.. only:: html

 .. contents:: Table of contents
    :depth: 2
    :local:

Main changes in 5.3.2 are as follows.

• Updated Spring Framework to 4.3.14
• Updated Spring Security to 4.1.5
• Changed some of the common library specifications
• Changed blank project

From 5.3.2, Spring Framework was updated to 4.3.14.RELEASE.

Note

Spring Framework 4.3.5.RELEASE is used in Spring IO Platform Athens-SR2 however, version control is performed independently in the common library.

From 5.3.2, Spring Security was updated to 4.1.5.RELEASE.

Note

Spring Security 4.1.4.RELEASE is used in Spring IO Platform Athens-SR2 however, version control is performed independently in the common library.

From 5.3.2, some of the common library specifications were changed.

• [#747] Wrong full width string in DefaultFullHalf
• [#797] Update spring and spring security version

From 5.3.2, some of the configuration files of blank project were changed.

• [single#287] [multi#324] fix ojdbc group ID in pom.xml, match officially group ID
• [single#299] [multi#332] Warning about Logback.xml appears in Eclipse.
• [single#315] [multi#333] Should define the dependency to older version Selenium in blank project
• [single#300] [multi#334] Remove definition of trimTokens
• [multi#371] define maven-surefire-plugin version

Note

Regarding line feed codes

The line feed codes of blank project were unified with LF.

When source code of blank project is to be used, take care not to mix the line feed code with CRLF.

The migration procedure is as follows.

Note

Notes

Required : This procedure is required

Required by case : This procedure is required with conditions

Optional : This procedure is recommended (Implement it whenever required)

- : This procedure is not required

[General]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|

[Common library]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|

[Blank project]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|

[Spring Framework]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|

[Spring Security]

.. tabularcolumns:: |p{0.10\linewidth}|p{0.30\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|p{0.20\linewidth}|

Update common libraries and dependent libraries of TERASOLUNA Server Framework for Java (5.x).

.. tabularcolumns:: |p{0.35\linewidth}|p{0.25\linewidth}|p{0.25\linewidth}|p{0.15\linewidth}|

[Case where procedure is required]

This procedure is required.

This update procedure is for the project created by using mvn archetype.

Modify pom file version of the parent project to 5.3.2.RELEASE.

• ($YOUR_MULTIPLE_PROJECT_ROOT/pom.xml)

<!-- omitted -->
<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>5.3.2.RELEASE</version>                    <!-- ### Modification location ### -->
</parent>
<!-- omitted -->

This update procedure is for the project created using mvn archetype or for the project downloaded from release site.

Update pom file version of project to 5.3.2.RELEASE.

• ($YOUR_SINGLE_PROJECT/pom.xml)

<!-- omitted -->
<parent>
    <groupId>org.terasoluna.gfw</groupId>
    <artifactId>terasoluna-gfw-parent</artifactId>
    <version>5.3.2.RELEASE</version>                    <!-- ### Modification location ### -->
</parent>
<!-- omitted -->

This update procedure is for Eclipse WTP project downloaded from release site.

Refer to Update library at the time of using Eclipse WTP Project for update procedure.

[Case where procedure is required]

Confirm the following if it matches with any of the following cases.

• org.terasoluna.gfw.common.fullhalf.DefaultFullHalfis used.
• Own FullHalfConverterclass is created by referring to Development Guidelines.

[Specifications change contents]

Since there is a bug wherein Katakana "ベ" is not converted, the implementation example of org.terasoluna.gfw.common.fullhalf.DefaultFullHalf and Creation of FullHalfConverter class where pair definition of original full width and half width characters is registeredis modified as follows.

Ensure that there is no impact due to this modification.

[Before modification]

.. tabularcolumns:: |p{0.30\linewidth}|p{0.30\linewidth}

[After modification}

.. tabularcolumns:: |p{0.30\linewidth}|p{0.30\linewidth}

In Spring Framework 4.3, since the default value of trimTokensproperty of org.springframework.util.AntPathMatcheris false, the definition of AntPathMatcherwhere falseis specifically set, is not required.

Till 5.3.1 version of blank project, AntPathMatcher wherein falseis set in trimTokensproperty, is defined and applied in mvc:path-matchingof mvc:annotation-driven.

From 5.3.2 version, the definition of AntPathMatcheris deleted so the default settings of Spring MVC is used.

[Case where procedure is required]

This procedure is optional. Perform the following modifications whenever required.

[How to modify]

• ($YOUR_MULTIPLE_PROJECT_ROOT/projectName-web/src/main/resources/META-INF/spring/spring-mvc.xml)
• ($YOUR_SINGLE_PROJECT/src/main/resources/META-INF/spring/spring-mvc.xml)
• ($YOUR_ECLIPSE_WTP_PROJECT/src/main/resources/META-INF/spring/spring-mvc.xml)

Delete the following settings.

<mvc:annotation-driven>
   <!-- omitted -->
   <!-- ### Delete location From here ### -->
   <!-- workaround to CVE-2016-5007. -->
   <mvc:path-matching path-matcher="pathMatcher" />
   <!-- ### Delete location Till here ### -->
</mvc:annotation-driven>

<!-- omitted -->

<!-- ### Delete location From here ### -->
<!-- Setting PathMatcher. -->
<bean id="pathMatcher" class="org.springframework.util.AntPathMatcher">
    <property name="trimTokens" value="false" />
</bean>
<!-- ### Delete location Till here ### -->

DOCTYPE declaration is added to logback.xmlof blank project. There is no problem in the operations even if there is no DOCTYPE declaration, however, it is recommended to add it as a warning of XML syntax violation is displayed in IDE such as Eclipse.

[Case where procedure is required]

This procedure is optional. Perform the following modifications whenever required.

[How to modify]

Perform the following modifications in logback.xmlof project.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration> <!-- ### Add location ### -->
<configuration>

<!-- omitted -->

Group ID of ojdbc7mentioned in pom.xmlof blank project is modified as it differs when fetched from the official repository (Oracle Maven Repository).

[Case where procedure is required]

This procedure is optional. Perform the following modifications whenever required.

[How to modify]

Change group ID from com.oracleto com.oracle.jdbcas shown below.

[Before modification]

<dependency>
    <groupId>com.oracle</groupId>
    <artifactId>ojdbc7</artifactId>
    <version>${ojdbc.version}</version>
</dependency>

[After modification]

<dependency>
    <groupId>com.oracle.jdbc</groupId>
    <artifactId>ojdbc7</artifactId>
    <version>${ojdbc.version}</version>
</dependency>

Make proper changes in not only pom.xmlbut also Sonatype NEXUS that installs library in com.oracle.

Selenium version to be used in blank project is modified to be compliant with Spring IO Platform. Spring IO Platform Athens-SR2 uses Selenium 2.53.1.

[Case where procedure is required]

This procedure is optional however, it is recommended to do the following modifications if it matches with the following cases.

• Use Selenium of the version that is compliant with Spring IO Platform.

[How to modify]

Delete Selenium dependent library settings from dependencyManagementtag of pom.xmlof project.

<dependencyManagement>
   <dependencies>

   <!--omitted-->
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-java</artifactId>
          <version>${selenium.version}</version>  <!-- ### Delete location ### -->
          <scope>test</scope>
      </dependency>
   <!-- ### Delete location Start ### -->
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-chrome-driver</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-remote-driver</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-api</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-firefox-driver</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-ie-driver</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-safari-driver</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
      <dependency>
          <groupId>org.seleniumhq.selenium</groupId>
          <artifactId>selenium-support</artifactId>
          <version>${selenium.version}</version>
          <scope>test</scope>
      </dependency>
   <!-- ### Delete location End ### -->
   <!--omitted-->

   </dependencies>
</dependencyManagement>
<properties>
   <!--omitted-->
   <selenium.version>2.46.0</selenium.version> <!-- ### Delete location ### -->
   <!--omitted-->
</properties>

[Remarks]

To set Selenium version to be used independently, define the above-mentioned version to be deleted in pom.xmland specify the version that you want to use in selenium.version.

Note that defining just selenium-javais not sufficient, you need to have all versions of Selenium library such as selenium-remote-driver.

Version definition is added as Warning of undefined maven-surefire-plugin version occurs at the time of build of blank project.

Version is specified in order to match with common library definition (2.17).

[Case where procedure is required]

Perform the following modifications if it matches with the following cases.

• maven-surefire-plugin version is not defined uniquely and Warning is output at the time of build.

[How to modify]

Add the following definition in pom.xmlof project.

<build>
   <pluginManagement>
       <plugins>
           <!--omitted-->
           <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-surefire-plugin</artifactId>
               <version>${maven-surefire-plugin.version}</version>
           </plugin>
           <!--omitted-->
       </plugins>
   </pluginManagement>
</build>
<properties>
   <!--omitted-->
   <maven-surefire-plugin.version>2.17</maven-surefire-plugin.version>
   <!--omitted-->
</properties>

If the version actually used at the time of build is other than 2.17, there is no problem even if it is specified.

The implementation example of Path variable reference in authorization control (<sec:intercept-url>) by Spring Security is modified.

This modification was done because the contents mentioned in the Warning of specification of Web resource that applies access policy were not included in the implementation example.

In the earlier implementation example, if extension is included in the URL, it is considered as a part of the path variable and unintended authorization control is performed. Also, it is not considered that if the URL ends with extension or /, it will be interpreted differently in Spring MVC and Spring Security.

[Case where procedure is required]

Perform the following modifications if it matches with the following cases.

• Authorization control (<sec:intercept-url>) is implemented by Spring Security and path variables are used in path pattern (pattern).

[How to modify]

Change the definition of access policy of spring-security.xml.

Example）

[Before modification]

<sec:http>
   <sec:intercept-url pattern="/users/{userName}" access="isAuthenticated() and #userName == principal.username"/>
   <!-- omitted -->
</sec:http>

[After modification]

[When wild cards are to be used]

<sec:http>
   <sec:intercept-url pattern="/users/{userName}.*"  access="isAuthenticated() and #userName == principal.username"/>
   <sec:intercept-url pattern="/users/{userName}/**" access="isAuthenticated() and #userName == principal.username"/>
   <!-- omitted -->
</sec:http>

[When wild cards are not to be used]

<sec:http>
   <sec:intercept-url pattern="/users/{userName}.*"  access="isAuthenticated() and #userName == principal.username"/>
   <sec:intercept-url pattern="/users/{userName}/"   access="isAuthenticated() and #userName == principal.username"/>
   <sec:intercept-url pattern="/users/{userName}"    access="isAuthenticated() and #userName == principal.username"/>
   <!-- omitted -->
</sec:http>

In Spring Security 4.1, the following Issues are the cause of the bug of Cache-Control header not output normally as per application server.

spring-project/spring-security#2953

The bug does not occur in Spring Security 4.2, so it should be dealt with only when using Spring Security 4.1.

[Case where procedure is required]

Perform the following modifications if it matches with any of the following cases.

• Cache-Control header is not set in HTTP response header.

[How to modify]

Refer to Warning of Select security header of development guidelines and implement.

This implementation is required only for Spring Security 4.1, so delete it when migrating to Spring Security 4.2 onwards.

It is confirmed that when using @Injectin SOAP Web Service implementation, it does not work properly on a specific AP server. This is because the processing on SOAP server has the characteristics to operate on the servlet provided by JAX-WS engine and not on the servlet provided by Spring, and it impacts CDI function of each AP server (AP server of Java EE support) of execution environment if it is implemented to inject Bean of Spring management using @Inject.

[Case where procedure is required]

It may have the above-mentioned impact when DI function of AP server is not disabled. Perform the following modification whenever required.

[How to modify]

In the implementation of SOAP server, replace all the locations where @Injectis used, with @Autowired.

The default settings of timeout are changed in the implementation of client of SOAP Web Service.

Before change, Integertype was specified in value-typeattribute, however, when not specified, Stringtype is applied and specification of value-typeattribute is deleted, since it works normally with both Integerand String except for some servers.

[Case where procedure is required]

This procedure is optional. If it matches with the following cases and if required, perform the following modification.

• The used AP server is not weblogic.（※）

For （※） weblogic, the handling method differs. Refer to timeout settings of SOAP client.

[How to modify]

Modify custom property of org.springframework.remoting.jaxws.JaxWsPortProxyFactoryBean.

• ($YOUR_PROJECT_ROOT/[projectName]-domain/src/main/resources/META-INF/spring/[projectName]-domain.xml)

[Before modification]

<property name="customProperties">
    <map>
        <entry key="com.sun.xml.internal.ws.connect.timeout" value-type="java.lang.Integer"  value="${webservice.connect.timeout}"/>
        <entry key="com.sun.xml.internal.ws.request.timeout" value-type="java.lang.Integer"  value="${webservice.request.timeout}"/>
    </map>
</property>

[After modification]

<property name="customProperties">
    <map>
        <entry key="com.sun.xml.internal.ws.connect.timeout" value="${webservice.connect.timeout}"/>
        <entry key="com.sun.xml.internal.ws.request.timeout" value="${webservice.request.timeout}"/>
    </map>
</property>

org.springframework.http.client.support.BasicAuthorizationInterceptor is added from Spring Framework 4.1 and it will no longer be required to implement request header setting process for Basic authorization independently.

[Case where procedure is required]

It is recommended to apply the following modification to implement request header setting process for Basic authorization independently.

[How to modify]

Delete request header setting process 9（BasicAuthInterceptor）) for Basic authorization implemented independently and modify applicationContext.xmlas shown below.

[Before modification]

<bean id="basicAuthInterceptor" class="com.example.restclient.BasicAuthInterceptor" />

[After modification]

<bean id="basicAuthInterceptor" class="org.springframework.http.client.support.BasicAuthorizationInterceptor">
    <constructor-arg index="0" value="${api.auth.username}" /><!-- Set username -->
    <constructor-arg index="1" value="${api.auth.password}" /><!-- Set password -->
</bean>

In MyBatis 3.4 and MyBatis-Spring 1.3 combination, timeoutattribute of @Transactionalannotation is enabled.

[Case where procedure is required]

This procedure is optional, however, if it matches with any of the following cases, it is recommended to apply the following modifications.

• Information required for transaction management is declared in XML (bean definition).
• As a measure for non-functioning of timeoutattribute, timeout is specified for each statement in MyBatis mapper XML.

[How to modify：When information required for transaction management is declared in XML (bean definition)]

Delete XML (Bean definition) and specify @Transactionalfor the class or class method intended for transaction management.

Example）

[Before modification]

<bean id="fooService" class="x.y.service.DefaultFooService"/>

<tx:advice id="txAdvice" transaction-manager="transactionManager">
    <tx:attributes>
        <tx:method name="*" timeout="10"/>
    </tx:attributes>
</tx:advice>

<aop:config>
    <aop:pointcut id="fooServiceOperation" expression="execution(* x.y.service.FooService.*(..))"/>
    <aop:advisor advice-ref="txAdvice" pointcut-ref="fooServiceOperation"/>
</aop:config>

<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
    <property name="dataSource" ref="dataSource"/>
</bean>

[After modification]

<bean id="fooService" class="x.y.service.DefaultFooService"/>

<tx:annotation-driven />

<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
    <property name="dataSource" ref="dataSource"/>
</bean>

@Transactional(timeout = "10")
public class DefaultFooService implements FooService {

   //omitted

}

Refer to About transaction management of development guidelines for the details.

[How to modify：When timeout is specified for each statement in MyBatis mapper XML]

Delete timeoutattribute from the statement in mapper XML and specify timeoutattribute for @Transactional.

Implementation example of error handling has been added in Implementation example of OAuth of development guidelines. In the implementation example of the development guidelines before addition, error handling is inadequate and hence it is necessary to make modifications.

[Case where procedure is required]

Perform the following modifications if it matches with any of the following cases.

• Implement based on the development guidelines, and do not add own error handling.
• Implement based on the development guidelines, and not add own error handling but it differs with the implementation policy of 5.3.2 version development guidelines.

[How to modify]

Check implementation example of OAuth error handling and carry out the implementation.

Implementation example of cancel access token at client has been added in Implementation example of OAuth of development guidelines.

[Case where procedure is required]

Implement as follows if it matches with the following case.

• Cancellation of access token is being implemented in authorization server.

[How to implement]

Check implementation example of Cancel token (Client server) and carry out the implementation.

This update procedure is for Eclipse WTP project downloaded from release site.

Note

Notes

[Table header]

Non : Blank project not dependent on O/R Mapper

MB3 : Blank project for MyBatis3

JPA : Blank project for JPA

[Remarks column]

* : Operation target

Download Eclipse WTP Project of 5.3.2.RELEASE.

If Eclipse is running, close Eclipse.

Update (delete and add) the jar file of $YOUR_ECLIPSE_WTP_PROJECT/src/main/webapp/WEB-INF/lib.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|

Update (delete and add) the jar file of $YOUR_ECLIPSE_WTP_PROJECT/testlib.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|

Update (delete and add) the jar file for source storage of $YOUR_ECLIPSE_WTP_PROJECT/libsrc.

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|

Update the reference library by using the replacement character string.

• $YOUR_ECLIPSE_WTP_PROJECT/.classpath
• $YOUR_ECLIPSE_WTP_PROJECT/build.xml

.. tabularcolumns:: |p{0.25\linewidth}|p{0.30\linewidth}|p{0.30\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|p{0.05\linewidth}|