kmarchewa Posted July 1, 2020 Share Posted July 1, 2020 Hello all,I just set up a Jasper Reports server instance today. I used the install script for Linux rather than the WAR distribution. The server is up and running. I can log in and run reports so that they display in HTML form/on the web UI. However, everytime I try and export a report , rather than performing the export or opening a dialog to confirm options, it simply opens the JasperReports login page in a new tab. Looking at the app logs in WEB-INF, I see two errors reoccuring.The first is related to CSRF tokens.2020-07-01T12:45:53,305 ERROR CsrfGuard,https-jsse-nio-8444-exec-2:45 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:x.x.x.x, method:POST, uri:/jasperserver/flow.html/flowFile/daily_sale.pdf, error:required token is missing from the request)2020-07-01T12:48:42,219 ERROR CsrfGuard,https-jsse-nio-8444-exec-8:45 - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:x.x.x.x, method:POST, uri:/jasperserver/flow.html/flowFile/daily_sale.pdf, error:required token is missing from the request)[/code]I understand what CSRF tokens are and why they are necessary to secure this application. What I do not understand is why the CSRF tokens are not being properly sent with the requests. The second repeating error I am seeing in the logs is one I am less familar with 2020-07-01T12:42:21,474 ERROR JNDIResourceProvider,data.domain.com-startStop-1:75 - error closing context javax.naming.OperationNotSupportedException: Context is read only at org.apache.naming.NamingContext.checkWritable(NamingContext.java:963) at org.apache.naming.NamingContext.close(NamingContext.java:758) at com.tonbeller.tbutils.res.JNDIResourceProvider.close(JNDIResourceProvider.java:72) at com.tonbeller.tbutils.res.CompositeResourceProvider.close(CompositeResourceProvider.java:56) at com.tonbeller.tbutils.res.ResourcesFactory.initialize(ResourcesFactory.java:163) at com.tonbeller.tbutils.res.ResourcesFactory.<init>(ResourcesFactory.java:92) at com.tonbeller.tbutils.res.ResourcesFactory.<clinit>(ResourcesFactory.java:89) at com.tonbeller.tbutils.res.ResourcesFactoryContextListener.contextInitialized(ResourcesFactoryContextListener.java:23) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4699) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5165) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)[/code]I used the bundled Tomcat app server and modified the config to use HTTPS. Not sure if the modifications could have contributed to the issue, but posting here in case: <Connector port="8049" protocol="AJP/1.3" redirectPort="8449"/> <Connector protocol="HTTP/1.1" port="8081" redirectPort="8444" /> <Connector protocol="HTTP/1.1" port="8444" keystorePass="pass" keystoreFile="certs/cert.p12" scheme="https" secure="true" SSLEnabled="true" maxThreads="150" sslEnabledProtocols="TLSv1.2,TLSv1.2,TLSv1.3" sslProtocol="TLSv1.2" />[/code]I am seeing some JS warnings in my browser console, but nothing that seems to shine light on the issue (a depreciation warning and" Ignoring get or set of property that has [LenientThis] because the “this” object is incorrect.").Any points would be appreciated. I have spent quite a while looking at logs and double checking my configuration, but see nothing that could explain the issue. Link to comment Share on other sites More sharing options...
abatchelor Posted November 3, 2021 Share Posted November 3, 2021 We had a user experience this issue also recently.With some research, I found the following article that relates:Exporting report redirected to login page with error relating to CSRF token missing or mismatch | Jaspersoft Community Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now