You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rave.apache.org by "Anthony Carlucci (Resolved) (JIRA)" <ji...@apache.org> on 2012/01/11 23:02:45 UTC
[jira] [Resolved] (RAVE-383) Update Widget throws error
[ https://issues.apache.org/jira/browse/RAVE-383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci resolved RAVE-383.
-----------------------------------
Resolution: Fixed
Fix Version/s: 0.8-INCUBATING
This was a fun one...the underlying problem was the CSRF-prevention-token was getting out of sync on the client and server side under certain circumstances. After some trial and error I noticed it was only happening when you actually clicked on any of the three values that render in a data row for the widget (title, type, status). If you click anywhere else in the empty space for a row, I could never get the tokens to get out of sync.
Each data row has a click event assigned to it to go to the detail page of the widget when clicked. The data values are rendered as anchors that also go to the same detail page of the widget. This was the bug - a double client submission to the view widget detail controller was occurring and causing the tokens to get out of sync.
I removed the extraneous anchor tags around the individual data fields and left the rows as the clickable events. I updated the Users and Preferences pages as well to follow a similar design.
> Update Widget throws error
> --------------------------
>
> Key: RAVE-383
> URL: https://issues.apache.org/jira/browse/RAVE-383
> Project: Rave
> Issue Type: Bug
> Components: rave-web
> Affects Versions: 0.6-INCUBATING
> Environment: Windows 7 (and possibly others)
> Reporter: Venkat Mahadevan
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.8-INCUBATING
>
>
> Once in a while the Update Widget call fails with a stack trace.
> Stacktrace:
> [INFO] [talledLocalContainer] 95609 ravePersistenceUnit TRACE [http-8080-4] openjpa.jdbc.SQL - <t 30820805, conn 29113608> [0 ms] spent
> [INFO] [talledLocalContainer] sessionToken: swkpAHK0ypFa3qGlAigrYgo6URq0CXwHkro9OkzvEyPIz6dGCoLY4zOIcEmj3iylpCuzpqoV6H7iZTExeYgi8217GG8kfYmIzEX2xWS0JwPkdwr6Grwh
> Q3OBhn8Us0TqIU74qpsFRsfRwjjVAxmyI4mxpB1znzYVQid6q5CiiCTX14CJDfQ6t0yyaCSvv9EaxFTrWYQFitZ43RDN5bsEWHQuX57OD5MHixkGGJRw5icyDbfNA2BmyK8CQOX1gBDC
> [INFO] [talledLocalContainer] token: WCZ0SyvSPJLElqUCgg9lgftuB3pb3oh498V1xtKo6c66rvvS7TawFJqkzrsmR9sfmCCZuJmRSVcQXgIsoQcp6BkJhbf74MmsC3GLjjliPQRPmSVBH7wCyew9UBy
> 2Plt1F4mUNdkZ0AX131WlYmJch607gR56dxkiHZvxUhBtByOVPPz0AwNuIL7AgadRvWdkMgKB7mqmskUzQDS12FpLlPNMkKRxHNFZ48ddnFH5tl4aG9nSG99im9DISZqI8Bmf
> [WARNING] [talledLocalContainer] Dec 8, 2011 10:52:09 AM org.apache.catalina.core.StandardWrapperValve invoke
> [WARNING] [talledLocalContainer] SEVERE: Servlet.service() for servlet dispatcher threw exception
> [WARNING] [talledLocalContainer] java.lang.SecurityException: Token does not match
> [WARNING] [talledLocalContainer] at org.apache.rave.portal.web.controller.admin.AdminControllerUtil.checkTokens(AdminControllerUtil.java:49)
> [WARNING] [talledLocalContainer] at org.apache.rave.portal.web.controller.admin.WidgetController.updateWidgetDetail(WidgetController.java:121)
> [WARNING] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [WARNING] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> [WARNING] [talledLocalContainer] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> [WARNING] [talledLocalContainer] at java.lang.reflect.Method.invoke(Method.java:597)
> [WARNING] [talledLocalContainer] at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:17
> 6)
> [WARNING] [talledLocalContainer] at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHan
> dlerAdapter.java:426)
> [WARNING] [talledLocalContainer] at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.j
> ava:414)
> [WARNING] [talledLocalContainer] at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
> [WARNING] [talledLocalContainer] at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
> [WARNING] [talledLocalContainer] at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
> [WARNING] [talledLocalContainer] at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:560)
> [WARNING] [talledLocalContainer] at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> [WARNING] [talledLocalContainer] at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109
> )
> [WARNING] [talledLocalContainer] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:8
> 3)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.
> java:78)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenti
> cationFilter.java:119)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwa
> reRequestFilter.java:54)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java
> :177)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticatio
> nProcessingFilter.java:187)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticatio
> nProcessingFilter.java:187)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.j
> ava:79)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
> [WARNING] [talledLocalContainer] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)
> [WARNING] [talledLocalContainer] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
> [WARNING] [talledLocalContainer] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> [WARNING] [talledLocalContainer] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [WARNING] [talledLocalContainer] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:554)
> [WARNING] [talledLocalContainer] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [WARNING] [talledLocalContainer] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> [WARNING] [talledLocalContainer] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> [WARNING] [talledLocalContainer] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> [WARNING] [talledLocalContainer] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> [WARNING] [talledLocalContainer] at java.lang.Thread.run(Thread.java:662)
> The call to checkTokens() in the AdminControllerUtil fails. Found that the sessionToken length is greater than 256 as well as it doesn't match the sessionToken.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira