some more info : https://github.com/apereo/cas/commit/ff4c2624d206ecbd7a9521aa6b20239fe5e5ca1a
Le jeudi 31 octobre 2024 à 15:04:38 UTC+1, Frédéric Dussurget a écrit : > Ok, the explication is right there : > https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4.0-RC1-Release-Notes > > We should expect soon configuration changes in cas.properties ... > > > Le jeudi 31 octobre 2024 à 10:33:23 UTC+1, Frédéric Dussurget a écrit : > >> I found out that there is an issue with the 7.2-SNAPHOT and >> management.endpoints.enabled-by-default key : >> The use of configuration keys that have been renamed was found in the >> environment: >> >> Property source 'bootstrapProperties-casCompositePropertySource': >> Key: management.endpoints.enabled-by-default >> Replacement: management.endpoints.access.default >> >> This key is available again with 7.2-RC1 ... >> >> (for info 7.2-SNAPSHOT would have worked replacing >> management.endpoints.enabled-by-default by management.endpoints. >> access.default: unrestricted) >> >> Le mercredi 30 octobre 2024 à 17:51:58 UTC+1, Frédéric Dussurget a écrit : >> >>> Hi, >>> I've got an issue when trying to access actuator endpoints after >>> deploying compiled this version (gradle.properties) : >>> cas.version=7.2.0-RC1 >>> springBootVersion=3.4.0-M3 >>> >>> Spring webflow and security logs say : >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> *2024-10-30 15:20:04,791 DEBUG >>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow >>> mapping found for request with URI '/cas/actuator/health'>2024-10-30 >>> 15:20:04,791 DEBUG >>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow >>> mapping found for request with URI '/cas/actuator/health'>2024-10-30 >>> 15:20:04,791 DEBUG >>> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow >>> mapping found for request with URI '/cas/actuator/health'>2024-10-30 >>> 15:20:04,791 DEBUG [org.springframework.security.web.FilterChainProxy] - >>> <Securing GET /actuator/health>2024-10-30 15:20:04,792 DEBUG >>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] - >>> <Request: filter invocation [GET /actuator/health]; ConfigAttributes: >>> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:20:04,793 DEBUG >>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>> >>> - <Set SecurityContextHolder to anonymous SecurityContext>2024-10-30 >>> 15:20:04,793 DEBUG >>> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - >>> <Saved request https://172.16.17.50/cas/actuator/health?continue >>> <https://172.16.17.50/cas/actuator/health?continue> to session>2024-10-30 >>> 15:20:04,794 DEBUG >>> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >>> >>> - <Trying to match using Or [RequestHeaderRequestMatcher >>> [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], >>> And [Not [MediaTypeRequestMatcher >>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, >>> >>> matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], >>> MediaTypeRequestMatcher >>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, >>> >>> matchingMediaTypes=[application/atom+xml, >>> application/x-www-form-urlencoded, application/json, >>> application/octet-stream, application/xml, multipart/form-data, text/xml], >>> useEquals=false, ignoredMediaTypes=[*/*]]], MediaTypeRequestMatcher >>> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, >>> >>> matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]>2024-10-30 >>> 15:20:04,794 DEBUG >>> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >>> >>> - <Match found! Executing >>> org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@5ae646b0>2024-10-30 >>> >>> 15:20:04,794 DEBUG >>> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >>> >>> - <Trying to match using RequestHeaderRequestMatcher >>> [expectedHeaderName=X-Requested-With, >>> expectedHeaderValue=XMLHttpRequest]>2024-10-30 15:20:04,794 DEBUG >>> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >>> >>> - <No match found. Using default entry point >>> org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@7e017a3a>2024-10-30 >>> >>> 15:20:04,795 DEBUG [org.springframework.security.web.FilterChainProxy] - >>> <Securing GET /error>2024-10-30 15:20:04,795 DEBUG >>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] - >>> <Request: filter invocation [GET /error]; ConfigAttributes: >>> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:20:04,796 DEBUG >>> [org.springframework.security.web.FilterChainProxy] - <Secured GET >>> /error>2024-10-30 15:20:04,798 DEBUG >>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>> >>> - <Set SecurityContextHolder to anonymous SecurityContext>* >>> >>> But, with the same clone (no git checkout), juste changing the version >>> in the gradle.properties file with this value : >>> >>> cas.version=7.2.0-SNAPSHOT >>> >>> and rebuilding, makes it work again : My endpoints can be accessed with >>> AUTHENTICATED and IP_ADDRESS access types. >>> >>> In this case, spring logs say : >>> >>> >>> >>> >>> *2024-10-30 15:15:05,110 DEBUG >>> [org.springframework.security.web.DefaultSecurityFilterChain] - <Will >>> secure any request with filters: DisableEncodeUrlFilter, >>> ChannelProcessingFilter, WebAsyncManagerIntegrationFilter, >>> SecurityContextHolderFilter, CorsFilter, CsrfFilter, >>> UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter, >>> RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, >>> AnonymousAuthenticationFilter, ExceptionTranslationFilter, >>> AuthorizationFilter>2024-10-30 15:15:05,176 DEBUG >>> [org.springframework.security.web.FilterChainProxy] - <Securing GET >>> /actuator/health>2024-10-30 15:15:05,185 DEBUG >>> [org.springframework.security.web.access.channel.ChannelProcessingFilter] - >>> <Request: filter invocation [GET /actuator/health]; ConfigAttributes: >>> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:15:05,211 DEBUG >>> [org.springframework.security.web.FilterChainProxy] - <Secured GET >>> /actuator/health>* >>> *2024-10-30 15:15:05,282 DEBUG >>> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >>> >>> - <Set SecurityContextHolder to anonymous SecurityContext>* >>> >>> I tried to play with springBootVersion to roll it back 3.4.0-M1 instead >>> of M3, but it has no effect at all. >>> These logs concern the health endpoint, but all the other endpoints are >>> concerned. >>> >>> Regards, >>> >>> Regards, >>> >> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6aa913e2-c0a4-43e0-af93-aacc1a070333n%40apereo.org.
