It is. What Irham has suggested is a workaround to fix one of a few issues which occur due to that bug, and it opens up a security vulnerability too. In a production environment, you shouldn't do that.
Thanks, Bhathiya On Fri, Nov 24, 2017 at 4:56 PM, roshan wijesena <roshan86...@gmail.com> wrote: > So this is not because of java problem? > > On Fri, Nov 24, 2017 at 10:24 PM Isuru Uyanage <isur...@wso2.com> wrote: > >> Hi Irham, >> Yes it worked with *carbon/** with java build 1.8.0_144-b01. >> >> >> Thanks >> Isuru >> >> *Thanks and Best Regards,* >> >> *Isuru Uyanage* >> *Software Engineer - QA | WSO2* >> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >> <https://www.linkedin.com/in/isuru-uyanage/>* >> >> >> >> >> On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal <iq...@wso2.com> wrote: >> >>> Hi Isuru, >>> >>> The reason for the issue your facing is the request is not going >>> for /carbon/admin/* IMO if you making it /carbon/* it should work. >>> >>> Thanks, >>> Iqbal >>> >>> On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara <bhath...@wso2.com> >>> wrote: >>> >>>> Hi Roshan, >>>> >>>> No, that's not a public thread. >>>> >>>> Here[1] is the original bug. >>>> >>>> @Isuru: Make sure you don't have the previous version in your PATH >>>> variable. >>>> >>>> [1] https://bugs.openjdk.java.net/browse/JDK-8189789 >>>> >>>> Thanks, >>>> Bhathiya >>>> >>>> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage <isur...@wso2.com> >>>> wrote: >>>> >>>>> Hi All, >>>>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0 >>>>> >>>>> But still, I'm getting the same error. Any thoughts about this. >>>>> >>>>> *Thanks and Best Regards,* >>>>> >>>>> *Isuru Uyanage* >>>>> *Software Engineer - QA | WSO2* >>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage <isur...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in >>>>>> $APIM_HOME/repository/conf/security folder by adding the below entry. >>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=% >>>>>> servletContext%/carbon/admin/* >>>>>> >>>>>> I could log in to the Management console with admin credentials but >>>>>> once try to creating user/user roles, cannot proceed further and the same >>>>>> issue is repeating. I think the best option is to downgrade the java. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> *Thanks and Best Regards,* >>>>>> >>>>>> *Isuru Uyanage* >>>>>> *Software Engineer - QA | WSO2* >>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena < >>>>>> roshan86...@gmail.com> wrote: >>>>>> >>>>>>> Hi Rumy, >>>>>>> >>>>>>> is this mail public ?, [Important][Critical] None of WSO2 products >>>>>>> are working with latest JDK. >>>>>>> >>>>>>> I am also facing the same problem, however downgrade java is not a >>>>>>> option for me :( >>>>>>> >>>>>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <musht...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Isuru, >>>>>>>> >>>>>>>> Seems like the java version is causing this issue. This issue is >>>>>>>> there with java JDK 8u151. Please refer [1] for more details. >>>>>>>> >>>>>>>> [1] - [Important][Critical] None of WSO2 products are working with >>>>>>>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >>>>>>>> >>>>>>>> Thanks & Regards, >>>>>>>> Mushthaq >>>>>>>> >>>>>>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <iq...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Isuru, >>>>>>>>> >>>>>>>>> The reason might the java version you're using. >>>>>>>>> >>>>>>>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which >>>>>>>>> is in $APIM_HOME/repository/conf/security folder with the >>>>>>>>> bellowing entry to ignore this error, IMO it's better if you use the >>>>>>>>> proper >>>>>>>>> java version. >>>>>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=% >>>>>>>>> servletContext%/carbon/admin/* >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Iqbal >>>>>>>>> >>>>>>>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <isur...@wso2.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>>>>>>>> Manager. After APIM server is started with the fresh pack, I can >>>>>>>>>> navigate >>>>>>>>>> to Management Console. But once I'm trying to log in with admin >>>>>>>>>> credentials, I cannot log in. The error is as below. >>>>>>>>>> >>>>>>>>>> Error: 403 Forbidden >>>>>>>>>> JavaLogger potential cross-site request forgery (CSRF) attack >>>>>>>>>> thwarted (user:<anonymous>, ip:10.100.5.136, method:POST, >>>>>>>>>> uri:/carbon/admin/login_action.jsp, error:required token is >>>>>>>>>> missing from the request) >>>>>>>>>> >>>>>>>>>> Affected Product Version: >>>>>>>>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>>>>>>>> >>>>>>>>>> Environment details and versions: >>>>>>>>>> >>>>>>>>>> macOS High Sierra >>>>>>>>>> Version 10.13.1 >>>>>>>>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>>>>>>>> Firefox: 57.0 >>>>>>>>>> >>>>>>>>>> Any thoughts about this are highly appreciated. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Thanks and Best Regards,* >>>>>>>>>> >>>>>>>>>> *Isuru Uyanage* >>>>>>>>>> *Software Engineer - QA | WSO2* >>>>>>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> Dev@wso2.org >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Irham Iqbal >>>>>>>>> Software Engineer >>>>>>>>> WSO2 >>>>>>>>> phone: +94 777888452 >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Mushthaq Rumy >>>>>>>> *Software Engineer* >>>>>>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>>>>>> Email : musht...@wso2.com >>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>> lean . enterprise . middleware. >>>>>>>> >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> Dev@wso2.org >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Bhathiya Jayasekara* >>>> *Associate Technical Lead,* >>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>> >>>> *Phone: +94715478185 <071%20547%208185>* >>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>> <http://www.linkedin.com/in/bhathiyaj>* >>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>>> *Blog: http://movingaheadblog.blogspot.com >>>> <http://movingaheadblog.blogspot.com/>* >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Irham Iqbal >>> Software Engineer >>> WSO2 >>> phone: +94 777888452 >>> <http://wso2.com/signature> >>> >>> >> -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
