Skip to content

Comments

Migrate from Java 11 + Spring Boot 2.6.3 to Java 17 + Spring Boot 3.2.0#358

Open
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1771406721-spring-boot-3-migration
Open

Migrate from Java 11 + Spring Boot 2.6.3 to Java 17 + Spring Boot 3.2.0#358
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1771406721-spring-boot-3-migration

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Feb 18, 2026
edited
Loading

Summary

Major framework upgrade migrating from Java 11 / Spring Boot 2.6.3 to Java 17 / Spring Boot 3.2.0. This touches 27 files across build config, CI, security, and all Jakarta EE namespace imports.

Key changes:

  • Build: Spring Boot 3.2.0, Gradle wrapper 7.4→8.5, dependency-management 1.1.4, DGS codegen 6.0.3, DGS starter 8.2.0, MyBatis 3.0.3, REST Assured 5.3.2
  • Namespace: All javax.servlet.*, javax.validation.*jakarta.servlet.*, jakarta.validation.* (20 files). javax.crypto left as-is (JDK, not Jakarta EE).
  • Security: WebSecurityConfigurerAdapter removed → SecurityFilterChain @Bean with lambda DSL. antMatchersrequestMatchers, authorizeRequestsauthorizeHttpRequests.
  • Exception handling: CustomizeExceptionHandler.handleMethodArgumentNotValid signature updated (HttpStatusHttpStatusCode).
  • GraphQL/DGS: DataFetcherExceptionHandler.onExceptionhandleException returning CompletableFuture. graphql.relay.DefaultPageInfo → DGS-generated io.spring.graphql.types.PageInfo builder pattern.
  • CI & docs: GitHub Actions JDK 11→17, README updated.

Review & Testing Checklist for Human

  • Security config equivalence: Verify the WebSecurityConfig lambda DSL produces identical security behavior to the old WebSecurityConfigurerAdapter chain — especially CORS handling (now passed via cors(cors -> cors.configurationSource(...)) instead of .cors().and()) and URL matching (requestMatchers vs antMatchers can differ in pattern semantics).
  • Run the full test suite (./gradlew clean test). Compilation passes but tests were not run locally. MyBatis 2→3, DGS 4→8, and Spring Security 5→6 all have potential runtime/test-level breaking changes.
  • Verify GraphQL PageInfo fields: The switch from graphql.relay.DefaultPageInfo to the DGS-generated PageInfo builder assumes the schema generates startCursor, endCursor, hasPreviousPage, hasNextPage. Confirm the generated types match.
  • Boot the app (./gradlew bootRun) and hit a few endpoints (e.g., GET /tags, POST /users, GraphQL at /graphql) to verify Spring context loads and DGS wiring is correct.
  • DGS 4→8 compatibility: This is a 4-major-version jump. Check for any additional DGS API changes beyond what was fixed in this PR (codegen output, datafetcher wiring, etc.).

Notes

  • javax.crypto.SecretKey / SecretKeySpec imports in DefaultJwtService.java were intentionally not migrated — these are JDK classes, not Jakarta EE.
  • Gradle wrapper upgraded to 8.5 to support Java 21 (the build VM runs Java 21, though the project targets Java 17).
  • CI checks will run on Java 17 per the updated workflow.

Link to Devin run: https://app.devin.ai/sessions/e5a65850f33e460b8925a594dbcaac23
Requested by: @iancmoritz

Open with Devin

@devin-ai-integration @iancmoritz
Migrate from Java 11 + Spring Boot 2.6.3 to Java 17 + Spring Boot 3.2.0
3030c49 
- Update Java source/target compatibility to 17
- Upgrade Spring Boot to 3.2.0, dependency-management to 1.1.4
- Upgrade Gradle wrapper from 7.4 to 8.5 (Java 21 support)
- Upgrade Netflix DGS codegen to 6.0.3, DGS starter to 8.2.0
- Upgrade MyBatis Spring Boot starter to 3.0.3
- Upgrade REST Assured to 5.3.2
- Migrate javax.* to jakarta.* imports (servlet, validation)
- Refactor WebSecurityConfig: remove WebSecurityConfigurerAdapter,
  use SecurityFilterChain bean with lambda DSL
- Update requestMatchers (was antMatchers), authorizeHttpRequests
  (was authorizeRequests)
- Fix CustomizeExceptionHandler for HttpStatusCode signature change
- Fix GraphQLCustomizeExceptionHandler for new handleException API
- Fix PageInfo type to use DGS-generated types instead of graphql-relay
- Update CI workflow to JDK 17
- Update README to reflect Java 17 requirement

Co-Authored-By: Ian Moritz <ian.moritz@cognition.ai>
@devin-ai-integration
Copy link
Author

devin-ai-integration bot commented Feb 18, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

devin-ai-integration[bot]
devin-ai-integration bot commented Feb 18, 2026
View reviewed changes
Copy link
Author

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 5 additional findings.

Open in Devin Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@iancmoritz iancmoritz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iancmoritz