Upgrading | HUMAN Documentation

The upgrade process differs slightly depending on which version you’re upgrading from.

Upgrading from SDK < v4.x

Upgrading from SDK > v4.x

Migrating to Jakarta EE (Spring Boot 3+)

Two things changed in v4.x:

isVerified() is deprecated. Use isRequestLowScore() instead for the same check. This is optional and mainly useful for logging to indicate whether the request score was below the blocking threshold.
isHandledResponse() is new and returns true when HUMAN already wrote the response (block page or first-party), meaning you cannot continue to filterChain.doFilter

To account for these, update your code accordingly:

Replace `isVerified` with `isHandledResponse()`

1 PXContext ctx = enforcer.pxVerify(req, new HttpServletResponseWrapper(resp));
2 if (ctx != null && ctx.isVerified()) {
3     filterChain.doFilter(servletRequest, servletResponse);
4 }

Optional: Add logging to indicate why the response was handled

1 PXContext ctx = enforcer.pxVerify(req, new HttpServletResponseWrapper(resp));
2 // isHandledResponse() returns true when HUMAN already wrote the response:
3 //   - Request was blocked, OR
4 //   - Request was handled by first-party mechanism
5 // In both cases, do NOT forward to your application.
6 if (ctx != null && ctx.isHandledResponse()) {
7     // HUMAN already handled the response - do NOT forward
8     // Optional: log why the response was handled
9     if (ctx.isFirstPartyRequest()) {
10           System.out.println("Handled by first-party mechanism");
11     }
12     if (!ctx.isRequestLowScore()) {
13           System.out.println("Blocked request");
14     }
15     return;
16 }
17 filterChain.doFilter(servletRequest, servletResponse);

Update the builder syntax

Finally, the old new PXConfiguration.Builder() was replaced by Lombok’s PXConfiguration.builder() and should be replaced accordingly:

1 PXConfiguration config = new PXConfiguration.Builder()
2         .appId("<APP_ID>")
3         .build();