Skip to content

spring.datasource.dbcp2.username and spring.datasource.dbcp2.password are incorrectly marked as deprecated #40076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wilkinsona opened this issue Mar 22, 2024 · 6 comments
Closed

spring.datasource.dbcp2.username and spring.datasource.dbcp2.password are incorrectly marked as deprecated #40076

wilkinsona opened this issue Mar 22, 2024 · 6 comments
Assignees
@mhalbritter
Labels
type: bug A general bug
Milestone
3.3.0-RC1

Comments

@wilkinsona
Copy link
Member

We bind spring.datasource.dbcp2 to third-party code, namely org.apache.commons.dbcp2.BasicDataSource. getUsername and getPassword on BasicDataSource have been marked as deprecated but setUsername and setPassword have not. For configuration property binding purposes this means that they are not deprecated – the binder only need to call the setters – but the generated metadata states that they are deprecated.

I think there's a general problem here and this is a specific symptom of that problem. The problem is that a getter being deprecated is sufficient for a configuration property to be flagged as deprecated. For a scalar property, I think we should consider requiring the setter to be deprecated before flagging the property as deprecated. For maps, lists, and nested properties, a deprecated getter is probably sufficient signal as the binder needs to use the getter to retrieve any existing value.

Flagging for discussion in a team meeting to decide if and where we should fix this. Given that it's a more general problem, we may want to apply a fix in 3.1.x.
@wilkinsona wilkinsona added type: bug A general bug for: team-meeting An issue we'd like to discuss as a team to make progress labels Mar 22, 2024
@cxhello
Copy link

cxhello commented Mar 26, 2024

@wilkinsona Is the solution to this problem to modify these two configurations in spring-configuration-metadata.json ?
If so, can this issue be assigned to me?

{
    "properties": [
        {
            "name": "spring.datasource.dbcp2.password",
            "type": "java.lang.String",
            "sourceType": "org.apache.commons.dbcp2.BasicDataSource",
            "deprecated": true,
            "deprecation": {}
        },
        {
            "name": "spring.datasource.dbcp2.username",
            "type": "java.lang.String",
            "sourceType": "org.apache.commons.dbcp2.BasicDataSource",
            "deprecated": true,
            "deprecation": {}
        }
    ]
}

@quaff
Copy link
Contributor

quaff commented Mar 26, 2024

@wilkinsona Is the solution to this problem to modify these two configurations in spring-configuration-metadata.json ? If so, can this issue be assigned to me?

{
    "properties": [
        {
            "name": "spring.datasource.dbcp2.password",
            "type": "java.lang.String",
            "sourceType": "org.apache.commons.dbcp2.BasicDataSource",
            "deprecated": true,
            "deprecation": {}
        },
        {
            "name": "spring.datasource.dbcp2.username",
            "type": "java.lang.String",
            "sourceType": "org.apache.commons.dbcp2.BasicDataSource",
            "deprecated": true,
            "deprecation": {}
        }
    ]
}

spring-configuration-metadata.json is generated not a source file.

@cxhello
Copy link

cxhello commented Mar 26, 2024
edited
Loading

@quaff Sorry, it was my mistake. It is automatically generated. Is it possible to solve this issue by upgrading dbcp2 to 2.11.0?

@quaff
Copy link
Contributor

quaff commented Mar 26, 2024

@quaff Sorry, it was my mistake. It is automatically generated. Is it possible to solve this issue by upgrading dbcp2 to 2.11.0?

It's actually false positive reported by spring boot, nothing related to dbcp2.

@cxhello
Copy link

cxhello commented Mar 26, 2024

@quaff OK, I understand, thanks for your answer.

@wilkinsona wilkinsona removed the for: team-meeting An issue we'd like to discuss as a team to make progress label Mar 28, 2024
@wilkinsona wilkinsona added this to the 3.3.x milestone Mar 28, 2024
@wilkinsona
Copy link
Member Author

We're going to look at a fix that focuses only on the DBCP2 properties for now at least. We don't think we can change to requiring the setter to be deprecated as it would be a breaking change.

@mhalbritter mhalbritter self-assigned this Apr 4, 2024
@mhalbritter mhalbritter modified the milestones: 3.3.x, 3.3.0-RC1 Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mhalbritter mhalbritter

Labels
type: bug A general bug
Projects
None yet
Milestone
3.3.0-RC1
Development

No branches or pull requests
4 participants
@quaff @wilkinsona @cxhello @mhalbritter