Clarity PPM

Expand all | Collapse all

Jaspersof - ERROR CsrfGuard...

Jump to Best Answer
  • 1.  Jaspersof - ERROR CsrfGuard...

    Posted 03-09-2018 10:46 AM

    Could you help me with this?

    After installing jaspersoft and running the "load DWH Access Right" and "Load DWH" processes and also configure access permissions for users who will use advanced reports, I am not able to use Jaspersoft.

     

    The log jasperserver.txt file displays the following error:

    2018-03-09 11:31:53,557 ERROR CsrfGuard,http-apr-8080-exec-5:44 [ICBC|admin] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.214.224.229, uri:/reportservice/flow.html, error:required token is missing from the request)

     

    • I did in this path:
      E:\jasper621\apache-tomcat-7.0.55\webapps\reportservice\WEB-INF\esapi\Owasp.CsrfGuard.properties
    • I changed org.owasp.csrfguard.TokenName field by "OWASP_CSRFTOKEN" and it stayed like this:
      org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
      # org.owasp.csrfguard.TokenName=JASPER_CSRF_TOKEN

    ____________________________________________________________________

    version.html:

    • JaaS Release Version = 2.2.1
      JaaS Build Number = 54
      JasperSoft Version = JasperReport Server 6.2.1 Enterprise (20160322_0602)  
      CA PPM Jaspersoft Release Version = 5.2.1
      CA PPM Jaspersoft Build Number = 54


  • 2.  Re: Jaspersof - ERROR CsrfGuard...
    Best Answer

    Posted 03-09-2018 11:11 AM

    Please never disable CSRF as its a protection against vulnerabilites. Have a look at the blog which I have written when this patch was rolled out Jaspersoft Server Cumulative Patch 6.2.1_5.2.1.4 Installation Information 

     

    Regards

    Suman Pramanik  



  • 3.  Re: Jaspersof - ERROR CsrfGuard...

    Posted 03-09-2018 12:56 PM

    ok Suman, thank you very much



  • 4.  Re: Jaspersof - ERROR CsrfGuard...

    Posted 03-09-2018 03:32 PM

    Hi suman,

     

    I looked at the link you sent me, but I could not recognize a solution to my problem.

     

    Maybe if I give you the information you need to understand my problem, we could understand each other better.

     

    I give you some information:

     

    I do not have this patch

    CA PPM JASPEROSFT RELEASE PATCH¨VERSION: 5.2.1.4

    CA PPM JASPEROSFT PATCH BUILD NUMBER: 33

     

    And this is my file Properties.xml

    <reportServer id="jaspersoft" home="" vendor="jaspersoft" context="/reportservice" username="ppm_jaspersorf" orgId="ICBC" orgName="icbc" dwJndiName="jdbc/dwh" jndiName="jdbc/clarity" databaseId="Datawarehouse" volumeName="" serviceUrl="http://<servername>:8000" webUrl="http://<servername>:8080/reportservice"/>



  • 5.  Re: Jaspersof - ERROR CsrfGuard...

    Posted 03-11-2018 06:03 AM

    The CSRF solutions works like this, in PPM CSA under Application tab there is entry URL and you need to input the URL which users will use to access CA PPM, if your URL you are using dowsdoe match with URL in Entry URL, Jaspersoft will not be able to authenticate and stop you as we have cross site protection 

     

    The link I gave you talks about clearing cache as we changed XSS token.

     

    Hopefully this explanation helps. 

     

    Also we have released Jaspersoft 6.4.2 and you can start using the new version.