Chore/upgrade spring to 5 3#216
Conversation
ChristianMurphy
left a comment
ChristianMurphy
left a comment
There was a problem hiding this comment.
Thanks @cbeach47!
From skimming the code (I have not tested this locally) it looks good!
|
I see some issues with dependencies when I deploy the portlet to Tomcat. In WEB-INF/lib, I noticed:
|
| <dependency> | ||
| <groupId>commons-logging</groupId> | ||
| <artifactId>commons-logging</artifactId> | ||
| <version>1.2</version> | ||
| <scope>provided</scope> | ||
| </dependency> |
There was a problem hiding this comment.
Why was this removed? When I deploy the portlet to Tomcat, I see both these jars in WEB-INF/lib, but I think we only want the slf4j one:
- commons-logging-1.2.jar
- jcl-over-slf4j-1.7.5.jar
There was a problem hiding this comment.
For logging, the goal is logback (via the slf4j api). All other logging implementations (even transitive ones) should be removed. I'll look into how commons-logging is still getting deployed.
The JCL bridges (-over-) are now included in spring-jcl, so we don't have to explicitly declare them in the pom, however, I'll need to check if jcl-over-slf4j-1.7.5.jar is from spring-jcl, or a transitive dependency that should be excluded.
There was a problem hiding this comment.
So, lines 201-206 actually prevent any dependency from pulling in commons-logging, which is why I think it should remain. Otherwise, you have to find which dependencies are pulling in commons-logging and add excludes.
There was a problem hiding this comment.
discussed in PR - change the parent pom to have a dependencies section with the excluded deps as 'provided'
|
@groybal -
I've now set up the maven enforcer to ban commons-logging, and adjusted the pom to not emit the commons-logging dep.
Took a deeper look at the jaxb-core jars - These 'duplicate' jars were present prior to upgrade, and deals with CAS and personDir flows. In order to control scope, I am to delay this. Added #217 for a future effort.
Good catch - I've removed it now.
Ah - the scope was misconfigured. This is now removed in the deployment. |
| </build> | ||
| </profile> | ||
| <profile> | ||
| <id>doclint-java8-disable</id> |
There was a problem hiding this comment.
Since we only support Java 8+ , doclint is disabled at the maven-javadoc-plugin level in the parent pom.
| @@ -51,18 +52,8 @@ | |||
| <!-- Dependency Version Properties --> | |||
| <properties> | |||
| </plugin> | ||
| <plugin> | ||
| <!-- Overrides the parent pom due to the overlays --> | ||
| <groupId>org.apache.maven.plugins</groupId> |
There was a problem hiding this comment.
Leave a note similar to SCP's plugin
| </plugin> | ||
| </plugins> | ||
| </build> | ||
|
|
There was a problem hiding this comment.
Good to remove - note, that this locally builds, and pluto-izes the war file. Add this to the release notes.
|
Hi @cbeach47 — thanks for the effort here. This is a substantial Spring 4.3 → 5.3 migration (47 files, +231/-582). Unfortunately it's been stale since 2023 and the fleet's direction has shifted: the other portlets that were at risk of mismatched Spring have settled into either 4.3.x (stay) or 5.3.x (when parent plugins forced it). This portlet is currently staying on 4.3.30 alongside the rest of the pinned fleet. We've also recently landed a lot of concurrent work (parent-pom adoption through uportal-portlet-parent:48, Java 11 CI alignment, renovate pins) that would conflict with this branch significantly. Closing this out. When the fleet is ready to move off Spring 4.3 — most likely as part of a coordinated Jakarta EE / Java 17 migration — we can revisit using what you sketched here as a reference for the Webproxy-specific changes (portletmvc4spring wiring, interceptor updates, view selector pattern). Really appreciate the groundwork. |
4 participants
Spring upgrade to 5.3.
@Slf4j.Testing note: Due to available time, not all classes with the logging switch were tested. However - some were tested, and the logging switch was a simple switch across the board without logic adjustments.