Could you help me with this?
After installing jaspersoft and running the "load DWH Access Right" and "Load DWH" processes and also configure access permissions for users who will use advanced reports, I am not able to use Jaspersoft.
The log jasperserver.txt file displays the following error:
2018-03-09 11:31:53,557 ERROR CsrfGuard,http-apr-8080-exec-5:44 [ICBC|admin] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.214.224.229, uri:/reportservice/flow.html, error:required token is missing from the request)
Please never disable CSRF as its a protection against vulnerabilites. Have a look at the blog which I have written when this patch was rolled out Jaspersoft Server Cumulative Patch 6.2.1_126.96.36.199 Installation Information
ok Suman, thank you very much
I looked at the link you sent me, but I could not recognize a solution to my problem.
Maybe if I give you the information you need to understand my problem, we could understand each other better.
I give you some information:
I do not have this patch
CA PPM JASPEROSFT RELEASE PATCH¨VERSION: 188.8.131.52
CA PPM JASPEROSFT PATCH BUILD NUMBER: 33
And this is my file Properties.xml
<reportServer id="jaspersoft" home="" vendor="jaspersoft" context="/reportservice" username="ppm_jaspersorf" orgId="ICBC" orgName="icbc" dwJndiName="jdbc/dwh" jndiName="jdbc/clarity" databaseId="Datawarehouse" volumeName="" serviceUrl="http://<servername>:8000" webUrl="http://<servername>:8080/reportservice"/>
The CSRF solutions works like this, in PPM CSA under Application tab there is entry URL and you need to input the URL which users will use to access CA PPM, if your URL you are using dowsdoe match with URL in Entry URL, Jaspersoft will not be able to authenticate and stop you as we have cross site protection
The link I gave you talks about clearing cache as we changed XSS token.
Hopefully this explanation helps.
Also we have released Jaspersoft 6.4.2 and you can start using the new version.