Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
Locked
 
|
Hi All,
I updated to the latest Trunk version yesterday and I am getting the following error message at various locations in the back office. I get the same error message on Jacques's server: https://lamouline.myvnc.com:28443/webtools/control/main. This one occurred in the Manufacturing Component when I try to perform any action on a Production Run(schedule, quick start, etc.). I get a similar message to the following depending on what I try to do. The Following Errors Occurred: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productionRunId] passed to secure (https) request-map with uri [quickStartAllProductionRunTasks] with an event that calls service [quickStartAllProductionRunTasks]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL. This occurred in the Order Component when I go into an order and in the Shipment Information tab I select "New Shipment for Ship Group [00001]. The Following Errors Occurred: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [statusId] passed to secure (https) request-map with uri [createShipment] with an event that calls service [createShipment]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL. Here is the log section of the errors: 2009-03-25 17:28:50,107 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = -1 2009-03-25 17:28:50,165 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO ] [[[ShowProductionRun] Request Done- total:0.842,since last([ShowProductionRu...):0.842]] 2009-03-25 17:28:58,054 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO ] [[[quickChangeProductionRunStatus] Request Begun, encoding=[UTF-8]- total:0.0,since last(Begin):0.0]] 2009-03-25 17:28:58,058 (http-0.0.0.0-8443-4) [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter [productionRunId] passed to secure (https) request-map with uri [quickChangeProductionRunStatus] with an event that calls service [quickChangeProductionRunStatus]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] 2009-03-25 17:28:58,059 (http-0.0.0.0-8443-4) [ RequestHandler.java:379:ERROR] Request quickChangeProductionRunStatus caused an error with the following message: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productionRunId] passed to secure (https) request-map with uri [quickChangeProductionRunStatus] with an event that calls service [quickChangeProductionRunStatus]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL. 2009-03-25 17:28:58,060 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO ] Rendering View [ProductionRunDeclaration], sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 2009-03-25 17:28:58,405 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:28:58,406 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = -1 2009-03-25 17:28:58,407 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:28:58,408 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = 0 2009-03-25 17:28:58,432 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:28:58,434 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = 2 2009-03-25 17:28:58,509 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:28:58,510 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = -1 2009-03-25 17:28:58,538 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO ] [[[quickChangeProductionRunStatus] Request Done- total:0.484,since last([quickChangeProdu...):0.484]] 2009-03-25 17:29:04,098 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO ] [[[quickStartAllProductionRunTasks] Request Begun, encoding=[UTF-8]- total:0.0,since last(Begin):0.0]] 2009-03-25 17:29:04,119 (http-0.0.0.0-8443-4) [ ConfigXMLReader.java:118:INFO ] controller loaded: 0.0020s, 15 requests, 13 views in file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB-INF/common-controller.xml 2009-03-25 17:29:04,123 (http-0.0.0.0-8443-4) [ ConfigXMLReader.java:118:INFO ] controller loaded: 0.013s, 146 requests, 69 views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter [productionRunId] passed to secure (https) request-map with uri [quickStartAllProductionRunTasks] with an event that calls service [quickStartAllProductionRunTasks]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) [ RequestHandler.java:379:ERROR] Request quickStartAllProductionRunTasks caused an error with the following message: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productionRunId] passed to secure (https) request-map with uri [quickStartAllProductionRunTasks] with an event that calls service [quickStartAllProductionRunTasks]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL. 2009-03-25 17:29:04,137 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO ] Rendering View [ProductionRunDeclaration], sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 2009-03-25 17:29:04,160 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 13 screens in 0.017s from: file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/JobshopScreens.xml 2009-03-25 17:29:04,232 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 1 screens in 0.01s from: file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/CommonScreens.xml 2009-03-25 17:29:04,248 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 1 screens in 0.01s from: file:/home/cjhorton/development/ofbiz/applications/commonext/widget/CommonScreens.xml 2009-03-25 17:29:04,292 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 22 screens in 0.015s from: file:/home/cjhorton/development/ofbiz/framework/common/widget/CommonScreens.xml 2009-03-25 17:29:04,580 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:29:04,581 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = -1 2009-03-25 17:29:04,611 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:29:04,612 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = 0 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = 2 2009-03-25 17:29:04,678 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] preparePager: low - high = 0 - 20 2009-03-25 17:29:04,679 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] preparePager: Found rows = -1 2009-03-25 17:29:04,716 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO ] [[[quickStartAllProductionRunTasks] Request Done- total:0.618,since last([quickStartAllPro...):0.618]] 2009-03-25 17:32:09,018 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO ] [[[changeProductionRunTaskStatus] Request Begun, encoding=[UTF-8]- total:0.0,since last(Begin):0.0]] 2009-03-25 17:32:09,041 (http-0.0.0.0-8443-4) [ ConfigXMLReader.java:118:INFO ] controller loaded: 0.0s, 15 requests, 13 views in file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB-INF/common-controller.xml 2009-03-25 17:32:09,048 (http-0.0.0.0-8443-4) [ ConfigXMLReader.java:118:INFO ] controller loaded: 0.017s, 146 requests, 69 views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml 2009-03-25 17:32:09,053 (http-0.0.0.0-8443-4) [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter [productionRunId] passed to secure (https) request-map with uri [changeProductionRunTaskStatus] with an event that calls service [changeProductionRunTaskStatus]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ RequestHandler.java:379:ERROR] Request changeProductionRunTaskStatus caused an error with the following message: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productionRunId] passed to secure (https) request-map with uri [changeProductionRunTaskStatus] with an event that calls service [changeProductionRunTaskStatus]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL. 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO ] Rendering View [ProductionRunDeclaration], sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 2009-03-25 17:32:09,084 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 13 screens in 0.023s from: file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/JobshopScreens.xml 2009-03-25 17:32:09,256 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 1 screens in 0.01s from: file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/CommonScreens.xml 2009-03-25 17:32:09,281 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 1 screens in 0.01s from: file:/home/cjhorton/development/ofbiz/applications/commonext/widget/CommonScreens.xml 2009-03-25 17:32:09,325 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO ] Got 22 screens in 0.014s from: fil I figured I would post it while i start examining what is going on. Thanks, CJ |
Re: Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
Administrator
|
I should work soon on this on a global way. It's related to https://issues.apache.org/jira/browse/OFBIZ-2243
I began but it's still a WIP Jacques From: "cjhorton" <[hidden email]> > > Hi All, > > I updated to the latest Trunk version yesterday and I am getting the > following error message at various locations in the back office. I get the > same error message on Jacques's server: > https://lamouline.myvnc.com:28443/webtools/control/main. > > This one occurred in the Manufacturing Component when I try to perform any > action on a Production Run(schedule, quick start, etc.). I get a similar > message to the following depending on what I try to do. > > > The Following Errors Occurred: > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [productionRunId] passed to secure (https) request-map with uri > [quickStartAllProductionRunTasks] with an event that calls service > [quickStartAllProductionRunTasks]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL. > > > This occurred in the Order Component when I go into an order and in the > Shipment Information tab I select "New Shipment for Ship Group [00001]. > > > The Following Errors Occurred: > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [statusId] passed to secure (https) request-map with uri > [createShipment] with an event that calls service [createShipment]; this is > not allowed for security reasons! The data should be encrypted by making it > part of the request body instead of the request URL. > > Here is the log section of the errors: > > 2009-03-25 17:28:50,107 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:28:50,165 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO > ] [[[ShowProductionRun] Request Done- total:0.842,since > last([ShowProductionRu...):0.842]] > 2009-03-25 17:28:58,054 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO > ] [[[quickChangeProductionRunStatus] Request Begun, encoding=[UTF-8]- > total:0.0,since last(Begin):0.0]] > 2009-03-25 17:28:58,058 (http-0.0.0.0-8443-4) > [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [quickChangeProductionRunStatus] with an event that calls service > [quickChangeProductionRunStatus]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] > 2009-03-25 17:28:58,059 (http-0.0.0.0-8443-4) [ > RequestHandler.java:379:ERROR] Request quickChangeProductionRunStatus caused > an error with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [quickChangeProductionRunStatus] with an event that calls service > [quickChangeProductionRunStatus]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL. > 2009-03-25 17:28:58,060 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO > ] Rendering View [ProductionRunDeclaration], > sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 > 2009-03-25 17:28:58,405 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,406 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:28:58,407 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,408 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = 0 > 2009-03-25 17:28:58,432 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,434 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = 2 > 2009-03-25 17:28:58,509 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,510 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:28:58,538 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO > ] [[[quickChangeProductionRunStatus] Request Done- total:0.484,since > last([quickChangeProdu...):0.484]] > 2009-03-25 17:29:04,098 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO > ] [[[quickStartAllProductionRunTasks] Request Begun, encoding=[UTF-8]- > total:0.0,since last(Begin):0.0]] > 2009-03-25 17:29:04,119 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.0020s, 15 requests, 13 > views in > file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB-INF/common-controller.xml > 2009-03-25 17:29:04,123 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.013s, 146 requests, 69 > views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml > 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) > [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [quickStartAllProductionRunTasks] with an event that calls service > [quickStartAllProductionRunTasks]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] > 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) [ > RequestHandler.java:379:ERROR] Request quickStartAllProductionRunTasks > caused an error with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [quickStartAllProductionRunTasks] with an event that calls service > [quickStartAllProductionRunTasks]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL. > 2009-03-25 17:29:04,137 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO > ] Rendering View [ProductionRunDeclaration], > sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 > 2009-03-25 17:29:04,160 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 13 screens in 0.017s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/JobshopScreens.xml > 2009-03-25 17:29:04,232 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/CommonScreens.xml > 2009-03-25 17:29:04,248 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/commonext/widget/CommonScreens.xml > 2009-03-25 17:29:04,292 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 22 screens in 0.015s from: > file:/home/cjhorton/development/ofbiz/framework/common/widget/CommonScreens.xml > 2009-03-25 17:29:04,580 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,581 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:29:04,611 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,612 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = 0 > 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = 2 > 2009-03-25 17:29:04,678 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,679 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:29:04,716 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO > ] [[[quickStartAllProductionRunTasks] Request Done- total:0.618,since > last([quickStartAllPro...):0.618]] > 2009-03-25 17:32:09,018 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO > ] [[[changeProductionRunTaskStatus] Request Begun, encoding=[UTF-8]- > total:0.0,since last(Begin):0.0]] > 2009-03-25 17:32:09,041 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.0s, 15 requests, 13 > views in > file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB-INF/common-controller.xml > 2009-03-25 17:32:09,048 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.017s, 146 requests, 69 > views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml > 2009-03-25 17:32:09,053 (http-0.0.0.0-8443-4) > [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [changeProductionRunTaskStatus] with an event that calls service > [changeProductionRunTaskStatus]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] > 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ > RequestHandler.java:379:ERROR] Request changeProductionRunTaskStatus caused > an error with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [changeProductionRunTaskStatus] with an event that calls service > [changeProductionRunTaskStatus]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body instead > of the request URL. > 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO > ] Rendering View [ProductionRunDeclaration], > sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 > 2009-03-25 17:32:09,084 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 13 screens in 0.023s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/JobshopScreens.xml > 2009-03-25 17:32:09,256 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/CommonScreens.xml > 2009-03-25 17:32:09,281 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/commonext/widget/CommonScreens.xml > 2009-03-25 17:32:09,325 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO > ] Got 22 screens in 0.014s from: fil > > I figured I would post it while i start examining what is going on. > > Thanks, > > CJ > -- > View this message in context: > http://www.nabble.com/Getting-%22The-data-should-be-encrypted-by-making-it-part-of-the-request-body-instead-of-the-request-URL.%22-errors-in-Back-Office-tp22712428p22712428.html > Sent from the OFBiz - User mailing list archive at Nabble.com. > |
Re: Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
|
|
In reply to this post by cjhorton
The error message pretty much says it all: the request passed parameters in the URL that are not allowed in the URL because they are insecure, ie they should be passed in form fields which are in the message body which are secure. Quite a bit of discussion has gone on related to this, including notification of the change and such. It is not a bug so much as older code that needs to be updated to be more secure, because of a new security policy we are trying to more strictly enforce. The most valuable feedback you can offer, and what is unfortunately missing in this message, is each page that has links that are like this. For example, you mention the manufacturing component, but which requests? What does your browser have in the URL box on the page with the bad link in it? Also, what it he URL of the link itself that is bad? Those things will help us find and fix these quickly. It really only takes a few minutes for each one. On a more technical note: at this point all such problems should be in links that are manually coded in FTL files. All links in widget XML files should be handled at this point (with possible exceptions, but these should be more rare). Anyway, what we need is URLs! -David On Mar 25, 2009, at 4:38 PM, cjhorton wrote: > > Hi All, > > I updated to the latest Trunk version yesterday and I am getting the > following error message at various locations in the back office. I > get the > same error message on Jacques's server: > https://lamouline.myvnc.com:28443/webtools/control/main. > > This one occurred in the Manufacturing Component when I try to > perform any > action on a Production Run(schedule, quick start, etc.). I get a > similar > message to the following depending on what I try to do. > > > The Following Errors Occurred: > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: > Found URL > parameter [productionRunId] passed to secure (https) request-map > with uri > [quickStartAllProductionRunTasks] with an event that calls service > [quickStartAllProductionRunTasks]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL. > > > This occurred in the Order Component when I go into an order and in > the > Shipment Information tab I select "New Shipment for Ship Group > [00001]. > > > The Following Errors Occurred: > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: > Found URL > parameter [statusId] passed to secure (https) request-map with uri > [createShipment] with an event that calls service [createShipment]; > this is > not allowed for security reasons! The data should be encrypted by > making it > part of the request body instead of the request URL. > > Here is the log section of the errors: > > 2009-03-25 17:28:50,107 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:28:50,165 (http-0.0.0.0-8443-4) [ ControlServlet.java: > 299:INFO > ] [[[ShowProductionRun] Request Done- total:0.842,since > last([ShowProductionRu...):0.842]] > 2009-03-25 17:28:58,054 (http-0.0.0.0-8443-4) [ ControlServlet.java: > 130:INFO > ] [[[quickChangeProductionRunStatus] Request Begun, encoding=[UTF-8]- > total:0.0,since last(Begin):0.0]] > 2009-03-25 17:28:58,058 (http-0.0.0.0-8443-4) > [ServiceEventHandler.java:271:ERROR] =============== Found URL > parameter > [productionRunId] passed to secure (https) request-map with uri > [quickChangeProductionRunStatus] with an event that calls service > [quickChangeProductionRunStatus]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL.; In session > [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] > 2009-03-25 17:28:58,059 (http-0.0.0.0-8443-4) [ > RequestHandler.java:379:ERROR] Request > quickChangeProductionRunStatus caused > an error with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [quickChangeProductionRunStatus] with an event that calls service > [quickChangeProductionRunStatus]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL. > 2009-03-25 17:28:58,060 (http-0.0.0.0-8443-4) [ RequestHandler.java: > 649:INFO > ] Rendering View [ProductionRunDeclaration], > sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 > 2009-03-25 17:28:58,405 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,406 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:28:58,407 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,408 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = 0 > 2009-03-25 17:28:58,432 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,434 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = 2 > 2009-03-25 17:28:58,509 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:28:58,510 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:28:58,538 (http-0.0.0.0-8443-4) [ ControlServlet.java: > 299:INFO > ] [[[quickChangeProductionRunStatus] Request Done- total:0.484,since > last([quickChangeProdu...):0.484]] > 2009-03-25 17:29:04,098 (http-0.0.0.0-8443-4) [ ControlServlet.java: > 130:INFO > ] [[[quickStartAllProductionRunTasks] Request Begun, encoding=[UTF-8]- > total:0.0,since last(Begin):0.0]] > 2009-03-25 17:29:04,119 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.0020s, 15 > requests, 13 > views in > file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB- > INF/common-controller.xml > 2009-03-25 17:29:04,123 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.013s, 146 > requests, 69 > views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml > 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) > [ServiceEventHandler.java:271:ERROR] =============== Found URL > parameter > [productionRunId] passed to secure (https) request-map with uri > [quickStartAllProductionRunTasks] with an event that calls service > [quickStartAllProductionRunTasks]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL.; In session > [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] > 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) [ > RequestHandler.java:379:ERROR] Request quickStartAllProductionRunTasks > caused an error with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [quickStartAllProductionRunTasks] with an event that calls service > [quickStartAllProductionRunTasks]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL. > 2009-03-25 17:29:04,137 (http-0.0.0.0-8443-4) [ RequestHandler.java: > 649:INFO > ] Rendering View [ProductionRunDeclaration], > sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 > 2009-03-25 17:29:04,160 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 13 screens in 0.017s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/ > widget/manufacturing/JobshopScreens.xml > 2009-03-25 17:29:04,232 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/ > widget/manufacturing/CommonScreens.xml > 2009-03-25 17:29:04,248 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/commonext/widget/ > CommonScreens.xml > 2009-03-25 17:29:04,292 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 22 screens in 0.015s from: > file:/home/cjhorton/development/ofbiz/framework/common/widget/ > CommonScreens.xml > 2009-03-25 17:29:04,580 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,581 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:29:04,611 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,612 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = 0 > 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = 2 > 2009-03-25 17:29:04,678 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1345:INFO ] > preparePager: low - high = 0 - 20 > 2009-03-25 17:29:04,679 (http-0.0.0.0-8443-4) [ ModelForm.java: > 1363:INFO ] > preparePager: Found rows = -1 > 2009-03-25 17:29:04,716 (http-0.0.0.0-8443-4) [ ControlServlet.java: > 299:INFO > ] [[[quickStartAllProductionRunTasks] Request Done- total:0.618,since > last([quickStartAllPro...):0.618]] > 2009-03-25 17:32:09,018 (http-0.0.0.0-8443-4) [ ControlServlet.java: > 130:INFO > ] [[[changeProductionRunTaskStatus] Request Begun, encoding=[UTF-8]- > total:0.0,since last(Begin):0.0]] > 2009-03-25 17:32:09,041 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.0s, 15 > requests, 13 > views in > file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB- > INF/common-controller.xml > 2009-03-25 17:32:09,048 (http-0.0.0.0-8443-4) [ > ConfigXMLReader.java:118:INFO ] controller loaded: 0.017s, 146 > requests, 69 > views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml > 2009-03-25 17:32:09,053 (http-0.0.0.0-8443-4) > [ServiceEventHandler.java:271:ERROR] =============== Found URL > parameter > [productionRunId] passed to secure (https) request-map with uri > [changeProductionRunTaskStatus] with an event that calls service > [changeProductionRunTaskStatus]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL.; In session > [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] > 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ > RequestHandler.java:379:ERROR] Request changeProductionRunTaskStatus > caused > an error with the following message: Error calling event: > org.ofbiz.webapp.event.EventHandlerException: Found URL parameter > [productionRunId] passed to secure (https) request-map with uri > [changeProductionRunTaskStatus] with an event that calls service > [changeProductionRunTaskStatus]; this is not allowed for security > reasons! > The data should be encrypted by making it part of the request body > instead > of the request URL. > 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ RequestHandler.java: > 649:INFO > ] Rendering View [ProductionRunDeclaration], > sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 > 2009-03-25 17:32:09,084 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 13 screens in 0.023s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/ > widget/manufacturing/JobshopScreens.xml > 2009-03-25 17:32:09,256 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/manufacturing/ > widget/manufacturing/CommonScreens.xml > 2009-03-25 17:32:09,281 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 1 screens in 0.01s from: > file:/home/cjhorton/development/ofbiz/applications/commonext/widget/ > CommonScreens.xml > 2009-03-25 17:32:09,325 (http-0.0.0.0-8443-4) [ ScreenFactory.java: > 129:INFO > ] Got 22 screens in 0.014s from: fil > > I figured I would post it while i start examining what is going on. > > Thanks, > > CJ > -- > View this message in context: http://www.nabble.com/Getting-%22The-data-should-be-encrypted-by-making-it-part-of-the-request-body-instead-of-the-request-URL.%22-errors-in-Back-Office-tp22712428p22712428.html > Sent from the OFBiz - User mailing list archive at Nabble.com. > |
Re: Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
Re: Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
Re: Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
|
Administrator
|
In reply to this post by Jacques Le Roux
Done for XML files at r759700
Jacques From: "Jacques Le Roux" <[hidden email]> >I should work soon on this on a global way. It's related to https://issues.apache.org/jira/browse/OFBIZ-2243 > > I began but it's still a WIP > > Jacques > > From: "cjhorton" <[hidden email]> >> >> Hi All, >> >> I updated to the latest Trunk version yesterday and I am getting the >> following error message at various locations in the back office. I get the >> same error message on Jacques's server: >> https://lamouline.myvnc.com:28443/webtools/control/main. >> >> This one occurred in the Manufacturing Component when I try to perform any >> action on a Production Run(schedule, quick start, etc.). I get a similar >> message to the following depending on what I try to do. >> >> >> The Following Errors Occurred: >> >> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL >> parameter [productionRunId] passed to secure (https) request-map with uri >> [quickStartAllProductionRunTasks] with an event that calls service >> [quickStartAllProductionRunTasks]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL. >> >> >> This occurred in the Order Component when I go into an order and in the >> Shipment Information tab I select "New Shipment for Ship Group [00001]. >> >> >> The Following Errors Occurred: >> >> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL >> parameter [statusId] passed to secure (https) request-map with uri >> [createShipment] with an event that calls service [createShipment]; this is >> not allowed for security reasons! The data should be encrypted by making it >> part of the request body instead of the request URL. >> >> Here is the log section of the errors: >> >> 2009-03-25 17:28:50,107 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = -1 >> 2009-03-25 17:28:50,165 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO >> ] [[[ShowProductionRun] Request Done- total:0.842,since >> last([ShowProductionRu...):0.842]] >> 2009-03-25 17:28:58,054 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO >> ] [[[quickChangeProductionRunStatus] Request Begun, encoding=[UTF-8]- >> total:0.0,since last(Begin):0.0]] >> 2009-03-25 17:28:58,058 (http-0.0.0.0-8443-4) >> [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter >> [productionRunId] passed to secure (https) request-map with uri >> [quickChangeProductionRunStatus] with an event that calls service >> [quickChangeProductionRunStatus]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] >> 2009-03-25 17:28:58,059 (http-0.0.0.0-8443-4) [ >> RequestHandler.java:379:ERROR] Request quickChangeProductionRunStatus caused >> an error with the following message: Error calling event: >> org.ofbiz.webapp.event.EventHandlerException: Found URL parameter >> [productionRunId] passed to secure (https) request-map with uri >> [quickChangeProductionRunStatus] with an event that calls service >> [quickChangeProductionRunStatus]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL. >> 2009-03-25 17:28:58,060 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO >> ] Rendering View [ProductionRunDeclaration], >> sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 >> 2009-03-25 17:28:58,405 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:28:58,406 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = -1 >> 2009-03-25 17:28:58,407 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:28:58,408 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = 0 >> 2009-03-25 17:28:58,432 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:28:58,434 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = 2 >> 2009-03-25 17:28:58,509 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:28:58,510 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = -1 >> 2009-03-25 17:28:58,538 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO >> ] [[[quickChangeProductionRunStatus] Request Done- total:0.484,since >> last([quickChangeProdu...):0.484]] >> 2009-03-25 17:29:04,098 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO >> ] [[[quickStartAllProductionRunTasks] Request Begun, encoding=[UTF-8]- >> total:0.0,since last(Begin):0.0]] >> 2009-03-25 17:29:04,119 (http-0.0.0.0-8443-4) [ >> ConfigXMLReader.java:118:INFO ] controller loaded: 0.0020s, 15 requests, 13 >> views in >> file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB-INF/common-controller.xml >> 2009-03-25 17:29:04,123 (http-0.0.0.0-8443-4) [ >> ConfigXMLReader.java:118:INFO ] controller loaded: 0.013s, 146 requests, 69 >> views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml >> 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) >> [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter >> [productionRunId] passed to secure (https) request-map with uri >> [quickStartAllProductionRunTasks] with an event that calls service >> [quickStartAllProductionRunTasks]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] >> 2009-03-25 17:29:04,136 (http-0.0.0.0-8443-4) [ >> RequestHandler.java:379:ERROR] Request quickStartAllProductionRunTasks >> caused an error with the following message: Error calling event: >> org.ofbiz.webapp.event.EventHandlerException: Found URL parameter >> [productionRunId] passed to secure (https) request-map with uri >> [quickStartAllProductionRunTasks] with an event that calls service >> [quickStartAllProductionRunTasks]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL. >> 2009-03-25 17:29:04,137 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO >> ] Rendering View [ProductionRunDeclaration], >> sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 >> 2009-03-25 17:29:04,160 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 13 screens in 0.017s from: >> file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/JobshopScreens.xml >> 2009-03-25 17:29:04,232 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 1 screens in 0.01s from: >> file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/CommonScreens.xml >> 2009-03-25 17:29:04,248 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 1 screens in 0.01s from: >> file:/home/cjhorton/development/ofbiz/applications/commonext/widget/CommonScreens.xml >> 2009-03-25 17:29:04,292 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 22 screens in 0.015s from: >> file:/home/cjhorton/development/ofbiz/framework/common/widget/CommonScreens.xml >> 2009-03-25 17:29:04,580 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:29:04,581 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = -1 >> 2009-03-25 17:29:04,611 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:29:04,612 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = 0 >> 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:29:04,614 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = 2 >> 2009-03-25 17:29:04,678 (http-0.0.0.0-8443-4) [ ModelForm.java:1345:INFO ] >> preparePager: low - high = 0 - 20 >> 2009-03-25 17:29:04,679 (http-0.0.0.0-8443-4) [ ModelForm.java:1363:INFO ] >> preparePager: Found rows = -1 >> 2009-03-25 17:29:04,716 (http-0.0.0.0-8443-4) [ ControlServlet.java:299:INFO >> ] [[[quickStartAllProductionRunTasks] Request Done- total:0.618,since >> last([quickStartAllPro...):0.618]] >> 2009-03-25 17:32:09,018 (http-0.0.0.0-8443-4) [ ControlServlet.java:130:INFO >> ] [[[changeProductionRunTaskStatus] Request Begun, encoding=[UTF-8]- >> total:0.0,since last(Begin):0.0]] >> 2009-03-25 17:32:09,041 (http-0.0.0.0-8443-4) [ >> ConfigXMLReader.java:118:INFO ] controller loaded: 0.0s, 15 requests, 13 >> views in >> file:/home/cjhorton/development/ofbiz/framework/common/webcommon/WEB-INF/common-controller.xml >> 2009-03-25 17:32:09,048 (http-0.0.0.0-8443-4) [ >> ConfigXMLReader.java:118:INFO ] controller loaded: 0.017s, 146 requests, 69 >> views in jndi:/0.0.0.0/manufacturing/WEB-INF/controller.xml >> 2009-03-25 17:32:09,053 (http-0.0.0.0-8443-4) >> [ServiceEventHandler.java:271:ERROR] =============== Found URL parameter >> [productionRunId] passed to secure (https) request-map with uri >> [changeProductionRunTaskStatus] with an event that calls service >> [changeProductionRunTaskStatus]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL.; In session [EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1] >> 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ >> RequestHandler.java:379:ERROR] Request changeProductionRunTaskStatus caused >> an error with the following message: Error calling event: >> org.ofbiz.webapp.event.EventHandlerException: Found URL parameter >> [productionRunId] passed to secure (https) request-map with uri >> [changeProductionRunTaskStatus] with an event that calls service >> [changeProductionRunTaskStatus]; this is not allowed for security reasons! >> The data should be encrypted by making it part of the request body instead >> of the request URL. >> 2009-03-25 17:32:09,054 (http-0.0.0.0-8443-4) [ RequestHandler.java:649:INFO >> ] Rendering View [ProductionRunDeclaration], >> sessionId=EB208FE8F2D2ECA295F2AB3A3568FA8E.jvm1 >> 2009-03-25 17:32:09,084 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 13 screens in 0.023s from: >> file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/JobshopScreens.xml >> 2009-03-25 17:32:09,256 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 1 screens in 0.01s from: >> file:/home/cjhorton/development/ofbiz/applications/manufacturing/widget/manufacturing/CommonScreens.xml >> 2009-03-25 17:32:09,281 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 1 screens in 0.01s from: >> file:/home/cjhorton/development/ofbiz/applications/commonext/widget/CommonScreens.xml >> 2009-03-25 17:32:09,325 (http-0.0.0.0-8443-4) [ ScreenFactory.java:129:INFO >> ] Got 22 screens in 0.014s from: fil >> >> I figured I would post it while i start examining what is going on. >> >> Thanks, >> >> CJ >> -- >> View this message in context: >> http://www.nabble.com/Getting-%22The-data-should-be-encrypted-by-making-it-part-of-the-request-body-instead-of-the-request-URL.%22-errors-in-Back-Office-tp22712428p22712428.html >> Sent from the OFBiz - User mailing list archive at Nabble.com. >> > > |
Re: Getting "The data should be encrypted by making it part of the request body instead of the request URL." errors in Back Office
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |