Webapp Name for Security Property File

There is a set of property files that help control the settings for the JasperReports Server functionality that prevents Cross-Site Request Forgery (CSRF). The key files are described in the JasperReports Server Administrator Guide.

One of these properties files refers to the JasperReports Server “webapp name”, but it is not currently automatically updated by the installation procedure. This file is at the following location:

<appserver-path>/jasperserver/WEB-INF/esapi/Owasp.CsrfGuard.properties

If you change the name of your webapp from the default of “jasperserver”, then you will also need to manually update the Owasp.CsrfGuard.properties file.

So, if you modify your default.master.properties like so:

# webAppNamePro = jasperserver

webAppNamePro = jasperserver-inst2

And then do an installation (using the js-install-ce.sh scripts), you will need to edit Owasp.CsrfGuard.properties like so:

Change:

org.owasp.csrfguard.NewTokenLandingPage=/jasperserver/login.html

org.owasp.csrfguard.action.Redirect.Page=/jasperserver/login.html

To:

org.owasp.csrfguard.NewTokenLandingPage=/jasperserver-inst2/login.html

org.owasp.csrfguard.action.Redirect.Page=/jasperserver-inst2/login.html

Version: 
Feedback