Ok, thanks Bhathiya. On Fri, Nov 24, 2017 at 11:02 PM Bhathiya Jayasekara <[email protected]> wrote:
> It is. What Irham has suggested is a workaround to fix one of a few issues > which occur due to that bug, and it opens up a security vulnerability too. > In a production environment, you shouldn't do that. > > Thanks, > Bhathiya > > On Fri, Nov 24, 2017 at 4:56 PM, roshan wijesena <[email protected]> > wrote: > >> So this is not because of java problem? >> >> On Fri, Nov 24, 2017 at 10:24 PM Isuru Uyanage <[email protected]> wrote: >> >>> Hi Irham, >>> Yes it worked with *carbon/** with java build 1.8.0_144-b01. >>> >>> >>> Thanks >>> Isuru >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >>> On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal <[email protected]> wrote: >>> >>>> Hi Isuru, >>>> >>>> The reason for the issue your facing is the request is not going >>>> for /carbon/admin/* IMO if you making it /carbon/* it should work. >>>> >>>> Thanks, >>>> Iqbal >>>> >>>> On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara <[email protected] >>>> > wrote: >>>> >>>>> Hi Roshan, >>>>> >>>>> No, that's not a public thread. >>>>> >>>>> Here[1] is the original bug. >>>>> >>>>> @Isuru: Make sure you don't have the previous version in your PATH >>>>> variable. >>>>> >>>>> [1] https://bugs.openjdk.java.net/browse/JDK-8189789 >>>>> >>>>> Thanks, >>>>> Bhathiya >>>>> >>>>> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM >>>>>> 2.1.0 >>>>>> >>>>>> But still, I'm getting the same error. Any thoughts about this. >>>>>> >>>>>> *Thanks and Best Regards,* >>>>>> >>>>>> *Isuru Uyanage* >>>>>> *Software Engineer - QA | WSO2* >>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is >>>>>>> in $APIM_HOME/repository/conf/security folder by adding the below >>>>>>> entry. >>>>>>> >>>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/* >>>>>>> >>>>>>> I could log in to the Management console with admin credentials but >>>>>>> once try to creating user/user roles, cannot proceed further and the >>>>>>> same >>>>>>> issue is repeating. I think the best option is to downgrade the java. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> *Thanks and Best Regards,* >>>>>>> >>>>>>> *Isuru Uyanage* >>>>>>> *Software Engineer - QA | WSO2* >>>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Rumy, >>>>>>>> >>>>>>>> is this mail public ?, [Important][Critical] None of WSO2 products >>>>>>>> are working with latest JDK. >>>>>>>> >>>>>>>> I am also facing the same problem, however downgrade java is not a >>>>>>>> option for me :( >>>>>>>> >>>>>>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Isuru, >>>>>>>>> >>>>>>>>> Seems like the java version is causing this issue. This issue is >>>>>>>>> there with java JDK 8u151. Please refer [1] for more details. >>>>>>>>> >>>>>>>>> [1] - [Important][Critical] None of WSO2 products are working >>>>>>>>> with latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in >>>>>>>>> MC] >>>>>>>>> >>>>>>>>> Thanks & Regards, >>>>>>>>> Mushthaq >>>>>>>>> >>>>>>>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi Isuru, >>>>>>>>>> >>>>>>>>>> The reason might the java version you're using. >>>>>>>>>> >>>>>>>>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which >>>>>>>>>> is in $APIM_HOME/repository/conf/security folder with the >>>>>>>>>> bellowing entry to ignore this error, IMO it's better if you use the >>>>>>>>>> proper >>>>>>>>>> java version. >>>>>>>>>> >>>>>>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/* >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Iqbal >>>>>>>>>> >>>>>>>>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>>>>>>>>> Manager. After APIM server is started with the fresh pack, I can >>>>>>>>>>> navigate >>>>>>>>>>> to Management Console. But once I'm trying to log in with admin >>>>>>>>>>> credentials, I cannot log in. The error is as below. >>>>>>>>>>> >>>>>>>>>>> Error: 403 Forbidden >>>>>>>>>>> JavaLogger potential cross-site request forgery (CSRF) attack >>>>>>>>>>> thwarted (user:<anonymous>, ip:10.100.5.136, method:POST, >>>>>>>>>>> uri:/carbon/admin/login_action.jsp, error:required token is missing >>>>>>>>>>> from >>>>>>>>>>> the request) >>>>>>>>>>> >>>>>>>>>>> Affected Product Version: >>>>>>>>>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>>>>>>>>> >>>>>>>>>>> Environment details and versions: >>>>>>>>>>> >>>>>>>>>>> macOS High Sierra >>>>>>>>>>> Version 10.13.1 >>>>>>>>>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>>>>>>>>> Firefox: 57.0 >>>>>>>>>>> >>>>>>>>>>> Any thoughts about this are highly appreciated. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *Thanks and Best Regards,* >>>>>>>>>>> >>>>>>>>>>> *Isuru Uyanage* >>>>>>>>>>> *Software Engineer - QA | WSO2* >>>>>>>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>>>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>>>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Irham Iqbal >>>>>>>>>> Software Engineer >>>>>>>>>> WSO2 >>>>>>>>>> phone: +94 777888452 >>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mushthaq Rumy >>>>>>>>> *Software Engineer* >>>>>>>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>>>>>>> Email : [email protected] >>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>> lean . enterprise . middleware. >>>>>>>>> >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Bhathiya Jayasekara* >>>>> *Associate Technical Lead,* >>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>> >>>>> *Phone: +94715478185 <071%20547%208185>* >>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>> *Twitter: https://twitter.com/bhathiyax >>>>> <https://twitter.com/bhathiyax>* >>>>> *Blog: http://movingaheadblog.blogspot.com >>>>> <http://movingaheadblog.blogspot.com/>* >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Irham Iqbal >>>> Software Engineer >>>> WSO2 >>>> phone: +94 777888452 >>>> <http://wso2.com/signature> >>>> >>>> >>> > > > -- > *Bhathiya Jayasekara* > *Associate Technical Lead,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
