Ok, the explication is right there : https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4.0-RC1-Release-Notes
We should expect soon configuration changes in cas.properties ... Le jeudi 31 octobre 2024 à 10:33:23 UTC+1, Frédéric Dussurget a écrit : > I found out that there is an issue with the 7.2-SNAPHOT and > management.endpoints.enabled-by-default key : > The use of configuration keys that have been renamed was found in the > environment: > > Property source 'bootstrapProperties-casCompositePropertySource': > Key: management.endpoints.enabled-by-default > Replacement: management.endpoints.access.default > > This key is available again with 7.2-RC1 ... > > (for info 7.2-SNAPSHOT would have worked replacing > management.endpoints.enabled-by-default by management.endpoints. > access.default: unrestricted) > > Le mercredi 30 octobre 2024 à 17:51:58 UTC+1, Frédéric Dussurget a écrit : > >> Hi, >> I've got an issue when trying to access actuator endpoints after >> deploying compiled this version (gradle.properties) : >> cas.version=7.2.0-RC1 >> springBootVersion=3.4.0-M3 >> >> Spring webflow and security logs say : >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *2024-10-30 15:20:04,791 DEBUG >> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow >> mapping found for request with URI '/cas/actuator/health'>2024-10-30 >> 15:20:04,791 DEBUG >> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow >> mapping found for request with URI '/cas/actuator/health'>2024-10-30 >> 15:20:04,791 DEBUG >> [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow >> mapping found for request with URI '/cas/actuator/health'>2024-10-30 >> 15:20:04,791 DEBUG [org.springframework.security.web.FilterChainProxy] - >> <Securing GET /actuator/health>2024-10-30 15:20:04,792 DEBUG >> [org.springframework.security.web.access.channel.ChannelProcessingFilter] - >> <Request: filter invocation [GET /actuator/health]; ConfigAttributes: >> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:20:04,793 DEBUG >> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >> >> - <Set SecurityContextHolder to anonymous SecurityContext>2024-10-30 >> 15:20:04,793 DEBUG >> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - >> <Saved request https://172.16.17.50/cas/actuator/health?continue >> <https://172.16.17.50/cas/actuator/health?continue> to session>2024-10-30 >> 15:20:04,794 DEBUG >> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >> >> - <Trying to match using Or [RequestHeaderRequestMatcher >> [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], >> And [Not [MediaTypeRequestMatcher >> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, >> >> matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], >> MediaTypeRequestMatcher >> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, >> >> matchingMediaTypes=[application/atom+xml, >> application/x-www-form-urlencoded, application/json, >> application/octet-stream, application/xml, multipart/form-data, text/xml], >> useEquals=false, ignoredMediaTypes=[*/*]]], MediaTypeRequestMatcher >> [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, >> >> matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]>2024-10-30 >> 15:20:04,794 DEBUG >> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >> >> - <Match found! Executing >> org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@5ae646b0>2024-10-30 >> >> 15:20:04,794 DEBUG >> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >> >> - <Trying to match using RequestHeaderRequestMatcher >> [expectedHeaderName=X-Requested-With, >> expectedHeaderValue=XMLHttpRequest]>2024-10-30 15:20:04,794 DEBUG >> [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] >> >> - <No match found. Using default entry point >> org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@7e017a3a>2024-10-30 >> >> 15:20:04,795 DEBUG [org.springframework.security.web.FilterChainProxy] - >> <Securing GET /error>2024-10-30 15:20:04,795 DEBUG >> [org.springframework.security.web.access.channel.ChannelProcessingFilter] - >> <Request: filter invocation [GET /error]; ConfigAttributes: >> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:20:04,796 DEBUG >> [org.springframework.security.web.FilterChainProxy] - <Secured GET >> /error>2024-10-30 15:20:04,798 DEBUG >> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >> >> - <Set SecurityContextHolder to anonymous SecurityContext>* >> >> But, with the same clone (no git checkout), juste changing the version in >> the gradle.properties file with this value : >> >> cas.version=7.2.0-SNAPSHOT >> >> and rebuilding, makes it work again : My endpoints can be accessed with >> AUTHENTICATED and IP_ADDRESS access types. >> >> In this case, spring logs say : >> >> >> >> >> *2024-10-30 15:15:05,110 DEBUG >> [org.springframework.security.web.DefaultSecurityFilterChain] - <Will >> secure any request with filters: DisableEncodeUrlFilter, >> ChannelProcessingFilter, WebAsyncManagerIntegrationFilter, >> SecurityContextHolderFilter, CorsFilter, CsrfFilter, >> UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter, >> RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, >> AnonymousAuthenticationFilter, ExceptionTranslationFilter, >> AuthorizationFilter>2024-10-30 15:15:05,176 DEBUG >> [org.springframework.security.web.FilterChainProxy] - <Securing GET >> /actuator/health>2024-10-30 15:15:05,185 DEBUG >> [org.springframework.security.web.access.channel.ChannelProcessingFilter] - >> <Request: filter invocation [GET /actuator/health]; ConfigAttributes: >> [REQUIRES_SECURE_CHANNEL]>2024-10-30 15:15:05,211 DEBUG >> [org.springframework.security.web.FilterChainProxy] - <Secured GET >> /actuator/health>* >> *2024-10-30 15:15:05,282 DEBUG >> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >> >> - <Set SecurityContextHolder to anonymous SecurityContext>* >> >> I tried to play with springBootVersion to roll it back 3.4.0-M1 instead >> of M3, but it has no effect at all. >> These logs concern the health endpoint, but all the other endpoints are >> concerned. >> >> Regards, >> >> Regards, >> > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/46b0ab6d-f252-46f1-9424-3df8b31e76a9n%40apereo.org.
