You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Forrest Xia (JIRA)" <ji...@apache.org> on 2010/06/27 04:02:49 UTC

[jira] Created: (GERONIMO-5407) XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console

XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console
----------------------------------------------------------------------------------------

                 Key: GERONIMO-5407
                 URL: https://issues.apache.org/jira/browse/GERONIMO-5407
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: console
    Affects Versions: 3.0-M1, 3.0
            Reporter: Forrest Xia


Steps:
1. start jetty java ee build
2. try to list plugins in local repository

the error shows in console output:
2010-06-27 09:57:48,188 WARN  [XSRFHandler] Blocked due to missing HttpServletRequest parameter.
2010-06-27 09:57:48,188 ERROR [XSSXSRFFilter] XSSXSRFFilter blocked HttpServletRequest due to invalid FORM content.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (GERONIMO-5407) XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console

Posted by "Shawn Jiang (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-5407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shawn Jiang resolved GERONIMO-5407.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0

For the same request "http://localhost:8080/console/request?"  The api request.getQueryString();  Tomcat returns null while jetty returns a zero length string. 

fixed with r1024477@trunk.   GERONIMO-5545 should also have been fixed by this change.

> XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console
> ----------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5407
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5407
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 3.0-M1, 3.0
>            Reporter: Forrest Xia
>            Assignee: Shawn Jiang
>             Fix For: 3.0
>
>
> Steps:
> 1. start jetty java ee build
> 2. try to list plugins in local repository
> the error shows in console output:
> 2010-06-27 09:57:48,188 WARN  [XSRFHandler] Blocked due to missing HttpServletRequest parameter.
> 2010-06-27 09:57:48,188 ERROR [XSSXSRFFilter] XSSXSRFFilter blocked HttpServletRequest due to invalid FORM content.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-5407) XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console

Posted by "Forrest Xia (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-5407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922471#action_12922471 ] 

Forrest Xia commented on GERONIMO-5407:
---------------------------------------

The problem is still there on G 3.0 jetty build 20101019. Another place has the similar problem is deployer portlet, it also reports a XSSXSRFFilter exception.

> XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console
> ----------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5407
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5407
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 3.0-M1, 3.0
>            Reporter: Forrest Xia
>            Assignee: Shawn Jiang
>
> Steps:
> 1. start jetty java ee build
> 2. try to list plugins in local repository
> the error shows in console output:
> 2010-06-27 09:57:48,188 WARN  [XSRFHandler] Blocked due to missing HttpServletRequest parameter.
> 2010-06-27 09:57:48,188 ERROR [XSSXSRFFilter] XSSXSRFFilter blocked HttpServletRequest due to invalid FORM content.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (GERONIMO-5407) XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console

Posted by "Shawn Jiang (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-5407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shawn Jiang reassigned GERONIMO-5407:
-------------------------------------

    Assignee: Shawn Jiang

> XSSXSRFFilter error in G 3.0-M1 jetty build when trying to list plugins in admin console
> ----------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5407
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5407
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 3.0-M1, 3.0
>            Reporter: Forrest Xia
>            Assignee: Shawn Jiang
>
> Steps:
> 1. start jetty java ee build
> 2. try to list plugins in local repository
> the error shows in console output:
> 2010-06-27 09:57:48,188 WARN  [XSRFHandler] Blocked due to missing HttpServletRequest parameter.
> 2010-06-27 09:57:48,188 ERROR [XSSXSRFFilter] XSSXSRFFilter blocked HttpServletRequest due to invalid FORM content.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.