For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • General
    • About Enforcers
    • Support first-party HUMAN calls
    • Troubleshoot Enforcer configurations
  • Enforcer frameworks
    • Akamai ESI
    • Apache - C Module
    • ASP.NET
    • Callout Enforcer
    • Envoy Proxy
    • F5 BIGIP
    • Fastly JavaScript Compute@Edge
    • Google Cloud Platform (GCP) Callout Enforcer
      • Java changelog
      • Installation
      • Configuration
      • Upgrading
    • Kong Plugin
    • NGINX - C Module
    • NGINX - LUA Module
    • PHP
    • Python
    • Ruby
    • Salesforce Commerce Cloud Cartridge
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
Enforcer frameworksJava

Upgrading

Was this page helpful?
Previous

Kong Plugin

Next
Built with

The upgrade process differs slightly depending on which version you’re upgrading from.

Upgrading from SDK < v4.x
Upgrading from SDK > v4.x
Migrating to Jakarta EE (Spring Boot 3+)

Two things changed in v4.x:

  • isVerified() is deprecated. Use isRequestLowScore() instead for the same check. This is optional and mainly useful for logging to indicate whether the request score was below the blocking threshold.
  • isHandledResponse() is new and returns true when HUMAN already wrote the response (block page or first-party), meaning you cannot continue to filterChain.doFilter

To account for these, update your code accordingly:

1

Replace isVerified with isHandledResponse()

1PXContext ctx = enforcer.pxVerify(req, new HttpServletResponseWrapper(resp));
2if (ctx != null && ctx.isVerified()) {
3    filterChain.doFilter(servletRequest, servletResponse);
4}
2

Optional: Add logging to indicate why the response was handled

1PXContext ctx = enforcer.pxVerify(req, new HttpServletResponseWrapper(resp));
2// isHandledResponse() returns true when HUMAN already wrote the response:
3//   - Request was blocked, OR
4//   - Request was handled by first-party mechanism
5// In both cases, do NOT forward to your application.
6if (ctx != null && ctx.isHandledResponse()) {
7    // HUMAN already handled the response - do NOT forward
8    // Optional: log why the response was handled
9    if (ctx.isFirstPartyRequest()) {
10          System.out.println("Handled by first-party mechanism");
11    }
12    if (!ctx.isRequestLowScore()) {
13          System.out.println("Blocked request");
14    }
15    return;
16}
17filterChain.doFilter(servletRequest, servletResponse);
3

Update the builder syntax

Finally, the old new PXConfiguration.Builder() was replaced by Lombok’s PXConfiguration.builder() and should be replaced accordingly:

1PXConfiguration config = new PXConfiguration.Builder()
2        .appId("<APP_ID>")
3        .build();