Spring Boot 3.x 업그레이드

Spring Boot 2.x -> 3.x 업그레이드

스프링 3.x 부터는 자바 17이 필수

• Javax.* 패키지에서 Jakarta.* 패키지로 namespace 변경됨
• HandlerInterceptorAdapter -> HandlerInterceptor를 implements 해서 구현

maven 라이브러리 변경

<parent>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-parent</artifactId>
	<version>3.1.2</version>
</parent>

<!-- ehcache -->
<dependency>
	<groupId>org.ehcache</groupId>
	<artifactId>ehcache</artifactId>
	<version>3.10.8</version>
	<classifier>jakarta</classifier>
</dependency>

<dependency>
	<groupId>com.mysql</groupId>
	<artifactId>mysql-connector-j</artifactId>
	<version>8.1.0</version>
</dependency>

<!-- jakarta servlet -->
<dependency>
	<groupId>jakarta.servlet</groupId>
	<artifactId>jakarta.servlet-api</artifactId>
	<version>6.0.0</version>
	<scope>provided</scope>
</dependency>
<dependency>
	<groupId>jakarta.servlet.jsp</groupId>
	<artifactId>jakarta.servlet.jsp-api</artifactId>
	<version>3.1.1</version>
	<scope>provided</scope>
</dependency>
<dependency>
	<groupId>org.glassfish.web</groupId>
	<artifactId>jakarta.servlet.jsp.jstl</artifactId>
	<version>3.0.1</version>
</dependency>
<dependency>
	<groupId>jakarta.servlet.jsp.jstl</groupId>
	<artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
	<version>3.0.0</version>
</dependency>

패키지 변경

1. javax.persistence.* -> jakarta.persistence.*
2. javax.validation.* -> jakarta.validation.*
3. javax.servle.* -> jakarta.servlet.*
4. javax.annotation.* -> jakarta.annotaion.*
5. javax.transaction.* -> jakarta.transaction.*

spring security config 변경

1. authorizeRequests() -> authorizeHttpRequests()
2. antMatchers() -> requestMatchers()
3. regexMatchers() -> regexRequestMatchers()

deprecated

1. AffirmativeBased
2. WebSecurityConfigurerAdapter
3. FilterSecurityInterceptor

migration

1. WebSecurityConfigurerAdapter extends 로직 -> SecurityFilterChain 사용
2. filterSecurityInterceptor 가 deprecated 처리 되었기 때문에 유저별 접근 자원에 대한 제어를 별도로 처리 해주어야함
	authorizeHttpRequests에서 requestMatchers에 정의 하거나, @PreAuthorize controller 마다 기재하여 제어하는 방법
    혹은 AuthorizationManager<RequestAuthorizationContext> @Bean을 생성하여, accessDecisionVoter를 구현하는 방법

ex) 
@Bean
AuthorizationManager<RequestAuthorizationContext> requestAuthorization() {
    PolicyAuthorizationManager policy = ...;
    LocalAuthorizationManager local = ...;
    return AuthorizationManagers.allOf(policy, local);
}

http
    .authorizeHttpRequests((authorize) -> authorize.anyRequest().access(requestAuthorization))

migration 참조 링크

https://docs.spring.io/spring-security/reference/5.8/index.html