[
https://issues.apache.org/jira/browse/GEODE-10472?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang resolved GEODE-10472.
----------------------------------
Resolution: Fixed
> Upgrade Spring Framework from version 5.3.20 to 6.x or higher
> -------------------------------------------------------------
>
> Key: GEODE-10472
> URL: https://issues.apache.org/jira/browse/GEODE-10472
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
> Fix For: 2.0.0
>
>
> *Overview:* Apache Geode currently uses Spring Framework 5.3.20 across
> multiple modules for web services, management console, command-line
> interface, and other functionality. Spring Framework 5.x has reached
> end-of-life, and upgrading to Spring Framework 6 or higher is necessary to
> benefit from security updates, performance improvements, and long-term
> support.
> *Current State:*
> * *Current Version:* Spring Framework 5.3.20 (defined in dependency
> management configuration)
> * *Affected Modules:*
> ** geode-web - Web services and REST API endpoints
> ** geode-web-api - REST API implementation
> ** geode-web-management - Management REST services
> ** geode-pulse - Web-based monitoring dashboard
> ** geode-gfsh - Command-line shell (via Spring Shell)
> ** geode-connectors - Database connectors (via Spring Shell)
> ** geode-assembly - Integration testing
> * *Affected Artifacts:*
> ** org.springframework:spring-core
> ** org.springframework:spring-beans
> ** org.springframework:spring-context
> ** org.springframework:spring-web
> ** org.springframework:spring-webmvc
> ** org.springframework:spring-aspects
> ** org.springframework:spring-oxm
> ** org.springframework:spring-test
> ** org.springframework:spring-tx
> ** org.springframework:spring-expression
> ** org.springframework.security:spring-security-* modules
> ** org.springframework.boot:spring-boot-* modules (2.6.7)
> *Impact Assessment:* Spring Framework is heavily used in Geode for:
> * *REST API Services:* Management and data access REST endpoints
> * *Web Management Console:* Browser-based cluster management interface
> (Pulse)
> * *GFSH Command Line Interface:* Via Spring Shell framework
> * *Security:* Authentication and authorization for web services
> * *Dependency Injection:* IoC container for various components
> * *Testing:* Spring Test framework for integration tests
> *Benefits of Upgrading:*
> # *Security:* Access to latest security patches and vulnerability fixes
> # *Java Compatibility:* Full support for Java 17+ and improved performance
> # *Performance:* Enhanced efficiency and reduced memory footprint
> # *Long-term Support:* Spring 6.x provides extended maintenance lifecycle
> # *Modern Features:* Support for reactive programming, native compilation,
> and observability
> # *Ecosystem Alignment:* Better compatibility with modern Spring ecosystem
> components
> *Migration Considerations:*
> # *Java Requirements:* Spring 6.x requires Java 17+ (Geode's current Java
> compatibility)
> # *API Changes:* Review Spring 6.x migration guide for breaking changes in:
> ** Web MVC configuration and annotations
> ** Security configuration patterns
> ** Bean definition and lifecycle management
> # *Spring Boot Upgrade:* Coordinate with Spring Boot 3.x upgrade (requires
> Spring 6.x)
> # *Spring Security:* Upgrade to Spring Security 6.x for compatibility
> # *Servlet API:* May require Servlet 6.0+ (Jakarta EE namespace changes)
> # *Testing Impact:* Extensive testing of web services, management console,
> and GFSH functionality
> *Breaking Changes to Address:*
> * Package namespace changes (javax.* to jakarta.*)
> * Deprecated API removal in Spring MVC and Spring Security
> * Changes in default security configurations
> * Web configuration modernization requirements
> *Files to Update:*
> * Dependency constraints configuration file
> * Spring configuration classes and XML files
> * Web controllers and REST endpoints
> * Security configuration classes
> * Test configurations and integration tests
> * Documentation and examples
> *Testing Strategy:*
> * Full regression testing of all REST API endpoints
> * Web Management Console (Pulse) functionality verification
> * GFSH command-line interface testing
> * Security authentication/authorization testing
> * Performance testing to ensure no degradation
> * Cross-browser compatibility testing for web interfaces
> * Integration testing with external Spring-based applications
> *Acceptance Criteria:*
> * All Spring Framework dependencies upgraded to 6.x version
> * All web services and REST APIs continue to function correctly
> * Pulse management console operates without issues
> * GFSH command-line interface maintains full functionality
> * Security configurations work properly with new Spring Security version
> * All existing tests pass with new Spring version
> * No performance regressions in web services
> * Documentation updated to reflect configuration changes
> *Dependencies:*
> * Spring Security must be upgraded to 6.x for compatibility
> * Consider impact on Spring Shell used by GFSH
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
