Hi Hafidi, We are glad that you found WSO2 Integrator useful for your university project. We can help you to fix the issues that you have faced.
When you are using the try-it tool, if there is no authentication session in the browser for the management console (user is not logged into mgt console), then when you try to invoke the service, it would give an error like below. [2018-04-10 15:23:16,301] [EI-Core] INFO - AuthenticationAdmin 'admin@carbon.super [-1234]' logged out at [2018-04-10 15:23:16,0301] [2018-04-10 15:23:28,678] [EI-Core] WARN - JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:x.x.x.x, method:POST, uri:*/carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp*, error:request token does not match session token) In your case, the URL that it has failed might be different. In order to fix that, you can modify the *EI_HOME/conf/security/Owasp.CsrfGuard.Carbon.properties* file and at the end of the file, put the line blow. org.owasp.csrfguard.unprotected.*TryIt*=%servletContext%/ *carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp* In above config, you can change the highlighted text as you wish. Basically you can put the failed URL in above and then restart the server. It should not give the error again. An alternative is, you can get the WSDL URL of your service and invoke it from a tool like SoapUI and it should work. If you need any help, feel free to get back. Also if you can send us the error log printed, then it will be helpful for providing you the solution. Best Regards, Tharindu Edirisinghe -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
