AnsweredAssumed Answered

Jaspersof - ERROR CsrfGuard...

Question asked by RnFernandez on Mar 9, 2018
Latest reply on Mar 11, 2018 by Suman Pramanik

Could you help me with this?

After installing jaspersoft and running the "load DWH Access Right" and "Load DWH" processes and also configure access permissions for users who will use advanced reports, I am not able to use Jaspersoft.

 

The log jasperserver.txt file displays the following error:

2018-03-09 11:31:53,557 ERROR CsrfGuard,http-apr-8080-exec-5:44 [ICBC|admin] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.214.224.229, uri:/reportservice/flow.html, error:required token is missing from the request)

 

  • I did in this path:
    E:\jasper621\apache-tomcat-7.0.55\webapps\reportservice\WEB-INF\esapi\Owasp.CsrfGuard.properties
  • I changed org.owasp.csrfguard.TokenName field by "OWASP_CSRFTOKEN" and it stayed like this:
    org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
    # org.owasp.csrfguard.TokenName=JASPER_CSRF_TOKEN

____________________________________________________________________

version.html:

  • JaaS Release Version = 2.2.1
    JaaS Build Number = 54
    JasperSoft Version = JasperReport Server 6.2.1 Enterprise (20160322_0602)  
    CA PPM Jaspersoft Release Version = 5.2.1
    CA PPM Jaspersoft Build Number = 54

Outcomes