We were starting to build a new web application and thought of using Spring 4.0. We wanted to use Spring security as well and I can see only 3.2.6 version is available for that. Just wanted to check if it is compatible with 4.0 or not?
Yes .Spring Security latest version 3.2.0 is built against Spring 3.2.6 , but it is tested against Spring 4.
If you use Maven , you have to resolve its transitive dependencies when using Spring 4 with Spring Security 3.2 .
For more information , please see this
Related
There is a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-22047) discovered in spring-data-rest-webmvc which is only fixed in versions 3.4.14 and 3.5.6. Spring Boot 2.3.12 uses the version 3.3.9. Migrating to spring boot 2.4.x or above is not an option for us.
We would like to use spring-data-rest-webmvc:3.4.14, but we are not sure if it's compatible with spring boot 2.3.x.
Can we use them together?
Spring Data Rest version 3.4 and up use Spring Framework version 5.3.x.
Spring Boot 2.3 is build with Spring Framework 5.2.x.
Will it work, probably, but there are no garanties that it will keep working or work at all. Most like it will fail with some NoSuchMethodError or ClassNotFOundExceptions or other exotic expetions one gets when mixing modules/jars from different versions of a framework.
The application is created using spring boot version 1.2.5 Release. I can see that it includes an embedded tomcat version which is 8.0.23. Is it possible to upgrade to a recent tomcat version, let's say, tomcat 9 with spring boot 1.2.5 and still run the application? Or do we need to upgrade the spring boot version to be compatible with tomcat 9? Is there any documentation for the spring boot version compatibility with Tomcat? Thank you.
Why do you want to upgrade it? What is the newer version of tomcat going to bring?
I personally go with the defaults for the spring version unless there is a specific need or issue.
That being said this question may have some pointers
How to change embedded tomcat's version in existing spring boot app?
You may be able to just set the property
9.0.5
It would be preferable to upgrade to the latest Spring Boot release (currently 2.2.5-RELEASE) to avail yourself of the latest features. There are many tutorials, migration guides, problem solutions, etc., out there to guide you, of which here are just a couple:
https://spring.io/blog/2018/03/12/upgrading-start-spring-io-to-spring-boot-2
Global CORS configuration breaks when migrating to Spring Boot 2.0.x
You didn't specify a reason for keeping your Spring Boot version at 1.2.5-RELEASE and only upgrading tomcat, but if you really must, there are other answers, such as here: How to change embedded tomcat's version in existing spring boot app?
Please what is the compatible release version for Spring Security for Spring 3.2.8 release ?
There is little dependancy between Spring Security versions and Spring Framework versions. I have already used Spring Security 3.1.x with Spring Framework 3.1.x and 3.2.x.
If you have no reason to do differently (portability of code) you should choose the more recent General Available version that is compatible with your other components.
Doc for latest GA (4.0.1) says that it builds against Spring Framework 4.1.6.RELEASE, but should work with 4.0.x => no good.
Doc for previous GA (3.2.7) says that is builds against Spring Framework 3.2.13.RELEASE, but is also tested against Spring Framework 4.1.6.RELEASE
It would be my first choice, but if you use maven, you will have to control what is actually imported via transitive dependancy and eventually force 3.2.8 versions for all used Spring Framework components to avoid mixing different versions, or better upgrade to 3.2.13 since it is only a patch level different version.
Of course, you can also make use of the fact that previous Spring Security version (3.2.6) explicitely builds against Spring Framework 3.2.8.RELEASE, as said by #zeisi
According to the Docs it would be 3.2.6, see Spring Security Docs
I just downloaded the STS (Spring Tool Suite) and created a simple Spring project.
But the supported Spring version is as below:
Why the latest Spring 4.2.4 is not listed? How can I add it?
I think, it's because they are in favor of Spring-boot. You can create a Spring Starter Project instead and it will come with the lastest version of spring.
Please what is the compatible release version for Spring Security for Spring 3.2.8 release ?
There is little dependancy between Spring Security versions and Spring Framework versions. I have already used Spring Security 3.1.x with Spring Framework 3.1.x and 3.2.x.
If you have no reason to do differently (portability of code) you should choose the more recent General Available version that is compatible with your other components.
Doc for latest GA (4.0.1) says that it builds against Spring Framework 4.1.6.RELEASE, but should work with 4.0.x => no good.
Doc for previous GA (3.2.7) says that is builds against Spring Framework 3.2.13.RELEASE, but is also tested against Spring Framework 4.1.6.RELEASE
It would be my first choice, but if you use maven, you will have to control what is actually imported via transitive dependancy and eventually force 3.2.8 versions for all used Spring Framework components to avoid mixing different versions, or better upgrade to 3.2.13 since it is only a patch level different version.
Of course, you can also make use of the fact that previous Spring Security version (3.2.6) explicitely builds against Spring Framework 3.2.8.RELEASE, as said by #zeisi
According to the Docs it would be 3.2.6, see Spring Security Docs