Upgrading a REST API to Spring Boot 3

Pavith Madusara
2 min readDec 3, 2022

--

Upgrading Spring Boot 2.7 REST API Implementation to Spring Boot 3

With the release of Spring Boot 3, I’ve updated couple of my Spring Boot 2.7 REST API implementation projects to Spring Boot 3. In this story ill list down all the changes i had to make.

This is not a complete guide to Spring Boot 3. This is just a list of changes i have came across. I may update this list in the future if i came across more changes.

1. Moving from javax to jakartaSB3 has moved to the JakartaEE implementation, So all javax imports should be updated to use jakarta namespace. simple find and replace should do the trick

2. EnableGlobalMethodSecurity is Deprecated

// This is Deprecated
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
public class SecurityConfig{}

// Use Enable Method Security, prePost is Enabled by Default
@EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true)
public class SecurityConfig{}

3. http.authorizeRequests() and antMatchers() methods are replaced with authorizeHttpRequests and requestMatchers methods

    @Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// ...
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll()
.antMatchers(HttpMethod.GET, "/swagger-ui/**").permitAll()
.antMatchers(HttpMethod.GET, "/v3/api-docs/**").permitAll()
.antMatchers(HttpMethod.POST, "/api/auth/login").permitAll()
.antMatchers(HttpMethod.POST, "/api/auth/token-refresh").permitAll()
.anyRequest().authenticated();
// ...
}

// Spring Boot 3.0.0
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// ...
http.authorizeHttpRequests()
// Public endpoints
.requestMatchers(HttpMethod.GET, "/swagger-ui.html").permitAll()
.requestMatchers(HttpMethod.GET, "/swagger-ui/**").permitAll()
.requestMatchers(HttpMethod.GET, "/v3/api-docs/**").permitAll()
.requestMatchers(HttpMethod.POST, "/api/auth/login").permitAll()
.requestMatchers(HttpMethod.POST, "/api/auth/token-refresh").permitAll()
.anyRequest().authenticated();
// ...
}

4. ResponseStatusException -> getStatus() is replaced with getStatusCode()

@ExceptionHandler(ResponseStatusException.class)
public ResponseEntity<ErrorResponse> handleNotFound(final ResponseStatusException exception) {
final ErrorResponse errorResponse = new ErrorResponse();

// errorResponse.setHttpStatus(exception.getStatus().value());
errorResponse.setHttpStatus(exception.getStatusCode().value());

errorResponse.setException(exception.getClass().getSimpleName());
errorResponse.setMessage(exception.getMessage());

// return new ResponseEntity<>(errorResponse, exception.getStatus());
return new ResponseEntity<>(errorResponse, exception.getStatusCode());
}

This list covers all the changes i did to update my simple REST APIs, Ive tried to update some of my micro service implementations as well but some dependencies have to release new versions for SB3 before we can update.

--

--

No responses yet