Description
openedon Jul 30, 2021
Description
MapStore backend is based on a set of java frameworks and libraries, whose version is very old (more than 10 years in some cases).
This was inherited from the main backend component, geostore, that is considered a stable project and has not been updated for a while.
Recent attempts to integrate in MapStore support for additional authentication protocols, in particular OAuth2 and OpenID Connect, have shown that the security infrastruture, based on the spring-security framework, version 3.0.5, is incompatible with existing modules that implement the above protocols.
Our options are:
- upgrade to the first Spring version that is compatible with the OAuth2 and OpenId security packages (from a first investigation, this is version 3.1.1, quite old too, indeed)
- try to upgrade to the latest and greatest version (5.3.9)
The first option would allow a quicker upgrade, but will probably only delay the need for further upgrades in the future. The second option should make us more future-proof, with the cost of a bigger initiial effort.
We already did a first investigation, and we used geostore as a proof of concept of the migration.
What we had to do is upgrading a bunch of libraries that are interdependent, so that every piece is fully working again. Our acceptance test for "fully working" were:
- all tests (unit and online) passing
- war starting and rest api endpoints answering to a bunch of requests
Currently, the acceptance test is green.
A quick summary of the upgraded libraries:
| Library | Old | New |
|---|---|---|
| Spring | 3.0.5 | 5.3.9 |
| Spring-security | 3.0.5 | 5.3.10 |
| CXF | 2.3.2 | 3.4.4 |
| Hibernate | 3.3.2 | 5.5.0 |
| JPA | 1.0 | 2.1 |
| hibernate-generic-dao | 0.5.1 | 1.3.0-SNAPSHOT |
hibernate-generic-dao is a dead project, but we found the source code and were able to upgrade it to the latest Spring 5 and Hibernate 5 (producing the 1.3.0-SNAPSHOT mentioned above). This needs to be published to a maven repo to build geostore. The source code is available here: https://github.com/mbarto/hibernate-generic-dao/tree/spring5_hibernate5
Results are a proof that a migration to the latest and greatest is possible.
Implementation steps (WIP):
- geostore libraries upgrade (Upgrade of Spring dependency to a more recent version geostore#233)
- integration of upgraded geostore in MapStore (#7172: migration to GeoStore 1.8-SNAPSHOT to inherit latest spring co… #7267)
- automatic and manual tests, looking for regressions, and fixing
