What happened "org.apereo.cas.web.security" in 7.0.0-RC9 of org.apereo.cas?

148 views Asked by At

I am working on migrating from org.apereo.cas:6.6.14 to 7.0.0-RC9 (and the actual release when it happens).

Until v7.0.0-RC5 the package org.apereo.cas.web.security was in org.apereo.cas:cas-server-webapp-config, but that package was not updated to any newer version [2].

When I try to use cas-server-webapp-config:7.0.0-RC5 together with RC9 of everything else, then I get an compile time error, as expceted. It seems to require classes, that are not present anymore in the other packages.

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.10.1:compile (default-compile) on project eessi-cas-server: Compilation failure: Compilation failure: 
[ERROR] /path/to/my/project/src/main/java/org/apereo/cas/custom/config/MyCasOverlayConfiguration.java:[4,25] error: cannot find symbol
[ERROR]   symbol:   class ProtocolEndpointWebSecurityConfigurer
[ERROR]   location: package org.apereo.cas.web

The Changelog doesn't seem to mention any of this [3].

Specifically I am using org.apereo.cas.web.security.CasWebSecurityConfigurerAdapter for my SecurityFilterChain. That constructor wants to have a org.apereo.cas.web.ProtocolEndpointWebSecurityConfigurer, which doesn't exist anymore in 7.0.0-RC9.

My filterchain looks like this in 6.6.14:

@Primary
@Bean
public SecurityFilterChain casWebSecurityConfigurerAdapter(
        final HttpSecurity http,
        final ObjectProvider<PathMappedEndpoints> pathMappedEndpoints,
        final List<ProtocolEndpointWebSecurityConfigurer> configurersList,
        final SecurityProperties securityProperties,
        final CasConfigurationProperties casProperties,
        final org.springframework.security.web.context.SecurityContextRepository securityContextRepository,
        final WebEndpointProperties webEndpointProperties)throws Exception {
    CasWebSecurityConfigurerAdapter adapter = new CasWebSecurityConfigurerAdapter( 
        casProperties, securityProperties, 
    webEndpointProperties, pathMappedEndpoints, ProtocolEndpointWebSecurityConfigurer, configurersList);
    return adapter.configureHttpSecurity(http).build();
}

And when I compile it, it gives me the errors mentioned above. I am not sure if it makes a difference, but I am using Maven 3.9.5 and openJDK 21.0

My guess:

  • either the package was accidentally not published in the RC6
  • or the mechanism to set up the filterchain was changed, and I now have to do something else entirely.
  • or maybe the package just moved

links:

1

There are 1 answers

0
wotanii On BEST ANSWER

the package cas-server-webapp-config was renamed to cas-server-support-webconfig and the class ProtocolEndpointWebSecurityConfigurer was renamed to CasWebSecurityConfigurer

The docs and the changelogs did not say anything about it. But the git-diff did not lie[1], specifically https://github.com/apereo/cas/compare/v7.0.0-RC5...v7.0.0-RC6.patch and https://github.com/apereo/cas/compare/v7.0.0-RC7...v7.0.0-RC8.patch respectively

for anyone facing similiar issues when updating CAS: these diffs are big, but you can ctrl-f "yourClass" to find out where it was moved.

[1] https://salcla.medium.com/how-lying-by-omission-harms-us-and-our-relationships-db7585bf714e