code cleanup

cas.properties

@@ -11,48 +11,6 @@ server.prefix=${server.name}/cas
 # hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
 # host.name=
 
-##
-# JPA Ticket Registry Database Configuration
-#
-# ticketreg.database.ddl.auto=create-drop
-# ticketreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
-# ticketreg.database.batchSize=10
-# ticketreg.database.driverClass=org.hsqldb.jdbcDriver
-# ticketreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
-# ticketreg.database.user=sa
-# ticketreg.database.password=
-# ticketreg.database.pool.minSize=6
-# ticketreg.database.pool.maxSize=18
-# ticketreg.database.pool.maxWait=10000
-# ticketreg.database.pool.maxIdleTime=120
-# ticketreg.database.pool.acquireIncrement=6
-# ticketreg.database.pool.idleConnectionTestPeriod=30
-# ticketreg.database.pool.connectionHealthQuery=select 1
-# ticketreg.database.pool.acquireRetryAttempts=5
-# ticketreg.database.pool.acquireRetryDelay=2000
-# ticketreg.database.pool.connectionHealthQuery=select 1
-
-##
-# JPA Service Registry Database Configuration
-#
-# svcreg.database.ddl.auto=create-drop
-# svcreg.database.hibernate.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
-# svcreg.database.hibernate.batchSize=10
-# svcreg.database.driverClass=org.hsqldb.jdbcDriver
-# svcreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
-# svcreg.database.user=sa
-# svcreg.database.password=
-# svcreg.database.pool.minSize=6
-# svcreg.database.pool.maxSize=18
-# svcreg.database.pool.maxWait=10000
-# svcreg.database.pool.maxIdleTime=120
-# svcreg.database.pool.acquireIncrement=6
-# svcreg.database.pool.idleConnectionTestPeriod=30
-# svcreg.database.pool.connectionHealthQuery=select 1
-# svcreg.database.pool.acquireRetryAttempts=5
-# svcreg.database.pool.acquireRetryDelay=2000
-# svcreg.database.pool.connectionHealthQuery=select 1
-
 ##
 # CAS SSO Cookie Generation & Security
 # See https://github.com/mitreid-connect/json-web-key-generator
@@ -104,42 +62,6 @@ server.prefix=${server.name}/cas
 # Location of the Spring xml config file where views may be collected
 # cas.viewResolver.xmlFile=/META-INF/spring/views.xml
 
-##
-# CAS Logout Behavior
-# WEB-INF/cas-servlet.xml
-#
-# Specify whether CAS should redirect to the specified service parameter on /logout requests
-# cas.logout.followServiceRedirects=false
-
-##
-# CAS Cached Attributes Timeouts
-# Controls the cached attribute expiration policy
-#
-# Notes the duration in which attributes will be kept alive
-# cas.attrs.timeToExpireInHours=2
-
-##
-# Single Sign-On Session
-#
-# Indicates whether an SSO session should be created for renewed authentication requests.
-# create.sso.renewed.authn=true
-#
-# Indicates whether an SSO session can be created if no service is present.
-# create.sso.missing.service=true
-
-##
-# CAS Authentication Policy
-#
-# cas.authn.policy.any.tryall=false
-# cas.authn.policy.req.tryall=false
-# cas.authn.policy.req.handlername=handlerName
-
-##
-# CAS PersonDirectory Principal Resolution
-#
-# cas.principal.resolver.persondir.principal.attribute=cn
-# cas.principal.resolver.persondir.return.null=false
-
 ##
 # CAS Internationalization
 #
@@ -151,98 +73,16 @@ server.prefix=${server.name}/cas
 # message.bundle.usecode.message=true
 # message.bundle.basenames=classpath:custom_messages,classpath:messages
 
-##
-# CAS Authentication Throttling
-#
-#cas.throttle.failure.threshold=
-#cas.throttle.failure.range.seconds=
-#cas.throttle.username.parameter=
-#cas.throttle.appcode=
-#cas.throttle.authn.failurecode=
-#cas.throttle.audit.query=
-
-##
-# CAS Health Monitoring
-#
-# cas.monitor.st.warn.threshold=5000
-# cas.monitor.tgt.warn.threshold=10000
-# cas.monitor.free.mem.threshold=10
-
-##
-# CAS MongoDB Service Registry
-#
-# mongodb.host=mongodb database url
-# mongodb.port=mongodb database port
-# mongodb.userId=mongodb userid to bind
-# mongodb.userPassword=mongodb password to bind
-# cas.service.registry.mongo.db=Collection name to store service definitions
-# mongodb.timeout=5000
-
-##
-# Spring Webflow Web Application Session
-# Define the settings that are required to encrypt and persist the CAS web application session.
-# See the cas-servlet.xml file to understand how these properties are used.
-#
-# The encryption secret key. By default, must be a octet string of size 256.
-# webflow.encryption.key=
-
-# The signing secret key. By default, must be a octet string of size 512.
-# webflow.signing.key=
-
-##
-# Remote User Authentication
-#
-# ip.address.range=
-
-##
-# Apache Shiro Authentication
-#
-# shiro.authn.requiredRoles=
-# shiro.authn.requiredPermissions=
-# shiro.authn.config.file=classpath:shiro.ini
-
-##
-# YubiKey Authentication
-#
-# yubikey.client.id=
-# yubikey.secret.key=
-
 datasource.url=jdbc:mysql://172.16.4.6/yobr-daily?useUnicode=true&characterEncoding=utf8
 datasource.username=yobr_query
 datasource.password=yobr_query!
 
-##
-# JDBC Authentication
-#
-# cas.jdbc.authn.query.encode.sql=
-# cas.jdbc.authn.query.encode.alg=
-# cas.jdbc.authn.query.encode.salt.static=
-# cas.jdbc.authn.query.encode.password=
-# cas.jdbc.authn.query.encode.salt=
-# cas.jdbc.authn.query.encode.iterations.field=
-# cas.jdbc.authn.query.encode.iterations=
-
 cas.jdbc.authn.query.sql=select password from br_auth_user where account = ?
 
 # cas.jdbc.authn.search.password=
 # cas.jdbc.authn.search.user=
 # cas.jdbc.authn.search.table=
 
-##
-# Duo security 2fa authentication provider
-# https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey
-#
-# cas.duo.api.host=
-# cas.duo.integration.key=
-# cas.duo.secret.key=
-# cas.duo.application.key=
-
-##
-# File Authentication
-#
-# file.authn.filename=classpath:people.txt
-# file.authn.separator=::
-
 ##
 # General Authentication
 #
@@ -253,463 +93,3 @@ cas.authn.password.encoding.alg=MD5
 # cas.principal.transform.prefix=
 # cas.principal.transform.suffix=
 
-##
-# X509 Authentication
-#
-# cas.x509.authn.crl.checkAll=false
-# cas.x509.authn.crl.throw.failure=true
-# cas.x509.authn.crl.refresh.interval=
-# cas.x509.authn.revocation.policy.threshold=
-# cas.x509.authn.trusted.issuer.dnpattern=
-# cas.x509.authn.max.path.length=
-# cas.x509.authn.max.path.length.unspecified=
-# cas.x509.authn.check.key.usage=
-# cas.x509.authn.require.key.usage=
-# cas.x509.authn.subject.dnpattern=
-# cas.x509.authn.principal.descriptor=
-# cas.x509.authn.principal.serial.no.prefix=
-# cas.x509.authn.principal.value.delim=
-
-##
-# Accepted Users Authentication
-#
-accept.authn.users=casuser::Mellon
-
-##
-# Rejected Users Authentication
-#
-# reject.authn.users=
-
-##
-# JAAS Authentication
-#
-# cas.authn.jaas.realm=CAS
-# cas.authn.jaas.kerb.realm=
-# cas.authn.jaas.kerb.kdc=
-
-##
-# Single Sign-On Session TGT Timeouts
-#
-# Inactivity Timeout Policy
-# tgt.timeout.maxTimeToLiveInSeconds=28800
-
-# Hard Timeout Policy
-# tgt.timeout.hard.maxTimeToLiveInSeconds
-#
-# Throttled Timeout Policy
-# tgt.throttled.maxTimeToLiveInSeconds=28800
-# tgt.throttled.timeInBetweenUsesInSeconds=5
-
-# Default Expiration Policy
-# tgt.maxTimeToLiveInSeconds=28800
-# tgt.timeToKillInSeconds=7200
-
-##
-# Service Ticket Timeout
-#
-# st.timeToKillInSeconds=10
-# st.numberOfUses=1
-
-##
-# Http Client Settings
-#
-# The http client read timeout in milliseconds
-# http.client.read.timeout=5000
-
-# The http client connection timeout in milliseconds
-# http.client.connection.timeout=5000
-#
-# The http client truststore file, in addition to the default's
-# http.client.truststore.file=classpath:truststore.jks
-#
-# The http client truststore's password
-# http.client.truststore.psw=changeit
-
-##
-# Single Logout Out Callbacks
-#
-# To turn off all back channel SLO requests set this to true
-# slo.callbacks.disabled=false
-#
-# To send callbacks to endpoints synchronously, set this to false
-# slo.callbacks.asynchronous=true
-
-##
-# CAS Protocol Security Filter
-#
-# Are multi-valued parameters accepted?
-# cas.http.allow.multivalue.params=false
-
-# Define the list of request parameters to examine for sanity
-# cas.http.check.params=ticket,service,renew,gateway,warn,target,SAMLart,pgtUrl,pgt,pgtId,pgtIou,targetService
-
-# Define the list of request parameters only allowed via POST
-# cas.http.allow.post.params=username,password
-
-##
-# JSON Service Registry
-#
-# Directory location where JSON service files may be found.
-# service.registry.config.location=classpath:services
-
-##
-# Service Registry Periodic Reloading Scheduler
-# Default sourced from WEB-INF/spring-configuration/applicationContext.xml
-#
-# Force a startup delay of 2 minutes.
-# service.registry.quartz.reloader.startDelay=120000
-#
-# Reload services every 2 minutes
-# service.registry.quartz.reloader.repeatInterval=120000
-
-##
-# Background Scheduler
-#
-# Wait for scheduler to finish running before shutting down CAS.
-# scheduler.shutdown.wait=true
-#
-# Attempt to interrupt background jobs when shutting down CAS
-# scheduler.shutdown.interruptJobs=true
-
-##
-# Audits
-#
-# Use single line format for audit blocks
-# cas.audit.singleline=true
-# Separator to use between each fields in a single audit event
-# cas.audit.singleline.separator=|
-# Application code for audits
-# cas.audit.appcode=CAS
-#
-## JDBC Audits
-#
-#cas.audit.max.agedays=
-#cas.audit.database.dialect=
-#cas.audit.database.batchSize=
-#cas.audit.database.ddl.auto=
-#cas.audit.database.gen.ddl=
-#cas.audit.database.show.sql=
-#cas.audit.database.driverClass=
-#cas.audit.database.url=
-#cas.audit.database.user=
-#cas.audit.database.password=
-#cas.audit.database.pool.minSize=
-#cas.audit.database.pool.minSize=
-#cas.audit.database.pool.maxSize=
-#cas.audit.database.pool.maxIdleTime=
-#cas.audit.database.pool.maxWait=
-#cas.audit.database.pool.acquireIncrement=
-#cas.audit.database.pool.acquireRetryAttempts=
-#cas.audit.database.pool.acquireRetryDelay=
-#cas.audit.database.pool.idleConnectionTestPeriod=
-#cas.audit.database.pool.connectionHealthQuery=
-
-##
-# Metrics
-# Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml:
-#
-# Define how often should metric data be reported. Default is 30 seconds.
-# metrics.refresh.interval=30s
-
-##
-# Encoding
-#
-# Set the encoding to use for requests. Default is UTF-8
-# httprequest.web.encoding=UTF-8
-
-# Default is true. Switch this to "false" to not enforce the specified encoding in any case,
-# applying it as default response encoding as well.
-# httprequest.web.encoding.force=true
-
-##
-# Response Headers
-#
-# httpresponse.header.cache=false
-# httpresponse.header.hsts=false
-# httpresponse.header.xframe=false
-# httpresponse.header.xcontent=false
-# httpresponse.header.xss=false
-
-##
-# SAML
-#
-# Indicates the SAML response issuer
-# cas.saml.response.issuer=localhost
-#
-# Indicates the skew allowance which controls the issue instant of the SAML response
-# cas.saml.response.skewAllowance=0
-#
-# Indicates whether SAML ticket id generation should be saml2-compliant.
-# cas.saml.ticketid.saml2=false
-
-##
-# Default Ticket Registry
-#
-# default.ticket.registry.initialcapacity=1000
-# default.ticket.registry.loadfactor=1
-# default.ticket.registry.concurrency=20
-
-##
-# Ticket Registry Cleaner
-#
-# Indicates how frequently the Ticket Registry cleaner should run. Configured in seconds.
-# ticket.registry.cleaner.startdelay=20
-# ticket.registry.cleaner.repeatinterval=5000
-
-##
-# Ticket ID Generation
-#
-# lt.ticket.maxlength=20
-# st.ticket.maxlength=20
-# tgt.ticket.maxlength=50
-# pgt.ticket.maxlength=50
-
-##
-# Google Apps public/private key
-#
-# cas.saml.googleapps.publickey.file=file:/etc/cas/public.key
-# cas.saml.googleapps.privatekey.file=file:/etc/cas/private.p8
-# cas.saml.googleapps.key.alg=RSA
-
-##
-# WS-FED
-#
-# The claim from ADFS that should be used as the user's identifier.
-# cas.wsfed.idp.idattribute=upn
-#
-# Federation Service identifier
-# cas.wsfed.idp.id=https://adfs.example.org/adfs/services/trust
-#
-# The ADFS login url.
-# cas.wsfed.idp.url=https://adfs.example.org/adfs/ls/
-#
-# Identifies resource(s) that point to ADFS's signing certificates.
-# These are used verify the WS Federation token that is returned by ADFS.
-# Multiple certificates may be separated by comma.
-# cas.wsfed.idp.signingcerts=classpath:adfs-signing.crt
-#
-# Unique identifier that will be set in the ADFS configuration.
-# cas.wsfed.rp.id=urn:cas:localhost
-#
-# Slack dealing with time-drift between the ADFS Server and the CAS Server.
-# cas.wsfed.idp.tolerance=10000
-#
-# Decides which bundle of attributes should be resolved during WS-FED authentication.
-# cas.wsfed.idp.attribute.resolver.enabled=true
-# cas.wsfed.idp.attribute.resolver.type=WSFED
-#
-# Private/Public keypair used to decrypt assertions, if any.
-# cas.wsfed.idp.enc.privateKey=classpath:private.key
-# cas.wsfed.idp.enc.cert=classpath:certificate.crt
-# cas.wsfed.idp.enc.privateKeyPassword=NONE
-
-##
-# LDAP User Details
-#
-# ldap.userdetails.service.user.attr=
-# ldap.userdetails.service.role.attr=
-
-##
-# LDAP Service Registry
-#
-# svcreg.ldap.baseDn=dc=example,dc=org
-
-##
-# Password Policy
-#
-# Warn all users of expiration date regardless of warningDays value.
-# password.policy.warnAll=false
-
-# Threshold number of days to begin displaying password expiration warnings.
-# password.policy.warningDays=30
-
-# URL to which the user will be redirected to change the password.
-# password.policy.url=https://password.example.edu/change
-
-# password.policy.warn.attribute.name=attributeName
-# password.policy.warn.attribute.value=attributeValue
-# password.policy.warn.display.matched=true
-
-##
-# CAS REST API Services
-#
-# cas.rest.services.attributename=
-# cas.rest.services.attributevalue=
-
-##
-# Ticket Registry
-#
-# Secret key to use when encrypting tickets in a distributed ticket registry.
-# ticket.encryption.secretkey=C@$W3bSecretKey!
-
-# Secret key to use when signing tickets in a distributed ticket registry.
-# By default, must be a octet string of size 512.
-# ticket.signing.secretkey=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
-# Secret key algorithm used
-# ticket.secretkey.alg=AES
-
-##
-# Hazelcast Ticket Registry
-#
-# hz.config.location=file:/etc/cas/hazelcast.xml
-# hz.mapname=tickets
-# hz.cluster.logging.type=slf4j
-# hz.cluster.portAutoIncrement=true
-# hz.cluster.port=5701
-# hz.cluster.multicast.enabled=false
-# hz.cluster.members=cas1.example.com,cas2.example.com
-# hz.cluster.tcpip.enabled=true
-# hz.cluster.multicast.enabled=false
-# hz.cluster.max.heapsize.percentage=85
-# hz.cluster.max.heartbeat.seconds=300
-# hz.cluster.eviction.percentage=10
-# hz.cluster.eviction.policy=LRU
-# hz.cluster.instance.name=${host.name}
-
-##
-# Ehcache Ticket Registry
-#
-# ehcache.config.file=classpath:ehcache-replicated.xml
-# ehcache.cachemanager.shared=false
-# ehcache.cachemanager.name=ticketRegistryCacheManager
-# ehcache.disk.expiry.interval.seconds=0
-# ehcache.disk.persistent=false
-# ehcache.eternal=false
-# ehcache.max.elements.memory=10000
-# ehcache.max.elements.disk=0
-# ehcache.eviction.policy=LRU
-# ehcache.overflow.disk=false
-# ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket
-# ehcache.cache.st.timeIdle=0
-# ehcache.cache.st.timeAlive=300
-# ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket
-# ehcache.cache.tgt.timeIdle=7201
-# ehcache.cache.tgt.timeAlive=0
-# ehcache.cache.loader.async=true
-# ehcache.cache.loader.chunksize=5000000
-# ehcache.repl.async.interval=10000
-# ehcache.repl.async.batch.size=100
-# ehcache.repl.sync.puts=true
-# ehcache.repl.sync.putscopy=true
-# ehcache.repl.sync.updates=true
-# ehcache.repl.sync.updatesCopy=true
-# ehcache.repl.sync.removals=true
-
-##
-# Ehcache Monitoring
-#
-# cache.monitor.warn.free.threshold=10
-# cache.monitor.eviction.threshold=0
-
-##
-# Memcached Ticket Registry
-#
-# memcached.servers=localhost:11211
-# memcached.hashAlgorithm=FNV1_64_HASH
-# memcached.protocol=BINARY
-# memcached.locatorType=ARRAY_MOD
-# memcached.failureMode=Redistribute
-
-##
-# Memcached Monitoring
-#
-# cache.monitor.warn.free.threshold=10
-# cache.monitor.eviction.threshold=0
-
-##
-# RADIUS Authentication Server
-#
-# cas.radius.client.inetaddr=localhost
-# cas.radius.client.port.acct=
-# cas.radius.client.socket.timeout=60
-# cas.radius.client.port.authn=
-# cas.radius.client.sharedsecret=N0Sh@ar3d$ecReT
-# cas.radius.server.protocol=EAP_MSCHAPv2
-# cas.radius.server.retries=3
-# cas.radius.server.nasIdentifier=
-# cas.radius.server.nasPort=-1
-# cas.radius.server.nasPortId=-1
-# cas.radius.server.nasRealPort=-1
-# cas.radius.server.nasPortType=-1
-# cas.radius.server.nasIpAddress=
-# cas.radius.server.nasIpv6Address=
-# cas.radius.failover.authn=false
-# cas.radius.failover.exception=false
-
-##
-# SPNEGO Authentication
-#
-# cas.spnego.ldap.attribute=spnegoattribute
-# cas.spnego.ldap.filter=host={0}
-# cas.spnego.ldap.basedn=
-# cas.spnego.hostname.pattern=.+
-# cas.spnego.ip.pattern=
-# cas.spnego.alt.remote.host.attribute
-# cas.spengo.use.principal.domain=false
-# cas.spnego.ntlm.allowed=true
-# cas.spnego.kerb.debug=false
-# cas.spnego.kerb.realm=EXAMPLE.COM
-# cas.spnego.kerb.kdc=172.10.1.10
-# cas.spnego.login.conf.file=/path/to/login
-# cas.spnego.jcifs.domain=
-# cas.spnego.jcifs.domaincontroller=
-# cas.spnego.jcifs.netbios.cache.policy:600
-# cas.spnego.jcifs.netbios.wins=
-# cas.spnego.jcifs.password=
-# cas.spnego.jcifs.service.password=
-# cas.spnego.jcifs.socket.timeout:300000
-# cas.spnego.jcifs.username=
-# cas.spnego.kerb.conf=
-# cas.spnego.ntlm=false
-# cas.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
-# cas.spnego.mixed.mode.authn=false
-# cas.spnego.send.401.authn.failure=false
-# cas.spnego.principal.resolver.transform=NONE
-# cas.spnego.service.principal=HTTP/cas.example.com@EXAMPLE.COM
-
-##
-# NTLM Authentication
-#
-# ntlm.authn.domain.controller=
-# ntlm.authn.include.pattern=
-# ntlm.authn.load.balance=true
-
-##
-# Authentication delegation using pac4j
-#
-# cas.pac4j.client.authn.typedidused=true
-# cas.pac4j.facebook.id=
-# cas.pac4j.facebook.secret=
-# cas.pac4j.facebook.scope=
-# cas.pac4j.facebook.fields=
-# cas.pac4j.twitter.id=
-# cas.pac4j.twitter.secret=
-# cas.pac4j.saml.keystorePassword=
-# cas.pac4j.saml.privateKeyPassword=
-# cas.pac4j.saml.keystorePath=
-# cas.pac4j.saml.identityProviderMetadataPath=
-# cas.pac4j.saml.maximumAuthenticationLifetime=
-# cas.pac4j.saml.serviceProviderEntityId=
-# cas.pac4j.saml.serviceProviderMetadataPath=
-# cas.pac4j.cas.loginUrl=
-# cas.pac4j.cas.protocol=
-# cas.pac4j.oidc.id=
-# cas.pac4j.oidc.secret=
-# cas.pac4j.oidc.discoveryUri=
-# cas.pac4j.oidc.useNonce=
-# cas.pac4j.oidc.preferredJwsAlgorithm=
-# cas.pac4j.oidc.maxClockSkew=
-# cas.pac4j.oidc.customParamKey1=
-# cas.pac4j.oidc.customParamValue1=
-# cas.pac4j.oidc.customParamKey2=
-# cas.pac4j.oidc.customParamValue2=
-
-##
-# CAS Acceptable Usage Policy Settings
-#
-# cas.aup.ldap.search.filter=cn={0}
-# cas.aup.ldap.url=ldap://127.0.0.1:1389
-# cas.aup.ldap.ssl=false
-# cas.aup.ldap.startTLS=false
-# cas.aup.ldap.basedn=dc=example,dc=org
-# cas.aup.attribute=

log4j2.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!-- Specify the refresh internal in seconds. -->
-<Configuration monitorInterval="60">
+<Configuration monitorInterval="42">
 
     <Properties>
         <Property name="log.level">DEBUG</Property>
@@ -111,15 +111,14 @@
             <AppenderRef ref="auditLogFile"/>
             <AppenderRef ref="casLogFile"/>
         </AsyncLogger>
+        <AsyncLogger level="error">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="errorLogFile"/>
+        </AsyncLogger>
 
         <AsyncRoot level="${log.level}">
             <AppenderRef ref="console"/>
             <AppenderRef ref="appLogFile"/>
         </AsyncRoot>
-
-        <AsyncRoot level="error">
-            <AppenderRef ref="console"/>
-            <AppenderRef ref="errorLogFile"/>
-        </AsyncRoot>
     </Loggers>
 </Configuration>

pom.xml

@@ -186,7 +186,6 @@
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-web</artifactId>
-            <version>2.6.2</version>
         </dependency>
         <dependency>
             <groupId>org.jasig</groupId>
@@ -229,6 +228,18 @@
         </dependency>
     </dependencies>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-bom</artifactId>
+                <version>2.17.2</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <build>
         <plugins>
             <plugin>

src/main/resources/log4j2.xml

@@ -111,15 +111,14 @@
             <AppenderRef ref="auditLogFile"/>
             <AppenderRef ref="casLogFile"/>
         </AsyncLogger>
+        <AsyncLogger level="error">
+            <AppenderRef ref="console"/>
+            <AppenderRef ref="errorLogFile"/>
+        </AsyncLogger>
 
         <AsyncRoot level="${log.level}">
             <AppenderRef ref="console"/>
             <AppenderRef ref="appLogFile"/>
         </AsyncRoot>
-
-        <AsyncRoot level="error">
-            <AppenderRef ref="console"/>
-            <AppenderRef ref="errorLogFile"/>
-        </AsyncRoot>
     </Loggers>
 </Configuration>