Clarity

Hi Experts,

I have Installed clarity 14.3,and completed the installation of advanced reporting using Jaspersoft.

I am able to navigate to advanced reporting and some of its contents such as create data source from clarity etc.

But when  trying to navigate to manage-->users

its logging out from Clarity application

and

when trying to navigate to repository it is showing please wait and it ends up in  infinite loop

I am not able to find any logs in Clarity

But in Jasper Logs it is showing

2016-03-23 09:11:52,798 ERROR EhCacheImpl,localhost-startStop-2:552 -  -- JasperServer:  EhCacheImpl shutdown called.  This normal shutdown operation. 
2016-03-23 09:11:52,803 ERROR EhCacheImpl,localhost-startStop-2:555 -  -- JasperServer:  EhCacheImpl calling cleanerTimer.cancel().  This normal shutdown operation. 
2016-03-23 09:15:06,723 ERROR CsrfGuard,http-apr-8080-exec-1:44 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.20.3.148, uri:/reportservice/flow.html, error:required token is missing from the request)

Hi Sreejith,

How many users you have provided the Advance Reporting Rights, we have seen this performance issue.

Regards

Suman Pramanik

Hi Suman,

Provided only for ppm administrator

Regards,

Sreejith

Hi Suman,

I am able to figure out the problem.Though we are using separate servers for application server and Jasper server ,6.1 version have some security enhancement based on owasp framework in order to prevent cross-site scripting.So what I did is I edited the below property file :-

<ClarityHome>omcat\webapps\reportservice\WEB-INF\classes\esapi\security-config.properties

and set

security.validation.csrf.on  to false

Thanks for your help

Regards,

Sreejith

Glad you were able to figure it out and thank you for sharing your solution wth the community Sreejith!

Sreejith N M wrote:

 

Hi Suman,

 

I am able to figure out the problem.Though we are using separate servers for application server and Jasper server ,6.1 version have some security enhancement based on owasp framework in order to prevent cross-site scripting.So what I did is I edited the below property file :-

 

<ClarityHome>omcat\webapps\reportservice\WEB-INF\classes\esapi\security-config.properties

 

and set

security.validation.csrf.on to false

 

Thanks for your help

 

Regards,

Sreejith

 

 

 

 

 

Hi Sreejith,

Disabling CSRF is a security vulnerability, can you turn that on and check if you have bind address filled in.

Regards

Suman Pramanik

SumanPramanik: you mean bind address in the csa section?

If so what is the use of bind address .can you please explain?

Regards,

Sreejith

Bind Address (Apache Tomcat only)  Optional hostname or address to which the server socket using the HTTP port is bound. It is useful on servers with two or more network adapters, to bind different app services to different adapters. If you

leave this field empty, all network interfaces are used.