I just attempted to upgrade from 6.5 to 7.2 because of a bug preventing the 
change password workflow from working after adding MFA (this bug appears to 
have a fix in 7.2: https://github.com/apereo/cas/commit/
3010b6c2caf99d3f6f5888cb1aada3576eddc580).

 

But there appears to be a version conflict in ANTLR dependencies that I 
can’t seem to work around.  It stems from the fact that hibernate (as of 6) 
updated to ANTLR 4.10 (https://github.com/hibernate/
hibernate-orm/discussions/4975) which uses ATN version 4, but  cqengine has 
not yet done so (https://github.com/npgall/cqengine/issues/307) so it is 
still using ATN version 3.   When I look at my dependency tree I see:


[INFO] +- org.apereo.cas:cas-server-support-audit-jdbc:jar:7.2.0-RC3:runtime

[INFO] |  \- org.apereo.cas:cas-server-support-jpa-hibernate:jar:7.2.
0-RC3:runtime

[INFO] |     \- org.hibernate.orm:hibernate-core:jar:6.6.3.Final:runtime

[INFO] |        \- org.antlr:antlr4-runtime:jar:4.13.0:runtime

[INFO] \- org.apereo.cas:cas-server-support-json-service-registry:
jar:7.2.0-RC3:runtime

[INFO]    \- org.apereo.cas:cas-server-core-services-registry:jar:7.
2.0-RC3:runtime

[INFO]       \- com.googlecode.cqengine:cqengine:jar:3.6.0:runtime

[INFO]          \- (org.antlr:antlr4-runtime:jar:4.7.2:runtime - omitted 
for conflict with 4.13.0)

 

 

And when I run CAS with both dependencies, the moment my browsers 
transitions to the MFA (cas-server-support-gauth-jpa) screen, I see this 
error in my logs:


java.lang.RuntimeException: jakarta.servlet.ServletException: Request 
processing failed: 
org.springframework.webflow.execution.ActionExecutionException: 
Exception thrown executing org.apereo.cas.gauth.web.flow.
GoogleAuthenticatorPrepareLoginAction@45784074 in state 
'initializeLoginForm' of flow 'mfa-gauth' -- action execution attributes 
were 'map[[empty]]'

        at org.apereo.cas.web.support.filters.AbstractSecurityFilter.
throwException(AbstractSecurityFilter.java:42) 
~[cas-server-core-web-api-7.2.0-RC3.jar!/:7.2.0-RC3]

        at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilt
er.doFilter(ResponseHeadersEnforcementFilter.java:198) 
~[cas-server-core-web-api-7.2.0-RC3.jar!/:7.2.0-RC3]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.33.jar!/:?]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.33.jar!/:?]

...

Caused by: java.io.InvalidClassException: org.antlr.v4.runtime.atn.ATN; 
Could not deserialize ATN with version 4 (expected 3).

 

 

I am unsure how to proceed here.  I am not against attempting to 
contribute, but what would the proper contribution be?  Would we try to 
downgrade to a version of hibernate before 6?  Remove cqengine because the 
update to ATN 4 does not appear to be forthcoming?  Try to workaround the 
cqengine by using their shaded jar (https://github.com/npgall/
cqengine/issues/307#issuecomment-1437226922)?

Lucas

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0fccc337-2080-41cd-8ab6-4993e6064a59n%40apereo.org.

Reply via email to