Hi Isuru, The reason for the issue your facing is the request is not going for /carbon/admin/* IMO if you making it /carbon/* it should work.
Thanks, Iqbal On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara <bhath...@wso2.com> wrote: > Hi Roshan, > > No, that's not a public thread. > > Here[1] is the original bug. > > @Isuru: Make sure you don't have the previous version in your PATH > variable. > > [1] https://bugs.openjdk.java.net/browse/JDK-8189789 > > Thanks, > Bhathiya > > On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi All, >> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0 >> >> But still, I'm getting the same error. Any thoughts about this. >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage <isur...@wso2.com> wrote: >> >>> Hi All, >>> >>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in >>> $APIM_HOME/repository/conf/security folder by adding the below entry. >>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>> ext%/carbon/admin/* >>> >>> I could log in to the Management console with admin credentials but once >>> try to creating user/user roles, cannot proceed further and the same issue >>> is repeating. I think the best option is to downgrade the java. >>> >>> Thanks, >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena <roshan86...@gmail.com> >>> wrote: >>> >>>> Hi Rumy, >>>> >>>> is this mail public ?, [Important][Critical] None of WSO2 products are >>>> working with latest JDK. >>>> >>>> I am also facing the same problem, however downgrade java is not a >>>> option for me :( >>>> >>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <musht...@wso2.com> >>>> wrote: >>>> >>>>> Hi Isuru, >>>>> >>>>> Seems like the java version is causing this issue. This issue is there >>>>> with java JDK 8u151. Please refer [1] for more details. >>>>> >>>>> [1] - [Important][Critical] None of WSO2 products are working with >>>>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >>>>> >>>>> Thanks & Regards, >>>>> Mushthaq >>>>> >>>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> wrote: >>>>> >>>>>> Hi Isuru, >>>>>> >>>>>> The reason might the java version you're using. >>>>>> >>>>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which is >>>>>> in $APIM_HOME/repository/conf/security folder with the bellowing >>>>>> entry to ignore this error, IMO it's better if you use the proper java >>>>>> version. >>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletCont >>>>>> ext%/carbon/admin/* >>>>>> >>>>>> Thanks, >>>>>> Iqbal >>>>>> >>>>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <isur...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>>>>> Manager. After APIM server is started with the fresh pack, I can >>>>>>> navigate >>>>>>> to Management Console. But once I'm trying to log in with admin >>>>>>> credentials, I cannot log in. The error is as below. >>>>>>> >>>>>>> Error: 403 Forbidden >>>>>>> JavaLogger potential cross-site request forgery (CSRF) attack >>>>>>> thwarted (user:<anonymous>, ip:10.100.5.136, method:POST, >>>>>>> uri:/carbon/admin/login_action.jsp, error:required token is missing >>>>>>> from the request) >>>>>>> >>>>>>> Affected Product Version: >>>>>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>>>>> >>>>>>> Environment details and versions: >>>>>>> >>>>>>> macOS High Sierra >>>>>>> Version 10.13.1 >>>>>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>>>>> Firefox: 57.0 >>>>>>> >>>>>>> Any thoughts about this are highly appreciated. >>>>>>> >>>>>>> >>>>>>> *Thanks and Best Regards,* >>>>>>> >>>>>>> *Isuru Uyanage* >>>>>>> *Software Engineer - QA | WSO2* >>>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Irham Iqbal >>>>>> Software Engineer >>>>>> WSO2 >>>>>> phone: +94 777888452 >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Mushthaq Rumy >>>>> *Software Engineer* >>>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>>> Email : musht...@wso2.com >>>>> WSO2, Inc.; http://wso2.com/ >>>>> lean . enterprise . middleware. >>>>> >>>>> <http://wso2.com/signature> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Bhathiya Jayasekara* > *Associate Technical Lead,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <071%20547%208185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Irham Iqbal Software Engineer WSO2 phone: +94 777888452 <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev