Hi there,
thanks for sharing your findings! We have run into a similar issue that is
possibly caused by the same thing:
Via a custom @RestController, we provide a page on a custom path, say
*/mypage*. And since CAS 7.0.x, we get error 403 when accessing this page.
It looks like CAS (Spring??) no longer lets you access contexts which are
not explicitly listed. In CAS, this seems to be resolved by providing a
bean of type CasWebSecurityConfigurer, e.g.:
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public CasWebSecurityConfigurer<Void> customPagesEndpointsConfigurer() {
return new CasWebSecurityConfigurer<>() {
@Override
public List<String> getIgnoredEndpoints() {
return List.of("/mypage");
}
};
}
Technically, instead of that, we could just change the URL to */v1/mypage*
for example, because */v1* is already listed by CAS out-of-the-box.
It would be great if someone could confirm these findings.
Regards
Petr
On Wednesday 15 May 2024 at 13:59:04 UTC+2 Leonardo Ferreira wrote:
> Thank you Meysam!
>
> Em terça-feira, 14 de maio de 2024 às 13:11:21 UTC-3, Meysam Shirazi
> escreveu:
>
>> Hi Leonardo
>>
>> I guess the main cause is that the */ect *is not in the list of secure
>> path of the application. Spring Boot , by default, permit access to
>> /css/**, /js/**, /images/**, and /**/favicon.ico. you can use custom theme
>> for this purpose.
>>
>> On Tuesday, May 14, 2024 at 3:39:50 PM UTC+3:30 Leonardo Ferreira wrote:
>>
>>> Hi everyone!
>>>
>>> I'm migrating from version 6.6.15 to 7.0.4 and I'm facing a small
>>> problem.
>>> My customized html pages are unable to access the .css and .js files
>>> that are also customized.
>>> It is important to comment that in version 6.6.15 everything works
>>> perfectly.
>>>
>>> My files are in the following structure:
>>> src:
>>> - main:
>>> - resources:
>>> - templates:
>>> - fragments
>>> - login
>>> - logout
>>> * layout.html*
>>> - static:
>>> - ect:
>>> - css
>>> - js
>>> - img
>>> * loginform.css*
>>>
>>> My *layout.html* file has the following references:
>>> <link rel="shortcut icon" th:href="@{/ect/img/favi-ect.png}"
>>> type="image/x-icon"/>
>>> <link rel="stylesheet" th:href="@{/ect/css/bunker.css}"
>>> type="text/css">
>>> <link rel="stylesheet" th:href="@{/ect/css/global.css} + '?v=2'"
>>> type="text/css">
>>> <link rel="stylesheet" th:href="@{/ect/loginform.css}"
>>> type="text/css">
>>> ...
>>> <script th:src="@{/ect/js/bunker.js}"></script>
>>> <script th:src="@{/ect/js/alertaerro.js}"></script>
>>> <script th:src="@{/ect/js/menu.js}"></script>
>>> <script type="text/javascript"
>>> th:src="@{#{webjars.jquery.js}}"></script>
>>>
>>> The strange thing is that in the browser console I get 403 errors. Ex:
>>>
>>> GET http://localhost:8080/ect/css/bunker.css net::ERR_ABORTED 403
>>> (Forbidden)
>>> GET http://localhost:8080/ect/js/alertaerro.js net::ERR_ABORTED 403
>>> (Forbidden)
>>>
>>> Has anyone gone through something similar or could guide me on how to
>>> get around this issue?
>>>
>>> Thank you for the help!
>>>
>>> Leonardo.
>>>
>>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b395cb9a-a5b8-48cb-98fe-808490f7025en%40apereo.org.
