feat: update spring-boot to 3.0.x

BREAKING CHANGE: requires migration for spring / spring-security 6 and hibernate 6 updates

Migration guide:

- update java EE 8 dependencies to jakarta EE 9 (see https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#jakarta-ee)
- update repositories
  - update `@QueryHints` annotations
  - e.g. `org.hibernate.annotations.QueryHints.CACHEABLE` -> `AvailableHints.HINT_CACHEABLE`
  - if you use custom data fetching methods, migration steps for hibernate 6 / 6.1 / 6.2 might be necessary
    - especially consider https://github.com/hibernate/hibernate-orm/blob/6.0/migration-guide.adoc#removals
    - for more information see the hibernate migration guides listed below
- update your SecurityConfigs which extend `KeycloakWebSecurityConfig` or `SimpleWebSecurityConfig`
   - update your filter chain according to the the spring security migration guides below
   - replace `antMatchers` with `requestMatchers`, ignoringAntMatchers with ignoringRequestMatchers
   - update your rules for swagger (`/v3/api-docs`) if they're not already updated
- update your `git-commit-id-plugin` configuration and check if the version set in shogun is overridden (for more information see  terrestris#730)

pom.xml

@@ -22,7 +22,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>2.7.4</version>
+    <version>3.0.4</version>
   </parent>
 
   <groupId>de.terrestris</groupId>
@@ -97,29 +97,34 @@
     <project.encoding>UTF-8</project.encoding>
     <java.version>17</java.version>
 
+    <git.commit.id.abbrev>""</git.commit.id.abbrev>
+
     <!-- Plugins -->
     <maven-site-plugin.version>3.12.1</maven-site-plugin.version>
     <jacoco-plugin.version>0.8.10</jacoco-plugin.version>
     <maven-project-info-reports-plugin.version>3.4.5</maven-project-info-reports-plugin.version>
     <jib-maven-plugin.version>3.3.2</jib-maven-plugin.version>
 
     <!-- Spring -->
-    <spring-boot.version>2.7.6</spring-boot.version>
-    <spring-data.version>2.7.6</spring-data.version>
+    <spring-boot.version>3.0.4</spring-boot.version>
+    <spring-data.version>3.0.4</spring-data.version>
+
+    <!-- Hibernate -->
+    <hibernate.version>6.1.7.Final</hibernate.version>
 
     <jackson-bom.version>2.13.2.20220328</jackson-bom.version>
 
     <!-- Security -->
     <keycloak.version>19.0.3</keycloak.version>
 
     <!-- Database -->
-    <hibernate-extra-types.version>2.21.0</hibernate-extra-types.version>
+    <hibernate-extra-types.version>2.21.1</hibernate-extra-types.version>
 
     <!-- GraphQL -->
     <graphql-java-extended-scalars.version>21.0</graphql-java-extended-scalars.version>
 
     <!-- Swagger/REST -->
-    <springdoc-openapi.version>1.7.0</springdoc-openapi.version>
+    <springdoc-openapi.version>2.0.4</springdoc-openapi.version>
 
     <!-- JSON/Dataformats -->
     <jackson-datatype-jts.version>1.0-2.7</jackson-datatype-jts.version>
@@ -369,7 +374,7 @@
       <!-- Swagger -->
       <dependency>
         <groupId>org.springdoc</groupId>
-        <artifactId>springdoc-openapi-ui</artifactId>
+        <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
         <version>${springdoc-openapi.version}</version>
       </dependency>
 
@@ -413,10 +418,35 @@
       <!-- Hibernate -->
       <dependency>
         <groupId>com.vladmihalcea</groupId>
-        <artifactId>hibernate-types-52</artifactId>
+        <artifactId>hibernate-types-60</artifactId>
         <version>${hibernate-extra-types.version}</version>
       </dependency>
 
+<!--      todo: check why we have to provide these versions now-->
+      <dependency>
+        <groupId>org.hibernate</groupId>
+        <artifactId>hibernate-core</artifactId>
+        <version>${hibernate.version}</version>
+      </dependency>
+
+      <dependency>
+        <groupId>org.hibernate</groupId>
+        <artifactId>hibernate-spatial</artifactId>
+        <version>${hibernate.version}</version>
+      </dependency>
+
+      <dependency>
+        <groupId>org.hibernate</groupId>
+        <artifactId>hibernate-jcache</artifactId>
+        <version>${hibernate.version}</version>
+      </dependency>
+
+      <dependency>
+        <groupId>org.ehcache</groupId>
+        <artifactId>ehcache</artifactId>
+        <version>3.10.1</version>
+      </dependency>
+
       <!-- GraphQL -->
       <dependency>
         <groupId>org.springframework.boot</groupId>
@@ -504,8 +534,9 @@
 
       <dependency>
         <groupId>com.sun.mail</groupId>
-        <artifactId>javax.mail</artifactId>
-        <version>${javax-mail.version}</version>
+        <artifactId>jakarta.mail</artifactId>
+<!--        <version>${jakarta-mail.version}</version>-->
+        <version>2.0.1</version>
       </dependency>
 
       <dependency>

shogun-boot/pom.xml

@@ -98,7 +98,7 @@
     <!-- Hibernate -->
     <dependency>
       <groupId>com.vladmihalcea</groupId>
-      <artifactId>hibernate-types-52</artifactId>
+      <artifactId>hibernate-types-60</artifactId>
     </dependency>
 
     <!-- Lombok -->
@@ -110,7 +110,7 @@
     <!-- Swagger -->
     <dependency>
       <groupId>org.springdoc</groupId>
-      <artifactId>springdoc-openapi-ui</artifactId>
+      <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
     </dependency>
 
     <!-- GeoServer Manager-->

shogun-boot/src/test/java/de/terrestris/shogun/boot/config/JdbcConfiguration.java

@@ -21,7 +21,6 @@
 import org.junit.AfterClass;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.orm.jpa.hibernate.SpringImplicitNamingStrategy;
-import org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -96,7 +95,7 @@ public LocalContainerEntityManagerFactoryBean entityManagerFactory() {
         jpaProperties.put("hibernate.default_schema", env.getProperty("hibernate.default_schema"));
         jpaProperties.put("hibernate.integration.envers.enabled", false);
         jpaProperties.put("hibernate.implicit_naming_strategy", SpringImplicitNamingStrategy.class.getName());
-        jpaProperties.put("hibernate.physical_naming_strategy", SpringPhysicalNamingStrategy.class.getName());
+//        jpaProperties.put("hibernate.physical_naming_strategy", CamelCaseToUnderscoresNamingStrategy.class.getName()); // todo: needs fix?
 
         result.setJpaPropertyMap(jpaProperties);
 

shogun-config/pom.xml

@@ -74,7 +74,7 @@
     <!-- Swagger -->
     <dependency>
       <groupId>org.springdoc</groupId>
-      <artifactId>springdoc-openapi-ui</artifactId>
+      <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
     </dependency>
 
     <!-- Lombok -->

shogun-config/src/main/java/de/terrestris/shogun/config/DefaultWebSecurityConfig.java

@@ -27,8 +27,8 @@ default void customHttpConfiguration(HttpSecurity http) throws Exception {
             .sessionManagement(session -> session
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             )
-            .authorizeRequests()
-                .antMatchers(
+            .authorizeHttpRequests()
+                .requestMatchers(
                     "/",
                     "/auth/**",
                     "/info/**",
@@ -45,7 +45,7 @@ default void customHttpConfiguration(HttpSecurity http) throws Exception {
                     "/graphiql/**"
                 )
                     .permitAll()
-                .antMatchers(
+                .requestMatchers(
                     "/actuator/**",
                     "/cache/**",
                     "/webhooks/**",
@@ -58,10 +58,10 @@ default void customHttpConfiguration(HttpSecurity http) throws Exception {
                 .csrf()
                     .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                     .ignoringRequestMatchers(csrfRequestMatcher)
-                    .ignoringAntMatchers("/graphql")
-                    .ignoringAntMatchers("/actuator/**")
-                    .ignoringAntMatchers("/sso/**")
-                    .ignoringAntMatchers("/ws/**");
+                    .ignoringRequestMatchers("/graphql")
+                    .ignoringRequestMatchers("/actuator/**")
+                    .ignoringRequestMatchers("/sso/**")
+                    .ignoringRequestMatchers("/ws/**");
     }
 
 }

shogun-config/src/main/java/de/terrestris/shogun/config/KeycloakWebSecurityConfig.java

@@ -21,18 +21,21 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
+
 import javax.net.ssl.HttpsURLConnection;
 
 @ConditionalOnExpression("${keycloak.enabled:true}")
 @Configuration
 @EnableWebSecurity
-public class KeycloakWebSecurityConfig extends WebSecurityConfigurerAdapter implements DefaultWebSecurityConfig {
+public class KeycloakWebSecurityConfig implements DefaultWebSecurityConfig {
 
     @Autowired
     private KeycloakProperties keycloakProperties;
@@ -48,14 +51,14 @@ public void init() {
         }
     }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        // allows access to `/webhooks/keycloak` for request from internal keycloak container
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            .authorizeRequests()
-                .antMatchers("/webhooks/keycloak/**")
-                    .access("authenticated or hasIpAddress('%s')"
-                        .formatted(keycloakProperties.getInternalServerUrl()));
+            .authorizeHttpRequests()
+                .requestMatchers("/webhooks/keycloak/**")
+                    .access(new WebExpressionAuthorizationManager(
+                        "authenticated or hasIpAddress('%s')".formatted(keycloakProperties.getInternalServerUrl()))
+                    );
 
         customHttpConfiguration(http);
 
@@ -66,11 +69,13 @@ public void configure(HttpSecurity http) throws Exception {
 
         http
             .csrf()
-                .ignoringAntMatchers("/webhooks/**")
+                .ignoringRequestMatchers("/webhooks/**")
             .and()
                 .oauth2ResourceServer()
-                    .jwt()
-                    .jwtAuthenticationConverter(authConverter);
+                .jwt()
+                .jwtAuthenticationConverter(authConverter);
+
+        return http.build();
     }
 
 }

shogun-config/src/main/java/de/terrestris/shogun/config/SimpleWebSecurityConfig.java

@@ -18,17 +18,18 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.web.SecurityFilterChain;
 
 @ConditionalOnExpression("${keycloak.enabled:false}")
 @Configuration
 @EnableWebSecurity
-public abstract class SimpleWebSecurityConfig extends WebSecurityConfigurerAdapter implements DefaultWebSecurityConfig {
+public abstract class SimpleWebSecurityConfig implements DefaultWebSecurityConfig {
 
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) {
@@ -40,11 +41,10 @@ public void configureGlobal(AuthenticationManagerBuilder auth) {
         // TODO make this extendable
     }
 
-    @Override
-    public void configure(HttpSecurity http) throws Exception {
-        super.configure(http);
-
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         customHttpConfiguration(http);
+        return http.build();
     }
 
 }

shogun-config/src/main/java/de/terrestris/shogun/config/WebSecurityConfig.java

@@ -16,7 +16,9 @@
  */
 package de.terrestris.shogun.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 public interface WebSecurityConfig {
@@ -27,9 +29,9 @@ public interface WebSecurityConfig {
         return refererHeader != null && refererHeader.endsWith("swagger-ui/index.html");
     };
 
-    default void configure(HttpSecurity http) throws Exception {
-        customHttpConfiguration(http);
-    }
+//    default void configure(HttpSecurity http) throws Exception {
+//        customHttpConfiguration(http);
+//    }
 
     void customHttpConfiguration(HttpSecurity http) throws Exception;
 

shogun-config/src/main/resources/application-base.yml

@@ -38,7 +38,7 @@ spring:
           non_contextual_creation: true
       ddl-auto: none
     properties:
-      javax:
+      jakarta:
         persistence:
           sharedCache:
             # Only entities with @Cacheable annotation will use L2 cache
@@ -51,7 +51,7 @@ spring:
             audit_table_suffix: _rev
             global_with_modified_flag: true
       hibernate:
-        javax:
+        jakarta:
           cache:
             provider: org.ehcache.jsr107.EhcacheCachingProvider
             uri: ehcache.xml

shogun-gs-interceptor/pom.xml

@@ -78,7 +78,7 @@
     <!-- Hibernate -->
     <dependency>
       <groupId>com.vladmihalcea</groupId>
-      <artifactId>hibernate-types-52</artifactId>
+      <artifactId>hibernate-types-60</artifactId>
     </dependency>
 
     <!-- Lombok -->
@@ -90,7 +90,8 @@
     <!-- Swagger -->
     <dependency>
       <groupId>org.springdoc</groupId>
-      <artifactId>springdoc-openapi-ui</artifactId>
+      <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+
     </dependency>
 
     <!-- GeoServer Manager-->