[
https://issues.apache.org/jira/browse/GEODE-10472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10472:
---------------------------------
Description:
*Overview:* Apache Geode currently uses Spring Framework 5.3.20 across multiple
modules for web services, management console, command-line interface, and other
functionality. Spring Framework 5.x has reached end-of-life, and upgrading to
Spring Framework 6 or higher is necessary to benefit from security updates,
performance improvements, and long-term support.
*Current State:*
* *Current Version:* Spring Framework 5.3.20 (defined in dependency management
configuration)
* *Affected Modules:*
** geode-web - Web services and REST API endpoints
** geode-web-api - REST API implementation
** geode-web-management - Management REST services
** geode-pulse - Web-based monitoring dashboard
** geode-gfsh - Command-line shell (via Spring Shell)
** geode-connectors - Database connectors (via Spring Shell)
** geode-assembly - Integration testing
* *Affected Artifacts:*
** org.springframework:spring-core
** org.springframework:spring-beans
** org.springframework:spring-context
** org.springframework:spring-web
** org.springframework:spring-webmvc
** org.springframework:spring-aspects
** org.springframework:spring-oxm
** org.springframework:spring-test
** org.springframework:spring-tx
** org.springframework:spring-expression
** org.springframework.security:spring-security-* modules
** org.springframework.boot:spring-boot-* modules (2.6.7)
*Impact Assessment:* Spring Framework is heavily used in Geode for:
* *REST API Services:* Management and data access REST endpoints
* *Web Management Console:* Browser-based cluster management interface (Pulse)
* *GFSH Command Line Interface:* Via Spring Shell framework
* *Security:* Authentication and authorization for web services
* *Dependency Injection:* IoC container for various components
* *Testing:* Spring Test framework for integration tests
*Benefits of Upgrading:*
# *Security:* Access to latest security patches and vulnerability fixes
# *Java Compatibility:* Full support for Java 17+ and improved performance
# *Performance:* Enhanced efficiency and reduced memory footprint
# *Long-term Support:* Spring 6.x provides extended maintenance lifecycle
# *Modern Features:* Support for reactive programming, native compilation, and
observability
# *Ecosystem Alignment:* Better compatibility with modern Spring ecosystem
components
*Migration Considerations:*
# *Java Requirements:* Spring 6.x requires Java 17+ (Geode's current Java
compatibility)
# *API Changes:* Review Spring 6.x migration guide for breaking changes in:
** Web MVC configuration and annotations
** Security configuration patterns
** Bean definition and lifecycle management
# *Spring Boot Upgrade:* Coordinate with Spring Boot 3.x upgrade (requires
Spring 6.x)
# *Spring Security:* Upgrade to Spring Security 6.x for compatibility
# *Servlet API:* May require Servlet 6.0+ (Jakarta EE namespace changes)
# *Testing Impact:* Extensive testing of web services, management console, and
GFSH functionality
*Breaking Changes to Address:*
* Package namespace changes (javax.* to jakarta.*)
* Deprecated API removal in Spring MVC and Spring Security
* Changes in default security configurations
* Web configuration modernization requirements
*Files to Update:*
* Dependency constraints configuration file
* Spring configuration classes and XML files
* Web controllers and REST endpoints
* Security configuration classes
* Test configurations and integration tests
* Documentation and examples
*Testing Strategy:*
* Full regression testing of all REST API endpoints
* Web Management Console (Pulse) functionality verification
* GFSH command-line interface testing
* Security authentication/authorization testing
* Performance testing to ensure no degradation
* Cross-browser compatibility testing for web interfaces
* Integration testing with external Spring-based applications
*Acceptance Criteria:*
* All Spring Framework dependencies upgraded to 6.x version
* All web services and REST APIs continue to function correctly
* Pulse management console operates without issues
* GFSH command-line interface maintains full functionality
* Security configurations work properly with new Spring Security version
* All existing tests pass with new Spring version
* No performance regressions in web services
* Documentation updated to reflect configuration changes
*Dependencies:*
* Spring Security must be upgraded to 6.x for compatibility
* Consider impact on Spring Shell used by GFSH
was:
*Overview:* Apache Geode currently uses Spring Framework 5.3.20 across multiple
modules for web services, management console, command-line interface, and other
functionality. Spring Framework 5.x has reached end-of-life, and upgrading to
Spring Framework 6.x is necessary to benefit from security updates, performance
improvements, and long-term support.
*Current State:*
* *Current Version:* Spring Framework 5.3.20 (defined in dependency management
configuration)
* *Affected Modules:*
** geode-web - Web services and REST API endpoints
** geode-web-api - REST API implementation
** geode-web-management - Management REST services
** geode-pulse - Web-based monitoring dashboard
** geode-gfsh - Command-line shell (via Spring Shell)
** geode-connectors - Database connectors (via Spring Shell)
** geode-assembly - Integration testing
* *Affected Artifacts:*
** org.springframework:spring-core
** org.springframework:spring-beans
** org.springframework:spring-context
** org.springframework:spring-web
** org.springframework:spring-webmvc
** org.springframework:spring-aspects
** org.springframework:spring-oxm
** org.springframework:spring-test
** org.springframework:spring-tx
** org.springframework:spring-expression
** org.springframework.security:spring-security-* modules
** org.springframework.boot:spring-boot-* modules (2.6.7)
*Impact Assessment:* Spring Framework is heavily used in Geode for:
* *REST API Services:* Management and data access REST endpoints
* *Web Management Console:* Browser-based cluster management interface (Pulse)
* *GFSH Command Line Interface:* Via Spring Shell framework
* *Security:* Authentication and authorization for web services
* *Dependency Injection:* IoC container for various components
* *Testing:* Spring Test framework for integration tests
*Benefits of Upgrading:*
# *Security:* Access to latest security patches and vulnerability fixes
# *Java Compatibility:* Full support for Java 17+ and improved performance
# *Performance:* Enhanced efficiency and reduced memory footprint
# *Long-term Support:* Spring 6.x provides extended maintenance lifecycle
# *Modern Features:* Support for reactive programming, native compilation, and
observability
# *Ecosystem Alignment:* Better compatibility with modern Spring ecosystem
components
*Migration Considerations:*
# *Java Requirements:* Spring 6.x requires Java 17+ (Geode's current Java
compatibility)
# *API Changes:* Review Spring 6.x migration guide for breaking changes in:
** Web MVC configuration and annotations
** Security configuration patterns
** Bean definition and lifecycle management
# *Spring Boot Upgrade:* Coordinate with Spring Boot 3.x upgrade (requires
Spring 6.x)
# *Spring Security:* Upgrade to Spring Security 6.x for compatibility
# *Servlet API:* May require Servlet 6.0+ (Jakarta EE namespace changes)
# *Testing Impact:* Extensive testing of web services, management console, and
GFSH functionality
*Breaking Changes to Address:*
* Package namespace changes (javax.* to jakarta.*)
* Deprecated API removal in Spring MVC and Spring Security
* Changes in default security configurations
* Web configuration modernization requirements
*Files to Update:*
* Dependency constraints configuration file
* Spring configuration classes and XML files
* Web controllers and REST endpoints
* Security configuration classes
* Test configurations and integration tests
* Documentation and examples
*Testing Strategy:*
* Full regression testing of all REST API endpoints
* Web Management Console (Pulse) functionality verification
* GFSH command-line interface testing
* Security authentication/authorization testing
* Performance testing to ensure no degradation
* Cross-browser compatibility testing for web interfaces
* Integration testing with external Spring-based applications
*Acceptance Criteria:*
* All Spring Framework dependencies upgraded to 6.x version
* All web services and REST APIs continue to function correctly
* Pulse management console operates without issues
* GFSH command-line interface maintains full functionality
* Security configurations work properly with new Spring Security version
* All existing tests pass with new Spring version
* No performance regressions in web services
* Documentation updated to reflect configuration changes
*Dependencies:*
* This upgrade may require coordinating with Spring Boot 3.x upgrade
* Spring Security must be upgraded to 6.x for compatibility
* Consider impact on Spring Shell used by GFSH
> Upgrade Spring Framework from version 5.3.20 to 6.x or higher
> -------------------------------------------------------------
>
> Key: GEODE-10472
> URL: https://issues.apache.org/jira/browse/GEODE-10472
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Priority: Major
>
> *Overview:* Apache Geode currently uses Spring Framework 5.3.20 across
> multiple modules for web services, management console, command-line
> interface, and other functionality. Spring Framework 5.x has reached
> end-of-life, and upgrading to Spring Framework 6 or higher is necessary to
> benefit from security updates, performance improvements, and long-term
> support.
> *Current State:*
> * *Current Version:* Spring Framework 5.3.20 (defined in dependency
> management configuration)
> * *Affected Modules:*
> ** geode-web - Web services and REST API endpoints
> ** geode-web-api - REST API implementation
> ** geode-web-management - Management REST services
> ** geode-pulse - Web-based monitoring dashboard
> ** geode-gfsh - Command-line shell (via Spring Shell)
> ** geode-connectors - Database connectors (via Spring Shell)
> ** geode-assembly - Integration testing
> * *Affected Artifacts:*
> ** org.springframework:spring-core
> ** org.springframework:spring-beans
> ** org.springframework:spring-context
> ** org.springframework:spring-web
> ** org.springframework:spring-webmvc
> ** org.springframework:spring-aspects
> ** org.springframework:spring-oxm
> ** org.springframework:spring-test
> ** org.springframework:spring-tx
> ** org.springframework:spring-expression
> ** org.springframework.security:spring-security-* modules
> ** org.springframework.boot:spring-boot-* modules (2.6.7)
> *Impact Assessment:* Spring Framework is heavily used in Geode for:
> * *REST API Services:* Management and data access REST endpoints
> * *Web Management Console:* Browser-based cluster management interface
> (Pulse)
> * *GFSH Command Line Interface:* Via Spring Shell framework
> * *Security:* Authentication and authorization for web services
> * *Dependency Injection:* IoC container for various components
> * *Testing:* Spring Test framework for integration tests
> *Benefits of Upgrading:*
> # *Security:* Access to latest security patches and vulnerability fixes
> # *Java Compatibility:* Full support for Java 17+ and improved performance
> # *Performance:* Enhanced efficiency and reduced memory footprint
> # *Long-term Support:* Spring 6.x provides extended maintenance lifecycle
> # *Modern Features:* Support for reactive programming, native compilation,
> and observability
> # *Ecosystem Alignment:* Better compatibility with modern Spring ecosystem
> components
> *Migration Considerations:*
> # *Java Requirements:* Spring 6.x requires Java 17+ (Geode's current Java
> compatibility)
> # *API Changes:* Review Spring 6.x migration guide for breaking changes in:
> ** Web MVC configuration and annotations
> ** Security configuration patterns
> ** Bean definition and lifecycle management
> # *Spring Boot Upgrade:* Coordinate with Spring Boot 3.x upgrade (requires
> Spring 6.x)
> # *Spring Security:* Upgrade to Spring Security 6.x for compatibility
> # *Servlet API:* May require Servlet 6.0+ (Jakarta EE namespace changes)
> # *Testing Impact:* Extensive testing of web services, management console,
> and GFSH functionality
> *Breaking Changes to Address:*
> * Package namespace changes (javax.* to jakarta.*)
> * Deprecated API removal in Spring MVC and Spring Security
> * Changes in default security configurations
> * Web configuration modernization requirements
> *Files to Update:*
> * Dependency constraints configuration file
> * Spring configuration classes and XML files
> * Web controllers and REST endpoints
> * Security configuration classes
> * Test configurations and integration tests
> * Documentation and examples
> *Testing Strategy:*
> * Full regression testing of all REST API endpoints
> * Web Management Console (Pulse) functionality verification
> * GFSH command-line interface testing
> * Security authentication/authorization testing
> * Performance testing to ensure no degradation
> * Cross-browser compatibility testing for web interfaces
> * Integration testing with external Spring-based applications
> *Acceptance Criteria:*
> * All Spring Framework dependencies upgraded to 6.x version
> * All web services and REST APIs continue to function correctly
> * Pulse management console operates without issues
> * GFSH command-line interface maintains full functionality
> * Security configurations work properly with new Spring Security version
> * All existing tests pass with new Spring version
> * No performance regressions in web services
> * Documentation updated to reflect configuration changes
> *Dependencies:*
> * Spring Security must be upgraded to 6.x for compatibility
> * Consider impact on Spring Shell used by GFSH
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
