Updating to Tomcat 11, Spring Boot 3.1 and Java 17

Tags: tomcat, spring boot, java,

Added: 2023-10-06T00:00

Updating to Tomcat 11, Spring Boot 3.1 and Java 17

I'm updating some projects to Tomcat 11, Spring Boot 3.1 and Java 17. Below are some of the breakages I encountered, and the solutions.

Update Java in pom.xml

<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>17</source> <target>17</target> </configuration> </plugin> </plugins> </build>

Update Spring

<groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> - <version>2.x.x</version> + <version>3.1.4</version>

Replace javax with jakarta

Do a search and replace across all files:
  • javax.servlet -> jakarta.servlet
  • javax.jms -> jakarta.jms

Web Security

There were quite a lot of changes in the way web security is done.
-@EnableGlobalMethodSecurity(prePostEnabled = true) +@EnableMethodSecurity-public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +public class WebSecurityConfig { The following shows the before and after:

Before

@Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers(NO_AUTHENTICATION).permitAll() .antMatchers(NO_REMEMBERME).fullyAuthenticated() .anyRequest().authenticated() .and().formLogin().loginPage(LOGIN_PAGE).loginProcessingUrl(LOGIN_PAGE).permitAll() .and().headers().httpStrictTransportSecurity().disable() .and().logout().invalidateHttpSession(true).permitAll() .and().rememberMe().tokenRepository(persistentTokenRepository()).userDetailsService(userDetailsService).key(TOKEN_KEY) .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(365)); }

After

@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { return http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests .requestMatchers(antMatcher(NO_AUTHENTICATION)).permitAll() .requestMatchers(antMatcher(NO_REMEMBERME)).fullyAuthenticated() .anyRequest().authenticated()) .formLogin(formLogin -> formLogin .loginPage(LOGIN_PAGE).loginProcessingUrl(LOGIN_PAGE).permitAll()) .headers(headers -> headers .httpStrictTransportSecurity(HeadersConfigurer.HstsConfig::disable)) .logout(logout -> logout .invalidateHttpSession(true).permitAll()) .rememberMe(rememberMe -> rememberMe .tokenRepository(persistentTokenRepository()) .userDetailsService(userDetailsService).key(TOKEN_KEY) .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(365))) .build(); } You can get the idea of the other sort of changes needed.

Wiremock

java.lang.NoClassDefFoundError: javax/servlet/DispatcherType
Update to Wiremock 3.2.0

Feign

No qualifying bean of type 'org.springframework.cloud.openfeign.FeignContext' available
Update to a later version - 2022.0.3 got rid of this.
The configuration properties changed from feign.client.xxx to spring.cloud.openfeign.client.xxx

Web MVC trailing slash

Trailing slashes are now not matched. /foo/ will not match @GetMapping("/foo"). To get the old behavior back, use the following@Configuration public class WebConfiguration implements WebMvcConfigurer { @Override public void configurePathMatch(PathMatchConfigurer configurer) { configurer.setUseTrailingSlashMatch(true); } }

Test Containers

java.lang.NoClassDefFoundError: org/testcontainers/containers/wait/LogMessageWaitStrategy
Update to 1.18.3 or later

Thymeleaf

Prevent a warning message:
-<footer th:replace="fragments/footer.html :: footer"></footer>
+<footer th:replace="~{fragments/footer.html :: footer}"></footer>
Add a comment

Your IP:
Please enter 6201190 here: