Skip to content

Spring 4 Upgrade

Jody Garnett edited this page Apr 2, 2016 · 83 revisions

This page gathers together Spring 4 upgrade information and planning activities, see GSIP-142 for the discussion/decision around delaying the GeoServer 2.9 release (due to Spring 3 incompatibility with Java 8).

Spring 4 Upgrade

Rough idea of scope (based on Justin's research in October):

  • servlet api upgrade (at least 3.0)
  • mock runner library does not go that high (spring has its own mock runner)
    • mechanical change, but not dropin replacing
  • security
    • cas, ldap, security modules in general:
      • Andrea emphasis manual testing
      • EspeI wocially manual testing for CAS (it is a rewrite, not just an update)
  • rest
    • restlet depends on servlet 2.5 (was able to get it working with exclusions)

What will be affected?

  • Note jdbconfig / jdbcconfig disk quota are hit by this upgrade
  • Q: How much will geofence rest be affected? due to use of spring rest api

Q: Upgrade to Servlet 3.0.

Only thing like to be tricky is additional security methods (login and logout).

Q: Anything else fun in Servlet 3.0? Use annotations rather than web.xml?

option to split web.xml into web-fragment.xml, use of of Asynchronous (see reference ).

Schedule

  1. Start feature branch https://github.com/geoserver/geoserver/tree/spring4-upgrade
  2. ✅ Upgrade to Servlet 3.0
  3. Migrate tests from mock runner to spring-test
    • ✅ core building
    • ✅ extension building
    • ✅ community modules (-PcommunityRelease) could not fix everything
  4. GWC - also uses spring and will require update
    • ✅ Upgrade to Servlet 3.0
    • ✅ Migrate from Acegi 1.0.7 to Spring Security
  5. GeoFence
    • ❔ status unknown
  6. Extensions
    • ✅ security
    • ✅ security ldap
    • ✅ security cas - some feedback from christian (may not be ready in time for release)
  7. community modules (-PcommunityRelease)
    • ✅ Migrate modules to spring4 and spring-test
    • ⚠️ geofence-server
    • ⚠️ geofence-server
  8. ✅ merge feature branch
  9. integration test geoserver security
  10. integration test security jdbc
  • ❔ define user/groups/roles
  1. integration test security ldap
    • ❔ define user/groups/roles
    • ❔ verify publication via getcapabilities
    • ❔ verify access via GetMap
  2. integration test security cas
    • if available
  3. integration test rest api
    • ❔ test rest api against docs
    • look at using gsconfig for bulk testing
    • look at gsmanager tests
  4. release 2.9-beta2
  5. release 2.9-RC1
  6. 2.9.0 release

See headings below for research, notes, buglets and planning on specific topics.

GeoWebCache

  • Also using Spring and needs to update it both to fix the Java8 ASM problem and to remain compatible with GeoServer
  • Spring 3.1.1
  • Very old predecessor to Spring Security: Acegi 1.0.7
  • Spring JDBC
  • Metastore Remover
  • Rarely used (only when upgrading from versions <= 1.3
  • No unit tests
  • Diskquota JDBC

Spring-Test Migration

Migrating from Mock Runner to Spring-Test is likely to be the most lines of code changed, but very low risk.

The plan was simple, use spring-test, which provides similar classes, by:

  1. creating a set of mockrunner replacements that were simple subclases of the spring-test ones (put in the platform module, which everything depends on)

  2. remove the mockrunner dependencies and replace them with spring-test in pom files

  3. perform any adaptation necessary for method and behavior incompatibilities between the two sets of classes

  4. refactor out the subclasses leaving the code using directly sprint-test

Progress:

  • ✅ core building
  • ✅ extension building
  • community modules (-PcommunityRelease) could not fix everything

Initial work https://github.com/aaime/geoserver/tree/mockrunner-spring has now been merged:

Planning:

  • ✅ If we go for the Spring upgrade, see this as Andrea's contribution to the upgrade, and merge it soon

    This was merged to the feature branch.

  • ❔ Continue work on community modules in -PcommunityRelease (script, rest-ext)

Testing

Security Test

The security system has undergone extensive change, and requires manual testing. We will be pulling manual tests from both our user manual tutorials, and GeoSolutions geoserver security training if any instructions need clarification.

Default Security

  1. Test web application login and logout with default admin/geoserver credentials.
  2. Test web application login and logout with root password
  3. Test Demo Requests application with default admin/geoserver credentials

Buglet:

Security Authentication

  1. Test Digest tutorial

    ⚠️ Apparently this was broken before the spring 5 upgrade and is not expected to work?

  2. Public Key Infrastructure x.509 Certificate Authentication. This test requires a Tomcat environment, consider testing from an appropriate client such as QGIS.

  3. Test HTTP Header Proxy Authentication

  4. Test Authentication with CAS

Buglets:

  • TBD

Security Authorization

Test Plan:

  1. Security configuration:

    • Roles: Reader, Editor (with parent Reader)
    • Groups: Employees, Visitors
    • Users: Bob (Employee), Alice (Visitor)
  2. Data security:

    • topp.* read ROLE_AUTHENTICATED
  3. Service security:

    • wfs.* Reader, ADMIN
    • wfs.Transaction Editor, ADMIN
  4. Test GetCapabilities to verify data authorization

  5. Test GetMap to verify data authorization

  6. Test DescribeFeatureType to verify service authorization

  7. Test GetMap Transaction to verify service authorization

Buglets:

  • TBD

Security LDAP

  1. Tutorials provide adequate test, please test either:

Buglets:

  • TBD

REST API Test

The rest api has undergone significant modification and requires integration testing:

  1. Integration test: run gsconfig tests - should cover the geonode project
  2. Integration test: run qgis-geoserver-plugin tests
  3. Test examples provided in the documentation

Buglets:

  • TBD
Clone this wiki locally