When we start CAS 7, a number of warnings are logged. Advice on how to resolve them where feasible would be appreciated.
** WARN [com.hazelcast.cp.CPSubsystem] - <[cas.example.edu]:5701 [dev] [5.2.3] CP Subsystem is not enabled. CP data structures will operate in UNSAFE mode! Please note that UNSAFE mode will not provide strong consistency guarantees.> We've seen this in previous versions of CAS as well, but could never determine what the CP Subsystem was nor what if anything to do with this. ** WARN [org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration] - < Using generated security password: ******-****-****-****-************ This generated password is for development use only. Your security configuration must be updated before running your application in production. > Not sure where to find documentation for this or what property is relevant And finally, we have a bunch or these: ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/login**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/logout**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/validate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/serviceValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/p3/serviceValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/proxyValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/p3/proxyValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/proxy**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/v1**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/samlValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/webjars/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/themes/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/js/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/css/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/images/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/static/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/error']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/favicon.ico']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> ** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/actuator']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.> -- Baron Fujimoto <[email protected]> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1e6sRjAQfyP9uDdCCacknwGx4ouiUtgwLhm5k_nJvA1A%40mail.gmail.com.
