Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade of Spring dependency to a more recent version #233

Merged
merged 2 commits into from
Sep 1, 2021
Merged

Upgrade of Spring dependency to a more recent version #233

merged 2 commits into from
Sep 1, 2021

Conversation

mbarto
Copy link
Contributor

@mbarto mbarto commented Aug 30, 2021

Connected to #232

The purpose of this work is to upgrade the Spring dependency to a more recent version, to enable implementing features that depend on Spring libraries that are not compatible with the actual 3.0.5 version.

Upgrading Spring required upgrading other libraries that depend on it. A short list:

Library Old New
Spring 3.0.5 5.3.9
Spring-security 3.0.5 5.3.10
CXF 2.3.2 3.4.4
Hibernate 3.3.2 5.5.0
JPA 1.0 2.1
hibernate-generic-dao 0.5.1 1.3.0-SNAPSHOT

After upgrading the libraries, all tests have been run (both offline and online) and passing. Some manual testing has been done too, including tests with MapStore.

Most of the changes in code are for:

  • changes in JPA 2.1 annotations
  • Password encoding moved to agecisecurity module
  • cleanup / fixing of REST apis produced media types, that were not working correctly anymore with upgraded libraries

BREAKING CHANGES:

  • csrf is enabled by default by the new spring security library, and this is conflicting with CXF endpoints, so this needs to be disabled in the geostore spring security configuration file (geostore-spring-security.xml):
<security:http auto-config="true" create-session="never" >
   ...
   <security:csrf disabled="true"/>
   ...
</security:http>
  • log4j and spring integration is automatic, and the related listener is not required anymore (and generates an error if not removed), so this needs to be removed from the application web.xml in depending projects (e.g. MapStore):
   <listener>
		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
   </listener>

@mbarto mbarto requested a review from offtherailz August 30, 2021 10:17
@mbarto mbarto mentioned this pull request Aug 30, 2021
Closed
3 tasks
@offtherailz
Copy link
Member

@mbarto can you please merge with master, so you can run the actions for unit tests.
I committed them an our ago.

@mbarto
Copy link
Contributor Author

mbarto commented Aug 30, 2021

@mbarto can you please merge with master, so you can run the actions for unit tests.
I committed them an our ago.

done

offtherailz
offtherailz reviewed Aug 31, 2021
View reviewed changes
Copy link
Member

@offtherailz offtherailz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

So we was actually synchronizing master with 1.8-SNAPSHOT with this PR geosolutions-it/MapStore2#7251
. Before merging we should update log4j too?

@mbarto
Copy link
Contributor Author

mbarto commented Aug 31, 2021

. Before merging we should update log4j too?

Not needed

@offtherailz
Copy link
Member

log4j and spring integration is automatic, and the related listener is not required anymore (and generates an error if not removed), so this needs to be removed from the application web.xml in depending projects (e.g. MapStore):

So I didn't understood this point.

@offtherailz offtherailz mentioned this pull request Sep 1, 2021
Closed
@offtherailz offtherailz merged commit 2959708 into geosolutions-it:master Sep 1, 2021
@offtherailz
Copy link
Member

as clarified with @mbarto I'm going to close my PR geosolutions-it/MapStore2#7251 in favor on #7172

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offtherailz offtherailz offtherailz approved these changes

Assignees

@mbarto mbarto

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mbarto @offtherailz