Baron, There is this release note about the change https://apereo.github.io/cas/7.2.x/release_notes/RC2.html#actuator-endpoints For a list of values for 'access' see https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html click on the green book icon beside 'Provides information about ...' then click on the Configuration tab.
There is also Management.endpoints.web.exposure.include= [*|comma separated list] Ray ________________________________ From: [email protected] <[email protected]> on behalf of Baron Fujimoto <[email protected]> Sent: August 12, 2025 11:37 To: CAS Community <[email protected]> Subject: [cas-user] Re: Older CAS RC release notes changelog links broken? FWIW, I was able to get past this error by removing the deprecated property "management.endpoints.enabled-by-default=true". The error message seems to suggest the property "management.endpoints.access.default" as a replacement, but I can't find information about this property in the CAS documentation. I did find Spring Boot documentation[1] that identifies one possible valid value ("none") for this property, but not any other possible valid values. For CAS, the default appears to be sort of consistent with "none" since it seems I have to explicitly enable any actuator endpoints if I want to use anything besides just "health" and "info" (e.g. "throttles" and "duoPing"). Furthermore the CAS documentation[2] states, "that by default the only endpoints exposed over the web are info, status, health and configurationMetadata." However, even if the status endpoint is explicitly enabled the same way as for health and info, it still rejects access to status. cas.properties: management.endpoints.web.base-path=/actuator management.endpoints.web.exposure.include=health,info,status,throttles,duoPing management.endpoint.health.enabled=true management.endpoint.info.enabled=true management.endpoint.status.enabled=true management.endpoint.throttles.enabled=true management.endpoint.duoPing.enabled=true cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, [...more IP addrs...] This results in the following logs that demonstrate the difference between attempted access to "health" and "status" endpoints: DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing HEAD /actuator/health> DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured HEAD /actuator/health> DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /actuator/status> DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext> DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <Saved request https://cas66.pvt.hawaii.edu:8443/cas/actuator/status?continue to session> DEBUG [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] - <Pre-authenticated entry point called. Rejecting access> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /error> DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET /error> I seem to recall the status endpoint may have been deprecated at some point, but I can't find confirmation in the CAS documentation. If so, is the current documentation erroneous in stating that it may be exposed? If not, how do you also get status to work? [1] <https://docs.spring.io/spring-boot/reference/actuator/endpoints.html> [2] Example from the Endpoint details popup window at <https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html> On Fri, Aug 8, 2025 at 4:37 PM Baron Fujimoto <[email protected]<mailto:[email protected]>> wrote: This is problematic, because when I build and deploy 7.2.5, I now get the following error logged. ===== ERROR [org.springframework.boot.context.properties.migrator.PropertiesMigrationListener] - < The use of configuration keys that are no longer supported was found in the environment: Property source 'bootstrapProperties-casCompositePropertySource': Key: management.endpoints.enabled-by-default Reason: Replacement key 'management.endpoints.access.default' uses an incompatible target type Please refer to the release notes or reference guide for potential alternatives. > ERROR [org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer] - <Error creating bean due to: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]: Error processing condition on org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration caused by MutuallyExclusiveConfigurationPropertiesException: The configuration properties 'management.endpoints.access.default, management.endpoints.enabled-by-default' are mutually exclusive and 'management.endpoints.access.default, management.endpoints.enabled-by-default' have been configured together > DEBUG [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <Application failed to start due to an exception> ERROR [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - < *************************** APPLICATION FAILED TO START *************************** Description: Error creating bean due to: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]: Error processing condition on org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration caused by MutuallyExclusiveConfigurationPropertiesException: The configuration properties 'management.endpoints.access.default, management.endpoints.enabled-by-default' are mutually exclusive and 'management.endpoints.access.default, management.endpoints.enabled-by-default' have been configured together Action: Review the properties available for the configuration. Enable debug logging on org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer to see exception stack trace > ===== I believe these are the sorts of issues typically mentioned in the missing changelogs. I seem to recall there also being something about the use of groovy scripts that I cannot currently find. We incorporate a groovy script in some of our service registrations, so this is also a concern. On Thu, Aug 7, 2025 at 10:54 AM Baron Fujimoto <[email protected]<mailto:[email protected]>> wrote: I'm preparing for a CAS upgrade from 7.0.8 to 7.2 and wanted to review the release notes changelogs for anything we needed to be aware of. (I'm not sure why, but it seems like only release candidates really get useful information of this nature.) Currently it appears that all of the documentation for older (7.1, 7.2) RC changelogs only points to the changelogs for 7.3 RC versions. E.g. on the Release Notes page for 7.1.0-RC6 <https://github.com/apereo/cas/releases/tag/v7.1.0-RC6>, the linked changelogs for previous RC versions all link to 7.3 changelogs: • <https://apereo.github.io/cas/development/release_notes/RC1.html> • <https://apereo.github.io/cas/development/release_notes/RC2.html> • etc • Busted portal gun 404 for changelogs that don't yet exist for 7.4 (RC6) Are the older changelogs still available? I seem to recall seeing potentially important items in there when previously skimming them. -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg%3DtEXYbiguYipRscTz2eA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg%3DtEXYbiguYipRscTz2eA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
