You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by caius75 <an...@par-tec.it> on 2020/09/02 10:40:02 UTC
CSFR Issue
Hi Guys,
i've installed Apache Syncope 2.1.6 with maven using tomcat 9.0.34 as JAVA
EE container and MySQL as internal Storage.
I can access to syncope-console pointing to tomcat 9080 port and everything
seems to work fine, but whe i try to access to syncope-console pointing to
an Apache Web Server acting as reverse-proxy i got following error:
12:04:14.508 DEBUG
org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - Source
URI conflicts with request origin, aborted
12:04:14.509 INFO
org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
Possible CSRF attack, request URL: http://www.cds.org/syncope-console/login,
Origin: https://www.cds.org, action: aborted with error 400 Origin does not
correspond to request
even if csrf is set to false in console.properties.
Any ideas?
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: CSFR Issue
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 03/09/20 15:15, caius75 wrote:
> Forget it!
>
> I hadn't re-initialize syncope database before re-deploy and it was looking
> for previuously already configured connectors.
>
> Now it work's.
>
> Thank You.
Glad to hear this!
FYI, the main reason of the last failure you had was the incorrect location, stored in the db, of the connector bundles, e.g. /opt/syncope/bundles now.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: CSFR Issue
Posted by caius75 <an...@par-tec.it>.
Forget it!
I hadn't re-initialize syncope database before re-deploy and it was looking
for previuously already configured connectors.
Now it work's.
Thank You.
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: CSFR Issue
Posted by caius75 <an...@par-tec.it>.
Hi,
previously I've deployed without creating conf,bundles,log directory under
/opt/syncope, just with mvn clean install, and csrf=false setting under
/opt/apache-tomcat-9.0.37/webapps/syncope-console/WEB-INF/classes/console.properties
was ignored, I was able to login just without reverse proxy but everything
else worked fine.
I've redeployed after creating suggested directory and with:
mvn clean verify -Dconf.directory=/opt/syncope/conf
-Dbundles.directory=/opt/syncope/bundles -Dlog.directory=/opt/syncope/log
I'm able to login behind reverse proxy right now and view main dashboard,
but when I click on topology i got following errors in core.log:
Password property is being used. This must be changed to avoid a security
breach!
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.rest#1.0.5' not found
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.db.table#2.2.6' not found
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.soap#1.4.3' not found
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.csvdir#0.8.8' not found
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.ldap#1.5.4' not found
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.soap#1.4.3' not found
12:51:01.391 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.db.table#2.2.6' not found
12:51:01.392 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.db.scriptedsql#2.2.6' not found
12:51:01.392 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.db.table#2.2.6' not found
12:51:01.392 ERROR org.apache.syncope.core.logic.AbstractLogic - Connector
'net.tirasa.connid.bundles.soap#1.4.3' not found
and following in console.log
nsole.wicket.markup.html.form.preview.BinaryPDFPreviewer$ThumbnailImageResource,
ignoring
12:39:37.831 ERROR
org.apache.syncope.client.console.SyncopeConsoleRequestCycleListener -
Exception found
org.apache.wicket.WicketRuntimeException: Can't instantiate page using
constructor 'public org.apache.syncope.client.console.topology.Topology()'.
An exception has been thrown during construction!
at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
~[wicket-core-8.8.0.jar:8.8.0]
at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
~[wicket-core-8.8.0.jar:8.8.0]
even if i have now:
[root@iam-im log]# ls -lrt /opt/syncope/bundles/
total 44792
-rw-r--r--. 1 root root 9191484 Sep 1 12:08
net.tirasa.connid.bundles.soap-1.4.3.jar
-rw-r--r--. 1 root root 7154187 Sep 1 12:08
net.tirasa.connid.bundles.rest-1.0.5.jar
-rw-r--r--. 1 root root 1558693 Sep 1 12:08
net.tirasa.connid.bundles.csvdir-0.8.8.jar
-rw-r--r--. 1 root root 144730 Sep 1 12:08
net.tirasa.connid.bundles.db.table-2.2.6.jar
-rw-r--r--. 1 root root 100074 Sep 1 12:08
net.tirasa.connid.bundles.db.scriptedsql-2.2.6.jar
-rw-r--r--. 1 root root 265305 Sep 1 12:08
net.tirasa.connid.bundles.ldap-1.5.4.jar
-rw-r--r--. 1 root root 401016 Sep 1 12:08
net.tirasa.connid.bundles.ad-1.3.6.jar
-rw-r--r--. 1 root root 5084741 Sep 1 12:08
net.tirasa.connid.bundles.googleapps-1.4.2.jar
-rw-r--r--. 1 root root 10111011 Sep 1 12:08
net.tirasa.connid.bundles.azure-1.0.1.jar
-rw-r--r--. 1 root root 5988834 Sep 1 12:08
net.tirasa.connid.bundles.scimv11-1.0.1.jar
-rw-r--r--. 1 root root 5841730 Sep 1 12:08
net.tirasa.connid.bundles.servicenow-1.0.0.jar
Any suggestion?
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: CSFR Issue
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 02/09/20 12:40, caius75 wrote:
> Hi Guys,
> i've installed Apache Syncope 2.1.6 with maven using tomcat 9.0.34 as JAVA
> EE container and MySQL as internal Storage.
> I can access to syncope-console pointing to tomcat 9080 port and everything
> seems to work fine, but whe i try to access to syncope-console pointing to
> an Apache Web Server acting as reverse-proxy i got following error:
>
> 12:04:14.508 DEBUG
> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener - Source
> URI conflicts with request origin, aborted
> 12:04:14.509 INFO
> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
> Possible CSRF attack, request URL: http://www.cds.org/syncope-console/login,
> Origin: https://www.cds.org, action: aborted with error 400 Origin does not
> correspond to request
>
> even if csrf is set to false in console.properties.
>
> Any ideas?
Hi,
setting
csrf=false
for console.properties is definitely the way to solve the problem reported above.
The only possibility I can figure out to explain the persisting issue is that the actual console.properties being loaded is not the one where you placed the setting.
What deployment directory [1] did you set for config files (normally /opt/syncope/conf) during build?
Regards.
[1] http://syncope.apache.org/docs/2.1/reference-guide.html#deployment-directories
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/