Migrate to spring boot 4

build.gradle

@@ -68,6 +68,8 @@ subprojects {
         exclude(group: "org.hamcrest", module: "hamcrest-core")
         exclude(group: "org.hamcrest", module: "hamcrest-library")
         exclude(group: "org.springframework.boot", module: "spring-boot-starter-logging")
+        exclude(group: "org.apache.directory.server", module: "apacheds-core")
+        exclude(group: "org.apache.directory.server", module: "apacheds-protocol-ldap")
         exclude(group: "org.skyscreamer", module: "jsonassert")
         exclude(group: "com.vaadin.external.google", module: "android-json")
         exclude(group: "com.unboundid.components", module: "json")
@@ -126,8 +128,11 @@ subprojects {
         // gradle might stop the test run due to the failFast but still concludes with BUILD SUCCESSFUL (if the retry is successful)
         failFast = false
         useJUnitPlatform()
-        // Reduced from 1024m to 640m - unit tests don't need as much as integration tests
-        jvmArgs += ["-Xmx640m",
+        // Increased to 1536m for Spring Boot 4 compatibility
+        jvmArgs += ["-Xmx1536m",
+                    "-Xms512m",
+                    "-XX:MaxMetaspaceSize=512m",
+                    "-XX:+UseG1GC",
                     "-XX:+StartAttachListener",
                     "-XX:+HeapDumpOnOutOfMemoryError",
                     "-XX:HeapDumpPath=/var/log/uaa-tests.hprof"

gradle/libs.versions.toml

@@ -21,9 +21,10 @@ orgJson = "20251224"
 passay = "2.0.0"
 selenium = "4.44.0"
 sonarqube = "7.3.0.8198"
-springBoot = "3.5.14"
+springBoot = "4.0.6"
 springDependencyManagement = "1.1.7"
-springDocOpenapi = "2.8.17"
+springDocOpenapi = "3.0.2"
+springRetry = "2.0.12"
 statsdClient = "3.1.0"
 unboundIdScimSdk = "2.0.0"
 velocity = "2.4.1"
@@ -55,6 +56,7 @@ velocity = { module = "org.apache.velocity:velocity-engine-core", version.ref =
 xmlSecurity = { module = "org.apache.santuario:xmlsec", version.ref = "xmlSecurity" }
 
 # AspectJ
+aspectJRt = { module = "org.aspectj:aspectjrt" }
 aspectJWeaver = { module = "org.aspectj:aspectjweaver" }
 
 # Awaitility
@@ -75,7 +77,8 @@ eclipseJgit = { module = "org.eclipse.jgit:org.eclipse.jgit", version.ref = "ecl
 
 # FasterXML Jackson
 jacksonAnnotations = { module = "com.fasterxml.jackson.core:jackson-annotations" }
-jacksonDatabind = { module = "com.fasterxml.jackson.core:jackson-databind" }
+jacksonDatabind = { module = "tools.jackson.core:jackson-databind" }
+jacksonDataformatYaml = { module = "tools.jackson.dataformat:jackson-dataformat-yaml" }
 
 # Flyway
 flywayCore = { module = "org.flywaydb:flyway-core" }
@@ -154,19 +157,25 @@ springBeans = { module = "org.springframework:spring-beans" }
 springContext = { module = "org.springframework:spring-context" }
 springContextSupport = { module = "org.springframework:spring-context-support" }
 springJdbc = { module = "org.springframework:spring-jdbc" }
+springRetry = { module ="org.springframework.retry:spring-retry", version.ref = "springRetry" }
 springTest = { module = "org.springframework:spring-test" }
 springTx = { module = "org.springframework:spring-tx" }
 springWeb = { module = "org.springframework:spring-web" }
 springWebMvc = { module = "org.springframework:spring-webmvc" }
 
 # Spring Boot
 springBootBom = { module = "org.springframework.boot:spring-boot-dependencies", version.ref = "springBoot" }
+springBootFlyway = { module = "org.springframework.boot:spring-boot-flyway" }
+springBootJdbc = { module = "org.springframework.boot:spring-boot-jdbc" }
+springBootSql = { module = "org.springframework.boot:spring-boot-sql" }
 springBootStarter = { module = "org.springframework.boot:spring-boot-starter" }
 springBootStarterLog4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2" }
 springBootStarterMail = { module = "org.springframework.boot:spring-boot-starter-mail" }
 springBootStarterTest = { module = "org.springframework.boot:spring-boot-starter-test" }
 springBootStarterTomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat" }
+springBootStarterTomcatRuntime = { module = "org.springframework.boot:spring-boot-starter-tomcat-runtime" }
 springBootStarterWeb = { module = "org.springframework.boot:spring-boot-starter-web" }
+springBootTransaction = { module = "org.springframework.boot:spring-boot-transaction" }
 
 # Spring Data
 springLdapCore = { module = "org.springframework.ldap:spring-ldap-core" }
@@ -178,6 +187,7 @@ springDocOpenapi = { module = "org.springdoc:springdoc-openapi-starter-webmvc-ui
 springRestdocs = { module = "org.springframework.restdocs:spring-restdocs-mockmvc" }
 
 # Spring Security
+springSecurityAccess = { module = "org.springframework.security:spring-security-access" }
 springSecurityConfig = { module = "org.springframework.security:spring-security-config" }
 springSecurityCore = { module = "org.springframework.security:spring-security-core" }
 springSecurityLdap = { module = "org.springframework.security:spring-security-ldap" }

metrics-data/src/main/java/org/cloudfoundry/identity/uaa/util/JsonUtils.java

@@ -15,19 +15,30 @@
 
 package org.cloudfoundry.identity.uaa.util;
 
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import tools.jackson.core.JsonParser;
+import tools.jackson.core.type.TypeReference;
+import tools.jackson.databind.DeserializationFeature;
+import tools.jackson.databind.JsonNode;
+import tools.jackson.databind.MapperFeature;
+import tools.jackson.databind.ObjectMapper;
+import tools.jackson.databind.SerializationFeature;
+import tools.jackson.databind.cfg.ConstructorDetector;
+import tools.jackson.databind.cfg.DateTimeFeature;
+import tools.jackson.databind.json.JsonMapper;
+import tools.jackson.core.JacksonException;
 
-import java.io.IOException;
 import java.io.Serial;
 import java.util.Date;
 import java.util.Map;
 
 public class JsonUtils {
-    private static final ObjectMapper objectMapper = new ObjectMapper();
+    private static final ObjectMapper objectMapper = JsonMapper.builder()
+            .enable(DateTimeFeature.WRITE_DATES_AS_TIMESTAMPS)
+            .enable(SerializationFeature.FAIL_ON_EMPTY_BEANS)
+            .disable(DeserializationFeature.FAIL_ON_NULL_FOR_PRIMITIVES)
+            .disable(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY)
+            .constructorDetector(ConstructorDetector.DEFAULT.withAllowImplicitWithDefaultConstructor(false))
+            .build();
 
     private JsonUtils() {
         throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
@@ -36,15 +47,15 @@ private JsonUtils() {
     public static String writeValueAsString(Object object) throws JsonUtilException {
         try {
             return objectMapper.writeValueAsString(object);
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
 
     public static byte[] writeValueAsBytes(Object object) throws JsonUtilException {
         try {
             return objectMapper.writeValueAsBytes(object);
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -56,7 +67,7 @@ public static <T> T readValue(String s, Class<T> clazz) throws JsonUtilException
             } else {
                 return null;
             }
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -65,7 +76,7 @@ public static Map<String, Object> readValueAsMap(final String input) {
         try {
             final JsonNode rootNode = objectMapper.readTree(input);
             return getNodeAsMap(rootNode);
-        } catch (final JsonProcessingException e) {
+        } catch (final JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -77,7 +88,7 @@ public static <T> T readValue(byte[] data, Class<T> clazz) throws JsonUtilExcept
             } else {
                 return null;
             }
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -89,7 +100,7 @@ public static <T> T readValue(String s, TypeReference<T> typeReference) {
             } else {
                 return null;
             }
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -101,7 +112,7 @@ public static <T> T readValue(byte[] data, TypeReference<T> typeReference) {
             } else {
                 return null;
             }
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -113,15 +124,15 @@ public static <T> T convertValue(Object object, Class<T> toClazz) throws JsonUti
             } else {
                 return objectMapper.convertValue(object, toClazz);
             }
-        } catch (IllegalArgumentException e) {
+        } catch (IllegalArgumentException | JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
 
     public static JsonNode readTree(JsonParser p) {
         try {
             return objectMapper.readTree(p);
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -133,7 +144,7 @@ public static JsonNode readTree(String s) {
             } else {
                 return null;
             }
-        } catch (IOException e) {
+        } catch (JacksonException e) {
             throw new JsonUtilException(e);
         }
     }
@@ -170,7 +181,7 @@ public static String serializeExcludingProperties(Object object, String... prope
 
     public static String getNodeAsString(JsonNode node, String fieldName, String defaultValue) {
         JsonNode typeNode = node.get(fieldName);
-        return typeNode == null ? defaultValue : typeNode.asText(defaultValue);
+        return typeNode == null ? defaultValue : typeNode.asString(defaultValue);
     }
 
     public static int getNodeAsInt(JsonNode node, String fieldName, int defaultValue) {

metrics-data/src/test/java/org/cloudfoundry/identity/uaa/metrics/MetricsQueueTest.java

@@ -1,6 +1,6 @@
 package org.cloudfoundry.identity.uaa.metrics;
 
-import com.fasterxml.jackson.core.type.TypeReference;
+import tools.jackson.core.type.TypeReference;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;

metrics-data/src/test/java/org/cloudfoundry/identity/uaa/util/JsonUtilsTest.java

@@ -1,19 +1,17 @@
 package org.cloudfoundry.identity.uaa.util;
 
-import com.fasterxml.jackson.core.JacksonException;
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.JsonDeserializer;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import tools.jackson.core.JsonParser;
+import tools.jackson.core.type.TypeReference;
+import tools.jackson.databind.DeserializationContext;
+import tools.jackson.databind.JsonNode;
+import tools.jackson.databind.annotation.JsonDeserialize;
 import org.cloudfoundry.identity.uaa.metrics.UrlGroup;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
+import tools.jackson.core.JacksonException;
+import tools.jackson.databind.ValueDeserializer;
 
-import java.io.IOException;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 import java.util.List;
@@ -141,83 +139,82 @@ void cannotInstantiate() {
     }
 
     @Test
-
-    void throwsException_writeValueAsString() throws JsonProcessingException {
+    void throwsException_writeValueAsString() throws JacksonException {
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.writeValueAsString(new Object())
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.databind.exc.InvalidDefinitionException: No serializer found for class java.lang.Object");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.databind.exc.InvalidDefinitionException: No serializer found for class java.lang.Object");
     }
 
     @Test
-    void throwsException_writeValueAsBytes() throws JsonProcessingException {
+    void throwsException_writeValueAsBytes() throws JacksonException {
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.writeValueAsBytes(new Object())
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.databind.exc.InvalidDefinitionException: No serializer found for class java.lang.Object");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.databind.exc.InvalidDefinitionException: No serializer found for class java.lang.Object");
     }
 
     @Test
-    void throwsException_readValue() throws JsonProcessingException {
+    void throwsException_readValue() throws JacksonException {
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readValue("invalid json", String.class)
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'invalid'");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unrecognized token 'invalid'");
 
         exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readValue("invalid json".getBytes(), String.class)
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'invalid'");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unrecognized token 'invalid'");
 
         exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readValue("invalid json", new TypeReference<String>() {})
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'invalid'");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unrecognized token 'invalid'");
 
         exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readValue("invalid json".getBytes(), new TypeReference<String>() {})
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'invalid'");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unrecognized token 'invalid'");
     }
 
     @Test
-    void throwsException_readValueAsMap() throws JsonProcessingException {
+    void throwsException_readValueAsMap() throws JacksonException {
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readValueAsMap("invalid json")
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'invalid'");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unrecognized token 'invalid'");
     }
 
     @Test
-    void throwsException_convertValue() throws JsonProcessingException {
+    void throwsException_convertValue() throws JacksonException {
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.convertValue(Boolean.TRUE, Integer.class)
         );
-        assertThat(exception.getMessage()).startsWith("java.lang.IllegalArgumentException: Cannot deserialize value of type `java.lang.Integer` from Boolean value");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `java.lang.Integer` from Boolean value");
     }
 
     @Test
-    void throwsException_readTree() throws JsonProcessingException {
+    void throwsException_readTree() throws JacksonException {
         assertThat(JsonUtils.readTree((String)null)).isNull();
 
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readTree("invalid json")
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'invalid'");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unrecognized token 'invalid'");
     }
 
     @Test
-    void throwsException_readTreeWithParserArg() throws JsonProcessingException {
+    void throwsException_readTreeWithParserArg() throws JacksonException {
 
 
         JsonUtils.JsonUtilException exception = assertThrows(JsonUtils.JsonUtilException.class,
                 () -> JsonUtils.readValue("{'valid':'json'}", SerializerTestObject.class)
         );
-        assertThat(exception.getMessage()).startsWith("com.fasterxml.jackson.core.JsonParseException: Unexpected character");
+        assertThat(exception.getMessage()).startsWith("tools.jackson.core.exc.StreamReadException: Unexpected character");
     }
 
     @Test
-    void readNodes() throws JsonProcessingException {
+    void readNodes() throws JacksonException {
         JsonUtils.readValue("""
                         {
                             "date": "1320105600000",
@@ -253,10 +250,10 @@ private Object getTestObject() {
     private static class SerializerTestObject {
 
     }
-    private static class TestDeserializer extends JsonDeserializer<SerializerTestObject> {
+    private static class TestDeserializer extends ValueDeserializer<SerializerTestObject> {
 
         @Override
-        public SerializerTestObject deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JacksonException {
+        public SerializerTestObject deserialize(JsonParser p, DeserializationContext ctxt) {
             JsonNode node = JsonUtils.readTree(p);
             JsonUtils.getNodeAsBoolean(node, "invalid", true);
             JsonUtils.getNodeAsInt(node, "invalid", 0);

model/src/main/java/org/cloudfoundry/identity/uaa/approval/Approval.java

@@ -19,8 +19,8 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import tools.jackson.databind.annotation.JsonDeserialize;
+import tools.jackson.databind.annotation.JsonSerialize;
 import org.cloudfoundry.identity.uaa.impl.JsonDateDeserializer;
 import org.cloudfoundry.identity.uaa.impl.JsonDateSerializer;
 import org.cloudfoundry.identity.uaa.approval.impl.ApprovalsJsonDeserializer;