[jira] [Commented] (AMQ-3425) Unable to delete a queue via web console

Fri, 29 Jul 2011 03:33:42 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-3425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072767#comment-13072767
 ] 

Dejan Bosanac commented on AMQ-3425:
------------------------------------

This is expected behavior. The protection against CSRF attacks is implemented 
to make sure you're calling an action from the web application (and not hitting 
URLs directly). When you hit "back" button, the browser will pull the page from 
the cache and it will not be properly initialized. Try reloading "queues" page 
before hitting "delete" and it will work.



> Unable to delete a queue via web console
> ----------------------------------------
>
>                 Key: AMQ-3425
>                 URL: https://issues.apache.org/jira/browse/AMQ-3425
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.0, 5.6.0
>         Environment: web console, default configuration
>            Reporter: Torsten Mielke
>              Labels: console, web
>
> Using the following steps will make it impossible to delete a queue via the 
> web console admin interface
> - start ActiveMQ with default configuration (where web console and sample 
> Camel route are deployed)
> - open the web console http://localhost:8161/admin, click on Queues
> - for the only queue example.A, press browse
> - go back in your browser and now try to Delete the queue using the Delete 
> link
> - it will raise "Exception occurred while processing this request, check the 
> log for more information!"
> The AMQ log contains:
> {noformat}
> java.lang.UnsupportedOperationException: Possible CSRF attack
>       at 
> org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:58)
>       at 
> org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184)
>       at 
> org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:945)
>       at 
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:753)
>       at 
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
>       at 
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
>       at 
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>       at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:527)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1216)
>       at org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>       at 
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
>       at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>       at 
> org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:81)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>       at 
> com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
>       at 
> com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:421)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
>       at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:493)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:930)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:358)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:866)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
>       at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>       at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
>       at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
>       at org.eclipse.jetty.server.Server.handle(Server.java:351)
>       at 
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)
>       at 
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)
>       at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)
>       at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
>       at 
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
>       at java.lang.Thread.run(Thread.java:636)
> {noformat}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to