Hi We are upgrading hybris version from 5.7 to 6.6. In 5.7 spring security version is 3.2.5 and for 6.6 spring security version is 4.2.4. While starting the server spring classes like JKSKeyManager is not getting recognized even if its present because of the version mismatch. Can some one suggest how to change the dependency to the old version of spring and use the new one? and where all we need to update this?
Thanks in advance
PFB the error logs below:
at java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'de.hybris.platform.ruleengine.infrastructure.PostRuleEngineInitializeBeanPostProcessor#0': Unsatisfied dependency expressed through field 'beanFactory'; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.saml.key.JKSKeyManager] for bean with name 'keyManager' defined in class path resource [security/spring-security-config.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.saml.key.JKSKeyManager
For the upgrade to go smoothly, make sure to delete all libraries related to Spring Core, Spring MVC and Spring Security from the custom library folders (e.g.
someextension/web/webroot/WEB-INF/lib) or remove them from your
external-dependencies.xml files, if you use maven dependency resolution, as those dependencies are now bundled with the hybris platform)
The next step would then be to migrate your spring configuration files to 4.x Particularly Spring Security changed a lot between 3.x and 4.x. Migrating from Spring Security 3.x to 4.x (XML Configuration). Make sure you update the xsds of your spring xml config files to the correct versions.
This should cover most of the migration effort. If you use other Spring Projects (e.g. Spring Integration), make sure that the libraries in your custom extension don't clash with libraries that may already be present in the platform. If the platform already provides them, delete them in your custom extension and use the platform version.
And your stacktrace looks like you are using Spring SAML, so you either include a compatible library in your custom extension, our you use the out-of-the-box support for SAML: samlsinglesignon Extension
You can find (some) spring version numbers in the release notes for 6.6: https://help.hybris.com/6.6.0/hcd/468fd08eae244cc7b959f7ace336951b.html