OFBiz › OFBiz - Notifications

[jira] [Updated] (OFBIZ-11609) Prevent recurring errors block due to generateTokenForNonAjax

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Nicolas Malin (Jira)

[jira] [Updated] (OFBIZ-11609) Prevent recurring errors block due to generateTokenForNonAjax

[ https://issues.apache.org/jira/browse/OFBIZ-11609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-11609:
------------------------------------
Description:
After the VM demos crash yesterday, I had a look at the log of trunk demo and found a lot of recurring errors block due to CsrfUtil::generateTokenForNonAjax.

It's not a big deal but it's annoying to have such useless errors cluttering the log:

{noformat}
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'

2020-04-26 07:04:32,310 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /partymgr/control/viewprofile?partyId=admin&amp;externalLoginKey=EL29aae5fb-64de-444e-860f-072ef093e1aa
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:04:41,959 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'

2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:14:42,669 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:14:42,670 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:19:48,081 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:23:55,085 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:23:55,087 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:30,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /partymgr/control/viewprofile?partyId=admin&amp;externalLoginKey=EL8b90e8cb-cf5d-4759-94d6-088c500e91fc
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:41,371 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:55,453 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,768 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:24:55,770 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:26:31,355 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
{noformat}

This is moreover maybe only useful if the token CSRF defense is used, and it's easy to bypass

was:
After the VM demos crash yesterday, I had a look at the log of trunk demo and found a lot of recurring errors block due to CsrfUtil::generateTokenForNonAjax.

It's not a big deal but it's annoying to have such useless errors cluterring the log:

{noformat}
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'

2020-04-26 07:04:32,310 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /partymgr/control/viewprofile?partyId=admin&amp;externalLoginKey=EL29aae5fb-64de-444e-860f-072ef093e1aa
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:04:41,959 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'

2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:14:42,669 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:14:42,670 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:19:48,081 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:23:55,085 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:23:55,087 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:30,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /partymgr/control/viewprofile?partyId=admin&amp;externalLoginKey=EL8b90e8cb-cf5d-4759-94d6-088c500e91fc
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:41,371 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:24:55,453 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
2020-04-26 07:24:55,768 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:24:55,770 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /AdminSearch
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
2020-04-26 07:26:31,355 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
{noformat}

This is moreover maybe only useful if the token CSRF defense is used, and it's easy to bypass

> Prevent recurring errors block due to generateTokenForNonAjax
> -------------------------------------------------------------
>
> Key: OFBIZ-11609
> URL: https://issues.apache.org/jira/browse/OFBIZ-11609
> Project: OFBiz
> Issue Type: Improvement
> Components: framework/security
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Trivial
> Fix For: Upcoming Branch
>
>
> After the VM demos crash yesterday, I had a look at the log of trunk demo and found a lot of recurring errors block due to CsrfUtil::generateTokenForNonAjax.
> It's not a big deal but it's annoying to have such useless errors cluttering the log:
> {noformat}
> 2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 06:58:41,803 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 06:58:41,804 |27.0.0.1-8009-exec-2 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:04:32,310 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /partymgr/control/viewprofile?partyId=admin&amp;externalLoginKey=EL29aae5fb-64de-444e-860f-072ef093e1aa
> 2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:04:41,957 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:04:41,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:04:41,959 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:14:42,668 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:14:42,669 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:14:42,670 |27.0.0.1-8009-exec-7 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:19:48,079 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:19:48,080 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:19:48,081 |27.0.0.1-8009-exec-5 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:23:55,085 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:23:55,086 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:23:55,087 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:24:30,958 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /partymgr/control/viewprofile?partyId=admin&amp;externalLoginKey=EL8b90e8cb-cf5d-4759-94d6-088c500e91fc
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:24:41,370 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:24:41,371 |7.0.0.1-8009-exec-10 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:24:55,451 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:24:55,452 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:24:55,453 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> 2020-04-26 07:24:55,768 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /AdminSearch
> 2020-04-26 07:24:55,770 |27.0.0.1-8009-exec-3 |CsrfUtil |E| Cannot find the corresponding request map for path: /AdminSearch
> 2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocumentTree
> 2020-04-26 07:26:31,353 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/ListDocument
> 2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /views/EditDocument
> 2020-04-26 07:26:31,354 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /removeDocumentFromTree
> 2020-04-26 07:26:31,355 |27.0.0.1-8009-exec-9 |CsrfUtil |E| Cannot find the corresponding request map for path: /'+ url+'
> {noformat}
> This is moreover maybe only useful if the token CSRF defense is used, and it's easy to bypass

--
This message was sent by Atlassian Jira
(v8.3.4#803005)