Updating to Tomcat 11, Spring Boot 3.1 and Java 17

I'm updating some projects to Tomcat 11, Spring Boot 3.1 and Java 17. Below are some of the breakages I encountered, and the solutions.

Update Java in pom.xml

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>17</source>
                    <target>17</target>
                </configuration>
            </plugin>
        </plugins>
    </build>

Update Spring

         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.x.x</version>
+        <version>3.1.4</version>

Replace javax with jakarta

Do a search and replace across all files:

javax.servlet -> jakarta.servlet

javax.jms -> jakarta.jms

Web Security

There were quite a lot of changes in the way web security is done.

-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableMethodSecurity

-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {

The following shows the before and after:

Before

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .csrf().disable()
      .authorizeRequests()
      .antMatchers(NO_AUTHENTICATION).permitAll()
      .antMatchers(NO_REMEMBERME).fullyAuthenticated()
      .anyRequest().authenticated()
      .and().formLogin().loginPage(LOGIN_PAGE).loginProcessingUrl(LOGIN_PAGE).permitAll()
      .and().headers().httpStrictTransportSecurity().disable()
      .and().logout().invalidateHttpSession(true).permitAll()
      .and().rememberMe().tokenRepository(persistentTokenRepository()).userDetailsService(userDetailsService).key(TOKEN_KEY)
      .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(365));
  }

After

	 @Bean
	 public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http
      .csrf(AbstractHttpConfigurer::disable)
      .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests
        .requestMatchers(antMatcher(NO_AUTHENTICATION)).permitAll()
        .requestMatchers(antMatcher(NO_REMEMBERME)).fullyAuthenticated()
        .anyRequest().authenticated())
      .formLogin(formLogin -> formLogin
        .loginPage(LOGIN_PAGE).loginProcessingUrl(LOGIN_PAGE).permitAll())
      .headers(headers -> headers
        .httpStrictTransportSecurity(HeadersConfigurer.HstsConfig::disable))
      .logout(logout -> logout
        .invalidateHttpSession(true).permitAll())
      .rememberMe(rememberMe -> rememberMe
        .tokenRepository(persistentTokenRepository())
        .userDetailsService(userDetailsService).key(TOKEN_KEY)
        .tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(365)))
      .build();
	 }

You can get the idea of the other sort of changes needed.

Wiremock

java.lang.NoClassDefFoundError: javax/servlet/DispatcherType

Update to Wiremock 3.2.0

Feign

No qualifying bean of type 'org.springframework.cloud.openfeign.FeignContext' available

Update to a later version - 2022.0.3 got rid of this.

The configuration properties changed from

feign.client.xxx

spring.cloud.openfeign.client.xxx

Web MVC trailing slash

Trailing slashes are now not matched. /foo/ will not match @GetMapping("/foo"). To get the old behavior back, use the following

@Configuration
public class WebConfiguration implements WebMvcConfigurer {

    @Override
    public void configurePathMatch(PathMatchConfigurer configurer) {
      configurer.setUseTrailingSlashMatch(true);
    }
}

Test Containers

java.lang.NoClassDefFoundError: org/testcontainers/containers/wait/LogMessageWaitStrategy

Update to 1.18.3 or later

Thymeleaf

Prevent a warning message:

-<footer th:replace="fragments/footer.html :: footer"></footer>
+<footer th:replace="~{fragments/footer.html :: footer}"></footer>