So this is not because of java problem? On Fri, Nov 24, 2017 at 10:24 PM Isuru Uyanage <[email protected]> wrote:
> Hi Irham, > Yes it worked with *carbon/** with java build 1.8.0_144-b01. > > > Thanks > Isuru > > *Thanks and Best Regards,* > > *Isuru Uyanage* > *Software Engineer - QA | WSO2* > *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* > *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ > <https://www.linkedin.com/in/isuru-uyanage/>* > > > > > On Fri, Nov 24, 2017 at 7:56 AM, Irham Iqbal <[email protected]> wrote: > >> Hi Isuru, >> >> The reason for the issue your facing is the request is not going >> for /carbon/admin/* IMO if you making it /carbon/* it should work. >> >> Thanks, >> Iqbal >> >> On Thu, Nov 23, 2017 at 8:20 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Hi Roshan, >>> >>> No, that's not a public thread. >>> >>> Here[1] is the original bug. >>> >>> @Isuru: Make sure you don't have the previous version in your PATH >>> variable. >>> >>> [1] https://bugs.openjdk.java.net/browse/JDK-8189789 >>> >>> Thanks, >>> Bhathiya >>> >>> On Thu, Nov 23, 2017 at 4:30 PM, Isuru Uyanage <[email protected]> wrote: >>> >>>> Hi All, >>>> I downgraded Java to (build 1.8.0_144-b01) and restarted the APIM 2.1.0 >>>> >>>> But still, I'm getting the same error. Any thoughts about this. >>>> >>>> *Thanks and Best Regards,* >>>> >>>> *Isuru Uyanage* >>>> *Software Engineer - QA | WSO2* >>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>> >>>> >>>> >>>> >>>> On Thu, Nov 23, 2017 at 1:22 PM, Isuru Uyanage <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I tried updating Owasp.CsrfGuard.Carbon.properties file, which is in >>>>> $APIM_HOME/repository/conf/security folder by adding the below entry. >>>>> >>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/* >>>>> >>>>> I could log in to the Management console with admin credentials but >>>>> once try to creating user/user roles, cannot proceed further and the same >>>>> issue is repeating. I think the best option is to downgrade the java. >>>>> >>>>> Thanks, >>>>> >>>>> *Thanks and Best Regards,* >>>>> >>>>> *Isuru Uyanage* >>>>> *Software Engineer - QA | WSO2* >>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Nov 23, 2017 at 4:54 AM, roshan wijesena < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Rumy, >>>>>> >>>>>> is this mail public ?, [Important][Critical] None of WSO2 products >>>>>> are working with latest JDK. >>>>>> >>>>>> I am also facing the same problem, however downgrade java is not a >>>>>> option for me :( >>>>>> >>>>>> On Wed, Nov 22, 2017 at 11:09 PM, Mushthaq Rumy <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Isuru, >>>>>>> >>>>>>> Seems like the java version is causing this issue. This issue is >>>>>>> there with java JDK 8u151. Please refer [1] for more details. >>>>>>> >>>>>>> [1] - [Important][Critical] None of WSO2 products are working with >>>>>>> latest JDK [Was: GZIP decoding issue in APIM/EI when deployed in MC] >>>>>>> >>>>>>> Thanks & Regards, >>>>>>> Mushthaq >>>>>>> >>>>>>> On Wed, Nov 22, 2017 at 3:35 PM, Irham Iqbal <[email protected]> wrote: >>>>>>> >>>>>>>> Hi Isuru, >>>>>>>> >>>>>>>> The reason might the java version you're using. >>>>>>>> >>>>>>>> You can update the Owasp.CsrfGuard.Carbon.properties file, which >>>>>>>> is in $APIM_HOME/repository/conf/security folder with the >>>>>>>> bellowing entry to ignore this error, IMO it's better if you use the >>>>>>>> proper >>>>>>>> java version. >>>>>>>> >>>>>>>> org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/* >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Iqbal >>>>>>>> >>>>>>>> On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API >>>>>>>>> Manager. After APIM server is started with the fresh pack, I can >>>>>>>>> navigate >>>>>>>>> to Management Console. But once I'm trying to log in with admin >>>>>>>>> credentials, I cannot log in. The error is as below. >>>>>>>>> >>>>>>>>> Error: 403 Forbidden >>>>>>>>> JavaLogger potential cross-site request forgery (CSRF) attack >>>>>>>>> thwarted (user:<anonymous>, ip:10.100.5.136, method:POST, >>>>>>>>> uri:/carbon/admin/login_action.jsp, error:required token is missing >>>>>>>>> from >>>>>>>>> the request) >>>>>>>>> >>>>>>>>> Affected Product Version: >>>>>>>>> wum updated pack: wso2am-2.1.0.1511201090302.zip >>>>>>>>> >>>>>>>>> Environment details and versions: >>>>>>>>> >>>>>>>>> macOS High Sierra >>>>>>>>> Version 10.13.1 >>>>>>>>> Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) >>>>>>>>> Firefox: 57.0 >>>>>>>>> >>>>>>>>> Any thoughts about this are highly appreciated. >>>>>>>>> >>>>>>>>> >>>>>>>>> *Thanks and Best Regards,* >>>>>>>>> >>>>>>>>> *Isuru Uyanage* >>>>>>>>> *Software Engineer - QA | WSO2* >>>>>>>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>>>>>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>>>>>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Irham Iqbal >>>>>>>> Software Engineer >>>>>>>> WSO2 >>>>>>>> phone: +94 777888452 >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Mushthaq Rumy >>>>>>> *Software Engineer* >>>>>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194> >>>>>>> Email : [email protected] >>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>> lean . enterprise . middleware. >>>>>>> >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Bhathiya Jayasekara* >>> *Associate Technical Lead,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <071%20547%208185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Irham Iqbal >> Software Engineer >> WSO2 >> phone: +94 777888452 >> <http://wso2.com/signature> >> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
