The fact that defaults only covers a few properties is unfortunate, as I think the expectation is that it should cover anything that is not otherwise explicitly overridden. That is after all the generally accepted meaning of a default.
Since the defaults are not discussed in the CAS docs as far as I can tell, does this then suggest that the defaults endpoint should not be used, and rather than cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, [...more IP addrs...] Should these properties instead explicitly identify specific endpoints even though you would like the same settings applied to each? E.g..: cas.monitor.endpoints.endpoint.health.access=IP_ADDRESS cas.monitor.endpoints.endpoint.health.required-ip-addresses=127.0.0.1, [...more IP addrs...] cas.monitor.endpoints.endpoint.info.access=IP_ADDRESS cas.monitor.endpoints.endpoint.info.required-ip-addresses=127.0.0.1, [...more IP addrs...] ... etc. That seems rather reduplicative, and prone to error by typo, omission, or other careless error. :/ On Wed, Aug 20, 2025 at 5:22 AM Ray Bon <[email protected]> wrote: > Baron, > > The release note form of the property is correct, The one in the docs has > not been updated. > This url should bring you to the 7.1 release notes > https://apereo.github.io/cas/7.1.x/release_notes/Overview.html > <https://urldefense.com/v3/__https://apereo.github.io/cas/7.1.x/release_notes/Overview.html__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75HJ7fs_p$> > > > Depending on which endpoints you want to use, some of them will have to be > explicitly added to the properties; defaults only covers a few. > > I never tried the gear icon before; it is definitely not working. > > Ray > > ------------------------------ > *From:* [email protected] <[email protected]> on behalf of Baron > Fujimoto <[email protected]> > *Sent:* August 19, 2025 19:53 > *To:* [email protected] <[email protected]> > *Subject:* Re: [cas-user] Re: Older CAS RC release notes changelog links > broken? > > Thank you! The URL pattern < > https://apereo.github.io/cas/7.2.x/release_notes/RC2.html > <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/release_notes/RC2.html__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75GpPVa3I$>> > provides an example of how I can directly access the Release Notes for > these versions. However, the documentation for older (7.1, 7.2) links to RC > changelogs/release notes still point to the changelogs for 7.3 RC and not > the expected older versions. > > I'm also still somewhat confused by the documentation and/or > logged error(s). I have the following in cas.properties (consistent with > the information in the Configuration tab information): > > management.endpoints.web.exposure.include=health,info > management.endpoint.health.enabled=true > management.endpoint.info.enabled=true > > I also have: > > cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS > cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, > [...more IP addrs...] > > I use "defaults" endpoints there because though this isn't discussed in > the CAS documentation AFAICT, I think I found the use of the defaults in > the spring documentation somewhere (unfortunately I can't locate it again > now). > > Although things appear to work, on startup the following error is logged: > > ERROR > [org.springframework.boot.context.properties.migrator.PropertiesMigrationListener] > - < > The use of configuration keys that are no longer supported was found in > the environment: > > Property source 'bootstrapProperties-casCompositePropertySource': > Key: management.endpoint.health.enabled > Reason: Replacement key > 'management.endpoint.health.access' uses an incompatible target type > Key: management.endpoint.info.enabled > Reason: Replacement key 'management.endpoint.info.access' > uses an incompatible target type > > > Please refer to the release notes or reference guide for potential > alternatives. > > > > I don't understand the references to the replacement keys, because I don't > see these discussed in the CAS docs, nor are they present in my > cas.properties. Is this an actual error I should be addressing? > > Finally, another aspect of the documentation I found confusing was that > under the Configuration tab, there are gear icon links for each property > "How can I configure this property?" that if you click on them does nothing > other than clear the popup window and dim the popup parent window with no > good/apparent way to cancel/exit that state. > > > On Wed, Aug 13, 2025 at 4:07 PM Ray Bon <[email protected]> wrote: > > Baron, > > There is this release note about the change > https://apereo.github.io/cas/7.2.x/release_notes/RC2.html#actuator-endpoints > <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/release_notes/RC2.html*actuator-endpoints__;Iw!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYbgje3J_$> > For a list of values for 'access' see > https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html > <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYaDjms8a$> > click > on the green book icon beside 'Provides information about ...' then click > on the Configuration tab. > > There is also > Management.endpoints.web.exposure.include= [*|comma separated list] > > Ray > ------------------------------ > *From:* [email protected] <[email protected]> on behalf of Baron > Fujimoto <[email protected]> > *Sent:* August 12, 2025 11:37 > *To:* CAS Community <[email protected]> > *Subject:* [cas-user] Re: Older CAS RC release notes changelog links > broken? > > FWIW, I was able to get past this error by removing the deprecated > property "management.endpoints.enabled-by-default=true". The error message > seems to suggest the property "management.endpoints.access.default" as a > replacement, but I can't find information about this property in the CAS > documentation. > > I did find Spring Boot documentation[1] that identifies one possible valid > value ("none") for this property, but not any other possible valid values. > > For CAS, the default appears to be sort of consistent with "none" since it > seems I have to explicitly enable any actuator endpoints if I want to use > anything besides just "health" and "info" (e.g. "throttles" and "duoPing"). > > Furthermore the CAS documentation[2] states, "that by default the only > endpoints exposed over the web are info, status, health and > configurationMetadata." However, even if the status endpoint is explicitly > enabled the same way as for health and info, it still rejects access to > status. > > cas.properties: > > management.endpoints.web.base-path=/actuator > > management.endpoints.web.exposure.include=health,info,status,throttles,duoPing > management.endpoint.health.enabled=true > management.endpoint.info.enabled=true > management.endpoint.status.enabled=true > management.endpoint.throttles.enabled=true > management.endpoint.duoPing.enabled=true > cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS > cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, > [...more IP addrs...] > > This results in the following logs that demonstrate the difference between > attempted access to "health" and "status" endpoints: > > DEBUG > [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] > - <Set SecurityContextHolder to anonymous SecurityContext> > DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing HEAD > /actuator/health> > DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured HEAD > /actuator/health> > DEBUG > [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] > - <Set SecurityContextHolder to anonymous SecurityContext> > DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET > /actuator/status> > DEBUG > [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] > - <Set SecurityContextHolder to anonymous SecurityContext> > DEBUG > [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - > <Saved request > https://cas66.pvt.hawaii.edu:8443/cas/actuator/status?continue to session> > DEBUG > [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] > - <Pre-authenticated entry point called. Rejecting access> > DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET > /error> > DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET > /error> > > I seem to recall the status endpoint may have been deprecated at some > point, but I can't find confirmation in the CAS documentation. If so, is > the current documentation erroneous in stating that it may be exposed? If > not, how do you also get status to work? > > [1] <https://docs.spring.io/spring-boot/reference/actuator/endpoints.html > <https://urldefense.com/v3/__https://docs.spring.io/spring-boot/reference/actuator/endpoints.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYa-Bs3ot$> > > > [2] Example from the Endpoint details popup window at < > https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html > <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYdzZjtPC$> > > > > > > On Fri, Aug 8, 2025 at 4:37 PM Baron Fujimoto <[email protected]> wrote: > > This is problematic, because when I build and deploy 7.2.5, I now get the > following error logged. > > ===== > ERROR > [org.springframework.boot.context.properties.migrator.PropertiesMigrationListener] > - < > The use of configuration keys that are no longer supported was found in > the environment: > > Property source 'bootstrapProperties-casCompositePropertySource': > Key: management.endpoints.enabled-by-default > Reason: Replacement key > 'management.endpoints.access.default' uses an incompatible target type > > > Please refer to the release notes or reference guide for potential > alternatives. > > > ERROR [org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer] > - <Error creating bean due to: Failed to process import candidates for > configuration class [org.apereo.cas.web.CasWebApplication]: Error > processing condition on > org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration > caused by MutuallyExclusiveConfigurationPropertiesException: The > configuration properties 'management.endpoints.access.default, > management.endpoints.enabled-by-default' are mutually exclusive and > 'management.endpoints.access.default, > management.endpoints.enabled-by-default' have been configured together > > DEBUG > [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - > <Application failed to start due to an exception> > ERROR > [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - < > > *************************** > APPLICATION FAILED TO START > *************************** > > Description: > > Error creating bean due to: Failed to process import candidates for > configuration class [org.apereo.cas.web.CasWebApplication]: Error > processing condition on > org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration > caused by MutuallyExclusiveConfigurationPropertiesException: The > configuration properties 'management.endpoints.access.default, > management.endpoints.enabled-by-default' are mutually exclusive and > 'management.endpoints.access.default, > management.endpoints.enabled-by-default' have been configured together > > Action: > > Review the properties available for the configuration. Enable debug > logging on > org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer to see > exception stack trace > > > ===== > > I believe these are the sorts of issues typically mentioned in the missing > changelogs. I seem to recall there also being something about the use of > groovy scripts that I cannot currently find. We incorporate a groovy script > in some of our service registrations, so this is also a concern. > > > On Thu, Aug 7, 2025 at 10:54 AM Baron Fujimoto <[email protected]> wrote: > > I'm preparing for a CAS upgrade from 7.0.8 to 7.2 and wanted to review the > release notes changelogs for anything we needed to be aware of. (I'm not > sure why, but it seems like only release candidates really get useful > information of this nature.) > > Currently it appears that all of the documentation for older (7.1, 7.2) RC > changelogs only points to the changelogs for 7.3 RC versions. > > E.g. on the Release Notes page for 7.1.0-RC6 < > https://github.com/apereo/cas/releases/tag/v7.1.0-RC6 > <https://urldefense.com/v3/__https://github.com/apereo/cas/releases/tag/v7.1.0-RC6__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYSFZJ1yL$>>, > the linked changelogs for previous RC versions all link to 7.3 changelogs: > • <https://apereo.github.io/cas/development/release_notes/RC1.html > <https://urldefense.com/v3/__https://apereo.github.io/cas/development/release_notes/RC1.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYYlF7M8h$> > > > • <https://apereo.github.io/cas/development/release_notes/RC2.html > <https://urldefense.com/v3/__https://apereo.github.io/cas/development/release_notes/RC2.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYTjQcwOI$> > > > • etc > • Busted portal gun 404 for changelogs that don't yet exist for 7.4 (RC6) > > Are the older changelogs still available? I seem to recall seeing > potentially important items in there when previously skimming them. > -- > Baron Fujimoto <[email protected]> ::: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum descendus pantorum > > > > -- > Baron Fujimoto <[email protected]> ::: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum descendus pantorum > > > > -- > Baron Fujimoto <[email protected]> ::: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum descendus pantorum > > -- > - Website: https://apereo.github.io/cas > <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYY8NrfMX$> > - List Guidelines: https://goo.gl/1VRrw7 > <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYe2dckGb$> > - Contributions: https://goo.gl/mh7qDG > <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYfHaIRoQ$> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg%3DtEXYbiguYipRscTz2eA%40mail.gmail.com > <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg*3DtEXYbiguYipRscTz2eA*40mail.gmail.com?utm_medium=email&utm_source=footer__;JSU!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYVaS9zUc$> > . > > -- > - Website: https://apereo.github.io/cas > <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYY8NrfMX$> > - List Guidelines: https://goo.gl/1VRrw7 > <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYe2dckGb$> > - Contributions: https://goo.gl/mh7qDG > <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYfHaIRoQ$> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM > <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA*40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer__;JQ!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYZ7-NNyS$> > . > > > > -- > Baron Fujimoto <[email protected]> ::: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum descendus pantorum > > -- > - Website: https://apereo.github.io/cas > <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75OPVgbUE$> > - List Guidelines: https://goo.gl/1VRrw7 > <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75AVIi6ii$> > - Contributions: https://goo.gl/mh7qDG > <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75Dofvq4P$> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1W90SdsTWxM3ivYH%2BBjUi5A1sYj46-30cNwbnB0bbU%2Bg%40mail.gmail.com > <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1W90SdsTWxM3ivYH*2BBjUi5A1sYj46-30cNwbnB0bbU*2Bg*40mail.gmail.com?utm_medium=email&utm_source=footer__;JSUl!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75Da_F7_Q$> > . > > -- > - Website: https://apereo.github.io/cas > <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75OPVgbUE$> > - List Guidelines: https://goo.gl/1VRrw7 > <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75AVIi6ii$> > - Contributions: https://goo.gl/mh7qDG > <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75Dofvq4P$> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081B21BD029A0EAB8BFD039CE33A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM > <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081B21BD029A0EAB8BFD039CE33A*40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer__;JQ!!PvDODwlR4mBZyAb0!S_Mmucww7gRwNtktS-TiqPOhlDTiqY_VAo8FYDf12ZQ8F9mr324Z8yhHQx6GZrUIsxs75O-dFZWs$> > . > -- Baron Fujimoto <[email protected]> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3r%3DnAgSoNyHJSV_6ajZyOLYSfSgDCiZdH_RsidyA8PJA%40mail.gmail.com.
