Skip to content

Migrate to Spring Boot 4 #1886

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
goekay merged 4 commits into from
Dec 5, 2025
Merged

Migrate to Spring Boot 4 #1886

goekay merged 4 commits into from
Dec 5, 2025

Conversation

@goekay
Copy link
Member

@goekay goekay commented Nov 28, 2025
edited by qodo-merge-for-open-source bot
Loading

User description

#1884

PR Type

Enhancement

Description

  • Upgrade Spring Boot from 3.5.7 to 4.0.0

  • Migrate Jackson from com.fasterxml to tools.jackson

  • Update Spring Boot autoconfiguration imports and API usage

  • Refactor Jackson ObjectMapper builder patterns

Diagram Walkthrough

flowchart LR
  A["Spring Boot 3.5.7"] -->|"Upgrade"| B["Spring Boot 4.0.0"]
  C["com.fasterxml Jackson"] -->|"Migrate"| D["tools.jackson"]
  B -->|"Update imports"| E["Spring Boot 4 APIs"]
  D -->|"Refactor builders"| F["JsonMapper pattern"]
  E -->|"Update locations"| G["ServerProperties"]
Loading

File Walkthrough
Relevant files
Dependencies
23 files
pom.xml
Update Spring Boot and Jackson dependencies                           
+11/-6   
ApiAuthenticationManager.java
Update Jackson import to tools.jackson                                     
+1/-1     
BeanConfiguration.java
Migrate Jackson and Spring Boot imports                                   
+9/-9     
ClientProvider.java
Update ServerProperties import location                                   
+1/-1     
CustomStringModule.java
Update Jackson imports and exception handling                       
+21/-36 
MeterValue15Deserializer.java
Update Jackson deserializer base class                                     
+13/-14 
MeterValue15Mixin.java
Update Jackson annotation import                                                 
+1/-1     
Ocpp12JacksonModule.java
Update Jackson imports and setMixIn method                             
+3/-3     
Ocpp15JacksonModule.java
Update Jackson imports and module setup                                   
+6/-6     
Ocpp16JacksonModule.java
Update Jackson imports and setMixIn method                             
+3/-3     
Deserializer.java
Update Jackson imports and exception handling                       
+18/-18 
Serializer.java
Update Jackson imports and exception handling                       
+7/-7     
CertificateSigningServiceLocal.java
Update ServerProperties import location                                   
+1/-1     
WebUserService.java
Update Jackson imports and exception handling                       
+4/-13   
ApplicationTest.java
Update ServerProperties import location                                   
+1/-1     
OperationalSoapOCPP16Test.java
Update ServerProperties import location                                   
+1/-1     
StressTest.java
Update ServerProperties import location                                   
+1/-1     
Issue73FixTest.java
Update ServerProperties import location                                   
+1/-1     
CustomStringModuleTest.java
Update Jackson import to tools.jackson                                     
+1/-1     
Helpers.java
Update ServerProperties import location                                   
+1/-1     
OcppJsonChargePoint.java
Update Jackson imports and exception handling                       
+27/-39 
OcppTagsRestControllerTest.java
Update Jackson message converter class name                           
+2/-2     
TransactionRestControllerTest.java
Update Jackson message converter class name                           
+2/-2     
Configuration changes
1 files
SteveApplication.java
Remove JooqAutoConfiguration exclusion                                     
+1/-2     
Enhancement
4 files
JsonObjectMapper.java
Refactor to JsonMapper builder pattern                                     
+31/-34 
GithubReleaseCheckService.java
Migrate to JsonMapper builder pattern                                       
+9/-12   
AjaxCallController.java
Migrate to JsonMapper builder pattern                                       
+7/-6     
AbstractControllerTest.java
Migrate to JsonMapper builder pattern                                       
+5/-13   

@goekay goekay linked an issue Nov 28, 2025 that may be closed by this pull request
Migrate to Spring Boot 4 #1884
Closed
@qodo-merge-for-open-source
Copy link

qodo-merge-for-open-source bot commented Nov 28, 2025
edited
Loading

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🟡
🎫 #1884
🟢 Upgrade Spring Boot from version 3.5.7 to version 4.0.0
Migrate Jackson library from com.fasterxml.package to tools.jackson package
Update Spring Boot autoconfiguration imports and API usage for version 4 compatibility
Refactor Jackson ObjectMapper builder patterns to use new Spring Boot 4 APIs
🔴 Apply OpenRewrite migration recipe org.openrewrite.java.spring.boot4.UpgradeSpringBoot_4_0
Handle breaking changes related to Jackson 3.x migration
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Broad Exception Catch: Changed from catching specific IOException to catching generic Exception which may hide
unexpected errors and reduce debugging clarity.

Referred Code 
} catch (Exception e) {
    throw new SteveException("Deserialization of incoming string failed: %s", context.getIncomingString(), e);

Learn more about managing compliance generic rules or creating your own custom rules

  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-merge-for-open-source
Copy link

qodo-merge-for-open-source bot commented Nov 28, 2025
edited
Loading

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Remove incorrect HTML encoding during deserialization

Remove the Encode.forHtml call from CustomStringDeserializer to prevent
incorrect HTML encoding of incoming string data, which can cause data
corruption.

src/main/java/de/rwth/idsg/steve/ocpp/ws/custom/CustomStringModule.java [86-93]

 private static class CustomStringDeserializer extends StringDeserializer {
 
     @Override
     public String deserialize(JsonParser p, DeserializationContext ctxt) throws JacksonException {
-        String val = super.deserialize(p, ctxt);
-        return Encode.forHtml(val);
+        return super.deserialize(p, ctxt);
     }
 }
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: The suggestion correctly identifies that HTML encoding during deserialization can lead to data corruption and double-encoding issues, which is a valid concern for data integrity.

Medium
  • Update

@goekay
clean up pom.xml
011e96d 
the build/test issues were due to exception

Caused by: java.lang.NoSuchFieldError: Class org.apache.tomcat.util.descriptor.Constants does not have member field 'boolean IS_SECURITY_ENABLED'
	at org.apache.tomcat.util.descriptor.tld.TldParser.parse(TldParser.java:53)
	at org.apache.jasper.servlet.TldScanner.parseTld(TldScanner.java:260)

there was a dependency version conflict: we should be using jetty and its JSP library. however, tomcat's JSP engine was also included which jetty was trying to use.
this was due to "cxf-spring-boot-starter-jaxws" transitively bringing "spring-boot-starter-tomcat" along. excluding this solved the issue.
@goekay
update ocpp-jaxb lib
b746daa
@goekay
Merge branch 'master' into 1884-migrate-to-spring-boot-4-REAL
d014447
@goekay goekay merged commit a69601e into master Dec 5, 2025
25 checks passed
@goekay goekay deleted the 1884-migrate-to-spring-boot-4-REAL branch December 5, 2025 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 4/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Migrate to Spring Boot 4

2 participants

@goekay