[SHIRO-889] Provide Jakarta jar modules

[fpapon]

No description provided.

[bmarwell]

Maybe we can user undertow?
Here's a basic setup without deployment and empty instance manager.
All you need to do: configure the .war and stop the server again later.

Switched to non-TLS for test purposes.

fpapon/shiro@SHIRO-889...apache:shiro:SHIRO-889_undertow

WDYT?

[fpapon]

Maybe we can user undertow? Here's a basic setup without deployment and empty instance manager. All you need to do: configure the .war and stop the server again later.

Switched to non-TLS for test purposes.

fpapon/shiro@SHIRO-889...apache:shiro:SHIRO-889_undertow

WDYT?

Thank you! I will take a look :)

[bmarwell]

This can be removed, as this test now uses http which is sufficient

[lprimak]

Question: why is there separate packages to be renamed in the shade plugin ?
Can’t it just be done in a single javax->jakarta rename and not individual packages such as JaxRS etc?

[bmarwell]

Great! Just some nits and some imports, then it is close-to-done (imho)!

[bmarwell]

You are mixing junit4 and junit-jupiter assertions here. Please completely switch to -jupiter for all new tests.

[bmarwell]

... or maybe even assertj.

[fpapon]

assertj is not needed :)

[bmarwell]

response needs to be close()d. However, you might be able to use auto-closeable. https://jakarta.ee/specifications/platform/8/apidocs/javax/ws/rs/core/response#close--

[fpapon]

client is closed in finally so I don't think we need to close the response but I can close it also in finally.

[bmarwell]

Same. Needs close().

[bmarwell]

line feed missing at end of file

[fpapon]

weird because I copy/paste the web module sample without modification...

[bmarwell]

line feed missing at EOF

[bmarwell]

LF at EOF

[bmarwell]

+LF

[fpapon]

@bmarwell changes done

[bdemers]

I'm +0.5, I worry a little about the jakarta classifier, as the exclude * will drop all of the dependencies (so the user would probably need to add the other bits like shiro-core to their pom)
But... that's not the end of the world, and other projects are doing the same thing (e.g. meecrowave)
I think getting it in as is and getting feedback from interested parties makes it worth merging now.
(given other projects are doing something similar, I'm hesitant to try to suggest an over-engineered solution 🤣 :)

TL;DR - my opinion is to merge it

[fpapon]

I'm +0.5, I worry a little about the jakarta classifier, as the exclude * will drop all of the dependencies (so the user would probably need to add the other bits like shiro-core to their pom) But... that's not the end of the world, and other projects are doing the same thing (e.g. meecrowave) I think getting it in as is and getting feedback from interested parties makes it worth merging now. (given other projects are doing something similar, I'm hesitant to try to suggest an over-engineered solution rofl :)

TL;DR - my opinion is to merge it

Hi, yes but honestly I don't know how to do it differently without a lot of code...
I will add a page on the Shiro website to well document the usage of the jakarta classifier.

[garydgregory]

Releasing takes time and effort, which will happen, just not right now.

[bdemers]

without a lot of code...

@fpapon exactly my concern too! Let’s move forward with this PR 🚢

[fpapon]

Thanks, now I will prepare a PR for 1.11.x

[lucasdillmann]

Hello everyone.

First of all, a huge thanks on the work to provide the Jakarta JARs.

Looking in the 2.0.0 nightly snapshots, I was able to find the artifacts over the shiro-web and shiro-spring modules, but I couldn't find them in the shiro-spring-boot, shiro-spring-boot-starter and shiro-spring-boot-web-started.

Isn't needed to create the jakarta variant JAR/POM on the Spring Boot modules as well?

[lprimak]

@lucasdillmann I don't think Shiro spring is compatible with Spring 6 or SpringBoot 3 quite yet. Not sure if those modules can be currently done. I am not a Spring user so I can't comment further.

[lucasdillmann]

@lprimak Is there any way I could help you guys in order to check/test if it's compatible?

For example, if I create a test project with some basic scenarios as a POC (using a Shiro fork just to change to the Jakarta APIs on the boot modules), will it be useful in any way?

[lprimak]

If it's only that Jakarta relocations are needed, you can try to add the shade plugin in your fork the same way other modules are done. That would be very helpful and appreciated!
The issue is that I personally can't test it because I am not a spring user.
Thank you!

[lucasdillmann]

I'll do it and get back here with the results soon. As far I've seen in the source code, the changes come down to one single import change in this file (apart from the dependency graph between the modules).

[lucasdillmann]

@lprimak I finished the tests here using Spring Boot 3.0.1, and everything seems to be working just fine.

The source code of the test project is available here. I didn't uplod the changes in the Shiro source, but it is just the inclusion of the maven-shade-plugin in the shiro-spring-boot module.

In short, these are the (exploratory) tests I've made:

• Check if subject is authenticated or not using both the annotations (RequiresUser, RequiresGuest and RequiresAuthentication) and programmatic code.
• Check if subject has a permission or not, also using the RequiresPermissions annotation and the Subject#checkPermission method.
• Check if subject has a role or not, also using the RequiresRoles annotation and Subject#checkRole
• Login and logout procedures

The only "problem" I've found is in the dependency management: If you check the build.gradle file here you will see that I needed to explicitly include every module with the jakarta variant and exclude the regular one. This happens because of the POM file contents, which bring the regular JAR as transitive.

I don't know if this is expected or not and, if it isn't, if it should be changed or not.

[lprimak]

Can you please submit a PR for this? Sounds like a simple fix. Yes, the dependency management issue is expected.

[lucasdillmann]

Sure. PR code is #632.