Migrate from Java 11 to Java 21 with Spring Boot 3.2.0

[devin-ai-integration]

Migrate from Java 11 to Java 21 with Spring Boot 3.2.0

Summary

This PR upgrades the application from Java 11 to Java 21 and Spring Boot 2.6.3 to 3.2.0. This major version upgrade required:

1. Build Configuration Updates: Updated Java compatibility to 21, Spring Boot to 3.2.0, and upgraded all major dependencies:

   • MyBatis: 2.2.2 → 3.0.3
   • Netflix DGS: 4.9.21 → 8.2.0, codegen plugin: 5.0.6 → 8.1.1 (note: user specified 6.0.0 but that version doesn't exist)
   • JJWT: 0.11.2 → 0.12.5
   • SQLite JDBC: 3.36.0.3 → 3.45.0.0
   • REST Assured: 4.5.1 → 5.4.0

2. Jakarta EE Namespace Migration (30 files): Replaced all javax.validation.* and javax.servlet.* imports with jakarta.* equivalents as required by Spring Boot 3.x.

3. Joda-Time → java.time Migration (16 files): Removed joda-time dependency and migrated all DateTime usage to java.time.Instant:

   • Updated MyBatis DateTimeHandler to handle Instant with Timestamp conversion
   • Migrated Jackson serialization to use DateTimeFormatter.ISO_INSTANT
   • Updated all domain models (Article, Comment) and tests

4. Spring Security 6.x Refactoring:

   • Removed deprecated WebSecurityConfigurerAdapter
   • Migrated to SecurityFilterChain bean pattern with lambda DSL
   • Changed antMatchers() → requestMatchers()

5. CI/CD Updates: Updated GitHub Actions workflow to use JDK 21

6. Documentation: Updated README to require Java 21

Review & Testing Checklist for Human

⚠️ CRITICAL: I was unable to compile this locally due to Gradle cache issues on my machine. All changes are untested - CI will be the first verification.

• Run full test suite - Verify all tests pass, especially:

  • Date/time related tests that assert exact timestamp values
  • Security/authentication tests
  • API integration tests

• Verify API date formatting - Test a few API endpoints manually to ensure dates are serialized correctly in ISO-8601 format (should match previous format exactly)

• Test authentication flows - Verify the Spring Security refactoring didn't change authorization behavior:

  • Anonymous access to public endpoints (/users, /users/login, /articles/**, /profiles/**, /tags)
  • Authenticated-only endpoints (/articles/feed)
  • GraphQL endpoints (/graphql, /graphiql)

• Check MyBatis timestamp handling - Verify that existing database records with timestamps are loaded correctly after the DateTime → Instant migration

• Review DGS plugin compatibility - The codegen plugin version 8.1.1 might have compatibility issues with DGS runtime 8.2.0. Check CI logs for any GraphQL code generation warnings/errors.

Test Plan

# Run all tests
./gradlew test

# Start the application
./gradlew bootRun

# Test a few key endpoints
curl http://localhost:8080/api/tags
curl -X POST http://localhost:8080/api/users -H "Content-Type: application/json" -d '{"user":{"username":"test","email":"test@test.com","password":"password"}}'

Notes

• The javax.crypto.* imports in DefaultJwtService.java are intentionally NOT migrated - they're part of Java's core JCA, not Jakarta EE
• All DateTime → Instant conversions preserve UTC timezone semantics
• Spring Security configuration maintains the same authorization rules but uses newer API patterns

Link to Devin run: https://app.devin.ai/sessions/fdf009aee545456b9e3b5f7d32d7992e
Requested by: milind-cognition (@milind-cognition)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring