Onesait Platform upgrade to Spring Boot 3.2

20/05/2024 Fco. Javier López Acevedo

With Onesait Platform release 6.0.0-Vegas, we have upgraded the Spring Boot 2.7 runtime to Spring Boot 3.2.

Release 6.0.0-Vegas for Onesait Platform

With this, we aim to:

Access the new features and functionalities offered by this new version of Spring Boot.
Resolve vulnerabilities detected in previous versions of Spring Boot and its dependencies.

The changes made in Spring Boot 3 are heavy, involving a complete overhaul of the Platform. Among these changes we can highlight:

A minimum version of Java Runtime 17 or later is required. In addition, Spring Framework 6.0 is required.
Java EE has been migrated to Jakarta EE. This implies that we have to refactor javax to jakarta in the relevant imports. This way, Spring Boot 3 is compatible with the latest versions of servers such as Tomcat 10.1, Jetty 11 and Undertow 2.3.
Hibernate 6, an object-relational mapping tool for Java, is now used.
Added log-based observability of metrics with Micrometer and vendors such as OpenZipkin and OpenTelemetry.
Native compilation is enabled, allowing much lighter and faster executables to be generated.

Significant changes to the Platform

Hibernate 6.X: “optimisation” of JOINs, which can affect application performance if you don’t have Fetch LAZY relationships. In some cases of entity inheritance, it can even result in a failure, as it creates 165 joins queries and for example MariaDB allows maximum 61.
Migration to EclipseLink 4.0: for the previous reason, the Platform’s persistence engine for accessing ConfigDB has been migrated to EclipseLink; this has forced to change queries that were made regarding OPResource and ProjectResourceAccess.
EclipseLink L2 cache: by default a cache is activated, which a priori we will disable if we already have a cache manager at repository level, to avoid inconsistencies: properties.put(“eclipselink.cache.shared.default”, “false”);
Concatenation of metacharacters in Queries: it is possible to concatenate characters in the @Query of the repositories as long as they are not inside a function. For example, the typical LOWER(%:param%) will not work (it would work if it was not inside LOWER()). If we want to concatenate inside a query we must use the CONCAT(param1, param2…) function. An example: the typical LOWER(%:param%) should be put as CONCAT(‘%’, :param, ‘%’).
Native queries: in EclipseLink you have to use a different syntax for native queries, you can’t use named parameters, you have to use ‘?’ and the argument number.
AspectJ: in pointcut expressions that contain args() it is not able to map arguments if they have more than one variable declared, for example args(ontology, user,…) → String ontology, String user, in runtime it will tell us that it is ambiguous and the args cannot be mapped to the arguments of the method, we have to use reflection to get it through the JoinPoint.
Repositories: in the queries that you want to compare Enums with literals, you can no longer use the fully qualified class name: com.example.EnumT.Type.QUERY.
Spring security changes radically: WebSecurityConfigurerAdapter is no longer extended. You have to configure another type of Beans. Many deprecations.
Thymeleaf: there are important changes, such as elimination of request, session, etc. variables. Deprecation of “th:include” to “th:insert”, fragment syntax, etc. Appears in ControlPanel logs as WARN.
Multipart forms: changed the configuration we had and now it is generic, so it is important that if new multipart forms are created, the controller method will have to be POST type and POST + PUT for update cases for it to work.
Removed the dependency on Apache Calcite: to be able to lift the modules.
Removed the dependency on the CosmosDB project: since the client uses version 4 of the Apache http-client and is incompatible.
Disappears the basic Identity Manager (also called OAuth2Server): this is because the Spring Boot OAuth2 project is no longer supported.
Keycloak will be used as a single IM: the missing functionalities have been integrated: reset password, password policies, registration, etc.
Update of the module connection plugin with Keycloak: for the same reason, the logic has been migrated to the new libraries offered by Spring Security (oauth-client).
RestTemplate: can still be used, however I recommend using WebClient from now on, as it will be deprecated in the future.
411 errors when making a custom RestTemplate POST request without body: in Spring Boot version 3.2, the RestTemplate was optimized and for this reason the Content-Lenght header is no longer sent when there is no body in the request. Because of this we can encounter 411 errors in the response, it is solved by making a wrapper with BufferingClientHttpRequestFactory. This is explained in the Web Applications section of the documentation.
In the new entities of the model to be added, the Audit Listeners must be added: @EntityListeners({ AuditingEntityListener.class, VersioningListener.class, AuditEntityListener.class }) to fill in the CreatedAt and UpdatedAt fields among other things.