enabled in the main configuration document of `libertyadmin.nsf`. In there, you can specify ports to listen on as well as a TLS private key and certificate chain, if desired. By default, the reverse proxy will relay all requests to the Domino server, while individual WAR apps deployed to Liberty servers can also be included via their documents. When they are marked as such, their context roots will be forward to them first, rather than to Domino.
 
-bootstrap.properties or server.env:
+## Admin REST API
 
-```properties
-Domino_HTTP=http://localhost:8080/
-DominoProxyServlet.sendWsis=false
-```
+When installed on Domino, the runtime provides an Admin API at `/org.openntf.openliberty.domino/admin`. The available resources are described in "adminapi.yaml".
 
-This feature can be used to cause any unmatched requests to the Liberty server to proxy to the equivalent URL on Domino, allowing it to serve as the main front-end HTTP server.
+## Liberty Server Extensions
 
-The  property should point to your configured Domino HTTP stack. In this case, Domino can be configured to bind to HTTP on "localhost" only for security purposes.  If the proxy target should be different from `dominoUserRegistry` below, you can specify `DominoProxyServlet.targetUri` as the target instead and it will take priority.
+Deployed Liberty servers are installed with several custom features, which can be enabled per-server in the server configuration document in the NSF.
 
-The `DominoProxyServlet.sendWsis` property tells the proxy whether or not to send the connector header to Domino that indicates whether or not the incoming connection is SSL. It's often useful to leave this as the default of "true", but it may be necessary in some cases to set it to "false" to work around the Domino HTTP stack's lack of knowledge of multiple SSL-enabled web sites.
+### Notes Runtime
 
-Finally, to enable advanced proxy features, set `HTTPEnableConnectorHeaders=1` in your Domino server's notes.ini. This property allows Domino to treat proxied requests as if they were coming from the original client machine instead of the local proxy. If you enable this, it is *very important* that you ensure that the Domino server's HTTP stack is not publicly available, and ideally is bound to "localhost" only.
+The `notesRuntime-1.0` feature handles initialization and termination of the Notes runtime for the Liberty process, allowing individual web apps to skip this step and not compete.  This feature sets the Java property `notesruntime.init` to `"true"` when enabled, so  apps can check for that and skip process initialization.
 
 ### Domino User Registry
 
-server.env:
-
-```properties
-Domino_HTTP=http://localhost:8080/
-```
-
-This feature allows the use of Domino credentials for Liberty authentication, when applicable. It proxies authentication requests through to the backing Domino server specified by `Domino_HTTP`, and so it should allow any authentication that is configured on the Domino server.
+This feature allows the use of Domino credentials for Liberty authentication, when applicable. It proxies authentication requests through to the backing Domino server specified by `Domino_HTTP`, and so it should allow any authentication that is configured on the Domino server. By default, `Domino_HTTP` is configured to be the local server, but it can be overridden in server.env.
 
 Additionally, it allows for a shared login by proxying cookies containing Domino authentication information to the backing Domino server to determine the username.