CAS 7 startup warnings

[Baron Fujimoto]

When we start CAS 7, a number of warnings are logged. Advice on how to resolve them where feasible would be appreciated.

** WARN [com.hazelcast.cp.CPSubsystem] - <[cas.example.edu]:5701 [dev] [5.2.3] CP Subsystem is not enabled. CP data structures will operate in UNSAFE mode! Please note that UNSAFE mode will not provide strong consistency guarantees.>

We've seen this in previous versions of CAS as well, but could never determine what the CP Subsystem was nor what if anything to do with this.

** WARN [org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration] - <
Using generated security password: ******-****-****-****-************
This generated password is for development use only. Your security configuration must be updated before running your application in production.
>

Not sure where to find documentation for this or what property is relevant

And finally, we have a bunch or these:

** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/login**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/logout**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/validate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/serviceValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/p3/serviceValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/proxyValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/p3/proxyValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/proxy**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/v1**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/samlValidate**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/webjars/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/themes/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/js/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/css/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/images/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/static/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/error']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/favicon.ico']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>
** WARN [org.springframework.security.config.annotation.web.builders.WebSecurity] - <You are asking Spring Security to ignore Mvc [pattern='/actuator']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.>

--

Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum

[Char Lin]

Hi.

Have you resolved this problem?

CAS 6.6.10 also experiences these warning logs.

[Baron Fujimoto]

I'm afraid not. Yours has been the first response. It would be nice to be able to resolve this.

[Noelette Stout]

This has actually been an issue for a while. See this previous thread where it is discussed: https://groups.google.com/a/apereo.org/g/cas-user/c/34PmxGJJCWU/m/z7DTosB-CQAJ

It's basically an internal message. It doesn't affect anything, and moreover, there's nothing you can do to "fix" it. After a year, I've gotten really good at ignoring it.