Re: [cas-user] Spring RCEs: Java 9+, Spring Framework

[harmeet singh]

Hi everyone,

I have gone through the blog post mentioned above, I see that spring 
version was updated from 5.3.9 to 5.3.18. However is there a need to update 
spring boot version as well from 2.5.4 to 2.5.12 ?

Thanks,
Harmeet

On Thursday, March 31, 2022 at 1:24:47 PM UTC-5 mmost...@gmail.com wrote:

> A patch just released
> https://apereo.github.io/2022/03/31/spring-vuln/
>
> On Thu, Mar 31, 2022 at 12:08 PM Baron Fujimoto  wrote:
>
>> I haven't seen any mention of this on the list yet, but it has been 
>> recently disclosed that applications based on Spring and Java9+ may be 
>> vulnerable to severe RCEs.
>>
>> Refs:
>> • <
>> https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
>> >
>> • 
>> • 
>>
>> It appears that CAS 6 may be vulnerable. Our CAS 6.3.7.4 at least appears 
>> to use spring-core-5.3.8.jar. Is there any info available on planned 
>> patches to address these issues?
>> -- 
>> Baron Fujimoto  :: UH Information Technology Services
>> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com
>>  
>> 
>> .
>>
>
>
> -- 
> Best Regards,
> Mohamed M. Aboulela 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0ed3b2d0-f18c-463d-8ca7-22e68edaa89cn%40apereo.org.

Re: [cas-user] Spring RCEs: Java 9+, Spring Framework

[Mohamed Abouelela]

A patch just released
https://apereo.github.io/2022/03/31/spring-vuln/

On Thu, Mar 31, 2022 at 12:08 PM Baron Fujimoto  wrote:

> I haven't seen any mention of this on the list yet, but it has been
> recently disclosed that applications based on Spring and Java9+ may be
> vulnerable to severe RCEs.
>
> Refs:
> • <
> https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement>
> • 
> • 
>
> It appears that CAS 6 may be vulnerable. Our CAS 6.3.7.4 at least appears
> to use spring-core-5.3.8.jar. Is there any info available on planned
> patches to address these issues?
> --
> Baron Fujimoto  :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com
> 
> .
>


-- 
Best Regards,
Mohamed M. Aboulela

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJqmctGAQMsEoce1PbdjX5XsRCP3VNfp%3DV-OqS8yu4M_sv-%3D2Q%40mail.gmail.com.

[cas-user] Spring RCEs: Java 9+, Spring Framework

[Baron Fujimoto]

I haven't seen any mention of this on the list yet, but it has been
recently disclosed that applications based on Spring and Java9+ may be
vulnerable to severe RCEs.

Refs:
• 
• 
• 

It appears that CAS 6 may be vulnerable. Our CAS 6.3.7.4 at least appears
to use spring-core-5.3.8.jar. Is there any info available on planned
patches to address these issues?
-- 
Baron Fujimoto  :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com.

Re: [cas-user] Re: Migrating services from version 5 to 6

[fjannin4]

Thank you for the response.

We actually use CAS Management application, and I will follow your 
suggestion.


We have a bunch of services  to migrate : 140+, with their own contacts, 
policies and release attriibute settings.


I have tried the actuator end point /services from CAS Server , wich 
export all services in one file, but  JSON format seems different from 
the import format used in CAS 6.4.


i will try the management application way, with hopefully more success...

Best regards

Francois

Le 31/03/2022 à 17:35, 'Richard Frovarp' via CAS Community a écrit :
The tables in the post are for the service registry. If you don't 
migrate those, you will have to reconfigure from scratch.


I do not know what the plans are for the project with respect to the 
service registry. It's changed a bit between versions, and usually 
seems like a pain. We made the change in a previous upgrade to just 
drop JSON files on the filesystem and have CAS pick those up. It keeps 
us free of changes in the JPA method (which we had been using), and 
free from management app changes. In addition, we can keep service 
configuration in git, which is extremely nice.


What I gather from that post is you are going to need to change the 
source code of RegisteredServicesReportController either changing that 
method, or adding that method. Looks like it is adding the method. 
Compile, put into your deployment (or download your DB and run 
locally), and then hit that point to get the exported JSON services. 
If you are running the management application in 5.3, I think you can 
export services as JSON as well, just by clicking a bunch of times and 
possibly doing copy and paste. Depending on your number of services, 
it might be simpler to just export via the management application, 
which I'm assuming that you are using. That would save you from 
editing code and having to deploy a new class file.


Richard

On 3/31/22 09:32, Pablo Vidaurri wrote:
There is no need to migrate the data. These tables are for various 
type of tickets. Worst case when you cut over to v6.4 your users will 
have to login again.


-psv


On Wednesday, March 30, 2022 at 9:43:58 AM UTC-5 fjan...@gmail.com wrote:

Hi,

I need to migrate JPA service registry  from Apereo CAS 5.2.2 to
6.4,
but in this last version , data structures seem to have been
replaced by
just one table with flat JSON field in a column : no more
relationnal
structure, or I missed something.
Has anyone here observe the same ?
If the JPA migration is not possible, does it mean I have to use
JSON in
any way ?

The best hit had met my searches till now is this page :
https://fawnoos.com/2021/01/19/cas53-service-registry-migration-to-cas63/

But its content is pretty elliptic and I don't see where to apply
the
snippet showed in it :  I have an installation based on cas-overlay,
there is no  java file named RegisteredServicesReportController to
override...

In short my purpose is as follow : migration services from JPA to
JSON

Does anyone faced the same issue ?

Thanks a lot for any clue.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, 
send an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/133c5bb4-c6cd-4ec6-bf46-e1deaad1ffc4n%40apereo.org 
.



--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75ef5b42-d3b7-366b-8b5b-c784e578b5a2%40ndsu.edu 
.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

[cas-user] Re: Trouble CAS 6.3.x autowire JPA Repository Beans

[Yan]

Hi,

If  JPA worked for you in 6.3 but not in 6.4, you may have a different
problem than I had.

JPA Repository does work for me in 6.4.4.,  this is what I did.  under
project's  resources/META-INF/spring.components,  I explicitly spelled out
all Repo and Entity classes.

==  these are my classes ==


com...model.CasUserPwdresEventRepository=org.springframework.data.repository.Repository
com...model.CasUser=javax.persistence.Entity=javax.persistence.Entity
...

==

Like i said, this would be the same for 6.3 and 6.4.

Yan

On Thu, Mar 31, 2022 at 10:42 AM Pablo Vidaurri 
wrote:

> I'm still having trouble with this.
>
> Has anyone upgraded to 6.4.x or above with jpa repository classes?
>
> It's as if  @EnableJpaRepositories is being ignored.
>
> On Tuesday, March 1, 2022 at 10:05:41 AM UTC-6 Pablo Vidaurri wrote:
>
>> Hi Yan, have you tried this with CAS 6.4.5 which uses SpringBoot 2.5.4? I
>> am seeing issues finding my repositiory beans, I have not been able to get
>> it working. All continue to works with 6.3.7.4.
>>
>> On Monday, August 30, 2021 at 12:16:38 PM UTC-5 Yan Zhou wrote:
>>
>>> Hello,
>>>
>>> CAS6 and CAS5 are different, but they both disable
>>> DataSourceAutoConfiguration, so we need to configure database ourselves.
>>>
>>> this is what I do.  under org.apereo.cas.config package.  And then,
>>> under spring.factories, include it in auto-configuration:
>>>
>>> org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
>>> MyConfiguration
>>>
>>> Hope that works.
>>>
>>> Yan
>>>
>>> @Configuration("MyDatabaseConfiguration")
>>> @EnableJpaRepositories(
>>>entityManagerFactoryRef = "entityManagerFactory",
>>>basePackages = { "."}  // packages where
>>> repository live
>>> )
>>> public class MyDatabaseConfiguration  {
>>> private static final Logger logger =
>>> LoggerFactory.getLogger(QuestDatabaseConfiguration.class);
>>>
>>>
>>> @Bean(name = "casDataSource")
>>> protected DataSource casDS() {
>>> try {
>>> JndiObjectFactoryBean bean = new JndiObjectFactoryBean();
>>> bean.setJndiName("java:comp/.");
>>> bean.setProxyInterface(DataSource.class);
>>> bean.setLookupOnStartup(false);
>>> bean.afterPropertiesSet();
>>> return (DataSource)bean.getObject();
>>> } catch (Exception ex) {
>>> logger.error("Cannot find datasource.", ex);
>>> return null;
>>> }
>>> }
>>>
>>> @Bean(name = "entityManagerFactory")
>>> public EntityManagerFactory entityManagerFactory() {
>>> HibernateJpaVendorAdapter vendorAdapter = new
>>> HibernateJpaVendorAdapter();
>>>
>>> LocalContainerEntityManagerFactoryBean factory = new
>>> LocalContainerEntityManagerFactoryBean();
>>> factory.setJpaVendorAdapter(vendorAdapter);
>>> factory.setJpaProperties(additionalProperties());
>>>
>>> // packages where entities live
>>> factory.setPackagesToScan(new String[] {"..."});
>>>
>>> factory.setDataSource(casDS());
>>> factory.afterPropertiesSet();
>>>
>>> return factory.getObject();
>>> }
>>>
>>> Properties additionalProperties() {
>>> Properties properties = new Properties();
>>> properties.setProperty(
>>>   "hibernate.dialect", "org.hibernate.dialect.Oracle10gDialect");
>>>
>>> return properties;
>>> }
>>>
>>> @Bean
>>> public PlatformTransactionManager transactionManager(
>>> @Qualifier("entityManagerFactory") EntityManagerFactory emf) {
>>> JpaTransactionManager txManager = new JpaTransactionManager();
>>> txManager.setEntityManagerFactory(emf);
>>> return txManager;
>>> }
>>>
>>>
>>> On Mon, Aug 30, 2021 at 4:12 AM Ivan Green  wrote:
>>>
 Hello!

 I would be very grateful for your help.

 Faced the same problem on CAS 5.2.3.

 I am using spring data jpa.

 In the application.properties file, I described the connection to the
 database through the standard:

 spring.datasource.url =
 spring.datasource.username =
 spring.datasource.password =
 spring.jpa.show-sql =
 spring.jpa.hibernate.ddl-auto =
 spring.jpa.properties.hibernate.dialect =

 Next, I created entities and repository extends CrudRepository.

 When trying to @Autowired my repos in services, I get a
 NoSuchBeanDefinition error.

 The configuration goes through the spring.factories file:

 org.springframework.boot.autoconfigure.EnableAutoConfiguration =
 ru.test.security.core.cas.config.CasMainPropertiesConfig

 CasMainPropertiesConfig, which contains:

 @Configuration ("ConfigurationName")
 @EnableConfigurationProperties (CasConfigurationProperties.class)
 @ComponentScan ("ru.test.security.core")
 @PropertySource ("file: C /.../ cas.standalone.properties")
 public class CasMainPropertiesConfig {

 }

 When trying to insert @EnableJpaRepository or @EntityScan here, the
 application simply does not 

Re: [cas-user] Re: Migrating services from version 5 to 6

[Pablo Vidaurri]

Ah, sorry ... service registry, not ticket registry.

I keep service JSON files so I dont have to deal with table changes. I 
never saw the benefit of loading services in DB as I don't want others with 
access to fudge with the config and placing the services files in git is 
convenient for disaster recovery and tracking changes. 

On Thursday, March 31, 2022 at 10:35:59 AM UTC-5 richard.frovarp wrote:

> The tables in the post are for the service registry. If you don't migrate 
> those, you will have to reconfigure from scratch. 
>
> I do not know what the plans are for the project with respect to the 
> service registry. It's changed a bit between versions, and usually seems 
> like a pain. We made the change in a previous upgrade to just drop JSON 
> files on the filesystem and have CAS pick those up. It keeps us free of 
> changes in the JPA method (which we had been using), and free from 
> management app changes. In addition, we can keep service configuration in 
> git, which is extremely nice.
>
> What I gather from that post is you are going to need to change the source 
> code of RegisteredServicesReportController either changing that method, or 
> adding that method. Looks like it is adding the method. Compile, put into 
> your deployment (or download your DB and run locally), and then hit that 
> point to get the exported JSON services. If you are running the management 
> application in 5.3, I think you can export services as JSON as well, just 
> by clicking a bunch of times and possibly doing copy and paste. Depending 
> on your number of services, it might be simpler to just export via the 
> management application, which I'm assuming that you are using. That would 
> save you from editing code and having to deploy a new class file.
>
> Richard
>
> On 3/31/22 09:32, Pablo Vidaurri wrote:
>
> There is no need to migrate the data. These tables are for various type of 
> tickets. Worst case when you cut over to v6.4 your users will have to login 
> again. 
>
> -psv
>
>
> On Wednesday, March 30, 2022 at 9:43:58 AM UTC-5 fjan...@gmail.com wrote:
>
>> Hi, 
>>
>> I need to migrate JPA service registry  from Apereo CAS  5.2.2 to 6.4, 
>> but in this last version , data structures seem to have been replaced by 
>> just one table with flat JSON field in a column : no more relationnal 
>> structure, or I missed something. 
>> Has anyone here observe the same ? 
>> If the JPA migration is not possible, does it mean I have to use JSON in 
>> any way ? 
>>
>> The best hit had met my searches till now is this page : 
>> https://fawnoos.com/2021/01/19/cas53-service-registry-migration-to-cas63/ 
>> But its content is pretty elliptic and I don't see where to apply the 
>> snippet showed in it :  I have an installation based on cas-overlay,  
>> there is no  java file named RegisteredServicesReportController to 
>> override... 
>>
>> In short my purpose is as follow : migration services from JPA to JSON 
>>
>> Does anyone faced the same issue ? 
>>
>> Thanks a lot for any clue. 
>>
>>
>> -- 
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/133c5bb4-c6cd-4ec6-bf46-e1deaad1ffc4n%40apereo.org
>  
> 
> .
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2af82db-9368-4c3b-969b-faa94f204bfdn%40apereo.org.

Re: [cas-user] Re: Migrating services from version 5 to 6

['Richard Frovarp' via CAS Community]

The tables in the post are for the service registry. If you don't 
migrate those, you will have to reconfigure from scratch.


I do not know what the plans are for the project with respect to the 
service registry. It's changed a bit between versions, and usually seems 
like a pain. We made the change in a previous upgrade to just drop JSON 
files on the filesystem and have CAS pick those up. It keeps us free of 
changes in the JPA method (which we had been using), and free from 
management app changes. In addition, we can keep service configuration 
in git, which is extremely nice.


What I gather from that post is you are going to need to change the 
source code of RegisteredServicesReportController either changing that 
method, or adding that method. Looks like it is adding the method. 
Compile, put into your deployment (or download your DB and run locally), 
and then hit that point to get the exported JSON services. If you are 
running the management application in 5.3, I think you can export 
services as JSON as well, just by clicking a bunch of times and possibly 
doing copy and paste. Depending on your number of services, it might be 
simpler to just export via the management application, which I'm 
assuming that you are using. That would save you from editing code and 
having to deploy a new class file.


Richard

On 3/31/22 09:32, Pablo Vidaurri wrote:
There is no need to migrate the data. These tables are for various 
type of tickets. Worst case when you cut over to v6.4 your users will 
have to login again.


-psv


On Wednesday, March 30, 2022 at 9:43:58 AM UTC-5 fjan...@gmail.com wrote:

Hi,

I need to migrate JPA service registry  from Apereo CAS  5.2.2 to
6.4,
but in this last version , data structures seem to have been
replaced by
just one table with flat JSON field in a column : no more relationnal
structure, or I missed something.
Has anyone here observe the same ?
If the JPA migration is not possible, does it mean I have to use
JSON in
any way ?

The best hit had met my searches till now is this page :
https://fawnoos.com/2021/01/19/cas53-service-registry-migration-to-cas63/

But its content is pretty elliptic and I don't see where to apply the
snippet showed in it :  I have an installation based on cas-overlay,
there is no  java file named RegisteredServicesReportController to
override...

In short my purpose is as follow : migration services from JPA to
JSON

Does anyone faced the same issue ?

Thanks a lot for any clue.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google 
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/133c5bb4-c6cd-4ec6-bf46-e1deaad1ffc4n%40apereo.org 
.


--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/75ef5b42-d3b7-366b-8b5b-c784e578b5a2%40ndsu.edu.

[cas-user] Re: Trouble CAS 6.3.x autowire JPA Repository Beans

[Pablo Vidaurri]

I'm still having trouble with this.

Has anyone upgraded to 6.4.x or above with jpa repository classes?

It's as if  @EnableJpaRepositories is being ignored.

On Tuesday, March 1, 2022 at 10:05:41 AM UTC-6 Pablo Vidaurri wrote:

> Hi Yan, have you tried this with CAS 6.4.5 which uses SpringBoot 2.5.4? I 
> am seeing issues finding my repositiory beans, I have not been able to get 
> it working. All continue to works with 6.3.7.4.
>
> On Monday, August 30, 2021 at 12:16:38 PM UTC-5 Yan Zhou wrote:
>
>> Hello,
>>
>> CAS6 and CAS5 are different, but they both disable 
>> DataSourceAutoConfiguration, so we need to configure database ourselves. 
>>
>> this is what I do.  under org.apereo.cas.config package.  And then,  
>> under spring.factories, include it in auto-configuration: 
>>
>> org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
>> MyConfiguration
>>
>> Hope that works.
>>
>> Yan
>>
>> @Configuration("MyDatabaseConfiguration")
>> @EnableJpaRepositories(
>>entityManagerFactoryRef = "entityManagerFactory",
>>basePackages = { "."}  // packages where 
>> repository live 
>> )
>> public class MyDatabaseConfiguration  {
>> private static final Logger logger = 
>> LoggerFactory.getLogger(QuestDatabaseConfiguration.class);
>>
>>
>> @Bean(name = "casDataSource")
>> protected DataSource casDS() {
>> try {
>> JndiObjectFactoryBean bean = new JndiObjectFactoryBean();
>> bean.setJndiName("java:comp/.");
>> bean.setProxyInterface(DataSource.class);
>> bean.setLookupOnStartup(false);
>> bean.afterPropertiesSet(); 
>> return (DataSource)bean.getObject();
>> } catch (Exception ex) {
>> logger.error("Cannot find datasource.", ex);
>> return null; 
>> }
>> }  
>>
>> @Bean(name = "entityManagerFactory")
>> public EntityManagerFactory entityManagerFactory() {
>> HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
>>
>> LocalContainerEntityManagerFactoryBean factory = new 
>> LocalContainerEntityManagerFactoryBean();
>> factory.setJpaVendorAdapter(vendorAdapter);
>> factory.setJpaProperties(additionalProperties());
>>
>> // packages where entities live
>> factory.setPackagesToScan(new String[] {"..."});
>>
>> factory.setDataSource(casDS());
>> factory.afterPropertiesSet();
>>
>> return factory.getObject();
>> }
>>
>> Properties additionalProperties() {
>> Properties properties = new Properties();
>> properties.setProperty(
>>   "hibernate.dialect", "org.hibernate.dialect.Oracle10gDialect");
>>  
>> return properties;
>> }
>>
>> @Bean
>> public PlatformTransactionManager transactionManager(
>> @Qualifier("entityManagerFactory") EntityManagerFactory emf) {
>> JpaTransactionManager txManager = new JpaTransactionManager();
>> txManager.setEntityManagerFactory(emf);
>> return txManager;
>> }
>>
>>
>> On Mon, Aug 30, 2021 at 4:12 AM Ivan Green  wrote:
>>
>>> Hello!
>>>
>>> I would be very grateful for your help.
>>>
>>> Faced the same problem on CAS 5.2.3.
>>>
>>> I am using spring data jpa.
>>>
>>> In the application.properties file, I described the connection to the 
>>> database through the standard:
>>>
>>> spring.datasource.url =
>>> spring.datasource.username =
>>> spring.datasource.password =
>>> spring.jpa.show-sql =
>>> spring.jpa.hibernate.ddl-auto =
>>> spring.jpa.properties.hibernate.dialect =
>>>
>>> Next, I created entities and repository extends CrudRepository.
>>>
>>> When trying to @Autowired my repos in services, I get a 
>>> NoSuchBeanDefinition error. 
>>>
>>> The configuration goes through the spring.factories file:
>>>
>>> org.springframework.boot.autoconfigure.EnableAutoConfiguration = 
>>> ru.test.security.core.cas.config.CasMainPropertiesConfig
>>>
>>> CasMainPropertiesConfig, which contains:
>>>
>>> @Configuration ("ConfigurationName")
>>> @EnableConfigurationProperties (CasConfigurationProperties.class)
>>> @ComponentScan ("ru.test.security.core")
>>> @PropertySource ("file: C /.../ cas.standalone.properties")
>>> public class CasMainPropertiesConfig {
>>>
>>> }
>>>
>>> When trying to insert @EnableJpaRepository or @EntityScan here, the 
>>> application simply does not start with an error:
>>>
>>> [org.apereo.cas.web.CasWebApplicationContext] - >> during context initialization - cancelling refresh attempt: 
>>> org.springframework.beans.factory.BeanDefinitionStoreException: Failed to 
>>> process import candidates for configuration class [org.apereo.cas.web. 
>>> CasWebApplication]; nested exception is java.lang.NoClassDefFoundError: org 
>>> / springframework / data / repository / config / BootstrapMode>
>>>
>>> What's going wrong? Tried adding -Dspring.index.ignore = true to run and 
>>> nothing changes.
>>>
>>> I hope very much for your help.
>>>
>>> суббота, 15 мая 2021 г. в 00:10:12 UTC+3, Yan Zhou: 
>>>
 I figured out before I was about to give up.  All I had to do is:   

[cas-user] Re: Migrating services from version 5 to 6

[Pablo Vidaurri]

There is no need to migrate the data. These tables are for various type of 
tickets. Worst case when you cut over to v6.4 your users will have to login 
again.

-psv


On Wednesday, March 30, 2022 at 9:43:58 AM UTC-5 fjan...@gmail.com wrote:

> Hi,
>
> I need to migrate JPA service registry  from Apereo CAS  5.2.2 to 6.4, 
> but in this last version , data structures seem to have been replaced by 
> just one table with flat JSON field in a column : no more relationnal 
> structure, or I missed something.
> Has anyone here observe the same ?
> If the JPA migration is not possible, does it mean I have to use JSON in 
> any way ?
>
> The best hit had met my searches till now is this page : 
> https://fawnoos.com/2021/01/19/cas53-service-registry-migration-to-cas63/
> But its content is pretty elliptic and I don't see where to apply the 
> snippet showed in it :  I have an installation based on cas-overlay,  
> there is no  java file named RegisteredServicesReportController to 
> override...
>
> In short my purpose is as follow : migration services from JPA to JSON
>
> Does anyone faced the same issue ?
>
> Thanks a lot for any clue.
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/133c5bb4-c6cd-4ec6-bf46-e1deaad1ffc4n%40apereo.org.

[cas-user] [CAS 6.2.2 ] invalid SAML 2 HTTP Redirect message

[Olivier Podeur]

Hello,

This error occurs when I want to connect to an IDP with SAML V2. It happens 
only with Firefox not with Chrome.

Do you have an idea about this error ?

Best regards.

Olivier


org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or 
SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message   
 at 
org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:114)
 
   at 
org.opensaml.messaging.decoder.AbstractMessageDecoder.decode(AbstractMessageDecoder.java:56)
 
   at 
org.opensaml.messaging.decoder.servlet.AbstractHttpServletRequestMessageDecoder.decode(AbstractHttpServletRequestMessageDecoder.java:53)
 
   at 
org.opensaml.messaging.decoder.servlet.BaseHttpServletRequestXMLMessageDecoder.decode(BaseHttpServletRequestXMLMessageDecoder.java:69)
 
   at 
org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor.extract(DefaultSSOSamlHttpRequestExtractor.java:44)
 
   at 
org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor$$FastClassBySpringCGLIB$$c80756f9.invoke()
 
   at 
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)   
 at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)
 
   at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 
   at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
 
   at 
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
 
   at 
org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:135)
 
   at jdk.internal.reflect.GeneratedMethodAccessor219.invoke(Unknown 
Source)at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
   at java.base/java.lang.reflect.Method.invoke(Method.java:566)at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644)
 
   at 
org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633)
 
   at 
org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
 
   at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
 
   at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
 
   at 
org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)
 
   at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
 
   at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
 
   at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
 
   at 
org.apereo.cas.support.saml.web.idp.profile.sso.request.DefaultSSOSamlHttpRequestExtractor$$EnhancerBySpringCGLIB$$73628216.extract()
 
   at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController.handleSsoPostProfileRequest(SSOSamlIdPPostSimpleSignProfileHandlerController.java:69)
 
   at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController.handleSaml2ProfileSsoRedirectRequest(SSOSamlIdPPostSimpleSignProfileHandlerController.java:40)
 
   at jdk.internal.reflect.GeneratedMethodAccessor872.invoke(Unknown 
Source)at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
   at java.base/java.lang.reflect.Method.invoke(Method.java:566)at 
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) 
   at 
org.springframework.cloud.context.scope.GenericScope$LockedScopedProxyFactoryBean.invoke(GenericScope.java:499)
 
   at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
 
   at 
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
 
   at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
 
   at 
org.apereo.cas.support.saml.web.idp.profile.sso.SSOSamlIdPPostSimpleSignProfileHandlerController$$EnhancerBySpringCGLIB$$f8dff110.handleSaml2ProfileSsoRedirectRequest()
 
   at jdk.internal.reflect.GeneratedMethodAccessor872.invoke(Unknown 
Source)at 
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
   at java.base/java.lang.reflect.Method.invoke(Method.java:566)at 
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
 
   

[cas-user] Re: DB auth and accessStrategy with it.

[artur mis]

Case solved.  When i had aded to DB column  named memberof with value: 
GRP1,GRP2 it was  possibe to prepare pollice  acces to filter by group. 

On Wednesday, March 30, 2022 at 11:20:50 AM UTC+2 artur mis wrote:

> - I have got DB mysql handler to auth users and AD.
> - DB  mysql table has got  memberof column and others like pass etc . 
> Cell  memberof has "GRP1" value. I'm testing this by:
>  servis-1.json
> "requiredAttributes" : {
>  "@class" : "java.util.HashMap",
>  "memberOf" : [ "java.util.HashSet", [ "CN=maskeddata", "GRP1" ] ]
> }
>
>
> First value in hasset is  "CN=maskeddata".This is policy  for users coming 
> from  DB  hander directly from AD. And all above works. I would like  to 
> add second... group  to  mysql table .I think that column  memberof for 
> user kowalski could have
> db table
> -
> login| memberfof
> kowalski| "GRP1","GRP2"
> ann|"GRP1"
>
> The question is how to prepare content  of cell memberof for user who has 
> 2 groups to coowork what is in Haset in json file.
>
>
> Policy could look like this for testing  memeber of and this is ok.
>
>"memberOf" : [ "java.util.HashSet", [ "CN=maskeddata", "GRP1" ,"GRP2" ] 
> ] 
>
>
>
> Best Regards. 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ded83963-3829-4d83-881b-40957a725036n%40apereo.org.