Spring Boot 3
The steps below will describe most relevant changes to Valtimo. However, please also check the following guides when running into issues:
As a consequence of the Spring Boot 3 upgrade, some other frameworks / dependencies were also upgraded. Each chapter below describes the changes for the relevant framework or dependency.
Spring Boot 3 / Spring 6
Java 8 is no longer supported. Please use Java 17.
@Controller
or@RestController
annotations are now mandatory.When declaring the controller beans via autoconfiguration, please also annotate the controller with
com.ritense.valtimo.contract.annotation.@SkipComponentScan
to prevent duplicated beans.
javax
packages changed tojakarta
.@ConstructingBinding
on no longer supported/needed for@ConfigurationProperties
classes.
Spring Security 6
HttpSecurity.authorizeRequests
has been deprecated.When implementing the
HttpSecurityConfigurer
, this cannot be mixed with the replacement (authorizeHttpRequests
).
Before:
New:
WebSecurityConfigurerAdapter
has been removed.Removed
CoreHttpSecurityConfigurerAdapter
. This has been replaced byValtimoCoreSecurityFactory
.
AuthorizedUrl.acccess(..)
no longer supports expressions as an argument.WhitelistIpRequest
has been replaced byWhitelistIpRequestMatcher
. An example can be found inCamundaCockpitHttpSecurityConfigurer
.
Cockpit is now whitelist-secured again. Support for CIDRs added to support a range of addresses.
A list of hosts can be set at
valtimo.security.whitelist.hosts
.
Removed
AuthenticationSecurityConfigurer
. No replacement other than implementing aSecurityFilterChain
directly.OpenAPI endpoint
/v3/api-docs
is now only available toROLE_DEVELOPER
.
Hibernate 6
Overriding entity properties is no longer supported.
As a result,
ProcessLink
implementations can no longer be adata
class and cannot override the base properties ofProcessLink
.Methods previously generated by the
data
type likeequals(other: Any?)
,hashCode()
andcopy(...)
should be migrated accordingly.SimpleJpaRepository.deleteById
never followed spec to ignore not-found entities. This has been fixed in Hibernate 6. The existing endpoints will follow the new JPA behaviour to make the action idempotent:DELETE /api/v1/choice-fields/{non-existent-id} -> 200
DELETE /api/v1/choice-field-values/{non-existent-id} -> 200
DELETE /api/management/v1/dashboard/{non-existent-id} -> 204
DELETE /api/v1/form-management/{non-existent-id} -> 204
Changes to
application.yaml
:Removal of
spring.jpa.hibernate.naming.physical-strategy
. No replacement needed.Removal of
spring.jpa.hibernate.naming.implicit-strategy
. No replacement needed.Removal of
spring.jpa.hibernate.use-new-id-generator-mappings
. No replacement needed.
AuditRecordRepository.findByEventAndDocumentId(List<Class<? extends AuditEvent>> eventTypes, UUID documentId, Pageable pageable);
changed toAuditRecordRepository.findByEventAndDocumentId(List<String> eventTypes, UUID documentId, Pageable pageable);
Other
Camunda History TTL is now required by default. Either:
Set the camunda:historyTimeToLive via the modeler or XML.
Set the application property
camunda.bpm.generic-properties.properties.enforceHistoryTimeToLive
tofalse
if you don't want to enforce a TTL.
Mockito 5 vararg matching has changed.
Last updated