feature: upgrade the namingserver and console modules to JDK 25 and SpringBoot 3.5, and add the spring-ai dependency to the console module. #7870
Conversation
…0.2, imported spring-ai mcp sdk
…0.2, httpclient to version 5.4.3
…h according to the old version
… plus RestTemplate to implement the function
…rsions less than 25
# Conflicts: # .github/workflows/build.yml
# Conflicts: # namingserver/src/test/java/org/apache/seata/namingserver/NamingControllerTest.java # pom.xml
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## 2.x #7870 +/- ##
============================================
- Coverage 71.12% 71.11% -0.01%
Complexity 797 797
============================================
Files 1294 1294
Lines 49528 49528
Branches 5873 5873
============================================
- Hits 35228 35224 -4
- Misses 11390 11398 +8
+ Partials 2910 2906 -4 see 9 files with indirect coverage changes 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR upgrades the namingserver and console modules to JDK 25 and Spring Boot 3.5.2, completing a major framework modernization that enables future AI features through the spring-ai module. The upgrade involves migrating from the javax namespace to jakarta, replacing deprecated async APIs with virtual threads, and updating Spring Security configuration to the latest patterns.
Key Changes
- Upgraded from JDK 8 to JDK 25 and Spring Boot 2.7.18 to 3.5.2 across console and namingserver modules
- Replaced deprecated AsyncRestTemplate with RestTemplate + virtual threads (JDK 21+) for lightweight asynchronous processing
- Migrated Spring Security configuration from deprecated WebSecurityConfigurerAdapter to SecurityFilterChain bean approach
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| namingserver/pom.xml | Updated JDK version to 25, Spring Boot to 3.5.2, Tomcat to 11.0.2, and migrated from httpclient 4.x to httpclient5 |
| console/pom.xml | Updated Spring Boot to 3.5.2, added spring-ai-starter-mcp-server-webmvc dependency for future MCP functionality |
| namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java | Replaced AsyncRestTemplate with virtual threads + RestTemplate, implementing async forwarding with CompletableFuture and timeout handling |
| namingserver/src/main/java/org/apache/seata/namingserver/config/WebConfig.java | Updated HTTP client configuration to use httpclient5 packages, removed AsyncRestTemplate bean |
| console/src/main/java/org/apache/seata/console/config/WebSecurityConfig.java | Migrated from WebSecurityConfigurerAdapter to SecurityFilterChain bean pattern with lambda DSL configuration |
| console/src/main/java/org/apache/seata/console/filter/JwtAuthenticationTokenFilter.java | Migrated from javax.servlet to jakarta.servlet, minor code style improvements |
| namingserver/src/main/resources/application.yml | Added ant_path_matcher configuration to maintain compatibility with legacy Ant-style path patterns |
| Multiple test files | Updated imports from javax.servlet to jakarta.servlet for Spring Boot 3.x compatibility |
| .github/workflows/codeql-analysis.yml | Added Java 25 setup to ensure CI builds with the new JDK version |
Comments suppressed due to low confidence (1)
console/pom.xml:173
- The spring-ai-starter-mcp-server-webmvc dependency is added but appears to be unused in the codebase. Consider removing this dependency or document its intended use if it's meant for future functionality. Adding unused dependencies increases the application's footprint and potential security surface area.
<configuration>
<nodeVersion>v19.5.0</nodeVersion>
</configuration>
</execution>
<execution>
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java
Outdated
Show resolved
Hide resolved
namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java
Outdated
Show resolved
Hide resolved
namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java
Show resolved
Hide resolved
console/src/main/java/org/apache/seata/console/filter/JwtAuthenticationTokenFilter.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 19 out of 19 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
console/src/main/java/org/apache/seata/console/config/WebSecurityConfig.java
Show resolved
Hide resolved
namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java
Show resolved
Hide resolved
namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 21 out of 21 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| virtual: | ||
| enabled: true | ||
| mvc: | ||
| pathmatch: |
There was a problem hiding this comment.
The PathMatchingStrategy configuration using 'ant_path_matcher' forces Spring MVC to use the legacy AntPathMatcher instead of the newer PathPatternParser (default in Spring Boot 3.x). While this maintains backward compatibility with patterns like /**/*.css, be aware that PathPatternParser is more efficient. Consider migrating path patterns to be compatible with PathPatternParser in the future for better performance, or document why the legacy matcher is required.
| pathmatch: | |
| pathmatch: | |
| # Use legacy AntPathMatcher for compatibility with existing patterns like /**/*.css, /**/*.js, etc. | |
| # Switching to PathPatternParser (Spring Boot 3.x default) would require updating these patterns. |
| // PathPatternParser using the new version of Security cannot directly achieve the same matching effect | ||
| // as the deprecated Ant style mode /**/*.css |
There was a problem hiding this comment.
The comment explaining why AntPathRequestMatcher is used is helpful. However, the explanation could be clearer. The issue is that Spring Security 6.x uses PathPatternParser by default, which has stricter matching rules than the legacy Ant style matcher. Patterns like /**/*.css work differently between the two. Consider adding a reference or example to make this clearer for future maintainers.
| // PathPatternParser using the new version of Security cannot directly achieve the same matching effect | |
| // as the deprecated Ant style mode /**/*.css | |
| // In Spring Security 6.x, requestMatchers(String...) uses PathPatternParser by default, which has | |
| // stricter matching rules than the legacy Ant-style matcher. For example, the Ant pattern "/**/*.css" | |
| // (often used for static resources) is not interpreted the same way by PathPatternParser and may no | |
| // longer match all nested paths as expected. We therefore use AntPathRequestMatcher explicitly so | |
| // that ignore / CSRF patterns coming from configuration keep their original Ant-style semantics. | |
| // See: Spring Security Reference - "Request Matchers" section. |
|
|
||
| // Create the HttpEntity with headers and body | ||
| HttpEntity<byte[]> httpEntity = new HttpEntity<>(request.getCachedBody(), headers); | ||
|
|
||
| // Forward the request | ||
| AsyncContext asyncContext = servletRequest.startAsync(); | ||
| asyncContext.setTimeout(5000L); | ||
| ListenableFuture<ResponseEntity<byte[]>> responseEntityFuture = asyncRestTemplate.exchange( | ||
| URI.create(targetUrl), | ||
| Objects.requireNonNull(HttpMethod.resolve(request.getMethod())), | ||
| httpEntity, | ||
| byte[].class); | ||
| responseEntityFuture.addCallback(new ListenableFutureCallback<ResponseEntity<byte[]>>() { | ||
| @Override | ||
| public void onFailure(Throwable ex) { | ||
| try { | ||
| logger.error(ex.getMessage(), ex); | ||
| response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); | ||
| } finally { | ||
| asyncContext.complete(); | ||
| HttpMethod httpMethod; | ||
| try { | ||
| httpMethod = HttpMethod.valueOf(request.getMethod()); | ||
| } catch (IllegalArgumentException ex) { | ||
| logger.error("Unsupported HTTP method: {}", request.getMethod(), ex); | ||
| response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); | ||
| return; | ||
| } | ||
| try { | ||
| ResponseEntity<byte[]> responseEntity = restTemplate.exchange( | ||
| URI.create(targetUrl), httpMethod, httpEntity, byte[].class); | ||
| responseEntity.getHeaders().forEach((key, value) -> { | ||
| value.forEach(v -> response.addHeader(key, v)); | ||
| }); | ||
| response.setStatus( | ||
| responseEntity.getStatusCode().value()); | ||
| Optional.ofNullable(responseEntity.getBody()).ifPresent(body -> { | ||
| try (ServletOutputStream outputStream = response.getOutputStream()) { | ||
| outputStream.write(body); | ||
| outputStream.flush(); | ||
| } catch (IOException e) { | ||
| logger.error(e.getMessage(), e); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| public void onSuccess(ResponseEntity<byte[]> responseEntity) { | ||
| // Copy response headers and status code | ||
| responseEntity.getHeaders().forEach((key, value) -> { | ||
| value.forEach(v -> response.addHeader(key, v)); | ||
| }); | ||
| response.setStatus(responseEntity.getStatusCodeValue()); | ||
| // Write response body | ||
| Optional.ofNullable(responseEntity.getBody()) | ||
| .ifPresent(body -> { | ||
| try (ServletOutputStream outputStream = response.getOutputStream()) { | ||
| outputStream.write(body); | ||
| outputStream.flush(); | ||
| } catch (IOException e) { | ||
| logger.error(e.getMessage(), e); | ||
| } | ||
| }); | ||
| asyncContext.complete(); | ||
| } | ||
| }); | ||
| }); | ||
| } catch (Exception ex) { | ||
| logger.error(ex.getMessage(), ex); | ||
| response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); | ||
| } |
There was a problem hiding this comment.
The significant refactoring of ConsoleRemotingFilter from AsyncRestTemplate to RestTemplate changes the core request forwarding mechanism. This change lacks test coverage to verify that the synchronous RestTemplate with virtual threads provides equivalent functionality to the previous asynchronous implementation. Consider adding tests to verify proper request forwarding, error handling, and timeout behavior.
namingserver/src/main/java/org/apache/seata/namingserver/config/WebConfig.java
Show resolved
Hide resolved
namingserver/src/main/java/org/apache/seata/namingserver/filter/ConsoleRemotingFilter.java
Show resolved
Hide resolved
| import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; | ||
| import org.apache.hc.client5.http.impl.classic.HttpClients; | ||
| import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; |
There was a problem hiding this comment.
The migration from org.apache.httpcomponents:httpclient (HttpClient 4.x) to org.apache.httpcomponents.client5:httpclient5 (HttpClient 5.x) involves significant API changes. The imports have been correctly updated to use org.apache.hc.client5 packages. However, ensure that the HttpComponentsClientHttpRequestFactory from Spring is compatible with HttpClient 5.x at runtime, as Spring's HttpComponentsClientHttpRequestFactory may have different configuration methods for HttpClient 5.
…pringBoot 3.5, and add the spring-ai dependency to the console module. (apache#7870)
Ⅰ. Describe what this PR did
Ⅱ. Does this pull request fix one issue?
Ⅲ. Why don't you add test cases (unit test/integration test)?
Ⅳ. Describe how to verify it
Ⅴ. Special notes for reviews