I'm trying to get my code up and running again. I was running 3.3.11 against spring-security-core 3.2.0 with the now defunct spring-security-cas 3.1.1-BUILD-SNAPSHOT. I've upgrade to 3.3.15 and I can get my code to compile by downgrading to spring-security-cas 3.1.0, but there are issues, which is why I went to 3.1.1-BUILD-SNAPSHOT 3 years ago. I do know the 3.3.x line is out of date and I've been trying to get to 4.x for a bit, but not having much luck. Upgrading my 3.3.15 code to spring-security-core 4.0.0 (either -RC1 or -SNAPSHOT) results in the same issue I've had with 4.1.1, namely this line:
Configuring Spring Security CAS
doesn't show up after
Configuring Spring Security Core ...
... finished configuring Spring Security Core
My authentication provider is injected with the CasTicketValidator and casServiceProperties, which aren't there because CAS doesn't load first (or it turns out at all). I had initially thought it was an order of operations issue so I removed my authentication provider to test out things and it still doesn't appear that CAS started. I don't see anything in SpringSecurityCasGrailsPlugin.groovy to suggest the parameters changed.
HOW TO RECREATE
Create a new grails 3.3.15 or grails 4.1.1 application and add the following to build.gradle
It crashes because I haven't missed a parameter in my cut-down example config, but CAS starts (and it does boot in my actual code so I have the parameter over there apparently).
Any idea why CAS is not starting with spring-security-cas version 4.0.0?
I'm trying to get my code up and running again. I was running 3.3.11 against spring-security-core 3.2.0 with the now defunct spring-security-cas 3.1.1-BUILD-SNAPSHOT. I've upgrade to 3.3.15 and I can get my code to compile by downgrading to spring-security-cas 3.1.0, but there are issues, which is why I went to 3.1.1-BUILD-SNAPSHOT 3 years ago. I do know the 3.3.x line is out of date and I've been trying to get to 4.x for a bit, but not having much luck. Upgrading my 3.3.15 code to spring-security-core 4.0.0 (either -RC1 or -SNAPSHOT) results in the same issue I've had with 4.1.1, namely this line:
Configuring Spring Security CAS
doesn't show up after
Configuring Spring Security Core ... ... finished configuring Spring Security Core
My authentication provider is injected with the CasTicketValidator and casServiceProperties, which aren't there because CAS doesn't load first (or it turns out at all). I had initially thought it was an order of operations issue so I removed my authentication provider to test out things and it still doesn't appear that CAS started. I don't see anything in SpringSecurityCasGrailsPlugin.groovy to suggest the parameters changed.
HOW TO RECREATE Create a new grails 3.3.15 or grails 4.1.1 application and add the following to build.gradle
GRAILS 3.3.15: compile "org.grails.plugins:spring-security-core:3.2.0" compile "org.grails.plugins:spring-security-cas:4.0.0-RC1"
GRAILS 4.1.1: compile "org.grails.plugins:spring-security-core:4.0.3" compile "org.grails.plugins:spring-security-cas:4.0.0-RC1"
and the following under spring in application.yml
In Grails 3.3.15, my output is
| Resolving Dependencies. Please wait...
CONFIGURE SUCCESSFUL
| Running application...
Configuring Spring Security Core ... ... finished configuring Spring Security Core
Grails application running at http://localhost:8080 in environment: development
and in Grails 4.1.1, it is
| Resolving Dependencies. Please wait...
| Running application...
Configuring Spring Security Core ... ... finished configuring Spring Security Core
Grails application running at http://localhost:8080 in environment: development <==========---> 83% EXECUTING [22s]
If you downgrade 3.3.15 to spring-security-core 3.1.0 you get:
| Resolving Dependencies. Please wait...
CONFIGURE SUCCESSFUL
| Running application...
Configuring Spring Security Core ... ... finished configuring Spring Security Core
Configuring Spring Security CAS ... 2022-07-28 03:00:52.308 ERROR --- [ main] o.s.boot.SpringApplication : Application startup failed
java.lang.NullPointerException: Cannot execute null+null ...
It crashes because I haven't missed a parameter in my cut-down example config, but CAS starts (and it does boot in my actual code so I have the parameter over there apparently).
Any idea why CAS is not starting with spring-security-cas version 4.0.0?