CAS 6.4.6 to 6.4.6.2 update fails during bean initialisation
389 views
Skip to first unread message
Dhanesh Kumar
Apr 7, 2022, 12:17:08 PM4/7/22
to CAS Community
Hi
Have been using CAS 6.4.6 version with cas-server-core-rest*.jar and have been successfully using all the required functionalities without any issues.
Due to recent Spring vulnerability CVE-2022-22965, had updated the version to 6.4.6.2 which had the Spring version update and started hitting startup issues during startup related to bean initialisation.
Can you give some pointers on how to fix the same?
Stacktrace:
2022-04-07 09:59:37,525 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'serviceTicketResource' defined in class path resource [org/apereo/cas/config/CasRestConfiguration.class]:
Bean instantiation via factory method failed;
nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.resources.ServiceTicketResource]:
Factory method 'serviceTicketResource' threw exception;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'restHttpRequestCredentialFactory' defined in class path resource [org/apereo/cas/rest/config/CasCoreRestConfiguration.class]:
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.rest.factory.RestHttpRequestCredentialFactory]:
Factory method 'restHttpRequestCredentialFactory' threw exception; nested exception is java.lang.ClassCastException: class com.sun.proxy.$Proxy282 cannot be cast to class org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer (com.sun.proxy.$Proxy282 and org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @3cbbc1e0)>
Error creating bean with name 'serviceTicketResource' defined in class path resource [org/apereo/cas/config/CasRestConfiguration.class]:
Bean instantiation via factory method failed;
nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.resources.ServiceTicketResource]:
Factory method 'serviceTicketResource' threw exception;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'restHttpRequestCredentialFactory' defined in class path resource [org/apereo/cas/rest/config/CasCoreRestConfiguration.class]:
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.rest.factory.RestHttpRequestCredentialFactory]:
Factory method 'restHttpRequestCredentialFactory' threw exception; nested exception is java.lang.ClassCastException: class com.sun.proxy.$Proxy282 cannot be cast to class org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer (com.sun.proxy.$Proxy282 and org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @3cbbc1e0)>
Message has been deleted
Dhanesh Kumar
Apr 8, 2022, 5:57:38 AM4/8/22
to CAS Community, Dhanesh Kumar
Hi
Seems like when we remove 'cas-server-support-rest-x509-*.jar', the startup is fine.
Also noticed that with the jar added, X509 bean is trying to get registered twice and failing during the second iteration which is getting passed when using older version of Spring framework.
Additional stacktrace:
2022-04-07 16:47:58,902 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <building REST credential factory from [[org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3]]>
Seems like when we remove 'cas-server-support-rest-x509-*.jar', the startup is fine.
Also noticed that with the jar added, X509 bean is trying to get registered twice and failing during the second iteration which is getting passed when using older version of Spring framework.
Additional stacktrace:
2022-04-07 16:47:58,902 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <building REST credential factory from [[org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3]]>
2022-04-07 16:47:58,903 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1489/0x0000000100d06840@79c849c7]>
2022-04-07 16:47:58,905 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1490/0x0000000100d06c40@457b8fc3]>
2022-04-07 16:47:58,910 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@8c3b634], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]>
2022-04-07 16:47:58,917 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceTicketResource' defined in class path resource [org/apereo/cas/config/CasRestConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.resources.ServiceTicketResource]: Factory method 'serviceTicketResource' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'restHttpRequestCredentialFactory' defined in class path resource [org/apereo/cas/rest/config/CasCoreRestConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.rest.factory.RestHttpRequestCredentialFactory]: Factory method 'restHttpRequestCredentialFactory' threw exception; nested exception is java.lang.ClassCastException: class com.sun.proxy.$Proxy282 cannot be cast to class org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer (com.sun.proxy.$Proxy282 and org.apereo.cas.rest.plan.RestHttpRequestCredentialFactoryConfigurer are in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @3cbbc1e0)>
Ray Bon
Apr 8, 2022, 12:34:04 PM4/8/22
to cas-...@apereo.org, dhane...@gmail.com
Dhanesh,
Could be conflicting libraries.
Print the dependencies and search for duplicates with different versions (or maybe diff dependencies with and without rest-x509).
$ ./gradlew dependencies > dependencies.out
Ray
On Fri, 2022-04-08 at 02:57 -0700, Dhanesh Kumar wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Dhanesh Kumar
Apr 8, 2022, 3:01:32 PM4/8/22
to CAS Community, Ray Bon, Dhanesh Kumar
Hi Ray
Thanks for the suggestion.
Have tried checking if there are any duplicate versions of same artifact and couldn't find any duplicates.
Tried downgrading the Spring framework version manually and noticed that, until 5.3.15 the same set of dependencies work fine.
Bean initialisation issue is only seen from Spring framework 5.3.16 onwards.
So, suspect some behavioural change in Spring framework needs to be adapted by CAS.
Note:
Could see similar kind of logs wherein CAS startup is success with older spring versions.
2022-04-08 08:03:36,049 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <building REST credential factory from [[org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1448/0x0000000100cdb040@5606d537, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1449/0x0000000100cdb440@783f5f71, org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1449/0x0000000100cdb440@783f5f71]]>
2022-04-08 08:03:36,049 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1448/0x0000000100cdb040@5606d537]>
2022-04-08 08:03:36,051 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1449/0x0000000100cdb440@783f5f71]>
2022-04-08 08:03:36,058 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@5265a8dd], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]>
2022-04-08 08:03:36,068 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1449/0x0000000100cdb440@783f5f71]>
2022-04-08 08:03:36,068 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@5265a8dd], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]>
2022-04-08 08:03:36,049 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.rest.config.CasCoreRestConfiguration$$Lambda$1448/0x0000000100cdb040@5606d537]>
2022-04-08 08:03:36,051 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1449/0x0000000100cdb440@783f5f71]>
2022-04-08 08:03:36,058 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@5265a8dd], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]>
2022-04-08 08:03:36,068 TRACE [org.apereo.cas.rest.config.CasCoreRestConfiguration] - <Configuring credential factory: [org.apereo.cas.support.x509.rest.config.X509RestConfiguration$$Lambda$1449/0x0000000100cdb440@783f5f71]>
2022-04-08 08:03:36,068 TRACE [org.apereo.cas.support.x509.rest.config.X509RestConfiguration] - <Is certificate extractor available? = [org.apereo.cas.adaptors.x509.authentication.RequestHeaderX509CertificateExtractor@5265a8dd], headerAuth = [true], bodyAuth = [true], tlsClientAuth = [false]>
Dependency list from cas.war:
% ls cas/WEB-INF/lib | grep rest
cas-server-core-rest-6.4.6.2.jar
cas-server-support-rest-6.4.6.2.jar
cas-server-support-rest-core-6.4.6.2.jar
cas-server-support-rest-tokens-6.4.6.2.jar
cas-server-support-rest-x509-6.4.6.2.jar
hamcrest-core-1.3.jar
cas-server-core-rest-6.4.6.2.jar
cas-server-support-rest-6.4.6.2.jar
cas-server-support-rest-core-6.4.6.2.jar
cas-server-support-rest-tokens-6.4.6.2.jar
cas-server-support-rest-x509-6.4.6.2.jar
hamcrest-core-1.3.jar
% ls cas/WEB-INF/lib | grep x509
cas-server-support-rest-x509-6.4.6.2.jar
cas-server-support-x509-6.4.6.2.jar
cas-server-support-x509-core-6.4.6.2.jar
cas-server-support-x509-webflow-6.4.6.2.jar
Thanks
cas-server-support-rest-x509-6.4.6.2.jar
cas-server-support-x509-6.4.6.2.jar
cas-server-support-x509-core-6.4.6.2.jar
cas-server-support-x509-webflow-6.4.6.2.jar
Thanks
Dhanesh
Dhanesh Kumar
Apr 9, 2022, 6:47:39 AM4/9/22
to CAS Community, Dhanesh Kumar, Ray Bon
Hi Ray
Tried using the CAS 6.4.6.2 docker hub image and added the x509 related jars to the cas.war and noticed that startup issue is reproducible there as well (to make sure there are no duplicate dependencies).
Not sure if I am missing something here.
List of additional jars added:
cas-server-core-api-throttle-6.4.6.2.jar
cas-server-core-authentication-throttle-6.4.6.2.jar
cas-server-core-rest-6.4.6.2.jar
cas-server-core-webflow-6.4.6.2.jar
cas-server-core-webflow-api-6.4.6.2.jar
cas-server-support-rest-6.4.6.2.jar
cas-server-support-rest-core-6.4.6.2.jar
cas-server-support-rest-x509-6.4.6.2.jar
cas-server-support-throttle-6.4.6.2.jar
cas-server-support-throttle-core-6.4.6.2.jar
cas-server-support-x509-6.4.6.2.jar
cas-server-support-x509-core-6.4.6.2.jar
cas-server-support-x509-webflow-6.4.6.2.jar
cas-server-core-authentication-throttle-6.4.6.2.jar
cas-server-core-rest-6.4.6.2.jar
cas-server-core-webflow-6.4.6.2.jar
cas-server-core-webflow-api-6.4.6.2.jar
cas-server-support-rest-6.4.6.2.jar
cas-server-support-rest-core-6.4.6.2.jar
cas-server-support-rest-x509-6.4.6.2.jar
cas-server-support-throttle-6.4.6.2.jar
cas-server-support-throttle-core-6.4.6.2.jar
cas-server-support-x509-6.4.6.2.jar
cas-server-support-x509-core-6.4.6.2.jar
cas-server-support-x509-webflow-6.4.6.2.jar
Thanks
Dhanesh
Reply all
Reply to author
Forward
0 new messages