Changes and improvements​

Upgrade to Angular 21 and Angular Material 21​

For this release we updated all the code to Angular 21, in order to stay up to date with the releases and best practices.

Added DataProjection support​

A mechanism has been implemented to facilitate fetching of different DataProjections if the used control layer allows this (std-api). The defaults are set to details for getSingle calls and info for getList calls. This implementation also allows the use of calculated fields with the info projection now.

For the moment, the possible projections are set by a ModelLoadingListener that defaults to the info ($DataConnector$-table.model.ts) and details ($DataConnector$.model.ts) projections. In the future it will be possible to manually define other projections as well.

Added Finder support​

We have added a FinderConnector and QueryConnector that implements the new abstract FilterConnector. This allows to support finders as well as querysearch at the same time (depending on what control layer you are using).

The option hasSearchBar has also been ported. Like in KO this will expand a searchbar in the header of the list page connected to a finder defined by the specified value of the option.

Related to the addition of a universal Filter feature, previously only one querysearch was supported to be used as a filter. This has been changed to any amount of querysearches and finders.

Added Authorization support​

We have added AuthorizationRights to make certain parts of the application not accessible (used in guards, directives, services). These rights can be accessed through the ACTION_AUTHORIZATION_SOURCE InjectionToken, the interface can be provided by a control layer specific implementation, or you can provide your own. Some directives have been added to handle authorization on the most common used components

• ButtonAuthorizationDirective
• TableRowActionMenuAuthorizationDirective

These directives handle disabling components as well as showing tooltips on why it is disabled. You can look at these as examples when wanting to use the authorization feature somewhere else.

Added support for swapping out default add/edit with DataOperations​

Using the following tags you can now conditionally turn of some expanders:

• #angular.data-view.action.add.custom: disable default add page.
• #angular.data-view.action.edit.custom: disable default edit page.
• #angular.data-view.action.delete.custom: disable default delete dialog.
• #angular.data-view.routing.add.disable: disable the add route.
• #angular.data-view.routing.edit.disable: disable the edit route.
• Added feature anchors to remaining DataView actions (add, edit, delete, details, list).

Refactored use of HttpClient​

We have added an API specific HttpClient. This allows for easy changing of authentication headers, error handling etc. per different API implemented. The implicit behavior of the http interceptors is also now removed. To facilitate the removal of the use of interceptors a lot of operator functions that handled the logic of the interceptors have been created.

• handleDataAccessError
• handleAlertError
• handleDataAccessFormError
• notifyDataConnectorSuccessEvent
• notifyDataConnectorFailureEvent

Metamodel changes and additions​

Metamodel additions of abstract Connector and View. This allows for easier extension of different types of views (e.g. ListView, InstanceView, FilterView) or connectors (e.g. DataProjectionConnector, DataOperationConnector, ...).

Version 5.0.0 of SQL Expanders introduces support for multiple data scripts. The data has now been more closely integrated with the NS model, allowing us to work with multiple scripts per application.

The new file format simply adds a name attribute to the root element. This attribute indicates the name that will be used for the file of the generated SQL script. The name should also equal the filename.

<dataInstances
    xmlns="https://schemas.normalizedsystems.org/xsd/sql-expanders/5/0/0/dataInstances"
    name="001-app-init-data">
  <!-- data instances here -->
</dataInstances>

Migration​

Once you upgrade the version of sql-expanders to 5.0.0 or above, the next time you export the application model from micro-radiant, it will move the existing init data file and update the file to the latest format. This is now possible because the model is aware of the init data file, represented as an ApplicationData meta element.

Do note that at this time it is not possible to modify the data in the micro-radiant, as it is not represented by a full NS model.

We're thrilled to announce a significant milestone for our JEE platform. Support for Jakarta EE is now available! Our JEE platform expanders now target Java EE 7-8 or Jakarta EE 10.

Releases​

At this time, the full support for Jakarta EE is not yet available in beam releases. For migrating expanders and testing until the time that these releases make it into the beams, we've provided developer previews that mirror the beams, but contain the latest versions of all expansion resources.

Preparing your expander project​

Expander projects may require some updates if they expand code with javax imports. The first step would be to migrate those specific expanders to the new imports system.

When moving the imports to the mapping file, they should be redefined as the new jakarta imports. The imports as defined in the mapping should be considered the optional/default case:

<?xml version="1.0" encoding="UTF-8" ?>
<mapping xmlns="https://schemas.normalizedsystems.org/xsd/expanders/2025/0/0/mapping" strict="true">
  <artifact this="dataElement.packageName + '.' + dataElement.name + 'ImportantBean'" importStrategy="java"/>

  <uses eval="'jakarta.servlet.http.HttpServletRequest'"/>
  <uses eval="'jakarta.servlet.http.HttpServletResponse'"/>
</mapping>

In addition, it will be required to add a technology lexicon to map the imports back to the old javax equivalent. This in essence allows you to define how the imports should be rewritten if a specific technology is active in the model. Note that these are defined as data resources and will be inherited from dependencies. Many imports may already remap automatically if you depend on a resource such as Expanders that had its own technology lexicon.

<dataResource type="expansionControl::TechnologyLexicon">
<technologyLexicon>
  <technology name="JAVA_EE"/>
  <coordinateRedirections>
    <coordinateRedirection>
      <coordinate>jakarta.servlet.http.HttpServletRequest</coordinate>
      <target>javax.servlet.http.HttpServletRequest</target>
    </coordinateRedirection>
    <coordinateRedirection>
      <coordinate>jakarta.servlet.http.HttpServletResponse</coordinate>
      <target>javax.servlet.http.HttpServletResponse</target>
    </coordinateRedirection>
  </coordinateRedirections>
</technologyLexicon>
</dataResource>

Migrating applications​

When migrating applications there are only two important steps:

1. Updating the settings of the project to target Jakarta.
2. Migrate custom code in harvests and ext files if needed.

Updating project settings​

1. Upgrade your expansion settings (typically in conf/expansionSettings.conf) to use versions of expansion resources that support Jakarta EE.

2. In the technical infrastructure settings, the JEE version should be updated to 10:

   Java 21.xml

   <technicalInfrastructure name="Java 21">
     <javaVersion>jdk21</javaVersion>
     <jeeVersion>10</jeeVersion>
   </technicalInfrastructure>
   

3. Add the hibernate.version option with value 6 to your Application model.

   myapplication.xml

   <application name="myapplication">
     <shortName>myapplication</shortName>
     <version>1.0.0</version>
     <components>
       <component name="account"/>
       <component name="assets"/>
       <component name="utils"/>
       <component name="validation"/>
       <component name="workflow"/>
       <component name="applicationStuff"/>
     </components>
     <options>
       <hibernate.version>6</hibernate.version>
     </options>
   </application>
   

4. Update the TomEE base image for Docker to a TomEE 10 variant. The latest version can be found on the documentation page for the base image. Today, this is:

   • docker.normalizedsystems.org/nsx-tomee-base:10.1.2-3.11.1 for root-based images
   • docker.normalizedsystems.org/nsx-tomee-base:10.1.2-3.11.1-rootless for rootless images

Migrating custom code​

Most custom code will be compatible with Jakarta EE already and will not require any changes. The majority of required changes will be the package names that changed from javax.* to jakarta.*. These are easy to identify once you migrate the project settings and expand, as those imports will no longer be found. This is solved by simply replacing import javax. with import jakarta..

We now offer support for Java 25 in our JEE applications. Java 25 comes with some new features and performance enhancements as listed in the official release publication.

Java 25 at runtime​

TomEE 8 was not compatible with Java 25 due to the removal of the SecurityManager in Java 24 (deprecated in Java 17). A workaround for this issue was added in version 10.2.1 of TomEE. We've now also backported this change to version 8 in our fork of TomEE 8 and released it as part of our TomEE 8.0.19 update.

For now our images will still default to Java 21, but by adding the jre25 modifier to the image tags, you can already make use of the latest LTS version of Java.

Today, this is:

• docker.normalizedsystems.org/nsx-tomee-base:8.0.19-3.11.1-jre25 for root-based images
• docker.normalizedsystems.org/nsx-tomee-base:8.0.19-3.11.1-jre25-rootless for rootless images

For the latest version of the image, please refer to the image documentation page.

Compiling for Java 25​

To compile for Java 25 and use its language features, you need to change the Java version in the technical infrastructure settings file of your JEE project. Ideally you would also make a new settings file as the name of the settings is typically the version of Java. If you make a new file with a new name, also update the technicalInfrastructure reference in your application instance.

<technicalInfrastructure name="Java 25">
  <javaVersion>jdk25</javaVersion>
  <jeeVersion>8</jeeVersion>
</technicalInfrastructure>

<applicationInstance name="my-application">
  <shortName>my-application</shortName>
  <version>1.0.0</version>
  <globalOptionSettings name="3.0 Modern"/>
  <presentationSettings name="3.1 Future"/>
  <businessLogicSettings name="TomEE Postgres Hibernate"/>
  <technicalInfrastructure name="Java 25"/>
</applicationInstance>

In addition to this change, you need at least version 9.1.0 of net.democritus:Expanders in your project to target Java 25.

We've moved data-operations out of its experimental phase. This means it can now be adopted by any project which may need it. They are a successor to data-commands which means you can decide to migrate data-commands which undoubtedly have many uses throughout your application.

You can get started by adding the bundle:

<expansionResources>
  <expansionResource name="net.democritus:data-operations-bundle" version="1.1.0"/>
</expansionResources>

Please note data-commands will not be deprecated and can remain to be used. Data-operations provide a more expressive model and improvements to the runtime so we do recommend switching, but this is not a requirement. If you want to migrate, the decision tree below will help you with deciding which type of Operation is the best replacement for a data-command.

Command Decision Tree​

Changes and improvements​

Module-metamodel support​

In this version a dependency to the module-metamodel has been added. This allows for easy declaration of dependencies between modules, which are in this case FeatureModules.

Why would you want to declare dependencies between different FeatureModules?​

For example, you have a common FeatureModule that declares some DataConnectors and another FeatureModule containing DataViews that want to reuse already declared DataConnectors. When there is no possibility to declare dependencies between them, the expansion becomes unreliable. After explicitly defining the dependencies, the expansion will always make sure that the correct resources are loaded at the right time.

In order to get this to work you should add a angularAppModules.xml file to your project.

project
├── conf
├── applications
├── angular
.   ├── angularApps
    .   ├── space-app
        .   ├── model
            .   └── space-app.xml
            .
            └── angularAppModules.xml

<programModules xmlns="https://schemas.normalizedsystems.org/xsd/modules/1">
  <modules>
    <module>
      <moduleId>featureModules::api</moduleId>
      <moduleType>angularProjects::FeatureModule</moduleType>
    </module>
    <module>
      <moduleId>featureModules::geo</moduleId>
      <moduleType>angularProjects::FeatureModule</moduleType>
      <dependencies>
        <dependency>featureModules::api</dependency>
      </dependencies>
    </module>
    <module>
      <moduleId>featureModules::transport</moduleId>
      <moduleType>angularProjects::FeatureModule</moduleType>
      <dependencies>
        <dependency>featureModules::api</dependency>
      </dependencies>
    </module>
  </modules>
</programModules>

You are not required to add all FeatureModules here, only if you want to indicate some dependencies.

See the modules-metamodel repo for more information.

If you are using our tooling with Ubuntu and your apt update command indicates that your certificate is no longer valid, you are probably using an expired copy of our signing certificate. Please update it to the current version by executing the following command:

sudo bash -c "wget -q -O - https://foundation.stars-end.net/files/rotate-keys.sh | bash <(cat) </dev/tty"

Version 9 of Expanders introduces support for Jakarta EE as part of an effort to support this across our entire ecosystem. This also marks the completion of the first phase of this migration, where the entire JEE base application stack is supported for both Java EE and Jakarta EE, including process automation.

Breaking change for Struts2​

With this release of Expanders, we support both Struts2 6.x and 7.x to match the different versions of JEE. Since Struts2 completely removed support for the fileUpload interceptor in version 7, we've now also removed it from our application stack. The reasoning behind this decision is that this interceptor was responsible for CVE-2024-53677, which has a score of 9.5 on the CVSS 4 scale. The alternative implementation using the actionFileUpload interceptor has been implemented across all of our expanders for several months now, but custom upload actions will also have to be refactored to switch to the new system. Regrettably, the impact of this change will not be visible at compile time, so care must be taking when upgrading to version 9 of Expanders.

• NIST listing: https://nvd.nist.gov/vuln/detail/CVE-2024-53677
• Sonatype article: https://www.sonatype.com/blog/cve-2024-53677-a-critical-file-upload-vulnerability-in-apache-struts2

Migration​

The migration is fairly straight-forward and is described in this migration guide from Struts2: https://struts.apache.org/core-developers/action-file-upload-interceptor

An action that handles uploads should be modified by implementing the UploadedFilesAware interface. With this interface comes a method withUploadedFiles() that should be implemented. To retain backwards compatibility with existing implementations, it is possible to set the values of existing fields in the class from this method, which were previously set dynamically by the old interceptor using reflection.

public class AssetUploader extends ActionSupport {

  private File uploadData; // the actual file
  private String uploadDataContentType; // the content type of the file
  private String uploadDataFileName; // the uploaded file name

public class AssetUploader extends ActionSupport implements UploadedFilesAware {

  private File uploadData; // the actual file
  private String uploadDataContentType; // the content type of the file
  private String uploadDataFileName; // the uploaded file name

  @Override
  public void withUploadedFiles(List<UploadedFile> uploadedFiles) {
    if (!uploadedFiles.isEmpty()) {
      final UploadedFile uploadedFile = uploadedFiles.get(0);
      this.uploadData = new File(uploadedFile.getAbsolutePath());
      this.uploadDataContentType = uploadedFile.getContentType();
      this.uploadDataFileName = uploadedFile.getOriginalName();
    }
  }

This version introduces changes to how the javascript runtime libraries are loaded. It allows us to update the glint libraries without having to release a new micro-radiant version and removes a bottleneck that prevented us from introducing new components for the plugins.

There are also various improvements to better handle errors and reduce the number of synchronization issues.

Changes and improvements​

Ln0x support​

Previously only Ln02 link fields were supported, this has been extended to the full range of Ln0x that is implemented by the chosen control layer (std-api or svc-api). This behaviour is locked behind a profile for backwards compatibility reasons:

• Std API Ln0x
• Std API yarn Ln0x
• Svc API Ln0x
• Svc API yarn Ln0x

New number field component​

A new number field component has been introduced that handles text input in the fields more gracefully. The component also implements some fraction digits validators, adding more functionality. The component is powered by an I18N number formatter that handles fraction separators and number bounds correctly. Default this is set to the locale en-GB. For Dutch formatting use nl-BE in the app.config.ts.