Hi Kalpa,
When testing product - es we had following error [1] logged when trying to
access the publisher login page which is similar to issue mentioned by
KasunB in [2]. But we are facing the issue when redirecting to samlsso and
commonauth pages.
So we had to add the properties [3] to Owasp.CsrfGuard.Carbon.properties
file which is different than the property[4] mentioned by KasunB . So we
will add those properties[3] at the product level.
[1] - WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site
request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.100.7.81,
method:POST, uri:/samlsso, error:required token is missing from the request)
WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request
forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.100.7.81,
method:POST, uri:/commonauth, error:required token is missing from the
request)
[2] - [Dev] [VOTE] Release WSO2 Carbon Kernel 4.4.6 RC2
[3] - org.owasp.csrfguard.unprotected.samlsso=%servletContext%/samlsso/*
org.owasp.csrfguard.unprotected.commonauth=%servletContext%/commonauth/*
[4] - org.owasp.csrfguard.unprotected.passivests=%servletContext%/acs/*
Thanks!
Rajith
On Thu, Jun 16, 2016 at 12:11 PM, Kalpa Welivitigoda <kal...@wso2.com>
wrote:
> Hi Gokul,
>
> With deployment 4.6.1 also you might run into runtime issues when
> deploying/accessing webapps. This is due to the tomcat upgrade in kernel
> and related fixes needs to go into webapp mgt component as well. Those
> fixes are not there in 4.6.1 but available in 4.6.2-SNAPSHOT. So since you
> are testing, I think you better depend on 4.6.2-SNAPSHOT. We will be doing
> a component repo release once we are done with kernel 4.4.6.
>
> On Thu, Jun 16, 2016 at 12:03 PM, Gokul Balakrishnan <go...@wso2.com>
> wrote:
>
>> Thanks Kalpa. We'll test with 4.6.1 and get back to you.
>>
>> On 16 June 2016 at 11:57, Kalpa Welivitigoda <kal...@wso2.com> wrote:
>>
>>> Hi Gokul,
>>>
>>> On Thu, Jun 16, 2016 at 11:52 AM, Gokul Balakrishnan <go...@wso2.com>
>>> wrote:
>>>
>>>> Hi Kalpa,
>>>>
>>>> We're attempting to test DAS with this RC but we're seeing an issue
>>>> during the product P2 profile installation, whereby the webapp mgt
>>>> component fails to install due to no matching axiom versions being found:
>>>>
>>>> Installation failed.
>>>> Cannot complete the install because one or more required items could
>>>> not be found.
>>>> Software being installed: WSO2 Carbon - CXF Runtime Environment 4.6.0
>>>> (org.wso2.carbon.as.runtimes.cxf.feature.group 4.6.0)
>>>> Missing requirement: org.wso2.carbon.webapp.mgt 4.6.0
>>>> (org.wso2.carbon.webapp.mgt 4.6.0) requires 'package
>>>> org.apache.axiom.om [1.2.11.wso2v6,1.3.0)' but it could not be found
>>>> Cannot satisfy dependency:
>>>> From: WSO2 Carbon - CXF Runtime Environment 4.6.0
>>>> (org.wso2.carbon.as.runtimes.cxf.feature.group 4.6.0)
>>>> To: org.wso2.carbon.webapp.mgt.server.feature.group [4.6.0,4.7.0)
>>>> Cannot satisfy dependency:
>>>> From: WSO2 Carbon - Webapp Management Core Feature 4.6.0
>>>> (org.wso2.carbon.webapp.mgt.server.feature.group 4.6.0)
>>>> To: org.wso2.carbon.webapp.mgt [4.6.0]
>>>>
>>>> It appears the error is being caused because the OSGi import versions
>>>> for axiom have been specified [1.2.11.wso2v6, 1.3.0) as opposed to
>>>> [1.2.11.wso2v6, 2). What is the latest webapp mgt component we could use
>>>> that's compatible with this kernel patch version?
>>>>
>>>>
>>> The reason is we have axiom 1.2.11-wso2v11 in runtime and it doesn't
>>> satisfy [1.2.11.wso2v6, 1.3.0), with wso2v6 the range does a string
>>> comparison so wso2v11 is lower than wso2v6. We have fixed this import range
>>> properly in carbon-deployment 4.6.1, would you please try with deployment
>>> 4.6.1?
>>>
>>>
>>>
>>>> Thanks,
>>>>
>>>> On 13 June 2016 at 16:51, Kalpa Welivitigoda <kal...@wso2.com> wrote:
>>>>
>>>>> Hi Devs,
>>>>>
>>>>> This is the 3rd release candidate of WSO2 Carbon Kernel 4.4.6.
>>>>>
>>>>> This release fixes the following issues:
>>>>> https://wso2.org/jira/issues/?filter=13090
>>>>>
>>>>> Please download and test your products with kernel 4.4.6 RC3 and vote.
>>>>> Vote will be open for 72 hours or as longer as needed.
>>>>>
>>>>> Source and binary distribution files:
>>>>>
>>>>> http://svn.wso2.org/repos/wso2/people/kalpaw/wso2carbon-4.4.6/wso2carbon-4.4.6-rc3.zip
>>>>>
>>>>> Maven staging repository:
>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1024/
>>>>>
>>>>> The tag to be voted upon:
>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.6-rc3
>>>>>
>>>>>
>>>>> [ ] Broken - do not release (explain why)
>>>>> [ ] Stable - go ahead and release
>>>>>
>>>>> Thank you
>>>>> Carbon Team
>>>>>
>>>>> --
>>>>> Best Regards,
>>>>>
>>>>> Kalpa Welivitigoda
>>>>> Senior Software Engineer, WSO2 Inc. http://wso2.com
>>>>> Email: kal...@wso2.com
>>>>> Mobile: +94776509215
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Gokul Balakrishnan
>>>> Senior Software Engineer,
>>>> WSO2, Inc. http://wso2.com
>>>> M +94 77 5935 789 | +44 7563 570502
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>> Kalpa Welivitigoda
>>> Senior Software Engineer, WSO2 Inc. http://wso2.com
>>> Email: kal...@wso2.com
>>> Mobile: +94776509215
>>>
>>
>>
>>
>> --
>> Gokul Balakrishnan
>> Senior Software Engineer,
>> WSO2, Inc. http://wso2.com
>> M +94 77 5935 789 | +44 7563 570502
>>
>>
>
>
> --
> Best Regards,
>
> Kalpa Welivitigoda
> Senior Software Engineer, WSO2 Inc. http://wso2.com
> Email: kal...@wso2.com
> Mobile: +94776509215
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Rajith Roshan
Software Engineer, WSO2 Inc.
Mobile: +94-72-642-8350 <%2B94-71-554-8430>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
