SpringBot Release


  • Replace SpringFox with Springdoc.
    • Supports CSRF in the Swagger UI, which allows us to remove the specialised exclusion for REST endpoints in the test and dev profiles which was making it less secure.
    • Fully supports OpenAPI version 3 and has a strict reliance of published Swagger versions.
    • More reliable and complete API.
  • Removed the extractCss option from angular.json, as this option is not necessary in Angular 11.
  • Removed Internet Explorer v9 and v10 from the .browserslistrc file, as these browsers are no longer supported in Angular 11.
    • If you are using Internet Explorer v9 or v10 we recommend upgrading to v11.
  • Removed Swagger description from controller annotations, as this has been deprecated.
  • REST controller annotations have been wrapped in protected regions to allow for endpoint and controller metadata to be customised.

Resolved defects

  • Abstracted logic for sending requests and interpreting responses in login tests to methods in RequestUtil.
    • This class handles sending API requests during your tests, and ensures that the response has the expected format.

    • Updated error responses for password reset failures to use the updated error format. This format is:

      ErrorResponse: {
      	Description: String
      	Errors: [
      			Error: String
      			Message: String
    • This brings the responses for reset password request failures to be in line with other error message changes made in this release.

    • It also ensures that the password reset testing class can use the RequestUtils class to perform its tests.

  • Removed duplicated and unused imports from the entity controllers in the server-side.
  • Fixed compilation error for models with a one-to-one reference with the target marked as required.
  • Updated create and update REST endpoints to prevent returning a 500 error when entity validation fails.
    • Failed entity validation will now cause the endpoint to return a 400 error, with a list of constraint violations.
  • Constraint violation for the REST API and login auth errors are now returned using the ErrorResponseDto structure for consistency.
  • Fixed the issue where the example enum values from the Swagger UI were incompatible with the API.

Migration path

  • The RedirectController found at /configs/documentation/RedirectController.java is no longer required and as such has been removed.
  • To keep this controller, please remove the bot-written warning from the top of the file, along with any protected regions, to take ownership away from the bot before you upgrade.
  • Replacing Springfox with Springdoc requires some annotations to be changed. For a full list please see https://springdoc.org/migrating-from-springfox.html.
  • A new property has been added to application-dev.properties and application-test.properties which may be omitted if the protected regions in these files are active. If these protected regions are in use, add the springdoc.swagger-ui.enabled=true config item to which ever profile you wish to allow the Swagger UI to run in.
1 Like