Endpoints access failure from 7.2-SNAPSHOT to 7.2-RC1
52 views
Skip to first unread message
Frédéric Dussurget
Oct 30, 2024, 12:51:58 PM10/30/24
to CAS Community
Hi,
I've got an issue when trying to access actuator endpoints after deploying compiled this version (gradle.properties) :
cas.version=7.2.0-RC1
springBootVersion=3.4.0-M3
springBootVersion=3.4.0-M3
Spring webflow and security logs say :
2024-10-30 15:20:04,791 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow mapping found for request with URI '/cas/actuator/health'>
2024-10-30 15:20:04,791 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow mapping found for request with URI '/cas/actuator/health'>
2024-10-30 15:20:04,791 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow mapping found for request with URI '/cas/actuator/health'>
2024-10-30 15:20:04,791 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /actuator/health>
2024-10-30 15:20:04,792 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Request: filter invocation [GET /actuator/health]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]>
2024-10-30 15:20:04,793 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext>
2024-10-30 15:20:04,793 DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <Saved request https://172.16.17.50/cas/actuator/health?continue to session>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <Trying to match using Or [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], And [Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@5ae646b0>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@7e017a3a>
2024-10-30 15:20:04,795 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /error>
2024-10-30 15:20:04,795 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Request: filter invocation [GET /error]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]>
2024-10-30 15:20:04,796 DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET /error>
2024-10-30 15:20:04,798 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext>
2024-10-30 15:20:04,791 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow mapping found for request with URI '/cas/actuator/health'>
2024-10-30 15:20:04,791 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - <No flow mapping found for request with URI '/cas/actuator/health'>
2024-10-30 15:20:04,791 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /actuator/health>
2024-10-30 15:20:04,792 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Request: filter invocation [GET /actuator/health]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]>
2024-10-30 15:20:04,793 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext>
2024-10-30 15:20:04,793 DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <Saved request https://172.16.17.50/cas/actuator/health?continue to session>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <Trying to match using Or [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], And [Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3fb51d90, matchingMediaTypes=[*/*], useEquals=true, ignoredMediaTypes=[]]]>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@5ae646b0>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]>
2024-10-30 15:20:04,794 DEBUG [org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint] - <No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@7e017a3a>
2024-10-30 15:20:04,795 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /error>
2024-10-30 15:20:04,795 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Request: filter invocation [GET /error]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]>
2024-10-30 15:20:04,796 DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET /error>
2024-10-30 15:20:04,798 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext>
But, with the same clone (no git checkout), juste changing the version in the gradle.properties file with this value :
cas.version=7.2.0-SNAPSHOT
and rebuilding, makes it work again : My endpoints can be accessed with AUTHENTICATED and IP_ADDRESS access types.
In this case, spring logs say :
2024-10-30 15:15:05,110 DEBUG [org.springframework.security.web.DefaultSecurityFilterChain] - <Will secure any request with filters: DisableEncodeUrlFilter, ChannelProcessingFilter, WebAsyncManagerIntegrationFilter, SecurityContextHolderFilter, CorsFilter, CsrfFilter, UsernamePasswordAuthenticationFilter, BasicAuthenticationFilter, RequestCacheAwareFilter, SecurityContextHolderAwareRequestFilter, AnonymousAuthenticationFilter, ExceptionTranslationFilter, AuthorizationFilter>2024-10-30 15:15:05,176 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /actuator/health>
2024-10-30 15:15:05,185 DEBUG [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Request: filter invocation [GET /actuator/health]; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]>
2024-10-30 15:15:05,211 DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET /actuator/health>
2024-10-30 15:15:05,282 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext>
I tried to play with springBootVersion to roll it back 3.4.0-M1 instead of M3, but it has no effect at all.
These logs concern the health endpoint, but all the other endpoints are concerned.
Regards,
Regards,
Frédéric Dussurget
Oct 31, 2024, 5:33:23 AM10/31/24
to CAS Community, Frédéric Dussurget
I found out that there is an issue with the 7.2-SNAPHOT and
management.endpoints.enabled-by-default key :
The use of configuration keys that have been renamed was found in the environment:
Property source 'bootstrapProperties-casCompositePropertySource':
Key: management.endpoints.enabled-by-default
Replacement: management.endpoints.access.default
Property source 'bootstrapProperties-casCompositePropertySource':
Key: management.endpoints.enabled-by-default
Replacement: management.endpoints.access.default
This key is available again with 7.2-RC1 ...
(for info 7.2-SNAPSHOT would have worked replacing
management.endpoints.enabled-by-default by management.endpoints.
access.default: unrestricted)
Frédéric Dussurget
Oct 31, 2024, 10:04:38 AM10/31/24
to CAS Community, Frédéric Dussurget
Ok, the explication is right there : https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.4.0-RC1-Release-Notes
We should expect soon configuration changes in cas.properties ...
Frédéric Dussurget
Nov 4, 2024, 11:33:59 AM11/4/24
to CAS Community, Frédéric Dussurget
Reply all
Reply to author
Forward
0 new messages