Hi Hafidi,

We are glad that you found WSO2 Integrator useful for your university
project. We can help you to fix the issues that you have faced.

When you are using the try-it tool, if there is no authentication session
in the browser for the management console (user is not logged into mgt
console), then when you try to invoke the service, it would give an error
like below.

[2018-04-10 15:23:16,301] [EI-Core]  INFO - AuthenticationAdmin
'admin@carbon.super [-1234]' logged out at [2018-04-10 15:23:16,0301]
[2018-04-10 15:23:28,678] [EI-Core]  WARN - JavaLogger potential cross-site
request forgery (CSRF) attack thwarted (user:<anonymous>, ip:x.x.x.x,
method:POST, uri:*/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp*,
error:request token does not match session token)

In your case, the URL that it has failed might be different. In order to
fix that, you can modify the
*EI_HOME/conf/security/Owasp.CsrfGuard.Carbon.properties* file and at the
end of the file, put the line blow.

In above config, you can change the highlighted text as you wish. Basically
you can put the failed URL in above and then restart the server. It should
not give the error again.

An alternative is, you can get the WSDL URL of your service and invoke it
from a tool like SoapUI and it should work.

If you need any help, feel free to get back. Also if you can send us the
error log printed, then it will be helpful for providing you the solution.

Best Regards,
Tharindu Edirisinghe


Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
Dev mailing list

Reply via email to