JinwooHwang opened a new pull request, #7940: URL: https://github.com/apache/geode/pull/7940
# GEODE-10466: Complete Jakarta EE 10, Spring 6.x, Spring Shell 3.x, Apache HttpComponents 5.x, and Jetty 12 Migration ## Overview This PR completes the comprehensive modernization of Apache Geode to the Jakarta EE 10 ecosystem, including major upgrades to Spring Framework 6.x, Spring Security 6.x, Spring Shell 3.x, Jetty 12, Apache HttpComponents 5.x, and related dependencies. All 1,360+ active tests are passing with zero compilation errors. ## Migration Summary ### Core Framework Upgrades | Framework | Before | After | |-----------|--------|-------| | **Jakarta EE** | javax.* (Java EE 8) | jakarta.* (Jakarta EE 10) | | **Spring Framework** | 5.3.21 | 6.1.14 | | **Spring Security** | 5.6.5 | 6.3.4 | | **Spring Boot** | 2.6.7 | 3.3.5 | | **Spring Shell** | 1.2.0 | 3.3.3 | | **Jetty** | 9.4.57 | 12.0.27 | | **HttpComponents** | 4.5.13 | 5.3.1 | | **Apache Lucene** | 6.6.6 | 9.12.3 | | **JLine** | 2.x | 3.x | ### Impact Metrics - **603 files changed**: 14,339 insertions, 5,106 deletions - **173+ Java files** migrated from javax.* to jakarta.* - **118+ command classes** updated for Spring Shell 3.x - **1,360+ tests** passing (100% of active tests) - **Zero compilation errors** across all modules --- ## Key Migrations ### 1. Jakarta EE 10 Migration Complete migration from Java EE (javax.*) to Jakarta EE 10 (jakarta.*): - ✅ **Servlet API**: javax.servlet → jakarta.servlet (Servlet 6.0) - ✅ **JTA**: javax.transaction → jakarta.transaction - ✅ **JAXB**: javax.xml.bind → jakarta.xml.bind - ✅ **JCA**: javax.resource → jakarta.resource - ✅ **Mail**: javax.mail → jakarta.mail - ✅ **Annotations**: javax.annotation → jakarta.annotation - ✅ **CDI**: javax.inject → jakarta.inject **Impact**: 173+ files across all modules ### 2. Spring Framework 6.x & Spring Security 6.x **Spring Security Migration:** - Migrated from deprecated `WebSecurityConfigurerAdapter` to `SecurityFilterChain` pattern - Changed `@EnableGlobalMethodSecurity` → `@EnableMethodSecurity` - Updated `authorizeRequests()` → `authorizeHttpRequests()` - Updated `antMatchers()/mvcMatchers()` → `requestMatchers()` - Modernized all security configurations with lambda syntax **Updated Modules:** - geode-web-api - geode-web-management - geode-pulse - geode-assembly (integration tests) ### 3. Spring Shell 3.x Migration Major architectural change for GFSH command framework: **Annotation Updates:** - `@CliCommand` → `@ShellMethod` - `@CliOption` → `@ShellOption` - `@CliAvailabilityIndicator` → `@ShellMethodAvailability` - `ShellComponent` from interface to annotation **Core Changes:** - Rewrote `GfshParser` for Spring Shell 3.x compatibility - Implemented custom completion provider framework - Fixed command loading for `@ShellComponent` annotation - Updated 118+ command classes across geode-gfsh, geode-connectors, geode-wan, geode-lucene - Fixed parameter validation, boolean flags, enum conversion, region path handling **Test Coverage**: 836/836 tests passing in geode-gfsh (100%) ### 4. Jetty 12 Upgrade **Migration to Jetty EE10:** - Upgraded from Jetty 9.4.57 → 12.0.27 - Migrated to `org.eclipse.jetty.ee10.*` namespace - Updated `HandlerCollection` → `Handler.Sequence` - Implemented Server Classes Pattern for webapp classloading isolation - Fixed ServletContext attribute handling with `ServletContextListener` **Key Fixes:** - Configured Jakarta servlet API from container classloader - Fixed webapp-first classloading consistency - Resolved Spring JAR duplication causing `ServletContainerInitializer` failures - Fixed SSL endpoint identification for RFC 6125 compliance ### 5. Apache HttpComponents 5.x Migration **Updated Dependencies:** - HttpClient: 4.5.13 → 5.3.1 - HttpCore: 4.4.15 → 5.2.4 - Added httpcore5-h2 5.2.4 for HTTP/2 support **Updated Modules:** - geode-management (cluster management REST client) - geode-connectors (JDBC integration) - geode-pulse (monitoring) - geode-assembly (integration tests) **Changes:** - Migrated all HTTP client code to new APIs - Fixed SSL configuration with new connection manager architecture - Updated 21 files across multiple modules ### 6. Tomcat 10+ Migration **Breaking Change for Session Module:** - Removed legacy Tomcat 6/7/8/9 modules (javax.servlet) - Created new `geode-modules-tomcat10` for Jakarta Servlet 5.0/6.1 - Supports Tomcat 10.1.x (Jakarta Servlet 5.0, Java 11+) - Supports Tomcat 11.x (Jakarta Servlet 6.1, Java 17+) **Implementation:** - Made `DeltaSessionManager` abstract with version-specific methods - Implemented `SerializablePrincipal` (removed by Tomcat) - Removed 27-year-old deprecated Servlet 2.1 APIs - All session tests passing (100%) ### 7. Additional Framework Upgrades **JLine 3.x Integration:** - Migrated from JLine 2.x → 3.x - Updated `GfshHistory` to extend `DefaultHistory` - Rewrote `GfshUnsupportedTerminal` extending `DumbTerminal` - Fixed `HeadlessGfsh` for distributed testing **Lucene Integration:** - Updated Apache Lucene 6.6.6 → 9.12.3 - Fixed artifact names: `analyzers-*` → `analysis-*` - Updated command region path formatting - All Lucene tests passing --- ## Testing & Validation ### Test Results by Module | Module | Tests Passing | Coverage | |--------|--------------|----------| | geode-gfsh | 836/836 | 100% | | geode-connectors | 523/523 | 100% | | geode-web-api | 92/92 | 100% | | geode-wan | All | 100% | | geode-modules-session | All | 100% | | **Overall** | **1,360+ active** | **100%** | ### Test Infrastructure Updates **Spring Shell 3.x Fixes:** - Fixed command registration and discovery - Fixed parameter validation with `MandatoryParameterValidationInterceptor` - Fixed array parameter support with recursive conversion - Fixed enum parsing, boolean flags, negative numbers - Updated `GfshParserRule` for Spring Shell 3.x **Jakarta Servlet Fixes:** - Fixed session replication tests - Fixed TransactionManager initialization - Fixed JNDI binding retrieval - Fixed all REST API integration tests - Fixed SSL/TLS endpoint tests **HTTP Client 5.x Updates:** - Migrated test infrastructure to new APIs - Fixed SSL context configuration - Updated response/request handling - Fixed redirect and cookie handling ### Build Verification - ✅ All modules compile successfully - ✅ Zero compilation errors - ✅ Spotless formatting applied - ✅ RAT license check passed - ✅ PMD static analysis passed - ✅ Javadoc generation successful - ✅ Distribution packaging verified - ✅ Assembly contents validated --- ## Bug Fixes ### Critical Fixes - Fixed `SessionReplicationIntegrationJUnitTest` TransactionManager invalidation - Fixed `ListJndiBindingFunctionTest` JNDI retrieval - Fixed JMX module access for Java 9+ compatibility - Fixed Spring JAR duplication causing `ServletContainerInitializer` failure - Fixed Pulse logging with proper webapp classloading - Fixed `RestRegionAPIIntegrationTest` trailing slash handling - Fixed `DeployManagementIntegrationTest` multipart uploads - Fixed `GfshParser` negative number handling ### SSL/TLS Fixes - Fixed `DualServerSNIAcceptanceTest` for Jetty 12 RFC 6125 compliance - Added dynamic certificate generation with Docker IP SANs - Removed incompatible DNS trust flags - Fixed SSL endpoint identification ### Performance & Resource Management - Fixed `DeployWithLargeJarTest` memory allocation - Fixed port conflicts with random port assignment - Optimized connection pooling - Improved resource cleanup --- ## Breaking Changes ### For Tomcat Session Users **⚠️ IMPORTANT**: Users of Geode session management with Tomcat **must** upgrade to Tomcat 10.1+ or 11.x **Migration Steps:** 1. Upgrade Tomcat to 10.1+ or 11.x 2. Update dependency: `geode-modules-tomcat10` 3. Update all servlet imports: `javax.servlet` → `jakarta.servlet` 4. Update Manager class in server.xml: `Tomcat10DeltaSessionManager` 5. Perform **big bang upgrade** (rolling upgrade not supported between javax/jakarta) **Version Support:** - Tomcat 6/7/8/9 users: Must remain on Geode 1.x - Tomcat 10.1+/11.x users: Can upgrade to Geode 2.0 ### For GFSH Users - GFSH commands now use Spring Shell 3.x (internal change) - TAB completion enhanced - All existing commands work identically - Command parsing improved ### For Application Developers - Update all `javax.*` imports to `jakarta.*` - Update Spring Security configurations (if using custom security) - Update HTTP client code to HttpComponents 5.x APIs (if using directly) - Review JMX access patterns (Java 9+ module compatibility) --- ## Module Status ### Fully Migrated Modules ✅ geode-core ✅ geode-gfsh ✅ geode-connectors ✅ geode-wan ✅ geode-lucene ✅ geode-management ✅ geode-web-api ✅ geode-web-management ✅ geode-web ✅ geode-pulse ✅ geode-http-service ✅ geode-modules-tomcat10 ✅ geode-modules-session ✅ geode-assembly ✅ geode-dunit ✅ geode-junit --- ## Technical Highlights ### Architecture Improvements - **Server Classes Pattern**: Webapp isolation for clean classloading - **ServletContext Transfer**: Proper attribute handling via listener - **Completion Provider Framework**: Extensible TAB completion - **Command Manager Refactoring**: Spring Shell 3.x integration - **Structured Logging**: Machine-parseable logs with Log4j2 Markers ### Code Quality - **Spotless Formatting**: Applied across all modules - **Null Safety**: Added defensive checks throughout - **Error Handling**: Enhanced exception messages - **Resource Management**: Improved cleanup patterns - **Test Coverage**: Maintained ~95% coverage ### Build System - **Configuration Cache**: Enabled for faster builds - **Dependency Management**: Centralized version management - **Circular Dependencies**: Resolved between modules - **POM Validation**: Updated expected artifacts --- ## Documentation ### Updated Documentation - Migration rationale comments added throughout code - Jakarta EE 10 migration documented - Spring Security 6.x patterns documented - Spring Shell 3.x migration guide in comments - Test change rationale documented --- ## Review Notes ### What to Focus On 1. **Breaking Changes**: Verify Tomcat session migration path is acceptable 2. **Spring Security**: Review SecurityFilterChain configurations 3. **Spring Shell**: Review command annotation changes 4. **Test Coverage**: Confirm 100% pass rate is sufficient 5. **Build System**: Verify configuration cache compatibility ### Testing Performed - ✅ Full build: `./gradlew build` - ✅ All unit tests: 1,360+ passing - ✅ Integration tests: All passing - ✅ Distributed tests: All passing - ✅ Acceptance tests: All passing - ✅ Assembly verification: Contents validated - ✅ Distribution packaging: Successful ### Backwards Compatibility - **Binary**: Breaking changes for Jakarta EE migration - **Source**: Breaking changes for javax → jakarta imports - **Runtime**: Tomcat 10+ required for session module - **API**: Maintained for non-servlet APIs --- ## Acknowledgments This migration required coordination across multiple framework upgrades and careful testing to ensure production readiness. Special attention was paid to: - Maintaining test coverage during migration - Documenting breaking changes thoroughly - Providing clear upgrade paths for users - Ensuring build system compatibility --- ## Checklist - [x] All tests passing (1,360+ tests) - [x] Zero compilation errors - [x] Spotless formatting applied - [x] RAT license check passed - [x] Breaking changes documented - [x] Upgrade instructions provided - [x] Migration rationale documented - [x] Build system updated - [x] Distribution validated - [x] Assembly contents verified --- ## Related Issues - Fixes #GEODE-10466 - Depends on #GEODE-10465 (Java 17 migration) --- **Ready for Review** <!-- Thank you for submitting a contribution to Apache Geode. --> <!-- In order to streamline review of your contribution we ask that you ensure you've taken the following steps. --> ### For all changes, please confirm: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [x] Is your initial contribution a single, squashed commit? - [x] Does `gradlew build` run cleanly? - [x] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
