grails
Grails 7 migration issue with when Xframe Options plugin is enabled
Expected Behavior
During Grails 7 migration we see are getting the following Exceptions, this issue is because of XFrameOptionsFilter part of grails plugin x-frame-options uses javax.servlet package which is not supported with Grails 7, can you point out the latest version of x-frame-options grails plugin supporting jakarta.servlet
Exception Stack Trace
[2025-04-04 14:15:50.384] [http-nio-8080-exec-2] ERROR org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/SampleSandboxApp].[dispatcherServletRegistration] - Servlet.service() for servlet [dispatcherServletRegistration] in context with path [/SampleSandboxApp] threw exception [Filter execution threw an exception] with root cause java.lang.AbstractMethodError: Missing implementation of resolved method 'abstract void doFilterInternal(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse, jakarta.servlet.FilterChain)' of abstract class org.springframework.web.filter.OncePerRequestFilter. at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) at org.sitemesh.webapp.contentfilter.ContentBufferingFilter.bufferAndPostProcess(ContentBufferingFilter.java:201) at org.sitemesh.webapp.contentfilter.ContentBufferingFilter.doFilter(ContentBufferingFilter.java:158) at org.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:144) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:117)
Actual Behaviour
No response
Steps To Reproduce
No response
Environment Information
Windows 11 Pro JDK 17
Example Application
No response
Version
7.0.0-M3
@weinellucian Are you using https://github.com/mrhaki/grails-x-frame-options-plugin?
Every plugin must be updated to work with Grails 7, it is the Jakarta EE, Spring, Groovy and Gradle updates mostly and does not take that long.
You should check with mrhaki to see if he will accept updates and if not it could be forked to https://github.com/grails-plugins
As per documentation looks like we are using the same plugin, we haven't referred this repo till now, we specify dependency as runtimeOnly "org.grails.plugins:x-frame-options:1.1.2"
Previously, the plugins were published to a shared grails repo. This plugin was from before. I'll reach out to the plugin author and see if we can get it updated and/or moved to grails-plugins org.
I've reached out to @mrhaki asking if he's willing to update the plugin or if he's willing for us to move it to the grails-plugin repo similar to what we did with https://github.com/burtbeckwith/grails-db-reverse-engineer
We also have similar issues with Grails plugins CAS and SAML, where it still uses javax.servlet instead of jakarta.servlet , here are those plugins. Can you point to the latest plugins supporting jakarta.servlet
**org.grails.plugins:spring-security-cas:4.0.0-RC1
org.grails.plugins:spring-security-saml:4.0.2**
@weinellucian For each plugin you will need to upgrade to a version specifically released for Grails 7.
If the plugin has not yet been updated for Grails 7, reach out to the author/maintainer about updating for Grails 7. If they do not respond, you may need to invest some time to update plugins necessary for your project. Some plugins in this later group are being moved to https://github.com/grails-plugins and then maintained there.
For spring-security-cas, use https://github.com/apache/grails-spring-security/releases/tag/v7.0.0-M3
https://github.com/grails-spring-security-saml/grails-spring-security-saml has not yet been updated for Grails 7 and will need to be.
@mrhaki confirmed he's ok for us to take over the plugin. I've created https://github.com/grails-plugins/grails-x-frame-options-plugin for it's future home. I'll try to update the plugin in the coming week.
@weinellucian
For CAS use: org.grails.plugins:spring-security-cas:7.0.0-M3
For SAML: https://github.com/grails-spring-security-saml/grails-spring-security-saml try to reach out to the external plugin author and see if they will update it for the Grails 7 milestone. That repo appears to be active.
@mrhaki @jdaugherty let us know if grails-x-frame-options-plugin is migrated to Grails 7
FYI: We're waiting for the 7.0.0-M4 to be published since there's a significant change with the coordinates updating to org.apache. Once the 7.0.0-M4 is fully out, I do intend to revisit this.
