Skip to content

Upgrade to Java 21 and Spring Boot 3.5.5 #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Upgrade to Java 21 and Spring Boot 3.5.5 #76

wants to merge 4 commits into from

Conversation

@devin-ai-integration
Copy link

Upgrade to Java 21 and Spring Boot 3.5.5

Summary

Major upgrade of the Spring Boot RealWorld Example Application from Java 11 to Java 21, including Spring Boot 2.6.3 → 3.5.5, complete namespace migration from javax.* to jakarta.*, replacement of deprecated Joda-Time with java.time API, and modernization of Spring Security configuration.

Key Changes

  • Java Runtime: 11 → 21
  • Spring Boot: 2.6.3 → 3.5.5 (chose 3.5.5 over 3.2.0 as 3.2.x OSS support ended Dec 2024)
  • Namespace Migration: Migrated all javax.* imports to jakarta.* (servlet, validation, crypto) across 21 files
  • Joda-Time Replacement: Replaced all DateTime usage with java.time.Instant across 16 files, including:
    • Created InstantHandler (MyBatis TypeHandler)
    • Created InstantCursor for pagination
    • Updated Jackson serializer to use DateTimeFormatter.ISO_INSTANT
  • Spring Security: Migrated from deprecated WebSecurityConfigurerAdapter to SecurityFilterChain bean pattern with lambda-based configuration
  • Dependency Updates:
    • MyBatis: 2.2.2 → 3.0.5
    • Netflix DGS: 4.9.21 → 10.4.0 (new artifact: graphql-dgs-spring-graphql-starter)
    • DGS Codegen: 5.0.6 → 8.1.1
    • JJWT: 0.11.2 → 0.13.0
    • SQLite JDBC: 3.36.0.3 → 3.50.3.0
    • rest-assured: 4.5.1 → 5.5.0
  • CI/CD: Updated to JDK 21

Review & Testing Checklist for Human

⚠️ CRITICAL: Local build failed due to Gradle cache corruption in dev environment. All changes are untested locally - CI verification is essential.

High-risk areas requiring thorough testing:

  • Verify CI passes completely - All tests must pass since local testing was not possible
  • Test GraphQL endpoints - Netflix DGS 10.x is a major upgrade (4.9.21 → 10.4.0) with breaking changes and new artifact name. Test all GraphQL queries and mutations work correctly.
  • Test JWT authentication flow - Verify login, token generation, and authenticated requests work with jakarta.crypto and new Spring Security configuration
  • Verify timestamp handling - Check that API responses show correct timestamps (migrated from Joda-Time DateTime to java.time.Instant). Both should use UTC but serialization format may differ.
  • Test endpoint security - Verify all endpoints have correct access control (public vs authenticated) with new requestMatchers instead of antMatchers
  • Run full integration test suite - Confirm all migrations work together correctly

Recommended Test Plan

  1. Start the application and verify it boots successfully
  2. Test GraphQL endpoints via /graphql and /graphiql
  3. Test REST API endpoints for articles, comments, users, profiles
  4. Verify user registration, login, and JWT token flow
  5. Check article creation, favoriting, and commenting features
  6. Verify timestamps in API responses are formatted correctly
  7. Confirm all security rules (authenticated vs public endpoints)

Notes

  • Spring Boot 3.5.5 chosen over 3.2.0: 3.2.x OSS support ended in December 2024, so targeting latest stable version (3.5.5) for better long-term support
  • DGS artifact change: Netflix DGS 10.x uses graphql-dgs-spring-graphql-starter instead of graphql-dgs-spring-boot-starter
  • Timezone handling: Migrated from Joda-Time DateTime to java.time.Instant. Both use UTC but Instant is the modern Java standard
  • MyBatis TypeHandler: Replaced DateTimeHandler with InstantHandler for database timestamp mapping

Link to Devin run: https://app.devin.ai/sessions/50e07b749c944f39ad967a8399b45034
Requested by: @abhay-codeium

@devin-ai-integration @abhay-codeium
Upgrade to Java 21 and Spring Boot 3.5.5
aa82b5c 
- Update Java version from 11 to 21
- Upgrade Spring Boot from 2.6.3 to 3.5.5
- Update dependencies:
  - MyBatis: 2.2.2 → 3.0.5
  - Netflix DGS: 4.9.21 → 10.4.0 (graphql-dgs-spring-graphql-starter)
  - DGS Codegen plugin: 5.0.6 → 8.1.1
  - JJWT: 0.11.2 → 0.13.0
  - SQLite JDBC: 3.36.0.3 → 3.50.3.0
  - rest-assured: 4.5.1 → 5.5.0
  - Spotless: 6.2.1 → 6.25.0
- Migrate javax.* to jakarta.* namespace (21 files)
  - javax.servlet → jakarta.servlet
  - javax.validation → jakarta.validation
  - javax.crypto → jakarta.crypto
- Replace Joda-Time with java.time API (16 files)
  - DateTime → Instant
  - new DateTime() → Instant.now()
  - DateTimeHandler → InstantHandler
  - DateTimeCursor → InstantCursor
  - Update Jackson serializer for Instant
  - Update MyBatis TypeHandler for Instant
- Update Spring Security configuration
  - Migrate from WebSecurityConfigurerAdapter to SecurityFilterChain
  - Replace antMatchers with requestMatchers
  - Use lambda-based configuration
- Update CI/CD to use JDK 21

Breaking changes addressed:
- All Java EE namespace migrations completed
- All deprecated Spring Security patterns replaced
- All Joda-Time usages replaced with java.time
- Netflix DGS artifact name updated for 10.x compatibility

Co-Authored-By: Abhay Aggarwal <abhay.aggarwal@codeium.com>
@devin-ai-integration
Copy link
Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

devin-ai-integration bot and others added 3 commits October 16, 2025 16:39
@devin-ai-integration @abhay-codeium
Fix CI: Update deprecated GitHub Actions to v4
33141c8 
- actions/checkout: v2 → v4
- actions/setup-java: v2 → v4
- actions/cache: v2 → v4 (critical fix - v2 was shut down Dec 5, 2024)

This resolves the CI failure blocking PR verification of the Java 21/Spring Boot 3.5.5 upgrade.

Co-Authored-By: Abhay Aggarwal <abhay.aggarwal@codeium.com>
@devin-ai-integration @abhay-codeium
Upgrade Gradle wrapper from 7.4 to 8.10.2 for Java 21 support
0d6282f 
Gradle 7.4 only supports up to Java 17, causing build failures with:
'Unsupported class file major version 65'

Gradle 8.10.2 adds support for Java 21 and Java 23, resolving the
compatibility issue with the Java 21 upgrade.

Co-Authored-By: Abhay Aggarwal <abhay.aggarwal@codeium.com>
@devin-ai-integration @abhay-codeium
Fix: Revert javax.crypto to jakarta.crypto migration
ac92d9b 
javax.crypto is part of Java SE core libraries, not Java EE,
so it was never migrated to Jakarta EE. The crypto packages
remain as javax.crypto in all Java versions.

This fixes the compilation errors:
- package jakarta.crypto does not exist
- package jakarta.crypto.spec does not exist

Co-Authored-By: Abhay Aggarwal <abhay.aggarwal@codeium.com>
@osminb
Copy link

osminb commented Oct 16, 2025

hey devin can you check this again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@osminb