Hi All, I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in $APIM_HOME/repository/conf/security folder by adding the below entry. org.owasp.csrfguard.unprotected.mgtconsolelogin=% servletContext%/carbon/admin/*
I could log in to the Management console with admin credentials but once try to creating user/user roles, cannot proceed further and the same issue is repeating. I think the best option is to downgrade the java. Thanks, *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>* On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <roshan86...@gmail.com> wrote: > Hi Rumy, > > is this mail public ?, [Important][Critical] None of WSO2 products are > working with latest JDK. > > I am also facing the same problem, however downgrade java is not a option > for me :( > > On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <musht...@wso2.com> wrote: > >> Hi Isuru, >> >> Seems like the java version is causing this issue. This issue is there >> with java JDK 8u151. Please refer [1] for more details. >> >> [1] - [Important][Critical] None of WSO2 products are working with >> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >> >> Thanks & Regards, >> Mushthaq >> >> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> wrote: >> >>> Hi Isuru, >>> >>> The reason might the java version you're using. >>> >>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is in >>> $APIM_HOME/repository/conf/security folder with the bellowing entry to >>> ignore this error, IMO it's better if you use the proper java version. >>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>> ext%/carbon/admin/* >>> >>> Thanks, >>> Iqbal >>> >>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <isur...@wso2.com> wrote: >>> >>>> Hi All, >>>> >>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>> Manager. After APIM server is started with the fresh pack, I can navigate >>>> to Management Console. But once I'm trying to log in with admin >>>> credentials, I cannot log in. The error is as below. >>>> >>>> Error: 403 Forbidden >>>> JavaLogger potential cross-site request forgery (CSRF) attack thwarted >>>> (user:<anonymous>, ip:10.100.5.136, method:POST, >>>> uri:/carbon/admin/login_action.jsp, error:required token is missing >>>> from the request) >>>> >>>> Affected Product Version: >>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>> >>>> Environment details and versions: >>>> >>>> macOS High Sierra >>>> Version 10.13.1 >>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>> Firefox: 57.0 >>>> >>>> Any thoughts about this are highly appreciated. >>>> >>>> >>>> *Thanks and Best Regards,* >>>> >>>> *Isuru Uyanage* >>>> *Software Engineer - QA | WSO2* >>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Irham Iqbal >>> Software Engineer >>> WSO2 >>> phone: +94 777888452 >>> <http://wso2.com/signature> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Mushthaq Rumy >> *Software Engineer* >> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >> Email : musht...@wso2.com >> WSO2, Inc.; http://wso2.com/ >> lean . enterprise . middleware. >> >> <http://wso2.com/signature> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
