feat : upgrade to spring boot 3.4.1

[rajadilipkolli]

Summary by CodeRabbit

• New Features

  • Upgraded to Spring Boot version 3.4.1 and springdoc-openapi version 2.7.0.
  • Introduced a new HTTP client configuration method for enhanced flexibility and customization.

• Bug Fixes

  • Updated timeout settings for connection requests and responses to improve reliability.
  • Adjusted post saving logic to prevent optimistic locking exceptions.

[coderabbitai]

Warning

Rate limit exceeded

@rajadilipkolli has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 3 minutes and 13 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 8cf8fa1 and e839b1c.

📒 Files selected for processing (1)

• httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (2 hunks)

Walkthrough

This pull request focuses on updating dependencies and reconfiguring the HTTP client in the boot-http-proxy module. The changes include upgrading the Spring Boot parent version to 3.4.1, updating the SpringDoc OpenAPI version to 2.7.0, and incrementing the Google Java Format version. The RestClientConfiguration class has been significantly refactored, introducing a new HttpComponentsClientHttpRequestFactoryBuilder approach for HTTP client configuration, which replaces the previous implementation with a more flexible builder pattern. Additionally, the PostService class has been modified to prevent optimistic locking exceptions during post saving.

Changes

File	Change Summary
httpClients/boot-http-proxy/pom.xml	- Upgraded Spring Boot parent version from 3.3.7 to 3.4.1 - Updated SpringDoc OpenAPI version from 2.6.0 to 2.7.0 - Incremented Spotless Google Java Format version from 1.25.0 to 1.25.2
httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java	- Removed httpClient() method - Added httpComponentsClientHttpRequestFactoryBuilder() method - Modified restClientCustomizer() method to remove CloseableHttpClient dependency - Implemented new SSL context with permissive certificate trust
httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java	- Updated savePost method to create a new local Post entity before saving to prevent optimistic locking issues - Modified save and saveAndConvertToResponse methods to align with new saving logic

Possibly related PRs

• feat : upgrade to springboot 3.4 #1480: This PR upgrades the Spring Boot version from 3.3.5 to 3.4.0-RC1, which is related to the main PR's upgrade from 3.3.7 to 3.4.1.
• upgrade to springboot 3.4 #1535: This PR updates the Spring Boot version from 3.3.6 to 3.4.0 and the springdoc-openapi version from 2.6.0 to 2.7.0, similar to the changes in the main PR.
• Upgrade to spring boot 3.4.0 and polish #1566: This PR also upgrades the Spring Boot version from 3.3.6 to 3.4.0 and the springdoc-openapi version from 2.6.0 to 2.7.0, aligning with the dependency updates in the main PR.

Poem

🐰 Hop, hop, through code's domain,
Dependencies dance, no longer plain!
Builders rise, SSL takes flight,
Versions bump with rabbit's might!
A proxy's journey, smooth and bright 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

httpClients/boot-http-proxy/pom.xml (1)

Line range hint 351-370: Consider using GA releases instead of milestones in production

The project is configured to use Spring milestone repositories. For production environments, it's recommended to:

1. Use GA releases instead of milestones for better stability
2. Remove milestone repositories unless specifically needed for testing

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c4f8a32 and 45ad321.

📒 Files selected for processing (2)

• httpClients/boot-http-proxy/pom.xml (3 hunks)
• httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (2 hunks)

🔇 Additional comments (5)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (2)

Line range hint 75-86: LGTM: Clean RestClientCustomizer implementation

The RestClientCustomizer implementation follows Spring Boot 3.4 best practices with proper header configuration and interceptor setup. The removal of CloseableHttpClient dependency is appropriate as it's now managed by the factory builder.

---

Line range hint 1-100: Verify Spring Boot 3.4 compatibility

Let's ensure all dependencies and APIs are compatible with Spring Boot 3.4.

✅ Verification successful

Spring Boot 3.4 compatibility verified

The code is fully compatible with Spring Boot 3.4:

• Using Spring Boot 3.4.1 as parent version
• Using modern RestClient and HttpServiceProxyFactory APIs instead of deprecated ones
• Properly configured HTTP Components 5.x client with current best practices
• No deprecated API usage found

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for deprecated API usage and compatibility issues

# Search for deprecated API usage
rg -l "import.*\.Deprecated" .

# Check parent version in pom.xml
echo "Checking Spring Boot parent version:"
cat pom.xml | grep -A 1 "<parent>"

# Check for any remaining references to old HTTP client APIs
rg "CloseableHttpClient|HttpClients\.custom|PoolingHttpClientConnectionManager"

Length of output: 1984

---

Script:

#!/bin/bash
# Let's check the Spring Boot version and dependencies in the module's pom.xml

# Check the specific module's pom.xml
echo "Checking module's pom.xml:"
cat httpClients/boot-http-proxy/pom.xml

# Check for Spring Boot and HTTP Components versions
echo -e "\nChecking dependency versions:"
rg "<spring-boot.version>|<httpclient5.version>" . -g "pom.xml"

# Check for any usage of deprecated Spring Boot HTTP client APIs
echo -e "\nChecking for deprecated API usage:"
rg "RestTemplateBuilder|RestTemplate|WebClient\.Builder|WebClient" httpClients/boot-http-proxy/src/

Length of output: 15853

httpClients/boot-http-proxy/pom.xml (3)

224-224: LGTM: Minor version update for Google Java Format

The update to Google Java Format 1.25.2 is a minor version change and should not introduce any breaking changes.

---

23-23: Verify SpringDoc OpenAPI compatibility

The upgrade to springdoc-openapi 2.7.0 should be verified for compatibility with Spring Boot 3.4.1.

✅ Verification successful

Let me gather more specific information about the Spring Boot version and springdoc-openapi usage.

---

Let me check the specific OpenAPI configuration and Spring Boot version details.

---

SpringDoc OpenAPI 2.7.0 is compatible with Spring Boot 3.4.1

The verification shows that:

• The project uses Spring Boot 3.4.1
• SpringDoc OpenAPI 2.7.0 is correctly configured with springdoc-openapi-starter-webmvc-ui
• The OpenAPI configuration is minimal and follows the standard approach using annotations
• No compatibility issues are apparent in the implementation

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for OpenAPI usage and potential breaking changes

# Search for OpenAPI annotations and configurations
echo "Checking OpenAPI usage..."
rg -l "@Operation|@ApiResponse|@Tag" --type java

# Search for OpenAPI configuration files
echo "Checking OpenAPI configurations..."
fd -e yml -e yaml -e properties | xargs rg -l "springdoc|openapi"

Length of output: 1013

---

Script:

#!/bin/bash
# Check Spring Boot and springdoc-openapi versions and configurations

# Check parent pom for Spring Boot version
echo "Checking Spring Boot version..."
cat httpClients/boot-http-proxy/pom.xml | grep -A 2 "<parent>"

# Check springdoc-openapi configuration and usage
echo -e "\nChecking springdoc-openapi configuration..."
cat httpClients/boot-http-proxy/src/main/resources/application.properties 2>/dev/null || echo "No application.properties found"
cat httpClients/boot-http-proxy/src/main/resources/application.yml 2>/dev/null || echo "No application.yml found"

# Check for springdoc-openapi specific configurations in Java code
echo -e "\nChecking OpenAPI configuration classes..."
rg -l "OpenAPI|GroupedOpenApi|SpringDocConfiguration" --type java httpClients/boot-http-proxy/

Length of output: 2372

---

Script:

#!/bin/bash
# Check specific version and configuration details

# Get Spring Boot version
echo "Spring Boot version:"
cat httpClients/boot-http-proxy/pom.xml | grep -A 1 "<artifactId>spring-boot-starter-parent</artifactId>"

# Check SwaggerConfig implementation
echo -e "\nSwaggerConfig implementation:"
cat httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/SwaggerConfig.java

# Check springdoc-openapi dependencies
echo -e "\nSpringdoc OpenAPI dependencies:"
cat httpClients/boot-http-proxy/pom.xml | grep -A 3 "springdoc-openapi"

Length of output: 1473

---

9-9: Verify Spring Boot 3.4.1 milestone release compatibility

The upgrade from Spring Boot 3.3.7 to 3.4.1 is a significant change as it's a milestone release. Please ensure:

1. All dependencies are compatible with Spring Boot 3.4.1
2. Review the migration guide for any breaking changes

[coderabbitai]

🛠️ Refactor suggestion

Make connection settings configurable and remove NoopHostnameVerifier

The HTTP client configuration has several hardcoded values that should be externalized to configuration properties. Additionally, the NoopHostnameVerifier poses a security risk.

Consider these improvements:

1. Move connection pool settings to configuration:

-poolingHttpClientConnectionManagerBuilder.setMaxConnTotal(200);
-poolingHttpClientConnectionManagerBuilder.setMaxConnPerRoute(100);
+poolingHttpClientConnectionManagerBuilder.setMaxConnTotal(applicationProperties.getHttp().getMaxConnTotal());
+poolingHttpClientConnectionManagerBuilder.setMaxConnPerRoute(applicationProperties.getHttp().getMaxConnPerRoute());

2. Make timeout settings configurable:

-builder.setConnectionKeepAlive(TimeValue.ofSeconds(10));
-builder.setConnectionRequestTimeout(Timeout.ofSeconds(30));
-builder.setResponseTimeout(Timeout.ofSeconds(60));
+builder.setConnectionKeepAlive(TimeValue.ofSeconds(applicationProperties.getHttp().getKeepAliveSeconds()));
+builder.setConnectionRequestTimeout(Timeout.ofSeconds(applicationProperties.getHttp().getRequestTimeoutSeconds()));
+builder.setResponseTimeout(Timeout.ofSeconds(applicationProperties.getHttp().getResponseTimeoutSeconds()));

3. Remove NoopHostnameVerifier when not in development:

-                            NoopHostnameVerifier.INSTANCE));
+                            isProdEnvironment() ? null : NoopHostnameVerifier.INSTANCE));

Committable suggestion skipped: line range outside the PR's diff.

[github-actions]

Qodana Community for JVM

106 new problems were found

Inspection name	Severity	Problems
Usage of API marked for removal	🔴 Failure	2
@NotNull/@Nullable problems	🔶 Warning	38
Unchecked warning	🔶 Warning	32
'equals()' method which does not check class of parameter	🔶 Warning	21
Nullability and data flow problems	🔶 Warning	3
Field can be local	🔶 Warning	2
Declaration has problems in Javadoc references	🔶 Warning	2
AutoCloseable used without 'try'-with-resources	🔶 Warning	1
Class is exposed outside of its visibility scope	🔶 Warning	1
Javadoc declaration problems	🔶 Warning	1
Mismatched query and update of collection	🔶 Warning	1
Optional.get() is called without isPresent() check	🔶 Warning	1
Commented out code	◽️ Notice	1

☁️ View the detailed Qodana report

Contact Qodana team

Contact us at [email protected]

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java (1)

103-104: Consider a more robust approach using explicit persistence operations

Instead of nullifying the ID, consider using a more explicit approach that better represents the intention of creating a new local entity from an external one.

Here's a suggested refactoring:

 @Transactional
 public PostResponse savePost(Post post) {
     Post fetchedPost = jsonPlaceholderService.createPost(post);
-    // To fix optimisticLock Exception
-    fetchedPost.setId(null);
+    // Create a new local entity from the external post
+    Post localPost = new Post();
+    localPost.setUserId(fetchedPost.getUserId());
+    localPost.setTitle(fetchedPost.getTitle());
+    localPost.setBody(fetchedPost.getBody());
-    Post savedPost = postRepository.save(fetchedPost);
+    Post savedPost = postRepository.save(localPost);
     return postMapper.mapToPostResponse(savedPost);
 }

This approach:

• Explicitly shows the intention of creating a new local entity
• Avoids manipulation of entity state
• Makes it clearer which fields are being copied
• Reduces the risk of unintended side effects

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 45ad321 and 9eb14fc.

📒 Files selected for processing (1)

• httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java (1 hunks)

🔇 Additional comments (1)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java (1)

103-104: Verify duplicate prevention logic

While setting ID to null fixes the optimistic locking exception, ensure that there's logic in place to prevent duplicate posts when the same external post is fetched multiple times.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java (1)

115-120: Consider extracting common entity creation logic.

While the implementation is correct, there's duplicate logic between this method and savePost(). Consider extracting the entity creation logic into a private helper method.

+    private Post createLocalPost(Post sourcePost) {
+        Post localPost = new Post();
+        localPost.setUserId(sourcePost.getUserId());
+        localPost.setTitle(sourcePost.getTitle());
+        localPost.setBody(sourcePost.getBody());
+        return localPost;
+    }

     @Transactional
     public Post save(Post postEntity) {
-        Post localPost = new Post();
-        localPost.setUserId(postEntity.getUserId());
-        localPost.setTitle(postEntity.getTitle());
-        localPost.setBody(postEntity.getBody());
+        Post localPost = createLocalPost(postEntity);
         return postRepository.save(localPost);
     }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9eb14fc and fe78bbc.

📒 Files selected for processing (1)

• httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java (1 hunks)

🔇 Additional comments (2)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java (2)

103-109: LGTM! Good fix for optimistic locking.

The approach of creating a new local entity instead of directly saving the fetched post is the correct way to prevent optimistic locking exceptions. The implementation cleanly copies only the required fields.

---

123-126: Verify if this method needs optimistic locking protection.

While the @transactional annotation is correct, this method directly saves the post without creating a new local entity, unlike the other save methods. This could potentially lead to optimistic locking issues if the input post comes from an external source.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (1)

69-90: 🛠️ Refactor suggestion

Externalize configuration values and improve security

The current implementation has hardcoded values and uses unsafe verification settings.

Consider these improvements:

1. Move connection pool settings to configuration:

-poolingHttpClientConnectionManagerBuilder.setMaxConnTotal(200);
-poolingHttpClientConnectionManagerBuilder.setMaxConnPerRoute(100);
+poolingHttpClientConnectionManagerBuilder.setMaxConnTotal(applicationProperties.getHttp().getMaxConnTotal());
+poolingHttpClientConnectionManagerBuilder.setMaxConnPerRoute(applicationProperties.getHttp().getMaxConnPerRoute());

2. Make timeout settings configurable:

-builder.setConnectionKeepAlive(TimeValue.ofSeconds(10));
-builder.setConnectionRequestTimeout(Timeout.ofSeconds(30));
-builder.setResponseTimeout(Timeout.ofSeconds(60));
+builder.setConnectionKeepAlive(TimeValue.ofSeconds(applicationProperties.getHttp().getKeepAliveSeconds()));
+builder.setConnectionRequestTimeout(Timeout.ofSeconds(applicationProperties.getHttp().getRequestTimeoutSeconds()));
+builder.setResponseTimeout(Timeout.ofSeconds(applicationProperties.getHttp().getResponseTimeoutSeconds()));

3. Only use NoopHostnameVerifier in non-production:

-                            NoopHostnameVerifier.INSTANCE));
+                            isProdEnvironment() ? null : NoopHostnameVerifier.INSTANCE));

🧹 Nitpick comments (1)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (1)

93-94: Minor optimization possible for environment check

The current implementation creates an unnecessary intermediate List.

Consider this more efficient implementation:

-    return List.of(environment.getActiveProfiles()).contains("prod");
+    return Arrays.asList(environment.getActiveProfiles()).contains("prod");

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe78bbc and 8cf8fa1.

📒 Files selected for processing (1)

• httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (2 hunks)

🔇 Additional comments (2)

httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/config/RestClientConfiguration.java (2)

34-42: LGTM: Clean dependency injection setup

The addition of the logger and environment dependencies follows Spring best practices with proper constructor injection.

---

45-91: Verify the impact of HTTP client changes

The significant changes to HTTP client configuration might affect other parts of the application.

Let's verify the impact:

✅ Verification successful

Let me gather more specific information about the related configurations.

---

Based on the gathered information, I can now provide the final response:

HTTP client changes are isolated and safe

The changes to RestClientConfiguration are self-contained within the boot-http-proxy module. Other HTTP client implementations in the codebase:

• WebClient configurations (both MVC and WebFlux) use standard Spring Boot configuration
• RestTemplate configuration uses default SSL socket factory
• Services using RestClient are properly injecting the configured beans

The SSL/TLS changes only affect the boot-http-proxy module and include appropriate environment-based validation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for other HTTP client configurations that might need similar updates
rg -l "HttpClient|SSLContext|TrustStrategy" --type java

# Check for potential SSL configuration in application properties
rg -l "ssl\.|trust" --type properties --type yaml

# Look for other classes using RestClient or similar HTTP clients
ast-grep --pattern 'class $_ {
  $$$
  RestClient $_ = $$$
  $$$
}'

Length of output: 1063

---

Script:

#!/bin/bash
# Check WebClientConfiguration implementations
rg -A 10 "class WebClientConfiguration" httpClients/boot-web-client-webflux/src/main/java/com/example/rest/webclient/config/WebClientConfiguration.java httpClients/boot-web-client-mvc/src/main/java/com/example/rest/webclient/config/WebClientConfiguration.java

# Check RestTemplateConfiguration
rg -A 10 "class RestTemplateConfiguration" httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java

# Check for SSL/TLS related configurations in these files
rg "SSLContext|TrustStrategy|TlsStrategy" httpClients/boot-web-client-webflux/src/main/java/com/example/rest/webclient/config/WebClientConfiguration.java httpClients/boot-web-client-mvc/src/main/java/com/example/rest/webclient/config/WebClientConfiguration.java httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java

# Check how PostService and HttpClientService use these configurations
rg -A 5 "RestClient|WebClient|RestTemplate" httpClients/boot-http-proxy/src/main/java/com/example/rest/proxy/services/PostService.java httpClients/boot-restclient/src/main/java/com/example/restclient/bootrestclient/services/PostService.java httpClients/boot-restclient/src/main/java/com/example/restclient/bootrestclient/services/HttpClientService.java

Length of output: 8842

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud