search

grails / grails-spring-security-cas

Apache License 2.0
19 stars 29 forks source link

Grails 3.3.15/Grails 4.1.1 CAS not activating with 4.0.0-RC1/4.0.0-SNAPSHOT #70

Closed garettharnish closed 2 years ago

garettharnish commented 2 years ago

I'm trying to get my code up and running again. I was running 3.3.11 against spring-security-core 3.2.0 with the now defunct spring-security-cas 3.1.1-BUILD-SNAPSHOT. I've upgrade to 3.3.15 and I can get my code to compile by downgrading to spring-security-cas 3.1.0, but there are issues, which is why I went to 3.1.1-BUILD-SNAPSHOT 3 years ago. I do know the 3.3.x line is out of date and I've been trying to get to 4.x for a bit, but not having much luck. Upgrading my 3.3.15 code to spring-security-core 4.0.0 (either -RC1 or -SNAPSHOT) results in the same issue I've had with 4.1.1, namely this line:

Configuring Spring Security CAS

doesn't show up after

Configuring Spring Security Core ... ... finished configuring Spring Security Core

My authentication provider is injected with the CasTicketValidator and casServiceProperties, which aren't there because CAS doesn't load first (or it turns out at all). I had initially thought it was an order of operations issue so I removed my authentication provider to test out things and it still doesn't appear that CAS started. I don't see anything in SpringSecurityCasGrailsPlugin.groovy to suggest the parameters changed.

HOW TO RECREATE Create a new grails 3.3.15 or grails 4.1.1 application and add the following to build.gradle

GRAILS 3.3.15: compile "org.grails.plugins:spring-security-core:3.2.0" compile "org.grails.plugins:spring-security-cas:4.0.0-RC1"

GRAILS 4.1.1: compile "org.grails.plugins:spring-security-core:4.0.3" compile "org.grails.plugins:spring-security-cas:4.0.0-RC1"

and the following under spring in application.yml

plugin:
    springsecurity:
        active: true

        controllerAnnotations.staticRules:
          - pattern: '/**'
            access: ['permitAll']            

        cas:
            active: true
            serverUrlPrefix: 'https://localhost/cas'
            loginUri: '/login'
            serviceUrl: 'http://localhost:8080/login/authenticate'
            sendRenew: false
            useSingleSignout: true
            key: 'test'
            artifactParameter: 'ticket'
            serviceParameter: 'service'
            filterProcessesUrl: '/login/authenticate'

In Grails 3.3.15, my output is

| Resolving Dependencies. Please wait...

CONFIGURE SUCCESSFUL

| Running application...

Configuring Spring Security Core ... ... finished configuring Spring Security Core

Grails application running at http://localhost:8080 in environment: development

and in Grails 4.1.1, it is

| Resolving Dependencies. Please wait...

| Running application...

Configuring Spring Security Core ... ... finished configuring Spring Security Core

Grails application running at http://localhost:8080 in environment: development <==========---> 83% EXECUTING [22s]

:bootRun

If you downgrade 3.3.15 to spring-security-core 3.1.0 you get:

| Resolving Dependencies. Please wait...

CONFIGURE SUCCESSFUL

| Running application...

Configuring Spring Security Core ... ... finished configuring Spring Security Core

Configuring Spring Security CAS ... 2022-07-28 03:00:52.308 ERROR --- [ main] o.s.boot.SpringApplication : Application startup failed

java.lang.NullPointerException: Cannot execute null+null ...

It crashes because I haven't missed a parameter in my cut-down example config, but CAS starts (and it does boot in my actual code so I have the parameter over there apparently).

Any idea why CAS is not starting with spring-security-cas version 4.0.0?

garettharnish commented 2 years ago

I was able to get the code running under 5.1.9, which is even better.