[Forking this thread to separate the ldaptive and maven repo issues]
Per that spring-io advisory, it says, "The /snapshot, /milestone, and
/release repositories will remain available, but please fetch our releases
from a central repository". The only reference I see in our pom.xml to
spring-io is:
<repositories>
…
<repository>
<id>spring-milestones</id>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories>
Would updating or supplementing with something else resolve these errors?
Unfortunately, my experience with maven and these build strategies is
pretty limited to what I've used to successfully build CAS in the past.
I'll happily RTFM if someone could kindly point me to the appropriate FM
that would explain this or how to pursue the other suggested strategies.
On Thu, Jan 28, 2021 at 2:39 AM Jeffrey Miller <[email protected]>
wrote:
> For the Duo dependency, spring updated their use for artifacts in their
> repo and now libs-release (and probably libs-snapshot) is no longer
> available publicly
>
>
> https://spring.io/blog/2020/10/29/notice-of-permissions-changes-to-repo-spring-io-fall-and-winter-2020
>
> On Wednesday, January 27, 2021 at 8:52:32 PM UTC-5 richard.frovarp wrote:
>
>> For the Duo jar, you should put them in your own local repo? Or maybe the
>> cache dir? I know that by default it feels like you have to hunt through a
>> variety of external repos to find that dependency. I run a local Nexus
>> install for us so I only have to hunt down once.
>>
>> For the LDAP problems, I think on the Shib list they say don't use the
>> JNDI LDAP connector, in particular with JDK 11. But even then, I don't
>> think the 1.8 JNDI provider is that great. So, you may be able to move over
>> to the UnboundID provider and have better success? To determine what
>> version is being used, I would recommend looking at what is in your
>> resulting build artifact. I'm building to a war, and therefore the place
>> for me to look to see what is being placed in the war file. So if the file
>> is present in the lib dir where you are running it, it might be using. I
>> don't remember if there is an authoritative way the JRE loads libs or not.
>> I generally assume that if there are two in the classpath, it is going to
>> randomly load out of one of them. It's probably deterministic in some way,
>> but if you have to ask about load order, you're probably in a space you
>> don't want to be in.
>>
>> I know that with overlays I've had trouble getting the version I want to
>> be the only one. I don't think the normal Maven rules for dependency
>> versions fully apply for overlays. You're best off putting excludes in
>> to ensure the version you don't want is excluded.
>>
>> You can also exclude out of the overlay, and I see that I'm doing that. I
>> just don't remember why I'm doing that. I have spring and log4j in those
>> excludes. I'm excluding Duo out of a normal dependency section. I have a
>> different GAV bringing that dependency in.
>>
>> We're using the UnboundID provider.
>> ------------------------------
>> *From:* [email protected] <[email protected]> on behalf of Baron
>> Fujimoto <[email protected]>
>> *Sent:* Wednesday, January 27, 2021 19:06
>> *To:* CAS Users <[email protected]>
>> *Subject:* [cas-user] CAS 5.0.x newer ldaptive?
>>
>> I'm working with Oracle to troubleshoot a bug we've encountered with
>> their JDK (1.8u231+) and LDAP errors. According to their analysis, they're
>> claiming that the problem lies with the ldaptive library being used by this
>> old (I know) version of CAS. More specifically that the subsequent JDKs
>> adhere to spec, and the ldaptive library appears to be testing for
>> unspecified behaviour. They are recommending I try a newer version of the
>> ldaptive library which does not appear to have the same code.
>>
>> I added the following to our pom.xml:
>>
>> <dependency>
>> <groupId>org.ldaptive</groupId>
>> <artifactId>ldaptive</artifactId>
>> <version>2.0.1</version>
>> </dependency>
>>
>> When I ran "mvn clean package" I think it looked like it was including
>> the 2.0.1 version of ldaptive in the build. However, it seems like I'm
>> still seeing LDAP problems. When I try to login, it will often result in
>> the errors such as the following being logged:
>>
>> 2021-01-27 12:10:56,974 DEBUG
>> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting
>> LDAP authentication for baron>
>> 2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] -
>> <connection failed check out validation:
>> org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff
>> >
>> 2021-01-27 12:10:56,989 ERROR
>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
>> <LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of
>> connection failed)>
>>
>> Eventually the validation succeeds, then so does the authentication.
>>
>> How can I verify which version of ldaptive is being used by CAS? I don't
>> think I saw anything indicating this in the logs. If I search for ldaptive
>> in my overlay work directory I find the following:
>>
>> =====
>> $ grep -ilr ldaptive .
>> ./target/cas.war
>>
>> ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml
>>
>> ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar
>>
>> ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar
>>
>> ./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar
>> ./target/cas/WEB-INF/classes/log4j2.xml
>> ./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar
>> ./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar
>> ./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar
>> ./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar
>> ./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar
>> ./pom.xml
>> ./etc/cas/config/log4j2.xml
>> =====
>>
>> I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but
>> also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions
>> are always present after the build even if I delete them first, so
>> something must be re-including them. How can I ensure that the new ldaptive
>> is used in place of the old one?
>>
>> Unrelated, but I'm also seeing the following errors in the build now that
>> weren't present when I originally built this long ago:
>>
>> Downloading:
>> https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml
>> [WARNING] Could not transfer metadata
>> com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
>> spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
>> authorized , ReasonPhrase:Unauthorized.
>> [WARNING] Failure to transfer
>> com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from
>> https://repo.spring.io/libs-snapshot was cached in the local repository,
>> resolution will not be reattempted until the update interval of
>> spring-libs-snapshots has elapsed or updates are forced. Original error:
>> Could not transfer metadata
>> com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
>> spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
>> authorized , ReasonPhrase:Unauthorized.
>> Downloading:
>> https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml
>> [WARNING] Could not transfer metadata
>> com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
>> from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot):
>> Not authorized , ReasonPhrase:Unauthorized.
>> [WARNING] Failure to transfer
>> com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
>> from https://repo.spring.io/libs-snapshot was cached in the local
>> repository, resolution will not be reattempted until the update interval of
>> spring-libs-snapshots has elapsed or updates are forced. Original error:
>> Could not transfer metadata
>> com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
>> from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot):
>> Not authorized , ReasonPhrase:Unauthorized.
>> Downloading:
>> https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml
>> [WARNING] Could not transfer metadata
>> com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
>> from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot):
>> Not authorized , ReasonPhrase:Unauthorized.
>> [WARNING] Failure to transfer
>> com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
>> from https://repo.spring.io/libs-snapshot was cached in the local
>> repository, resolution will not be reattempted until the update interval of
>> spring-libs-snapshots has elapsed or updates are forced. Original error:
>> Could not transfer metadata
>> com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
>> from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot):
>> Not authorized , ReasonPhrase:Unauthorized.
>> Downloading:
>> https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml
>> [WARNING] Could not transfer metadata
>> com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml
>> from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot):
>> Not authorized , ReasonPhrase:Unauthorized.
>>
>> It seems prudent to resolve these build errors as well.
>> --
>> Baron Fujimoto <[email protected]> :: UH Information Technology Services
>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a361cc6-a099-4a45-86c6-d479db055159n%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5a361cc6-a099-4a45-86c6-d479db055159n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
Baron Fujimoto <[email protected]> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1yDXDZFsEa0yoQCmJpGxYSyai8_ify_8rs6uqg8U%3D3tQ%40mail.gmail.com.
