I found out that there is an issue with the 7.2-SNAPHOT and
management.endpoints.enabled-by-default key :
The use of configuration keys that have been renamed was found in the
environment:
Property source 'bootstrapProperties-casCompositePropertySource':
Key: management.endpoints.enabled-by-default
Replacement: management.endpoints.access.default
This key is available again with 7.2-RC1 ...
(for info 7.2-SNAPSHOT would have worked replacing
management.endpoints.enabled-by-default by management.endpoints.
access.default: unrestricted)
Le mercredi 30 octobre 2024 à 17:51:58 UTC+1, Frédéric Dussurget a écrit :
> Hi,
> I've got an issue when trying to access actuator endpoints after deploying
> compiled this version (gradle.properties) :
> cas.version=7.2.0-RC1
> springBootVersion=3.4.0-M3
>
> Spring webflow and security logs say :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *2024-10-30 15:20:04,791 DEBUG
> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow
> mapping found for request with URI '/cas/actuator/health'>2024-10-30
> 15:20:04,791 DEBUG
> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow
> mapping found for request with URI '/cas/actuator/health'>2024-10-30
> 15:20:04,791 DEBUG
> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow
> mapping found for request with URI '/cas/actuator/health'>2024-10-30
> 15:20:04,791 DEBUG [org.springframework.security.web.FilterChainProxy] -
> <Securing GET /actuator/health>2024-10-30 15:20:04,792 DEBUG
> [org.springframework.security.web.access.channel.ChannelProcessingFilter] -
> <Request: filter invocation [GET /actuator/health]; ConfigAttributes:
> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:20:04,793 DEBUG
> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>
> - <Set SecurityContextHolder to anonymous SecurityContext>2024-10-30
> 15:20:04,793 DEBUG
> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
> <Saved request https://172.16.17.50/cas/actuator/health?continue
> <https://172.16.17.50/cas/actuator/health?continue> to session>2024-10-30
> 15:20:04,794 DEBUG
> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint]
>
> - <Trying to match using Or [RequestHeaderRequestMatcher
> [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest],
> And [Not [MediaTypeRequestMatcher
> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90,
>
> matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]],
> MediaTypeRequestMatcher
> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90,
>
> matchingMediaTypes=[application/atom+xml,
> application/x-www-form-urlencoded, application/json,
> application/octet-stream, application/xml, multipart/form-data, text/xml],
> useEquals=false, ignoredMediaTypes=[*/*]]], MediaTypeRequestMatcher
> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90,
>
> matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]>2024-10-30
> 15:20:04,794 DEBUG
> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint]
>
> - <Match found! Executing
> org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@5ae646b0>2024-10-30
>
> 15:20:04,794 DEBUG
> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint]
>
> - <Trying to match using RequestHeaderRequestMatcher
> [expectedHeaderName=X-Requested-With,
> expectedHeaderValue=XMLHttpRequest]>2024-10-30 15:20:04,794 DEBUG
> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint]
>
> - <No match found. Using default entry point
> org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@7e017a3a>2024-10-30
>
> 15:20:04,795 DEBUG [org.springframework.security.web.FilterChainProxy] -
> <Securing GET /error>2024-10-30 15:20:04,795 DEBUG
> [org.springframework.security.web.access.channel.ChannelProcessingFilter] -
> <Request: filter invocation [GET /error]; ConfigAttributes:
> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:20:04,796 DEBUG
> [org.springframework.security.web.FilterChainProxy] - <Secured GET
> /error>2024-10-30 15:20:04,798 DEBUG
> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>
> - <Set SecurityContextHolder to anonymous SecurityContext>*
>
> But, with the same clone (no git checkout), juste changing the version in
> the gradle.properties file with this value :
>
> cas.version=7.2.0-SNAPSHOT
>
> and rebuilding, makes it work again : My endpoints can be accessed with
> AUTHENTICATED and IP_ADDRESS access types.
>
> In this case, spring logs say :
>
>
>
>
> *2024-10-30 15:15:05,110 DEBUG
> [org.springframework.security.web.DefaultSecurityFilterChain] - <Will
> secure any request with filters: DisableEncodeUrlFilter,
> ChannelProcessingFilter, WebAsyncManagerIntegrationFilter,
> SecurityContextHolderFilter, CorsFilter, CsrfFilter,
> UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter,
> RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter,
> AnonymousAuthenticationFilter, ExceptionTranslationFilter,
> AuthorizationFilter>2024-10-30 15:15:05,176 DEBUG
> [org.springframework.security.web.FilterChainProxy] - <Securing GET
> /actuator/health>2024-10-30 15:15:05,185 DEBUG
> [org.springframework.security.web.access.channel.ChannelProcessingFilter] -
> <Request: filter invocation [GET /actuator/health]; ConfigAttributes:
> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:15:05,211 DEBUG
> [org.springframework.security.web.FilterChainProxy] - <Secured GET
> /actuator/health>*
> *2024-10-30 15:15:05,282 DEBUG
> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
>
> - <Set SecurityContextHolder to anonymous SecurityContext>*
>
> I tried to play with springBootVersion to roll it back 3.4.0-M1 instead of
> M3, but it has no effect at all.
> These logs concern the health endpoint, but all the other endpoints are
> concerned.
>
> Regards,
>
> Regards,
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fffc52bc-af5b-4d8d-848c-1f8270aa8db1n%40apereo.org.
