Hi Kalpa, When testing product - es we had following error [1] logged when trying to access the publisher login page which is similar to issue mentioned by KasunB in [2]. But we are facing the issue when redirecting to samlsso and commonauth pages. So we had to add the properties [3] to Owasp.CsrfGuard.Carbon.properties file which is different than the property[4] mentioned by KasunB . So we will add those properties[3] at the product level.
[1] - WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.100.7.81, method:POST, uri:/samlsso, error:required token is missing from the request) WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.100.7.81, method:POST, uri:/commonauth, error:required token is missing from the request) [2] - [Dev] [VOTE] Release WSO2 Carbon Kernel 4.4.6 RC2 [3] - org.owasp.csrfguard.unprotected.samlsso=%servletContext%/samlsso/* org.owasp.csrfguard.unprotected.commonauth=%servletContext%/commonauth/* [4] - org.owasp.csrfguard.unprotected.passivests=%servletContext%/acs/* Thanks! Rajith On Thu, Jun 16, 2016 at 12:11 PM, Kalpa Welivitigoda <kal...@wso2.com> wrote: > Hi Gokul, > > With deployment 4.6.1 also you might run into runtime issues when > deploying/accessing webapps. This is due to the tomcat upgrade in kernel > and related fixes needs to go into webapp mgt component as well. Those > fixes are not there in 4.6.1 but available in 4.6.2-SNAPSHOT. So since you > are testing, I think you better depend on 4.6.2-SNAPSHOT. We will be doing > a component repo release once we are done with kernel 4.4.6. > > On Thu, Jun 16, 2016 at 12:03 PM, Gokul Balakrishnan <go...@wso2.com> > wrote: > >> Thanks Kalpa. We'll test with 4.6.1 and get back to you. >> >> On 16 June 2016 at 11:57, Kalpa Welivitigoda <kal...@wso2.com> wrote: >> >>> Hi Gokul, >>> >>> On Thu, Jun 16, 2016 at 11:52 AM, Gokul Balakrishnan <go...@wso2.com> >>> wrote: >>> >>>> Hi Kalpa, >>>> >>>> We're attempting to test DAS with this RC but we're seeing an issue >>>> during the product P2 profile installation, whereby the webapp mgt >>>> component fails to install due to no matching axiom versions being found: >>>> >>>> Installation failed. >>>> Cannot complete the install because one or more required items could >>>> not be found. >>>> Software being installed: WSO2 Carbon - CXF Runtime Environment 4.6.0 >>>> (org.wso2.carbon.as.runtimes.cxf.feature.group 4.6.0) >>>> Missing requirement: org.wso2.carbon.webapp.mgt 4.6.0 >>>> (org.wso2.carbon.webapp.mgt 4.6.0) requires 'package >>>> org.apache.axiom.om [1.2.11.wso2v6,1.3.0)' but it could not be found >>>> Cannot satisfy dependency: >>>> From: WSO2 Carbon - CXF Runtime Environment 4.6.0 >>>> (org.wso2.carbon.as.runtimes.cxf.feature.group 4.6.0) >>>> To: org.wso2.carbon.webapp.mgt.server.feature.group [4.6.0,4.7.0) >>>> Cannot satisfy dependency: >>>> From: WSO2 Carbon - Webapp Management Core Feature 4.6.0 >>>> (org.wso2.carbon.webapp.mgt.server.feature.group 4.6.0) >>>> To: org.wso2.carbon.webapp.mgt [4.6.0] >>>> >>>> It appears the error is being caused because the OSGi import versions >>>> for axiom have been specified [1.2.11.wso2v6, 1.3.0) as opposed to >>>> [1.2.11.wso2v6, 2). What is the latest webapp mgt component we could use >>>> that's compatible with this kernel patch version? >>>> >>>> >>> The reason is we have axiom 1.2.11-wso2v11 in runtime and it doesn't >>> satisfy [1.2.11.wso2v6, 1.3.0), with wso2v6 the range does a string >>> comparison so wso2v11 is lower than wso2v6. We have fixed this import range >>> properly in carbon-deployment 4.6.1, would you please try with deployment >>> 4.6.1? >>> >>> >>> >>>> Thanks, >>>> >>>> On 13 June 2016 at 16:51, Kalpa Welivitigoda <kal...@wso2.com> wrote: >>>> >>>>> Hi Devs, >>>>> >>>>> This is the 3rd release candidate of WSO2 Carbon Kernel 4.4.6. >>>>> >>>>> This release fixes the following issues: >>>>> https://wso2.org/jira/issues/?filter=13090 >>>>> >>>>> Please download and test your products with kernel 4.4.6 RC3 and vote. >>>>> Vote will be open for 72 hours or as longer as needed. >>>>> >>>>> Source and binary distribution files: >>>>> >>>>> http://svn.wso2.org/repos/wso2/people/kalpaw/wso2carbon-4.4.6/wso2carbon-4.4.6-rc3.zip >>>>> >>>>> Maven staging repository: >>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-1024/ >>>>> >>>>> The tag to be voted upon: >>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.6-rc3 >>>>> >>>>> >>>>> [ ] Broken - do not release (explain why) >>>>> [ ] Stable - go ahead and release >>>>> >>>>> Thank you >>>>> Carbon Team >>>>> >>>>> -- >>>>> Best Regards, >>>>> >>>>> Kalpa Welivitigoda >>>>> Senior Software Engineer, WSO2 Inc. http://wso2.com >>>>> Email: kal...@wso2.com >>>>> Mobile: +94776509215 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Gokul Balakrishnan >>>> Senior Software Engineer, >>>> WSO2, Inc. http://wso2.com >>>> M +94 77 5935 789 | +44 7563 570502 >>>> >>>> >>> >>> >>> -- >>> Best Regards, >>> >>> Kalpa Welivitigoda >>> Senior Software Engineer, WSO2 Inc. http://wso2.com >>> Email: kal...@wso2.com >>> Mobile: +94776509215 >>> >> >> >> >> -- >> Gokul Balakrishnan >> Senior Software Engineer, >> WSO2, Inc. http://wso2.com >> M +94 77 5935 789 | +44 7563 570502 >> >> > > > -- > Best Regards, > > Kalpa Welivitigoda > Senior Software Engineer, WSO2 Inc. http://wso2.com > Email: kal...@wso2.com > Mobile: +94776509215 > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Rajith Roshan Software Engineer, WSO2 Inc. Mobile: +94-72-642-8350 <%2B94-71-554-8430>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev