Hi Seems like when we remove '*cas-server-support-rest-x509-*.jar*', the startup is fine.
Also noticed that with the jar added, X509 bean is trying to get registered twice and failing during the second iteration which is getting passed when using older version of Spring framework. Additional stacktrace: 2022-04-07 16:47:58,902 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <building REST credential factory from [[org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7, *org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3* ]]> 2022-04-07 16:47:58,903 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7]> 2022-04-07 16:47:58,905 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3]> 2022-04-07 16:47:58,910 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@8c3b634], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]> 2022-04-07 16:47:58,917 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceTicketResource' defined in class path resource [org/apereo/cas/config/CasRestConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.resources.ServiceTicketResource]: Factory method 'serviceTicketResource' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'restHttpRequestCredentialFactory' defined in class path resource [org/apereo/cas/rest/config/CasCoreRestConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.rest.factory.RestHttpRequestCredentialFactory]: Factory method 'restHttpRequestCredentialFactory' threw exception; nested exception is *java.lang.ClassCastException: class com.sun.proxy.$Proxy282 cannot be cast to class org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer* (com.sun.proxy.$Proxy282 and org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @3cbbc1e0)> On Thursday, 7 April 2022 at 21:47:08 UTC+5:30 Dhanesh Kumar wrote: > Hi > > Have been using CAS 6.4.6 version with cas-server-core-rest*.jar and have > been successfully using all the required functionalities without any issues. > > Due to recent Spring vulnerability CVE-2022-22965, had updated the version > to 6.4.6.2 which had the Spring version update and started hitting startup > issues during startup related to bean initialisation. > > Can you give some pointers on how to fix the same? > > Stacktrace: > > 2022-04-07 09:59:37,525 WARN [org.apereo.cas.web.CasWebApplicationContext] > - <Exception encountered during context initialization - cancelling refresh > attempt: org.springframework.beans.factory.BeanCreationException: > Error creating bean with name 'serviceTicketResource' defined in class > path resource [org/apereo/cas/config/CasRestConfiguration.class]: > Bean instantiation via factory method failed; > nested exception is org.springframework.beans.BeanInstantiationException: > Failed to instantiate > [org.apereo.cas.support.rest.resources.ServiceTicketResource]: > Factory method 'serviceTicketResource' threw exception; > nested exception is > org.springframework.beans.factory.BeanCreationException: > Error creating bean with name 'restHttpRequestCredentialFactory' defined > in class path resource > [org/apereo/cas/rest/config/CasCoreRestConfiguration.class]: > Bean instantiation via factory method failed; nested exception is > org.springframework.beans.BeanInstantiationException: Failed to instantiate > [org.apereo.cas.rest.factory.RestHttpRequestCredentialFactory]: > Factory method 'restHttpRequestCredentialFactory' threw exception; nested > exception is java.lang.ClassCastException: class com.sun.proxy.$Proxy282 > cannot be cast to class > org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer > (com.sun.proxy.$Proxy282 and > org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer are in > unnamed module of loader > org.springframework.boot.loader.LaunchedURLClassLoader @3cbbc1e0)> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f8b1b80c-c387-4373-8947-89f5162baa02n%40apereo.org.
