Jinwoo Hwang created GEODE-10472:
------------------------------------
Summary: Upgrade Spring Framework from version 5.3.20 to 6.x or
higher
Key: GEODE-10472
URL: https://issues.apache.org/jira/browse/GEODE-10472
Project: Geode
Issue Type: Improvement
Reporter: Jinwoo Hwang
*Overview:* Apache Geode currently uses Spring Framework 5.3.20 across multiple
modules for web services, management console, command-line interface, and other
functionality. Spring Framework 5.x has reached end-of-life, and upgrading to
Spring Framework 6.x is necessary to benefit from security updates, performance
improvements, and long-term support.
*Current State:*
* *Current Version:* Spring Framework 5.3.20 (defined in dependency management
configuration)
* *Affected Modules:*
** geode-web - Web services and REST API endpoints
** geode-web-api - REST API implementation
** geode-web-management - Management REST services
** geode-pulse - Web-based monitoring dashboard
** geode-gfsh - Command-line shell (via Spring Shell)
** geode-connectors - Database connectors (via Spring Shell)
** geode-assembly - Integration testing
* *Affected Artifacts:*
** org.springframework:spring-core
** org.springframework:spring-beans
** org.springframework:spring-context
** org.springframework:spring-web
** org.springframework:spring-webmvc
** org.springframework:spring-aspects
** org.springframework:spring-oxm
** org.springframework:spring-test
** org.springframework:spring-tx
** org.springframework:spring-expression
** org.springframework.security:spring-security-* modules
** org.springframework.boot:spring-boot-* modules (2.6.7)
*Impact Assessment:* Spring Framework is heavily used in Geode for:
* *REST API Services:* Management and data access REST endpoints
* *Web Management Console:* Browser-based cluster management interface (Pulse)
* *GFSH Command Line Interface:* Via Spring Shell framework
* *Security:* Authentication and authorization for web services
* *Dependency Injection:* IoC container for various components
* *Testing:* Spring Test framework for integration tests
*Benefits of Upgrading:*
# *Security:* Access to latest security patches and vulnerability fixes
# *Java Compatibility:* Full support for Java 17+ and improved performance
# *Performance:* Enhanced efficiency and reduced memory footprint
# *Long-term Support:* Spring 6.x provides extended maintenance lifecycle
# *Modern Features:* Support for reactive programming, native compilation, and
observability
# *Ecosystem Alignment:* Better compatibility with modern Spring ecosystem
components
*Migration Considerations:*
# *Java Requirements:* Spring 6.x requires Java 17+ (Geode's current Java
compatibility)
# *API Changes:* Review Spring 6.x migration guide for breaking changes in:
** Web MVC configuration and annotations
** Security configuration patterns
** Bean definition and lifecycle management
# *Spring Boot Upgrade:* Coordinate with Spring Boot 3.x upgrade (requires
Spring 6.x)
# *Spring Security:* Upgrade to Spring Security 6.x for compatibility
# *Servlet API:* May require Servlet 6.0+ (Jakarta EE namespace changes)
# *Testing Impact:* Extensive testing of web services, management console, and
GFSH functionality
*Breaking Changes to Address:*
* Package namespace changes (javax.* to jakarta.*)
* Deprecated API removal in Spring MVC and Spring Security
* Changes in default security configurations
* Web configuration modernization requirements
*Files to Update:*
* Dependency constraints configuration file
* Spring configuration classes and XML files
* Web controllers and REST endpoints
* Security configuration classes
* Test configurations and integration tests
* Documentation and examples
*Testing Strategy:*
* Full regression testing of all REST API endpoints
* Web Management Console (Pulse) functionality verification
* GFSH command-line interface testing
* Security authentication/authorization testing
* Performance testing to ensure no degradation
* Cross-browser compatibility testing for web interfaces
* Integration testing with external Spring-based applications
*Acceptance Criteria:*
* All Spring Framework dependencies upgraded to 6.x version
* All web services and REST APIs continue to function correctly
* Pulse management console operates without issues
* GFSH command-line interface maintains full functionality
* Security configurations work properly with new Spring Security version
* All existing tests pass with new Spring version
* No performance regressions in web services
* Documentation updated to reflect configuration changes
*Dependencies:*
* This upgrade may require coordinating with Spring Boot 3.x upgrade
* Spring Security must be upgraded to 6.x for compatibility
* Consider impact on Spring Shell used by GFSH
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
