Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Boot 3 #1623

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

Spring Boot 3 #1623

wants to merge 18 commits into from

Conversation

shubham1g5
Copy link
Contributor

@shubham1g5 shubham1g5 commented Sep 4, 2024
edited
Loading

Technical Summary

JIRA

Update to Spring Boot 3

Safety Assurance

Safety story

  • Relying on automated unit tests and staging scripts
  • Will keep on staging for a week or so to catch anything unexpected

QA Plan

https://dimagi.atlassian.net/browse/QA-7246

Special deploy instructions

  • This PR can be deployed after merge with no further considerations.

Rollback instructions

  • This PR can be reverted after deploy with no further considerations.

Review

  • The set of people pinged as reviewers is appropriate for the level of risk of the change.

@shubham1g5 shubham1g5 changed the title Sprint Boot 3 Spring Boot 3 Sep 15, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 90.00000% with 2 lines in your changes missing coverage. Please review.

Project coverage is 70.27%. Comparing base (bb7cdbb) to head (b5fa164).

Files with missing lines Patch % Lines
...yer/application/GlobalDefaultExceptionHandler.java 0.00% 1 Missing ⚠️
.../org/commcare/formplayer/web/client/WebClient.java 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #1623      +/-   ##
============================================
+ Coverage     70.22%   70.27%   +0.04%     
- Complexity     2007     2010       +3     
============================================
  Files           254      254              
  Lines          7902     7908       +6     
  Branches        745      745              
============================================
+ Hits           5549     5557       +8     
  Misses         2070     2070              
+ Partials        283      281       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

shubham1g5
shubham1g5 commented Nov 2, 2024
View reviewed changes
src/main/java/org/commcare/formplayer/configuration/WebSecurityConfig.java
Comment on lines +79 to +82
// By setting the csrfRequestAttributeName to null, the CsrfToken must first be loaded to determine what
// attribute name to use. This causes the CsrfToken to be loaded on every request.
CsrfTokenRequestAttributeHandler requestHandler = new CsrfTokenRequestAttributeHandler();
requestHandler.setCsrfRequestAttributeName(null);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noting that this change was in response to a change made in Spring 3 that defers the csrf tokens lookup until needed optimising reads of HttpSession. Although that breaks all requests to FP as 403 error due to csrf token coming as undefined in request headers. In response, I first implemented the opt out steps mentioned here, that didn't solve the problem completely (Half the times requests were with csrf undefined and got errored with 403 while on trying again the csrf was there in request payloads, but I could not get to the bottom of why it was happening). Ultimately I decided to completely opt out of deferred tokens behaviour by follow the steps listed here.

@shubham1g5 shubham1g5 marked this pull request as ready for review November 2, 2024 14:03
Jtang-1
Jtang-1 approved these changes Nov 4, 2024
View reviewed changes
src/main/resources/application.properties
@@ -26,7 +26,6 @@ management.health.diskspace.threshold=1073742000

# metrics
management.statsd.metrics.export.flavor=datadog
management.metrics.web.server.request.autotime.enabled=false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the migration guide mentions "Should be applied at the ObservationRegistry level.". Do we need to do that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have a reference to this ? I just saw that it's been removed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0.0-RC1-Configuration-Changelog#removed-in-300-rc1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More info here: https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#micrometer-and-metrics-changes and here: spring-projects/spring-boot#41745

Overall I think this is OK though I don't recall why we turned that metric off.

snopoke
snopoke reviewed Nov 6, 2024
View reviewed changes
Copy link
Contributor

@snopoke snopoke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall this looks good to me.

src/main/resources/application.properties
@@ -26,7 +26,6 @@ management.health.diskspace.threshold=1073742000

# metrics
management.statsd.metrics.export.flavor=datadog
management.metrics.web.server.request.autotime.enabled=false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More info here: https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#micrometer-and-metrics-changes and here: spring-projects/spring-boot#41745

Overall I think this is OK though I don't recall why we turned that metric off.

src/test/java/org/commcare/formplayer/repo/FormSessionRepoTest.java
formSessionRepo.saveAndFlush(loaded);
assertThat(loaded.getDateCreated()).isEqualTo(dateCreated);
assertThat(loaded.getVersion()).isEqualTo(2);
assertThat(loaded.getVersion()).isEqualTo(1);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain these changes. They don't seem related to the Spring upgrade.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not really find the related change documentation for this in hibernate but after upgrading to SB 3, the version doesn't increment unless you make a change to the object. My guess is that the change is caused by shifting to the Jakarta persistence apis from javax but I don't really have a supportive reference here that can explain this change.

@shubham1g5
update to sb 3 and remove mockito-inline as its merged in mockito-core
5daf08c
@shubham1g5
Fix unrecorginsed javax imports to use jakarta namespace
d039c05 
Read more: https://blogs.oracle.com/javamagazine/post/transition-from-java-ee-to-jakarta-ee
@shubham1g5
No antMatchers method anymore
d3de514
@shubham1g5
handle for no getRawStatusCode method anymore
652a49f
@shubham1g5
use correct return type
4a3de9b
@shubham1g5
fix import
b6fa265
@shubham1g5
remove unused repo method
744d7b7
@shubham1g5
correct exception type
f42db1d
@shubham1g5
use correct sentry dependency for spring boot 3
2dc5cc0
@shubham1g5
address method deprecations
0c70ae4
@shubham1g5
Explicitly cConfigure CsrfToken with 5.8 Defaults instead of using de…
2bc6bb9 
…ferred csrf token
@shubham1g5
test fix: A change is necessary for version to be bumped
0e0a841
@shubham1g5
Fix for no bean named entityManagerFactory by using @SpringBootTest t…
7b52ff1 
…o load the full application context
@shubham1g5
Rename property to the new name
56ed8d7
@shubham1g5
Property no longer present in spring boot 3
8da5e2d
@shubham1g5
bump Spring boot version to latest 3.x
3591724
@shubham1g5
Use correct flyway dependency for Flyway 10.10
74d9175
@shubham1g5
Enable INCLUDE_SOURCE_IN_LOCATION which is now disable by default to …
b5fa164 
…be able to check exception messages in tests
@shubham1g5 shubham1g5 requested a review from snopoke November 13, 2024 11:04
@shubham1g5 shubham1g5 requested a review from Jtang-1 November 13, 2024 11:04
@shubham1g5
Copy link
Contributor Author

This has been on staging for a week and I have not seen anything related, as such I am planning to merge this after tomorrow's deploy so that it will get to prod in next week's deploy.

@snopoke
Copy link
Contributor

snopoke commented Nov 13, 2024

This has been on staging for a week and I have not seen anything related, as such I am planning to merge this after tomorrow's deploy so that it will get to prod in next week's deploy.

Has someone tested SMS forms?

@shubham1g5
Copy link
Contributor Author

Has someone tested SMS forms?

Not really, are you concerned because of the security changes ?

@snopoke
Copy link
Contributor

snopoke commented Nov 13, 2024

Has someone tested SMS forms?

Not really, are you concerned because of the security changes ?

yes, that's one place where auth differs from webapps

@shubham1g5
Copy link
Contributor Author

Great to know, I will make sure we get that tested. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snopoke snopoke snopoke approved these changes

@Robert-Costello Robert-Costello Awaiting requested review from Robert-Costello

@Jtang-1 Jtang-1 Awaiting requested review from Jtang-1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shubham1g5 @snopoke @Jtang-1