Spring Boot 3

The steps below will describe most relevant changes to Valtimo. However, please also check the following guides when running into issues:

As a consequence of the Spring Boot 3 upgrade, some other frameworks / dependencies were also upgraded. Each chapter below describes the changes for the relevant framework or dependency.

Spring Boot 3 / Spring 6

Java 8 is no longer supported. Please use Java 17.
spring.factories have been replaced by META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports.
- Listed configuration classes need to be annotated with @AutoConfiguration. More info can be found here
@Controller or @RestController annotations are now mandatory.
- When declaring the controller beans via autoconfiguration, please also annotate the controller with com.ritense.valtimo.contract.annotation.@SkipComponentScan to prevent duplicated beans.
javax packages changed to jakarta.
@ConstructingBinding on no longer supported/needed for @ConfigurationProperties classes.

Spring Security 6

HttpSecurity.authorizeRequests has been deprecated.
- When implementing the HttpSecurityConfigurer, this cannot be mixed with the replacement (authorizeHttpRequests).

Before:

http.authorizeRequests()
    .antMatchers(GET, "/api/v1/ping").permitAll()

New:

http.authorizeHttpRequests { requests ->
    requests.requestMatchers(antMatcher(GET, "/api/v1/ping")).permitAll()
}

WebSecurityConfigurerAdapter has been removed.
- Removed CoreHttpSecurityConfigurerAdapter. This has been replaced by ValtimoCoreSecurityFactory.
AuthorizedUrl.acccess(..) no longer supports expressions as an argument.
- WhitelistIpRequest has been replaced by WhitelistIpRequestMatcher. An example can be found in CamundaCockpitHttpSecurityConfigurer.
Cockpit is now whitelist-secured again. Support for CIDRs added to support a range of addresses.
- A list of hosts can be set at valtimo.security.whitelist.hosts.
Removed AuthenticationSecurityConfigurer. No replacement other than implementing a SecurityFilterChain directly.
OpenAPI endpoint /v3/api-docs is now only available to ROLE_DEVELOPER.

Hibernate 6

Overriding entity properties is no longer supported.
As a result, ProcessLink implementations can no longer be a data class and cannot override the base properties of ProcessLink.
Methods previously generated by the data type like equals(other: Any?), hashCode() and copy(...) should be migrated accordingly.
SimpleJpaRepository.deleteById never followed spec to ignore not-found entities. This has been fixed in Hibernate 6. The existing endpoints will follow the new JPA behaviour to make the action idempotent:
- DELETE /api/v1/choice-fields/{non-existent-id} -> 200
- DELETE /api/v1/choice-field-values/{non-existent-id} -> 200
- DELETE /api/management/v1/dashboard/{non-existent-id} -> 204
- DELETE /api/v1/form-management/{non-existent-id} -> 204
Changes to application.yaml:
- Removal of spring.jpa.hibernate.naming.physical-strategy. No replacement needed.
- Removal of spring.jpa.hibernate.naming.implicit-strategy. No replacement needed.
- Removal of spring.jpa.hibernate.use-new-id-generator-mappings. No replacement needed.
AuditRecordRepository.findByEventAndDocumentId(List<Class<? extends AuditEvent>> eventTypes, UUID documentId, Pageable pageable); changed to AuditRecordRepository.findByEventAndDocumentId(List<String> eventTypes, UUID documentId, Pageable pageable);

Other

Camunda History TTL is now required by default. Either:
- Set the camunda:historyTimeToLive via the modeler or XML.
- Set the application property camunda.bpm.generic-properties.properties.enforceHistoryTimeToLive to false if you don't want to enforce a TTL.
Mockito 5 vararg matching has changed.

PreviousMigration Next12.1.0

Last updated 9 months ago

Was this helpful?