You have no chances to see "WebSocketBehavior::onConnect " log message due to your login is unsuccessful
as you are saying there are no errors in the logs ... Are there any errors in browser console? network tab? On Thu, Sep 21, 2017 at 2:08 PM, Coscend@OM <om.insig...@coscend.com> wrote: > Dear Maxim, > > > > CSRF is not violated in proxy scenario because: > > 1. No OM log records of CSRF violation. > > 2. Also, 3.3.0 is working fine that has CSRF event listener enabled > (Application.Java @235). 3.3.0 is working fine under same proxy setting > and same server / environment. > > > > -----------Log DIFFs---------Detailed logs at the end. > > DIFF between FAILED (via proxy) vs SUCCESSFUL (without proxy) login: the > following lines are MISSING when it FAILS: > > DEBUG 09-20 11:05:33.339 631732 229 o.a.o.w.c.MainPanel [105-6083-exec-6] > - WebSocketBehavior::onConnect [uid: 648aabcf-2bc0-4df5-b891-065e3ffde9c3, > session: E73B6C62D991E218215709F7F7095547, key: > org.apache.wicket.protocol.ws.api.registry.PageIdKey@0] > > DEBUG 09-20 11:05:33.342 631735 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > E73B6C62D991E218215709F7F7095547' and page id '0' > > DEBUG 09-20 11:05:33.351 631744 238 o.a.o.w.c.MainPanel [105-6083-exec-7] > - WebSocketBehavior:: pingTimer is attached > > > > -------------Relevant DIFF of 3.3.2 and 3.3.0 files----------- > > Could any of these changes require some additional proxy settings? > > > > openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/ > ISlaveHTTPConnectionManager.jav > a > > removed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/remote/MainService.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java> > > Changed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/remote/UserService.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/UserService.java> > > changed > > openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/util/ > SessionVariablesUtil.java > > removed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/session/ServerUtil.java > > removed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/session/SessionManager.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/session/SessionManager.java> > > changed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/session/store/DatabaseStore.java > > removed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/session/store/HashMapStore.java > > removed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/session/store/IClientPersistenceStore. > java > > removed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/IClientUtil.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/IClientUtil.java> > > added > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/WebSocketHelper.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/WebSocketHelper.java> > > Changed > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/ws/WsMessageAll.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/ws/WsMessageAll.java> > > Added > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/ws/WsMessageChat.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/ws/WsMessageChat.java> > > Added > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/ws/WsMessageRoom.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/ws/WsMessageRoom.java> > > Added > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/ws/WsMessageRoomMsg.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/ws/WsMessageRoomMsg.java> > > Added > > openmeetings-core/src/main/java/org/apache/openmeetings/ > core/util/ws/WsMessageUser.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-core/src/main/java/org/apache/openmeetings/core/util/ws/WsMessageUser.java> > > Added > > openmeetings-db/src/main/java/org/apache/openmeetings/db/ > dao/server/ISessionManager.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/ISessionManager.java> > > changed > > openmeetings-db/src/main/java/org/apache/openmeetings/db/ > dao/server/ServerDao.java > > removed > > openmeetings-db/src/main/java/org/apache/openmeetings/db/ > dao/server/SessiondataDao.java > <https://fossies.org/linux/www/apache-openmeetings-3.3.1-src.tar.gz/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/server/SessiondataDao.java> > > changed > > > > > > Logs: FAILED LOGIN > > =================== > > Step 1: Load Login Page > > ---------- > > DEBUG 09-20 15:33:59.748 388830 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > D6BC338DED09B3A5E5105569B4D39C01' and page id '6' > > DEBUG 09-20 15:33:59.915 388997 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > D6BC338DED09B3A5E5105569B4D39C01' and page id '6' > > DEBUG 09-20 15:33:59.947 389029 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > D6BC338DED09B3A5E5105569B4D39C01' and page id '6' > > DEBUG 09-20 15:34:00.236 389318 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > D6BC338DED09B3A5E5105569B4D39C01' and page id '6' > > DEBUG 09-20 15:34:00.316 389398 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > D6BC338DED09B3A5E5105569B4D39C01' and page id '6' > > > > Step 2: POST / Authentication > > -------- > > DEBUG 09-20 15:35:50.776 499858 642 o.a.o.d.d.u.UserDao [105-6083-exec-5] > - login:: 1 users were found > > DEBUG 09-20 15:35:51.228 500310 40 o.a.o.d.u.AuthLevelUtil > [105-6083-exec-5] - Level Login :: [GRANTED] > > DEBUG 09-20 15:35:51.229 500311 659 o.a.o.d.d.u.UserDao [105-6083-exec-5] > - loginUser [GroupUser [id=1, moderator=false, group=Group [id=1, > name=Coscend, deleted=false], user=User [id=1, firstname=firstname, > lastname=lastname, login=Coscend.Insights, pictureuri=null, deleted=false, > languageId=1, address=Address [id=1, country=US, street=null, town=null, > zip=null, deleted=false, email=<>@Coscend.com, phone=null], > externalId=null, externalType=null, type=user]]] > > DEBUG 09-20 15:35:51.233 500315 40 o.a.o.d.u.AuthLevelUtil > [105-6083-exec-5] - Level Admin :: [GRANTED] > > DEBUG 09-20 15:35:51.236 500318 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > EE17FFD4E063A1234AF5E595D772F897' and page id '1' > > DEBUG 09-20 15:35:51.286 500368 87 o.a.o.d.d.s.LdapConfigDao > [105-6083-exec-1] - getActiveLdapConfigs > > DEBUG 09-20 15:35:51.297 500379 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > 1ECB3A19302921EF126DE4FD76C82D5F' and page id '1' > > DEBUG 09-20 15:35:51.468 500550 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > 1ECB3A19302921EF126DE4FD76C82D5F' and page id '1' > > DEBUG 09-20 15:35:51.501 500583 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > 1ECB3A19302921EF126DE4FD76C82D5F' and page id '1' > > DEBUG 09-20 15:35:51.812 500894 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > 1ECB3A19302921EF126DE4FD76C82D5F' and page id '1' > > DEBUG 09-20 15:35:51.892 500974 91 o.w.d.h.HazelcastDataStore > [ageSavingThread] - Inserted data for session ' > 1ECB3A19302921EF126DE4FD76C82D5F' and page id '1' > > > > Thank you. > > > > Sincerely, > > > > Hemant K. Sabat > > > > Coscend Communications Solutions > > www.Coscend.com <http://www.coscend.com/> > > ------------------------------------------------------------------ > > *Real-time, Interactive Video Collaboration, Tele-healthcare, > Tele-education, Telepresence Services, on the fly…* > > ------------------------------------------------------------------ > > CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail > Messages from Coscend Communications Solutions' posted at: > http://www.Coscend.com/Terms_and_Conditions.html > <http://www.coscend.com/Terms_and_Conditions.html> > > > > > > > > > > *From:* Maxim Solodovnik [mailto:solomax...@gmail.com] > *Sent:* Thursday, September 21, 2017 12:41 AM > *To:* Openmeetings user-list <user@openmeetings.apache.org>; > om.insig...@coscend.com > *Subject:* Re: 3.3.2 Snapshot: Login not Posting via Proxy > > > > In case of CSRF you should have the record in the logs CSRF was violated > > Is it the case? > > > > On Thu, Sep 21, 2017 at 3:56 AM, Coscend@OM <om.insig...@coscend.com> > wrote: > > Dear OpenMeetings Users, > > > > We would appreciate any vectors to resolve the following issue: > > > > We successfully installed, configured, logged in OM 3.3.2 Snapshot > > 1. Internally, i.e., http://IP:port/openmeetings > > 2. Externally, i.e., http://<our.FQDN.name>:port/openmeetings > > OM logs have a line: > > DEBUG 09-20 14:45:14.219 221956 388 o.a.o.w.a.Application > [105-6083-exec-2] - Adding online client: > 63e8a860-65c6-4687-a7e0-ca435ca21ec6, > room: null > > > > ISSUE > > -------- > > However, we are unable to login to OM 3.3.2 Snapshot via Proxy server. > When we click on submit username/password, it reloads the login page. > > OM logs are MISSING this line: “Adding online client:…” > > > > > > QUESTIONS > > -------- > > > > 1. What has changed between OM 3.3.2 and 3.3.0 that does not POST > login credentials? Anything to do with Session variables and session > request handlers? > > 2. We have used the proxy server settings that are working perfectly > with OM 3.3.0 in which CSRF and CSP, XSS were introduced. > > Alteametasoft Demo server: What additional proxy settings needed to be > added to Apache Web server to enable OM 3.3.2? > > > > Source of proxy server settings: > > i) CSRF: http://markmail.org/message/o4szinpxt4e2tzch > > ii) Proxy logging: http://markmail.org/message/ > mft3m5bdjeqxwicw > > > > Thank you. > > > > Sincerely, > > > > Hemant K. Sabat > > > > Coscend Communications Solutions > > www.Coscend.com <http://www.coscend.com/> > > ------------------------------------------------------------------ > > *Real-time, Interactive Video Collaboration, Tele-healthcare, > Tele-education, Telepresence Services, on the fly…* > > ------------------------------------------------------------------ > > CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail > Messages from Coscend Communications Solutions' posted at: > http://www.Coscend.com/Terms_and_Conditions.html > <http://www.coscend.com/Terms_and_Conditions.html> > > > > > > > > > > > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > Virus-free. www.avg.com > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > > > > > -- > > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
