Migrating from ADS 1.x to 2.x

Axiomatics Decision Service (ADS) 2.x introduces several architectural and functional changes that are not backward-compatible with ADS 1.x. The following sections analyze the new features, changed functionality, and deprecated features, and will guide you migrate to the new version.

info

This migration guide is intended for users already familiar with ADS 1.x planning to deploy or upgrade to ADS 2.x.

New features

These are the new features implemented in ADS 2:

• New license format and file

  Running ADS 2.x requires a new license file because the previous license format is incompatible. The new license file is named axiomatics_ADS.license, in contrast to the prior axiomatics_PDP.license.

• Spring Boot

  ADS 2.x now utilizes the Spring BootOpens in a new tab framework, offering a modern and flexible architecture that simplifies configuration, enhances integration options, and improves diagnostics. Key impacts of this migration from Dropwizard include:

  • Changes to configuration properties in the deployment.yaml file.
  • Replacement of Dropwizard's health checks with new endpoints.
  • Adoption of the Spring Boot model for application lifecycle events and initialization.

Changed functionality

The key functional changes compared to the previous version are:

• Metrics and monitoring
• Domain configuration
• Service ports and endpoints
• Authentication
• Logging
• Kubernetes deployment
• Attribute Connectors in JAR deployment

Metrics and monitoring

Monitoring and observability are now handled through new endpoints. ADS 2.x supports Prometheus (pull), InfluxDB (push) and Azure Application Insights backends.

Domain configuration

All domain-related settings are now grouped under the top-level domain key in the deployment.yaml file.

• ADS 1.x: Domain configuration was often stored in XML.
• ADS 2.x: Domains are no longer supported in XML and are exclusively declared under the domain: key in YAML format. All domain-related properties, such as path, refresh, and startupRetries, are grouped under this key.

Support for startup retries and runtime refresh has been added.

Service ports and endpoints

Previously (ADS 1.x), administration and application endpoints used separate, customizable ports. ADS 2.x now defaults to a single port defined under server.port in deployment.yaml, but separate configuration remains an option.

Authentication

Authentication configuration has been refactored in ADS 2.x. While both versions support Basic, none, and Token-based authentication, the structure and behavior have changed.

• Authentication is now configured under spring.security.
• Authentication is enabled by default in ADS 2.x and is controlled through the authentication.enabled property.
• JWT token-based authentication is now supported through Spring Security.
• Passwords can be hashed using {bcrypt}, {sha256} or {pbkdf2}.
• Authentication for remote domain retrieval is now supported (Basic or OAuth2).

Here's a quick comparison between the two ADS versions:

Feature	ADS 1.x	ADS 2.x
Basic auth	authentication.type	spring.security.user
Disable auth	authentication.type: none	authentication.enabled: false
Token support	Custom	JWT/OAuth2
Password hashing	SHA-256 hashed	Built-in hash formats supported
Remote domain auth	Supported	Basic / OAuth2

Logging

Logging configuration has been refactored in ADS 2.x, shifting from Dropwizard-based setup to Spring Boot–style configuration using YAML. The available log levels remain the same, but the structure and options for customization have changed.

• Log levels are now defined under logging.level.root instead of a flat level property.

• The loggers property used in ADS 1.x has been replaced by direct keys under logging.level, such as com.axiomatics.audit.

• Output settings like appenders and timeZone are no longer supported in deployment.yaml.

• Custom log output (file, console, or JSON) is now controlled by providing a Logback configuration file using the logging.config property.

• Audit logs are now generated in JSON format by default, offering reduced log size, enhanced readability, and improved overall performance for ADS.

  note

  You can still configure ADS to output audit logs in XML format if required.

• Dropwizard’s internal logging structure has been removed.

See Audit logging for details.

Kubernetes deployment

The Kubernetes (K8s) deployment process has been redesigned in ADS 2.x allowing you to pull a K8s image directly from the Axiomatics ECR container. This image includes the standard Attribute Connectors (SQL, Table, LDAP, HTTP, and Parser) by default, eliminating the need to manually add connector JAR files.

If you need to use custom Attribute Connectors or add external dependencies such as JDBC drivers for SQL-based connectors, you can use a custom image and include them in the container image by placing the .jar files in the resources/lib/ directory before deployment. This ensures they are available on the classpath when ADS starts.

Attribute Connectors in JAR deployment

For JAR-based deployments, you must manually provide all necessary Attribute Connector JARs and their dependencies by placing them in a directory named lib, on the same level as the ADS 2.x executable JAR. ADS will load all JAR files from this directory at startup.

Deprecated features

The following features are no longer supported in ADS 2.x:

• Deprecated endpoints

  • POST /asm-pdp/pdp (SOAP)
  • POST /asm-pdp/authorize (REST)

• XML-based domain configuration

  Older ASM versions used XML domain files.ADS 2.x requires domain files to be written in YAML and referenced under the domain: block. XML remains supported when used with ASM 6.2.x, but is considered legacy.

  note

  While XML remains supported for ASM 6.2.x, it is considered a legacy format.

• ASM as metrics backend

  ADS 2.x does not allow ASM to serve as a metrics backend. This functionality is removed and observability is now managed using Spring Boot with support for Prometheus (pull), InfluxDB (push), and Azure Application Insights. If you relied on ASM for metrics, a transition to one of the supported backends is necessary.

• Deprecated properties

  	Status	Notes
  legacyXmlConfig	Deprecated	Originally used for deprecated XML-based domains.
  metricsBackends	Deprecated	Replaced by management.metrics.
  authentication.type	Deprecated	Replaced by spring.security.

Migration procedure

1. Request a new license from Axiomatics Support.

   note

   Use the new axiomatics_ADS.license format.

2. Place the license file in your deployment environment and reference it in deployment.yaml.

3. Back up your current ADS 1.x configuration and domain files.

   If you have an XML domain file, contact Axiomatics Customer SupportOpens in a new tab to help with the conversion to YAML.

4. Remove any deprecated features from your setup.

5. Convert your configuration to the new deployment.yaml structure using the Deployment configuration samples as a starting point.

   Important

   If your deployment.yaml specifies default values for environment variables, make sure to remove any hyphens (-) appended to them as they're incompatible with ADS 2.x.

6. Install ADS 2.x using the official installation instructions.

   Apply your YAML configuration and verify that the new license is detected at startup.

7. Start ADS 2.x and validate its behavior, including policy evaluation and the health and metrics endpoints.

If you have questions or encounter issues during the migration, please contact Axiomatics Customer SupportOpens in a new tab.