I am working on migrating from org.apereo.cas:6.6.14
to 7.0.0-RC9
(and the actual release when it happens).
Until v7.0.0-RC5
the package org.apereo.cas.web.security
was in org.apereo.cas:cas-server-webapp-config
, but that package was not updated to any newer version [2].
When I try to use cas-server-webapp-config:7.0.0-RC5
together with RC9
of everything else, then I get an compile time error, as expceted. It seems to require classes, that are not present anymore in the other packages.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:compile (default-compile) on project eessi-cas-server: Compilation failure: Compilation failure:
[ERROR] /path/to/my/project/src/main/java/org/apereo/cas/custom/config/MyCasOverlayConfiguration.java:[4,25] error: cannot find symbol
[ERROR] symbol: class ProtocolEndpointWebSecurityConfigurer
[ERROR] location: package org.apereo.cas.web
The Changelog doesn't seem to mention any of this [3].
Specifically I am using org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter
for my SecurityFilterChain. That constructor wants to have a org.apereo.cas.web.ProtocolEndpointWebSecurityConfigurer
, which doesn't exist anymore in 7.0.0-RC9.
My filterchain looks like this in 6.6.14:
@Primary
@Bean
public SecurityFilterChain casWebSecurityConfigurerAdapter(
final HttpSecurity http,
final ObjectProvider<PathMappedEndpoints> pathMappedEndpoints,
final List<ProtocolEndpointWebSecurityConfigurer> configurersList,
final SecurityProperties securityProperties,
final CasConfigurationProperties casProperties,
final org.springframework.security.web.context.SecurityContextRepository securityContextRepository,
final WebEndpointProperties webEndpointProperties)throws Exception {
CasWebSecurityConfigurerAdapter adapter = new CasWebSecurityConfigurerAdapter(
casProperties, securityProperties,
webEndpointProperties, pathMappedEndpoints, ProtocolEndpointWebSecurityConfigurer, configurersList);
return adapter.configureHttpSecurity(http).build();
}
And when I compile it, it gives me the errors mentioned above. I am not sure if it makes a difference, but I am using Maven 3.9.5 and openJDK 21.0
My guess:
- either the package was accidentally not published in the RC6
- or the mechanism to set up the filterchain was changed, and I now have to do something else entirely.
- or maybe the package just moved
links:
the package
cas-server-webapp-config
was renamed tocas-server-support-webconfig
and the classProtocolEndpointWebSecurityConfigurer
was renamed toCasWebSecurityConfigurer
The docs and the changelogs did not say anything about it. But the git-diff did not lie[1], specifically https://github.com/apereo/cas/compare/v7.0.0-RC5...v7.0.0-RC6.patch and https://github.com/apereo/cas/compare/v7.0.0-RC7...v7.0.0-RC8.patch respectively
for anyone facing similiar issues when updating CAS: these diffs are big, but you can ctrl-f "yourClass" to find out where it was moved.
[1] https://salcla.medium.com/how-lying-by-omission-harms-us-and-our-relationships-db7585bf714e