Clarity

Could you help me with this?

After installing jaspersoft and running the "load DWH Access Right" and "Load DWH" processes and also configure access permissions for users who will use advanced reports, I am not able to use Jaspersoft.

The log jasperserver.txt file displays the following error:

2018-03-09 11:31:53,557 ERROR CsrfGuard,http-apr-8080-exec-5:44 [ICBC|admin] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:10.214.224.229, uri:/reportservice/flow.html, error:required token is missing from the request)

• I found the following answer to my problem, is similar but it does not work
  https://community.jaspersoft.com/wiki/csrfguard-errorrequired-token-missing-request

• I did in this path:
  E:\jasper621\apache-tomcat-7.0.55\webapps\reportservice\WEB-INF\esapi\Owasp.CsrfGuard.properties

• I changed org.owasp.csrfguard.TokenName field by "OWASP_CSRFTOKEN" and it stayed like this:
  org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
  # org.owasp.csrfguard.TokenName=JASPER_CSRF_TOKEN

____________________________________________________________________

version.html:

• JaaS Release Version = 2.2.1
  JaaS Build Number = 54
  JasperSoft Version = JasperReport Server 6.2.1 Enterprise (20160322_0602)  
  CA PPM Jaspersoft Release Version = 5.2.1
  CA PPM Jaspersoft Build Number = 54

Please never disable CSRF as its a protection against vulnerabilites. Have a look at the blog which I have written when this patch was rolled out Jaspersoft Server Cumulative Patch 6.2.1_5.2.1.4 Installation Information 

Regards

Suman Pramanik  

ok Suman, thank you very much

Hi suman,

I looked at the link you sent me, but I could not recognize a solution to my problem.

Maybe if I give you the information you need to understand my problem, we could understand each other better.

I give you some information:

I do not have this patch

CA PPM JASPEROSFT RELEASE PATCH¨VERSION: 5.2.1.4

CA PPM JASPEROSFT PATCH BUILD NUMBER: 33

And this is my file Properties.xml

<reportServer id="jaspersoft" home="" vendor="jaspersoft" context="/reportservice" username="ppm_jaspersorf" orgId="ICBC" orgName="icbc" dwJndiName="jdbc/dwh" jndiName="jdbc/clarity" databaseId="Datawarehouse" volumeName="" serviceUrl="http://<servername>:8000" webUrl="http://<servername>:8080/reportservice"/>

The CSRF solutions works like this, in PPM CSA under Application tab there is entry URL and you need to input the URL which users will use to access CA PPM, if your URL you are using dowsdoe match with URL in Entry URL, Jaspersoft will not be able to authenticate and stop you as we have cross site protection 

The link I gave you talks about clearing cache as we changed XSS token.

Hopefully this explanation helps. 

Also we have released Jaspersoft 6.4.2 and you can start using the new version.