You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Malcolm McMahon (JIRA)" <ji...@apache.org> on 2011/08/10 14:59:27 UTC

[jira] [Commented] (AMQ-2886) Getting: "java.lang.UnsupportedOperationException: Possible CSRF attack" when trying to purge queue

    [ https://issues.apache.org/jira/browse/AMQ-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13082312#comment-13082312 ] 

Malcolm McMahon commented on AMQ-2886:
--------------------------------------

Looks a lot like the stacktrace I've just seen on 5.5.0, Trying to either purge or delete virtual topic consumer queues when topic still exists.

May need to be re-openned.


> Getting: "java.lang.UnsupportedOperationException: Possible CSRF attack" when trying to purge queue
> ---------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-2886
>                 URL: https://issues.apache.org/jira/browse/AMQ-2886
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.3.2
>         Environment: Linux 2.6.18-128.1.10.el5.xs5.5.0.51xen #1 SMP Wed Nov 11 07:38:08 EST 2009 i686 i686 i386 GNU/Linux
>            Reporter: C Velo
>
> When trying to purge the contents of any queue, I receive:
> HTTP ERROR: 500
> Possible CSRF attack
> RequestURI=/admin/purgeDestination.action
> Caused by:
> java.lang.UnsupportedOperationException: Possible CSRF attack
> 	at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:58)
> 	at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184)
> 	at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1057)
> 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:854)
> 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
> 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
> 	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
> 	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
> 	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> 	at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:81)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> 	at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
> 	at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
> 	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> 	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
> 	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> 	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> 	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
> 	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
> 	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
> 	at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
> 	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> 	at org.mortbay.jetty.Server.handle(Server.java:324)
> 	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
> 	at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:828)
> 	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
> 	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
> 	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
> 	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
> 	at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira