Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to spring boot 3.4.1 #1590

Merged
merged 10 commits into from
Jan 2, 2025
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions httpClients/boot-rest-template/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.3.7</version>
<version>3.4.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example.rest.template</groupId>
Expand All @@ -19,7 +19,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

<java.version>21</java.version>
<springdoc-openapi.version>2.6.0</springdoc-openapi.version>
<springdoc-openapi.version>2.7.0</springdoc-openapi.version>

<project.testresult.directory>${project.build.directory}/test-results</project.testresult.directory>
<spotless.version>2.43.0</spotless.version>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,13 @@
import static com.example.rest.template.utils.AppConstants.REQUEST_TIMEOUT;
import static com.example.rest.template.utils.AppConstants.SOCKET_TIMEOUT;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import lombok.extern.slf4j.Slf4j;
import org.apache.hc.client5.http.ConnectionKeepAliveStrategy;
import org.apache.hc.client5.http.HttpRoute;
Expand All @@ -19,19 +24,20 @@
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.config.Registry;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.http.io.SocketConfig;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.util.TimeValue;
import org.apache.hc.core5.util.Timeout;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.http.MediaType;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.scheduling.TaskScheduler;
Expand All @@ -45,34 +51,58 @@
@Slf4j
public class RestTemplateConfiguration {

private final Environment environment;

public RestTemplateConfiguration(Environment environment) {
this.environment = environment;
}

@Bean
PoolingHttpClientConnectionManager poolingConnectionManager() {
Registry<ConnectionSocketFactory> registry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", SSLConnectionSocketFactory.getSocketFactory())
.build();
SSLContext sslContext;
try {
// Configure SSLContext with a permissive TrustStrategy
SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
if (!isProdEnvironment()) {
log.warn("Using permissive certificate validation - NOT FOR PRODUCTION USE");
sslContextBuilder.loadTrustMaterial((chain, authType) -> true);
}
sslContext = sslContextBuilder.build();
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
throw new RuntimeException("Failed to initialize SSL context", e);
}
PoolingHttpClientConnectionManager poolingConnectionManager =
new PoolingHttpClientConnectionManager(registry);

poolingConnectionManager.setDefaultSocketConfig(
SocketConfig.custom().setSoTimeout(Timeout.ofSeconds(SOCKET_TIMEOUT)).build());
poolingConnectionManager.setDefaultConnectionConfig(
ConnectionConfig.custom()
.setConnectTimeout(Timeout.ofSeconds(CONNECTION_TIMEOUT))
.build());

// set a total amount of connections across all HTTP routes
poolingConnectionManager.setMaxTotal(MAX_TOTAL_CONNECTIONS);
// set a maximum amount of connections for each HTTP route in pool
poolingConnectionManager.setDefaultMaxPerRoute(MAX_ROUTE_CONNECTIONS);
PoolingHttpClientConnectionManagerBuilder.create()
.setTlsSocketStrategy(
new DefaultClientTlsStrategy(
sslContext,
HostnameVerificationPolicy.CLIENT,
isProdEnvironment() ? null : NoopHostnameVerifier.INSTANCE))
.setDefaultSocketConfig(
SocketConfig.custom()
.setSoTimeout(Timeout.ofSeconds(SOCKET_TIMEOUT))
.build())
.setDefaultConnectionConfig(
ConnectionConfig.custom()
.setConnectTimeout(Timeout.ofSeconds(CONNECTION_TIMEOUT))
.build())
// set a total amount of connections across all HTTP routes
.setMaxConnTotal(MAX_TOTAL_CONNECTIONS)
// set a maximum amount of connections for each HTTP route in pool
.setMaxConnPerRoute(MAX_ROUTE_CONNECTIONS)
.build();

// increase the amounts of connections if the host is localhost
HttpHost localhost = new HttpHost("http://localhost", 8080);
poolingConnectionManager.setMaxPerRoute(
new HttpRoute(localhost), MAX_LOCALHOST_CONNECTIONS);
return poolingConnectionManager;
}

private boolean isProdEnvironment() {
return List.of(environment.getActiveProfiles()).contains("prod");
}

@Bean
CloseableHttpClient httpClient(
PoolingHttpClientConnectionManager poolingConnectionManager,
Expand Down Expand Up @@ -114,7 +144,7 @@ RestTemplate restTemplate(
RestTemplateBuilder restTemplateBuilder, CloseableHttpClient httpClient) {

return restTemplateBuilder
.setConnectTimeout(Duration.ofSeconds(60))
.connectTimeout(Duration.ofSeconds(60))
.defaultHeader(
org.springframework.http.HttpHeaders.CONTENT_TYPE,
MediaType.APPLICATION_JSON_VALUE)
Expand All @@ -125,7 +155,6 @@ RestTemplate restTemplate(
log.info("URI: {}", request.getURI());
log.info("HTTP Method: {}", request.getMethod().name());
log.info("HTTP Headers: {}", request.getHeaders());

return execution.execute(request, body);
}))
.build();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.lang.NonNull;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

Expand All @@ -11,7 +12,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
private final ApplicationProperties properties;

@Override
public void addCorsMappings(CorsRegistry registry) {
public void addCorsMappings(@NonNull CorsRegistry registry) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Null safety annotations are inconsistently applied across configuration classes

Based on the search results, while some configuration classes use null safety annotations, the usage is not consistent across the codebase:

  • Several WebMvcConfig classes have @NonNull only on addCorsMappings method but not on other methods
  • Some packages have @NonNullApi at package level (e.g., in graphql, multitenancy modules)
  • Bean post processors consistently use @NonNull on their parameters
  • Only a few classes properly annotate nullable parameters with @Nullable
🔗 Analysis chain

Consider extending null safety annotations across the configuration.

The addition of @nonnull to the registry parameter is a good practice. Consider applying similar null safety annotations (@nonnull, @nullable) consistently across other methods and fields in your configuration classes for better null safety coverage.

Let's check if similar annotations are used consistently in other configuration classes:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistent usage of null safety annotations in config classes
# Look for configuration classes that might benefit from similar null safety annotations

# Find all configuration classes
echo "Searching for Spring configuration classes..."
rg -l "class.*implements.*Configurer" --type java

# Check current usage of Spring's null safety annotations
echo "Checking current usage of null safety annotations..."
rg "@(NonNull|Nullable)" --type java

Length of output: 7418

registry.addMapping(properties.getCors().getPathPattern())
.allowedMethods(properties.getCors().getAllowedMethods())
.allowedHeaders(properties.getCors().getAllowedHeaders())
Expand Down
Loading