Use the correct service name

[Legioth]

No description provided.

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.60%. Comparing base (52484b9) to head (0638cb8).
Report is 13 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2666   +/-   ##
=======================================
  Coverage   92.60%   92.60%           
=======================================
  Files          85       85           
  Lines        3164     3164           
  Branches      775      775           
=======================================
  Hits         2930     2930           
  Misses        183      183           
  Partials       51       51           

Flag	Coverage Δ
unittests	92.60% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[taefi]

Funny that since we moved to servlet 5, no one complained about this, so either:

• No one is deploying a war package on a servlet container, or
• The com.vaadin.hilla.startup.EndpointsValidator is loaded by Flow automatically since it is implementing com.vaadin.flow.server.startup.ClassLoaderAwareServletContainerInitializer - not sure that's the reason.

Then, the question is: Do we actually need it?
Anyway, this change doesn't harm anyone and should have been applied sooner.

[Legioth]

Should maybe also be cherry picked to 24.4.x?

[taefi]

Should maybe also be cherry picked to 24.4.x?

At least to 24.4.
2.5 is also using the jakarta namespace.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[cromoteca]

This PR fixes the EndpointValidator registration in the servlet container, making it work for the first time. The purpose of this validator is to verify that Hilla endpoints are used in a Spring Boot application, and to throw an exception if endpoints exist and Spring Boot is not in the classpath.

The CSRF tests thus fail because they are not Spring Boot applications, but they do have an endpoint, which is SignalsHandler.

There are some possible solutions:

• exclude SignalsHandler from the check (this is related to feat: add endpoint detection #2938 and the need of correctly identify the internal endpoints, as in

  hilla/packages/java/endpoint/src/main/java/com/vaadin/hilla/EndpointController.java

  Lines 134 to 137 in 0638cb8

  	endpointBeans.keySet().stream()
  	.filter(name -> !name.equals(SIGNALS_HANDLER_BEAN_NAME))
  	.findAny().ifPresent(name -> HillaStats.reportHasEndpoint());

  );
• log a warning instead of throwing in EndpointValidator;
• make EndpointValidator optional by configuration.

[cromoteca]

Some of those changes could not propagate well to some of the cherry-pick target that have been selected for this PR.

[cromoteca]

Also, given that it uses a ClassFinder from Flow, it seems to collect all classes annotated with BrowserCallable/Endpoint, but not all classes will be instantiated and used, so it seems a bit too strong as a check.

[taefi]

I'm in favor of logging a warning instead of throwing in EndpointValidator. A visible enough warning + documentation should be enough.

[cromoteca]

I still see this as a sort of duplicate of #2938. While they serve different purposes, the check for the presence of Spring could be added at the same place instead of having to declare a dedicated listener.

[cromoteca]

No longer needed after #3167