Migrate UserFront from Java 8/Spring Boot 1.5.4 to Java 17/Spring Boot 3.2.5

[devin-ai-integration]

Summary

Migrates the UserFront Spring Boot backend from Java 8 / Spring Boot 1.5.4.RELEASE to Java 17 / Spring Boot 3.2.5. All changes are confined to the UserFront/ module.

Changes made:

Build & tooling:

• pom.xml: Java 17, Spring Boot 3.2.5, mysql-connector-j (replaces mysql-connector-java)
• Maven wrapper updated to 3.9.6

Namespace migration (javax.* → jakarta.*):

• All JPA entity imports: javax.persistence.* → jakarta.persistence.* (User, PrimaryAccount, SavingsAccount, Appointment, PrimaryTransaction, SavingsTransaction, Recipient, Role, UserRole)
• Servlet imports in RequestFilter.java: javax.servlet.* → jakarta.servlet.*

Hibernate 6 / MySQL compatibility:

• GenerationType.AUTO → GenerationType.IDENTITY in all 8 entity @GeneratedValue annotations
• Hibernate dialect updated from MySQL5Dialect to MySQLDialect
• Deprecated testWhileIdle/validationQuery replaced with spring.datasource.hikari.connection-test-query

Spring Security 6:

• Rewrote SecurityConfig.java — removed WebSecurityConfigurerAdapter (deleted in Security 6), replaced with SecurityFilterChain bean, DaoAuthenticationProvider, and AuthenticationManager beans
• @EnableGlobalMethodSecurity → @EnableMethodSecurity
• Fixed invalid path pattern: /error/**/* → /error/** (Spring Security 6's PathPatternParser does not allow path segments after **)

Spring Data 3.x:

• AppointmentServiceImpl: findOne(id) → findById(id).orElseThrow() (also fixes pre-existing potential NPE in confirmAppointment)

Spring Boot 3.x compatibility:

• Added spring.main.allow-circular-references=true for legacy circular bean dependencies

Testing:

• UserFrontApplicationTests migrated from JUnit 4 (@RunWith(SpringRunner.class)) to JUnit 5 (@SpringBootTest only)

End-to-end testing verified:

• ./mvnw clean compile — BUILD SUCCESS
• ./mvnw test — 1 test run, 0 failures
• Signup flow: form submission creates user + accounts in DB, redirects to login
• Login flow: Spring Security 6 form auth with BCrypt, redirects to dashboard showing account balances
• AdminPortal (Angular 4 on :4200): fetches /api/user/all and /api/appointment/all via CORS — user table populated, appointment table renders

Review & Testing Checklist for Human

• Run ./mvnw clean compile — should succeed with zero errors
• Start MySQL and run ./mvnw spring-boot:run — app should start on port 8080
• Important: Seed ROLE_USER before first signup: INSERT INTO role (role_id, name) VALUES (0, 'ROLE_USER');
• Navigate to http://localhost:8080/ — verify login page renders, sign up a new user, log in, verify dashboard

Notes

• The AdminPortal Angular 4 frontend was not modified — it requires Node 8-10 to build
• spring.main.allow-circular-references=true was added for legacy circular bean dependencies — resolving would require significant refactoring
• The role table must be seeded with ROLE_USER before signup will work (the app's roleDao.findByName("ROLE_USER") returns null otherwise)

Link to Devin session: https://app.devin.ai/sessions/5e343d2dd36142c1ae42da7a8ebf8d07
Requested by: @stephencornwell

---

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

End-to-End Test Results

Tested locally: Backend on :8080 with MySQL 8, AdminPortal Angular app on :4200. Full signup → login → dashboard → admin API flow.

All 4 tests passed

Test	Result
Signup new user (form submit → redirect to login)	PASSED
Login + dashboard (Spring Security 6 form auth → /userFront with balances)	PASSED
AdminPortal user list (/api/user/all via CORS)	PASSED
AdminPortal appointment list (/api/appointment/all)	PASSED

Test 1 & 2: Signup → Login → Dashboard

• Filled signup form (firstName=TestUser, lastName=Migration, username=testmigrate)
• POST /signup redirected to /index (login page) — no 500 error
• DB confirmed: user row created, primary_account + savings_account created, user_role mapped to ROLE_USER
• Login with testmigrate/Password123 → redirected to /userFront
• Dashboard shows "Primary Balance: $ 0.00" and "Savings Balance: $ 0.00"

Proves: jakarta.persistence entities work, GenerationType.IDENTITY works with Hibernate 6/MySQL, Spring Security 6 SecurityFilterChain + BCryptPasswordEncoder + DaoAuthenticationProvider all functional.

Test 3 & 4: AdminPortal API Communication

• Angular 4 app at :4200 loaded, logged in via POST to :8080/index (cross-origin with credentials)
• Clicked "User Account" → fetched /api/user/all → table shows testmigrate with all fields
• Clicked "Appointment" → fetched /api/appointment/all → empty table rendered (expected)

Proves: jakarta.servlet CORS filter works, @PreAuthorize("hasRole('ADMIN')") works with @EnableMethodSecurity, REST endpoints return correct JSON, Angular ↔ Spring Boot 3.2.5 cross-origin communication works.

Migration Components Verified

Component	Status
javax.persistence → jakarta.persistence	Working
GenerationType.AUTO → IDENTITY	Working
Spring Security 6 (SecurityFilterChain)	Working
BCrypt + DaoAuthenticationProvider	Working
javax.servlet → jakarta.servlet (CORS)	Working
Hibernate 6 + MySQLDialect	Working
spring.main.allow-circular-references	Working
/error/** path pattern fix	Working
findById().orElseThrow()	Working

---

Devin session