Does it take CIDR? 10.17.133.2/31,10.17.133.4/32
From: cas-user@apereo.org <cas-user@apereo.org> On Behalf Of Baron Fujimoto Sent: Tuesday, March 7, 2023 10:14 PM To: CAS Community <cas-user@apereo.org> Subject: [EXTERNAL SENDER] Re: [cas-user] requiredIpAddresses specification? Actually, I've belatedly discovered I'm also seeing warnings logged about being unable to parse regular expressions for IP addresses in 6.6.5, I'm setting something like the following: cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, 10.17.133.[234], ... But the following is logged: WARN [org.apereo.cas.util.function.FunctionUtils] - <Failed to parse address10.17.133.[234] IpAddressMatcher.java:parseAddress:96 IpAddressMatcher.java:<init>:58 CasWebSecurityConfigurerAdapter.java:lambda$configureEndpointAccessByIpAddress$10:297 How should IP addresses using regular expressions in the list be defined? I expected "10.17.133.[234]" to represent "10.17.133.2, 10.17.133.3, 10.17.133.4" On Thu, Feb 23, 2023 at 8:44 PM Arkady Keppert <vtsun...@gmail.com<mailto:vtsun...@gmail.com>> wrote: One i leave only one ip addres everything is working find. I did try before with comma and the result is the same but comma it wont let me in even when i provide my ip addres. 2023-02-24 07:31:45,593 WARN [org.apereo.cas.util.function.FunctionUtils] - <Failed to parse address127.0.0.1,10.xx.xx.* IpAddressMatcher.java:parseAddress:96 IpAddressMatcher.java:<init>:58 CasWebSecurityConfigurerAdapter.java:lambda$configureEndpointAccessByIpAddress$10:297 > 2023-02-24 07:31:45,593 WARN [org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter] - <Provided regular expression or IP/netmask [[127.0.0.1,10.xx.xx.*]] does not match [10.xx.xx.7]> Everything is working find on version 6.5.9 with the same setting and ip separated with | like 127.0.0.1|10.xx.xx.* czwartek, 23 lutego 2023 o 18:16:28 UTC+1 baron napisał(a): Ahh, there it is. Ok, thanks! I guess for now this is generally a pretty indirect way to find the information (and at least for me, prone to error), and as you noted can be hit or miss. :/ On Thu, Feb 23, 2023 at 5:41 AM Dmitriy Kopylenko <dkopy...@unicon.net<mailto:dkopy...@unicon.net>> wrote: This field: https://github.com/apereo/cas/blob/master/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/monitor/ActuatorEndpointProperties.java#L44-L48 D. On Feb 23, 2023 at 09:40:51, Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> wrote: I'm still not sure I'm looking in the right place then, because I also don't see it in either of: • <https://github.com/apereo/cas/blob/master/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/monitor/ActuatorEndpointProperties.java> • <https://www.javadoc.io/doc/org.apereo.cas/cas-server-core-api-configuration-model/latest/org/apereo/cas/configuration/model/core/monitor/ActuatorEndpointProperties.EndpointAccessLevel.html> Which I think are for the master branch? On Thu, Feb 23, 2023 at 2:48 AM Dmitriy Kopylenko <dkopy...@unicon.net<mailto:dkopy...@unicon.net>> wrote: Hi Baron. Ok, you are right, that comment is not available in the version that you are dealing with. I was looking at the master branch, so it’s “hit or miss” :) D. On Thu, Feb 23, 2023 at 00:56 Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> wrote: Thanks, Dima. That `./gradlew exportConfigMetadata` task will be very handy going forward. My apologies for the probably dumb question, but where exactly does one find those javadocs? I tried fumbling around what seemed like likely places for the version I'm working with (6.6.5), such as: • <https://github.com/apereo/cas/blob/v6.6.5/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/core/monitor/ActuatorEndpointProperties.java> • <https://www.javadoc.io/doc/org.apereo.cas/cas-server-core-api-configuration-model/6.6.5/org/apereo/cas/configuration/model/core/monitor/ActuatorEndpointProperties.html> But I don't see the comment you provided as an example. On Wed, Feb 22, 2023 at 5:00 AM Dmitriy Kopylenko <dkopy...@unicon.net<mailto:dkopy...@unicon.net>> wrote: Hello. There is a useful Gradle task available which would generate the properties file containing ALL CAS’ properties along with documentation comments for each. Then one could use search in that file to see what’s available. To run it, simply execute ./gradlew exportConfigMetadata from the root of your overlay and it will generate file named config-metadata.properties for your reference. And then for example for the property in question it contains: # Type: java.util.List<String> # Module: cas-server-support-reports # Owner: org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties # # Required ip addresses. # # cas.monitor.endpoints.endpoint.[key].required-ip-addresses: With owner configuration class documented (org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties), one could see the source of it and in particular the member field in question: /** * Required IP addresses. CIDR ranges are accepted. */ @RegularExpressionCapable private List<String> requiredIpAddresses = new ArrayList<>(0); where from the Javadoc comment it’s now clear that CIDR ranges are accepted in its values. HTH, D. On Feb 22, 2023 at 08:49:49, David Malia <dma...@gmail.com<mailto:dma...@gmail.com>> wrote: A CIDR range like 10.10.10.64/26<http://10.10.10.64/26> is acceptable in the list. I got that answer by looking at the source. I remember reading there is a way to have CAS Initilizer to list out the properties which I think listed out any documentation on the properties. I could be remembering wrong, and I don't remember the command, so maybe someone who knows more than me can chime in. I don't think that property is listed in the current website documentation, and I am happy to be wrong about that as well. This is an open source project, and I have some extra time today, I can attempt to take a stab at it. I'm sure it was an oversight when they updated the layout of the documentation. I remember struggling with this with a recent upgrade we did as well. I'll probably get some of it wrong, but the maintainers are pretty good with their responses, and will correct my wrongness in the pull request with helpful suggestions. David On Fri, Feb 17, 2023 at 10:15 AM Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> wrote: I find the CAS documentation increasingly difficult to use. It often seems impossible to find something you're looking for unless you already know where to look. For example, I'm trying to find out how I can specify the value for a requiredIpAddresses property. E.g. "cas.monitor.endpoints.endpoint.defaults.requiredIpAddresses". I know it can be a list, and each address can be specified with a regex, e.g. "10.10.10.[123]", but can it take a range or CIDR address? Specifying something like 10.10.10.64/26<http://10.10.10.64/26> gets kind of unwieldy and not as understandable when trying to do it with a traditional regex. Generally it's been super frustrating trying to find anything for cas.properties. The search function seems particularly useless unless there's some secret to it I'm missing. -- Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2UdLk-NCGwE7r6NjMXNeLXyV-PvBEsU%3DG%3Dm6qdC%2Bps1Q%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL2UdLk-NCGwE7r6NjMXNeLXyV-PvBEsU%3DG%3Dm6qdC%2Bps1Q%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkE%2BpJeo44VfAXG0hU_iAtZnCa0f-WjK5H5VLFr6E8qf9bA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAL3JkE%2BpJeo44VfAXG0hU_iAtZnCa0f-WjK5H5VLFr6E8qf9bA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKjCmQGfajZarWtkL3GDzyigZV2OXNGWCy1Wg%2BsVS2HUcg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKjCmQGfajZarWtkL3GDzyigZV2OXNGWCy1Wg%2BsVS2HUcg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0dmwg%3D0HryZAbAShiU%2BhNHbgzrtzVR3%2BAJ9H%2BR3UmyUA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0dmwg%3D0HryZAbAShiU%2BhNHbgzrtzVR3%2BAJ9H%2BR3UmyUA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKi85eKC9ohrGFPhq678xN%3Dq4bUvKmwnseO52BvjVZ9PZg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKi85eKC9ohrGFPhq678xN%3Dq4bUvKmwnseO52BvjVZ9PZg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1_rhK9aO_6jkeGJ6pdON1yjCZZRB6DRN%2Bixymd4pTcwA%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1_rhK9aO_6jkeGJ6pdON1yjCZZRB6DRN%2Bixymd4pTcwA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org<mailto:cas-user+u...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKiYVkb7wnkBmUti-1n%3DGE9QNFiMXzOY-SFcre3DNpB%2B7A%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKiYVkb7wnkBmUti-1n%3DGE9QNFiMXzOY-SFcre3DNpB%2B7A%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- Baron Fujimoto <ba...@hawaii.edu<mailto:ba...@hawaii.edu>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3edxZPY70%3DrvkG34hMJxrLSHk12TSxcjtoz9c_DoDEbw%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3edxZPY70%3DrvkG34hMJxrLSHk12TSxcjtoz9c_DoDEbw%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7840f86ac5114a8880298cddc059c522%40mun.ca.