Clarity

Expand all | Collapse all

Advanced Reporting Repository not showing

Jump to Best Answer
  • 1.  Advanced Reporting Repository not showing

    Posted 03-23-2016 12:30 PM

    Hi Experts,

     

    I have Installed clarity 14.3,and completed the installation of advanced reporting using Jaspersoft.

    I am able to navigate to advanced reporting and some of its contents such as create data source from clarity etc.

    But when  trying to navigate to manage-->users

    its logging out from Clarity application

     

    and

     

    when trying to navigate to repository it is showing please wait and it ends up in  infinite loop

     

    I am not able to find any logs in Clarity

    But in Jasper Logs it is showing

     

    2016-03-23 09:11:52,798 ERROR EhCacheImpl,localhost-startStop-2:552 -  -- JasperServer:  EhCacheImpl shutdown called.  This normal shutdown operation. 
    2016-03-23 09:11:52,803 ERROR EhCacheImpl,localhost-startStop-2:555 -  -- JasperServer:  EhCacheImpl calling cleanerTimer.cancel().  This normal shutdown operation. 
    2016-03-23 09:15:06,723 ERROR CsrfGuard,http-apr-8080-exec-1:44 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.20.3.148, uri:/reportservice/flow.html, error:required token is missing from the request)
    


  • 2.  Re: Advanced Reporting Repository not showing

    Posted 03-23-2016 12:35 PM

    Hi Sreejith,

     

    How many users you have provided the Advance Reporting Rights, we have seen this performance issue.

     

    Regards

    Suman Pramanik



  • 3.  Re: Advanced Reporting Repository not showing

    Posted 03-23-2016 02:20 PM

    Hi Suman,

     

    Provided only for ppm administrator

     

    Regards,

    Sreejith



  • 4.  Re: Advanced Reporting Repository not showing
    Best Answer

    Posted 03-24-2016 06:21 AM

    Hi Suman,

     

    I am able to figure out the problem.Though we are using separate servers for application server and Jasper server ,6.1 version have some security enhancement based on owasp framework in order to prevent cross-site scripting.So what I did is I edited the below property file :-

     

    <ClarityHome>omcat\webapps\reportservice\WEB-INF\classes\esapi\security-config.properties

     

    and set

    security.validation.csrf.on  to false

     

    Thanks for your help

     

    Regards,

    Sreejith

     

     

     

     

     



  • 5.  Re: Advanced Reporting Repository not showing

    Posted 03-24-2016 11:43 AM

    Glad you were able to figure it out and thank you for sharing your solution wth the community Sreejith!

    Sreejith N M wrote:

     

    Hi Suman,

     

    I am able to figure out the problem.Though we are using separate servers for application server and Jasper server ,6.1 version have some security enhancement based on owasp framework in order to prevent cross-site scripting.So what I did is I edited the below property file :-

     

    <ClarityHome>omcat\webapps\reportservice\WEB-INF\classes\esapi\security-config.properties

     

    and set

    security.validation.csrf.on to false

     

    Thanks for your help

     

    Regards,

    Sreejith

     

     

     

     

     



  • 6.  Re: Advanced Reporting Repository not showing

    Posted 03-25-2016 01:42 AM

    Hi Sreejith,

     

    Disabling CSRF is a security vulnerability, can you turn that on and check if you have bind address filled in.

     

    Regards

    Suman Pramanik



  • 7.  Re: Advanced Reporting Repository not showing

    Posted 03-29-2016 05:06 AM

    SumanPramanik: you mean bind address in the csa section?

    If so what is the use of bind address .can you please explain?

     

    Regards,

    Sreejith



  • 8.  Re: Advanced Reporting Repository not showing

    Posted 03-29-2016 05:34 AM

    Bind Address (Apache Tomcat only)  Optional hostname or address to which the server socket using the HTTP port is bound. It is useful on servers with two or more network adapters, to bind different app services to different adapters. If you

    leave this field empty, all network interfaces are used.