You have to do overlay exclusions. Which for me looks like. Obviously close the
XML out as appropriate. I have further build plugins.
<build>
<plugins>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp/META-INF/MANIFEST.MF</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp</artifactId>
<excludes>
<!-- <exclude>WEB-INF/cas.properties</exclude> -->
<exclude>WEB-INF/classes/application*.properties</exclude>
<exclude>WEB-INF/lib/spring*.jar</exclude>
<exclude>WEB-INF/lib/log4j*.jar</exclude>
</excludes>
</overlay>
</overlays>
<warName>cas</warName>
</configuration>
</plugin>
But that isn't going to help you to put ldaptive in there. If you look at the
pom for ldaptive 2.0, they are calling for Java 11. Guessing they are using
something that is JDK 11 specific. Maybe you can rebuild with 8 and it will
work, I don't know.
I would go with the easier solution of giving the UnboundID provider a try.
https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#ldap-connection-settings
Bypass the JDK code altogether.
On Thu, 2021-01-28 at 10:56 -1000, Baron Fujimoto wrote:
Hmm, the older ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar don't appear in
the packages dependency tree, I'm not sure how I would exclude them from the
build. If I manually delete them from the resulting cas.war file, then when I
start CAS, I encounter the following error/exception:
ERROR [org.springframework.boot.SpringApplication] - <Application startup
failed>
java.lang.UnsupportedClassVersionError: org/ldaptive/ConnectionFactory has been
compiled by a more recent version of the Java Runtime (class file version
55.0), this version of the Java Runtime only recognizes class file versions up
to 52.0 (unable to load class [org.ldaptive.ConnectionFactory])
If my google-fu is right, this suggests that the newer ldaptive jar files
included via the overlay pom.xml were compiled with Java 11 rather than the
Java 8 we are using. If I wanted to continue down this path, I suppose that
means I would need to compile the newer ldaptive jars myself from source using
our installed Java 8? And if successful, then manually place them in the
resulting cas.war file? Or is there an easier way?
On Thu, Jan 28, 2021 at 7:46 AM Ray Bon <[email protected]<mailto:[email protected]>>
wrote:
Baron,
Check what packages are included in the build with:
mvn dependency:tree
You can <exclude> transitive dependencies for the old library.
But, the overlay, itself, may include an old version of the library, which
means that you would have to manually remove the old one from the war. Maybe
the exclude can be applied to the overlay too???
Ray
On Wed, 2021-01-27 at 15:06 -1000, Baron Fujimoto wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
I'm working with Oracle to troubleshoot a bug we've encountered with their JDK
(1.8u231+) and LDAP errors. According to their analysis, they're claiming that
the problem lies with the ldaptive library being used by this old (I know)
version of CAS. More specifically that the subsequent JDKs adhere to spec, and
the ldaptive library appears to be testing for unspecified behaviour. They are
recommending I try a newer version of the ldaptive library which does not
appear to have the same code.
I added the following to our pom.xml:
<dependency>
<groupId>org.ldaptive</groupId>
<artifactId>ldaptive</artifactId>
<version>2.0.1</version>
</dependency>
When I ran "mvn clean package" I think it looked like it was including the
2.0.1 version of ldaptive in the build. However, it seems like I'm still seeing
LDAP problems. When I try to login, it will often result in the errors such as
the following being logged:
2021-01-27 12:10:56,974 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting LDAP
authentication for baron>
2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] -
<connection failed check out validation:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff>
2021-01-27 12:10:56,989 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of
connection failed)>
Eventually the validation succeeds, then so does the authentication.
How can I verify which version of ldaptive is being used by CAS? I don't think
I saw anything indicating this in the logs. If I search for ldaptive in my
overlay work directory I find the following:
=====
$ grep -ilr ldaptive .
./target/cas.war
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/classes/log4j2.xml
./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar
./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar
./pom.xml
./etc/cas/config/log4j2.xml
=====
I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but also
ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions are always
present after the build even if I delete them first, so something must be
re-including them. How can I ensure that the new ldaptive is used in place of
the old one?
Unrelated, but I'm also seeing the following errors in the build now that
weren't present when I originally built this long ago:
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized ,
ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from
https://repo.spring.io/libs-snapshot was cached in the local repository,
resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error: Could
not transfer metadata
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not authorized ,
ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from https://repo.spring.io/libs-snapshot was cached in the local repository,
resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error: Could
not transfer metadata
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from https://repo.spring.io/libs-snapshot was cached in the local repository,
resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error: Could
not transfer metadata
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
It seems prudent to resolve these build errors as well.
--
Baron Fujimoto <[email protected]<mailto:[email protected]>> :: UH Information
Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/8bce280697887a84a31350dec8e78364b7ea07a5.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
Baron Fujimoto <[email protected]<mailto:[email protected]>> :: UH Information
Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a804a14d7388bf1771f73dc216cee6453d8505eb.camel%40ndsu.edu.
