Upgrading to Java 17, Spring Boot 3, and Spring Framework 6: A Comprehensive Guide
Introduction
Recently, I had the opportunity to upgrade several projects from Java 1.8 to Java 17, Spring Boot 2.2.X to 3.1.X, and Spring Core 6.X.X. Additionally, these cloud applications and microservices were running on the SAP Business Technology Platform (BTP), where we also have libraries like the SAP Cloud Security Services Integration Library.
1. Preparing for Java 17 Support
1.1 Upgrade Maven Compiler Plugin
To support Java 17, ensure that your Maven compiler plugin is at least version 3.5.4. Adjust your pom.xml as follows:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<source>17</source>
<target>17</target>
</configuration>
</plugin>
[Refer: https://www.baeldung.com/maven-java-version]
1.2 Update Spring Boot Specification
Upgrade your Spring Boot Specification and dependencies to reflect the change in Java version.
Upgrade Spring Boot Specification
Start by upgrading your Spring Boot Specification and dependencies. The spring-boot-starter-parent
in your pom.xml
allows you to configure default plugins and properties, including the Java version. Override the default version to Java 17 as shown below:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.1</version> <!-- Update to the latest version -->
<relativePath />
</parent>
Override the parent POM’s default Java version property as shown:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>17</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<sap.cloud.security.version>3.0.1</sap.cloud.security.version>
</properties>
2. Upgrading Dependencies
2.1 Maven Dependency Tree
Upgrading dependencies can be a challenging task due to potential conflicts. The Maven Dependency Tree can help you understand your project’s dependencies and resolve conflicts caused by different versions of a dependency.
Use the following command in the terminal to print the project’s dependency tree:
mvn dependency:tree
2.2 Resolving Conflicts in Verbose Mode
To identify any incompatibility issues with a JAR, use the verbose mode:
mvn dependency:tree -Dverbose
2.3 Including and Excluding Dependencies
Use the -Dincludes
and -Dexcludes
options to include or exclude specific dependencies from the output. For example:
mvn dependency:tree -Dincludes=org.springframework.*
2.4 Saving Dependency Tree to a File
Save the dependency tree output to a file for easier validation:
mvn dependency:tree -DoutputFile=project-dependencies.txt
2.5 Leveraging Maven Dependency Tree in Eclipse
Instead of relying solely on the terminal, you can use the Maven Dependency Tree in the Eclipse IDE. The “Dependency Hierarchy” tab in the pom.xml shows the tree with verbose output and resolved dependencies.
3. Hibernate 6.X Migration in Spring Boot 3.0
Hibernate 6.1 is used in Spring Boot 3.0 by default, and it’s essential to follow the detailed migration guides to ensure a smooth application migration.
4 . Changes in URL Matching for WebFlux and Spring MVC
The trailing slash matching configuration option has been deprecated and set to false as of Spring Framework 6.0..
5. Handling Lombok
Ensure Lombok compatibility with Java 17 by upgrading it to version 1.18.24. Remember that upgrading Lombok to version 1.18.16 or later requires adding the lombok-mapstruct-binding annotation processor to the maven-compiler-plugin configuration.
Add the annotation processor to the maven-compiler-plugin
as follows:
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct-processor</artifactId>
<version>${mapstruct.version}</version>
</path>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</path>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok-mapstruct-binding</artifactId>
<version>0.2.0</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
</plugins>
</build>
6. Rewriting Security Configuration
Update your security configuration to support the changes introduced in Spring Boot 3.0.0 as shown in
You might need to rewrite your Security Configuration for Spring Boot 3.0. Example:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorizeReq -> authorizeReq
.requestMatchers("/**").hasAuthority("Admin")
.anyRequest().denyAll())
//...
// Add other configurations as needed
);
7. Replace javax to jakarta Packages
Since Spring Boot 3.0.0 supports Jakarta EE 9 and 10, you’ll need to change the packages from javax.*
to jakarta.*
. Update your imports accordingly.
8. SAP Specific: SAP BTP Spring XSUAA Security Library
The spring-xsuaa library is deprecated, and you should switch to its successor, the spring-security library. Update your dependencies as follows:
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>java-bom</artifactId>
<version>3.0.1</version>
</dependency>
<!--
Refer latest version here
https://github.com/SAP/cloud-security-services-integration-library/blob/main/pom.xml
-->
<dependency>
<groupId>com.sap.cloud.security</groupId>
<artifactId>resourceserver-security-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-security-compatibility</artifactId>
</dependency>
<!-- OAuth2 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
As part of the upgrade, some SAP-specific dependencies related to SAP BTP Spring XSUAA Security Library need to be removed or replaced. Below are the changes required:
9.1 Remove Deprecated Dependencies
Remove the deprecated spring-xsuaa
& following dependencies:
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-xsuaa</artifactId>
</dependency>
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>xsuaa-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.sap.xs2.security</groupId>
<artifactId>java-container-security</artifactId>
</dependency>
<dependency>
<groupId>com.sap.xs2.security</groupId>
<artifactId>java-container-security-api</artifactId>
</dependency>
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>java-container-security-api</artifactId>
</dependency>
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>xsuaa-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>spring-xsuaa-mock</artifactId>
</dependency>
Additionally, ensure that you avoid referencing any other SAP-internal security library with group-id com.sap.security or com.sap.security.nw.sso.*. These libraries may not be compatible with the upgraded versions of Java and Spring Boot.
For more information, you can refer to the SAP documentation at https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/6c6936e8e4ea40c9a9a69f6783b1e978.html.
To check for reference and manage SAP Java buildpack dependencies, you can visit the Maven repository at https://mvnrepository.com/artifact/com.sap.cloud.sjb.cf/sap-java-buildpack-bom. This will help ensure that your project utilizes the correct and supported SAP dependencies for a smooth upgrade experience.
9.2. Configuring Buildpacks
Configure the JBP_CONFIG_OPEN_JDK_JRE to ensure Java 17 compatibility:
JBP_CONFIG_OPEN_JDK_JRE: '{ jre: { version: 17.+ } }'
Additional Reference:
- Oracle JDK Migration Guide https://docs.oracle.com/en/java/javase/17/migrate/getting-started.html
- Spring Boot 3.0 Migration Guide https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide
- Preparing for Spring Boot 3.0 https://spring.io/blog/2022/05/24/preparing-for-spring-boot-3-0
- Upgrading to Spring Framework 6.x https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x
- Spring Boot 3.0 Release Notes https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Release-Notes
- Spring Boot Supported Versions https://github.com/spring-projects/spring-boot/wiki/Supported-Versions
- Migrate From Java 8 to Java 17 https://www.baeldung.com/java-migrate-8-to-17
- How to Upgrade from Java 8 to Java 17 https://medium.com/javarevisited/how-to-upgrade-from-java-8-to-java-17-eb58f4554c6e
- Apache Tomcat migration tool for Jakarta EE https://github.com/apache/tomcat-jakartaee-migration
SAP Specific:
- SAP Cloud Security Services Integration Library — Migration Guide for SAP Java Buildpack Projects https://github.com/SAP/cloud-security-services-integration-library/blob/main/java-security/Migration_SAPJavaBuildpackProjects.md
- SAP Cloud Security Services Integration Library — Migration Guide from Version 2.x to 3.x https://github.com/SAP/cloud-security-services-integration-library/blob/main-2.x/MIGRATION_TO_3.x.md
- SAP Cloud Security Services Integration Library — Java Security (Get Buildpack Version) https://github.com/SAP/cloud-security-services-integration-library/tree/main/java-security#get-buildpack-version
Here are some additional tips to consider when upgrading to Spring Framework 6 and Spring Boot 3:
1. Review Release Notes
Before upgrading, thoroughly review the release notes of Spring Framework 6 and Spring Boot 3. These notes provide valuable information on new features, changes, and potential breaking changes that could impact your application.
https://spring.io/projects/spring-boot
2. Test Thoroughly
Perform comprehensive testing after the upgrade to ensure the stability and functionality of your application. Run both unit tests and integration tests to validate that all components work as expected with the new versions.
3. Check Compatibility with Third-Party Libraries
Ensure that all third-party libraries and dependencies used in your application are compatible with Spring Framework 6 and Spring Boot 3. Some libraries might require updates or might not be compatible with the latest versions.
4. Monitor Performance and Memory Usage
After the upgrade, closely monitor the performance and memory usage of your application. New features or changes in the framework might have an impact on resource consumption, and it’s essential to identify and optimize any bottlenecks.
5. Consider Module Upgrades
While upgrading Spring Boot and Spring Framework, consider upgrading other modules used in your application, such as Spring Data, Spring Security, and Spring Cloud. Keeping all modules up to date ensures better compatibility and access to the latest features.
6. Implement a Rollback Plan
Always have a rollback plan in place in case the upgrade introduces critical issues or unexpected behavior. This plan should include steps to revert to the previous version and a communication strategy to inform stakeholders.
7. Stay Updated with the Community
Keep an eye on the Spring community forums, blogs, and mailing lists. Staying updated with the latest discussions and experiences of other developers can provide valuable insights and help you address any challenges you may encounter during the upgrade.
8. Additional Tools: Spring Boot Migrator (SBM)
The Spring Boot Migrator (SBM) provides recipes for automated migrations, making the upgrade process smoother.
Conclusion
Upgrading to Java 17, Spring Boot 3, and Spring Framework 6 opens the door to exciting new features and performance improvements. Follow the steps and tips provided in this guide to successfully upgrade your projects and stay up-to-date with the latest technologies and libraries available for your applications. Happy coding!