RDM 14.5.1 Upgrade Notes
Spring Boot 3 upgrade
ONE Runtime Server now uses Spring Boot 3. As a result, the security architecture had to be reworked, leading to the following configuration changes.
Change in the online services prefix
The /rdm/**
prefix on the RDM server is now used only for communication using internal JWT authentication.
Before the upgrade, follow these steps:
-
Determine if there are any online services deployed within the
/rdm/**
prefix that use Keycloak authentication and need to be accessed from locations other than the RDM Web App. -
If such services exist, relocate them to different prefixes to maintain their original authentication method based on Keycloak.
If you skip this step, calling online services that are authenticated using Keycloak and deployed to /rdm/ prefix results in a 401 error.
|
New properties added
The following applies to PaaS and self-managed, on-premise deployments. After the upgrade, make sure these properties are configured. Furthermore, if you are using Keycloak Security or Spring Security, additional configuration changes are needed in the HTTP Dispatcher configuration or the Spring Security XML file respectively. For more details, see ONE Runtime Server 14.5.1 Upgrade Notes. |
-
A new property
ataccama.authentication.internal.jwt.generator.key
was introduced. The value is<jwt-key|base64>
. -
A new section defining
PlatformDeploymentContributor
was added to therdm.runtimeConfig
file. A sample definition looks as follows:rdm.runtimeConfig<config class="com.ataccama.server.platform.PlatformDeploymentContributor"> <platformDeployments> <platformDeployment name="rdm"> <properties> <property name="[ataccama.one.platform.deployments.rdm-dev.security.jwt-keys.rdm.name](http://ataccama.one.platform.deployments.rdm-dev.security.jwt-keys.rdm.name/)" value="rdm"/> <property name="ataccama.one.platform.deployments.rdm-dev.security.jwt-keys.rdm.fingerprint" value="<jwt-fingerprint>"/> <property name="ataccama.one.platform.deployments.rdm-dev.module" value="rdm"/> <property name="ataccama.one.platform.deployments.rdm-dev.security.jwt-keys.rdm.content" value="<jwt-content|base64"/> <property name="ataccama.one.platform.deployments.rdm-dev.security.jwt-keys.rdm.isRevoked" value="false"/> <property name="ataccama.one.platform.deployments.rdm-dev.security.roles" value="IMPERSONATION"/> <property name="ataccama.one.platform.deployments.rdm-dev.security.url-patterns" value="/rdm/**,** /server-management/, /rdmOnPublishHandler"/> </properties> </platformDeployment> </platformDeployments> </config>
-
A new element
<usePlatformDeployment>
referencingPlatformDeploymentContributor
was added to theHttpDispatcher
component in therdm.serverConfig
file. A sample definition looks as follows:rdm.serverConfig<component disabled="false" class="com.ataccama.dqc.web.HttpDispatcher"> ... <listeners> <listenerBean ...> ... <contexts> <listenerContext ...> ... <securityFilter ...> <identityProviders> ... </identityProviders> <interceptUrls> ... </interceptUrls> <usePlatformDeployment>rdm</usePlatformDeployment> <- new definition </securityFilter> </listenerContext> </contexts> ... </listenerBean> ...
Optimize PostgreSQL database performance
To optimize the performance of the PostgreSQL database and improve the speed at which RDM is able to import tables, apply the following settings to your PostgreSQL instance:
ALTER DATABASE rdm SET work_mem = '50MB';
ALTER DATABASE rdm SET enable_nestloop to 'off';
ALTER DATABASE rdm SET maintenance_work_mem to '500MB';
This applies to self-managed deployments. No action is required for cloud environments.
Configure service endpoints for reading or writing data
Internal communication between RDM and online services is authenticated using a dedicated service client defined in Keycloak. However, any externally exposed services require a different type of authentication, which must be additionally configured.
For instructions about how to set this up, see Step 3 Configure service endpoints in Preparing Web Service Configurations for Reading Data and Preparing Web Service Configurations for Writing Data.
Enrichment and validation services rely on internal JWT authentication and therefore no additional changes are required. |
Configuration changelog
This section provides the information about the changes in the configuration files that need to be taken into account when upgrading the solution. In certain cases, the newly introduced default is used or some configuration is required.
The following table lists the changes in the files: added, changed, and removed properties.
Configuration file | Added properties | Changed properties | Removed properties |
---|---|---|---|
application.properties |
|
/ |
/ |
rdm.runtimeConfig |
|
/ |
/ |
rdm.serverConfig |
|
/ |
/ |
Was this page useful?