JasperReports Server - Opening Login Page when Trying To Perform Export

[kmarchewa]

Hello all,

I just set up a Jasper Reports server instance today. I used the install script for Linux rather than the WAR distribution. The server is up and running. I can log in and run reports so that they display in HTML form/on the web UI. However, everytime I try and export a report , rather than performing the export or opening a dialog to confirm options, it simply opens the JasperReports login page in a new tab. Looking at the app logs in WEB-INF, I see two errors reoccuring.

The first is related to CSRF tokens.

2020-07-01T12:45:53,305 ERROR CsrfGuard,https-jsse-nio-8444-exec-2:45 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:x.x.x.x, method:POST, uri:/jasperserver/flow.html/flowFile/daily_sale.pdf, error:required token is missing from the request)2020-07-01T12:48:42,219 ERROR CsrfGuard,https-jsse-nio-8444-exec-8:45 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:x.x.x.x, method:POST, uri:/jasperserver/flow.html/flowFile/daily_sale.pdf, error:required token is missing from the request)[/code]

I understand what CSRF tokens are and why they are necessary to secure this application. What I do not understand is why the CSRF tokens are not being properly sent with the requests.

 

The second repeating error I am seeing in the logs is one I am less familar with

 

2020-07-01T12:42:21,474 ERROR JNDIResourceProvider,data.domain.com-startStop-1:75 - error closing context javax.naming.OperationNotSupportedException: Context is read only        at org.apache.naming.NamingContext.checkWritable(NamingContext.java:963)        at org.apache.naming.NamingContext.close(NamingContext.java:758)        at com.tonbeller.tbutils.res.JNDIResourceProvider.close(JNDIResourceProvider.java:72)        at com.tonbeller.tbutils.res.CompositeResourceProvider.close(CompositeResourceProvider.java:56)        at com.tonbeller.tbutils.res.ResourcesFactory.initialize(ResourcesFactory.java:163)        at com.tonbeller.tbutils.res.ResourcesFactory.<init>(ResourcesFactory.java:92)        at com.tonbeller.tbutils.res.ResourcesFactory.<clinit>(ResourcesFactory.java:89)        at com.tonbeller.tbutils.res.ResourcesFactoryContextListener.contextInitialized(ResourcesFactoryContextListener.java:23)        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4699)        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5165)        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)        at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)        at java.util.concurrent.FutureTask.run(FutureTask.java:266)        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)        at java.lang.Thread.run(Thread.java:748)[/code]

I used the bundled Tomcat app server and modified the config to use HTTPS. Not sure if the modifications could have contributed to the issue, but posting here in case:

    <Connector port="8049" protocol="AJP/1.3" redirectPort="8449"/>                          <Connector protocol="HTTP/1.1" port="8081" redirectPort="8444" />                          <Connector protocol="HTTP/1.1" port="8444" keystorePass="pass" keystoreFile="certs/cert.p12" scheme="https" secure="true" SSLEnabled="true" maxThreads="150" sslEnabledProtocols="TLSv1.2,TLSv1.2,TLSv1.3" sslProtocol="TLSv1.2" />[/code]

I am seeing some JS warnings in my browser console, but nothing that seems to shine light on the issue (a depreciation warning and" Ignoring get or set of property that has [LenientThis] because the “this” object is incorrect.").

Any points would be appreciated. I have spent quite a while looking at logs and double checking my configuration, but see nothing that could explain the issue.

[abatchelor]

We had a user experience this issue also recently.

With some research, I found the following article that relates:

Exporting report redirected to login page with error relating to CSRF token missing or mismatch | Jaspersoft Community