Project

General

Profile

Actions

Architecture #22640

open

Upgrade to spring 6.x, jetty 11 and servlet 5.0

Added by François ARMAND over 1 year ago. Updated about 2 months ago.

Status:
Pending release
Priority:
N/A
Assignee:
-
Category:
Architecture - Dependencies
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

We use spring for spring security.
Spring had a major version update in 2022 that has several impact on us:
- it's the first release to use the jakarta.* namespace in place of javax.* namespace for servlet.
- it looks like they want servlet 6 (jetty 11)
- they require Java 17.

https://spring.io/blog/2021/09/02/a-java-17-and-jakarta-ee-9-baseline-for-spring-framework-6

Liftweb 4.0 support servlet 5: https://github.com/lift/framework/pull/2017
We need to update to that version and last version of Spring.

For reference, Spring 6 also changed consequently the way it manages authentication persistence, and nothing is automated be default anymore, see:
- having filter declaration compatible with 5.x semantic: https://docs.spring.io/spring-security/reference/5.8/migration/servlet/session-management.html#_require_explicit_invocation_of_sessionauthenticationstrategy
- setting the require persistence to false: https://docs.spring.io/spring-security/reference/servlet/authentication/persistence.html#securitycontextholderfilter

IE it means we need to have:

    <http ... security-context-explicit-save="false">
        <session-management ... authentication-strategy-explicit-invocation="false">
        </session-management>
    ...

Subtasks 6 (2 open4 closed)

Architecture #25376: Upgrade packaging to jetty 11ReleasedFélix DALLIDETActions
Architecture #25377: Upgrade Rudder core to lift4 and spring 6ReleasedClark ANDRIANASOLOActions
Rudder plugins - Architecture #25378: Update to jetty 11 spring 6 on pluginsPending releaseClark ANDRIANASOLOActions
Rudder plugins - Architecture #25392: Typo in pom-templatePending releaseClark ANDRIANASOLOActions
Rudder plugins - Architecture #25379: Update to jetty 11 spring 6 on private pluginsReleasedClark ANDRIANASOLOActions
Architecture #25398: Update to Lift-4-M1 releaseReleasedClark ANDRIANASOLOActions

Related issues 1 (0 open1 closed)

Related to Rudder - Architecture #23710: Update to jetty 10.0.18ReleasedFrançois ARMANDActions
Actions #1

Updated by François ARMAND 4 months ago

  • Subject changed from Upgrade to spring 6.x impossible with liftweb to Upgrade to spring 6.x, jetty 11 and servlet 5.0
  • Description updated (diff)
Actions #2

Updated by François ARMAND 4 months ago

  • Target version set to 8.2.0~beta1

This task will need several aspects:

- publish a version of Lift 4 locally so that we can use it before the real release is done
- upgrade to jetty 11 in packaging, and hopefully our patches from jetty 10 will mostly work (see #23710)
- upgrade rudder core to Lift4, last spring 6.x (6.1.12 as of today) and last spring-security (6.3.3 as of today)
- upgrade at least authentication-backend to work with these new version.

Actions #3

Updated by François ARMAND 4 months ago

Actions #4

Updated by François ARMAND 4 months ago

  • Subtask #25376 added
Actions #5

Updated by François ARMAND 4 months ago

  • Subtask #25377 added
Actions #6

Updated by François ARMAND 4 months ago

  • Subtask #25378 added
Actions #7

Updated by François ARMAND 4 months ago

  • Subtask #25379 added
Actions #8

Updated by François ARMAND 4 months ago

  • Subtask #25398 added
Actions #9

Updated by Vincent MEMBRÉ 4 months ago

  • Target version changed from 8.2.0~beta1 to 8.2.0~rc1
Actions #10

Updated by François ARMAND 2 months ago

  • Status changed from New to Pending release

This is completed in Rudder 8.2.0 beta1.

Actions #11

Updated by Vincent MEMBRÉ 2 months ago

This bug has been fixed in Rudder 8.2.0~rc1 which was released today.

Actions

Also available in: Atom PDF