10:48 a.m.
--========GMXBoundary143451375346895812097
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Hello,
I'm just installing 3.3 Nightly as of July 31st on my CentOS 6.4 server.
When I try to login to the Web I got 'Error 500'
Here the part of server.log
......
2013-08-01 10:40:05,098 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/webadmin]]
(ajp--127.0.0.1-8702-6) Exception while dispatching incoming RPC call:
java.lang.SecurityException: Blocked request without GWT base path header (XSRF attack?)
at com.google.gwt.rpc.server.RpcServlet.getClientOracle(RpcServlet.java:95)
[gwt-servlet.jar:]
at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:205)
[gwt-servlet.jar:]
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
[gwt-servlet.jar:]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
[jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
.......
Hans-Joachim
--========GMXBoundary143451375346895812097
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
<span style=3D'font-family:Verdana'><span
style=3D'font-size:12px'>Hello,<b=
r /><br />I'm just installing 3.3 Nightly as of July 31st on my CentOS 6.4 =
server.<br /><br />When I try to login to the Web I got 'Error
500'<br /><b=
r />Here the part of server.log<br /><br />......<br />2013-08-01
10:40:05,=
098 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host=
].[/webadmin]] (ajp--127.0.0.1-8702-6) Exception while dispatching incoming=
RPC call: java.lang.SecurityException: Blocked request without GWT base pa=
th header (XSRF attack?)<br
/> at=
com.google.gwt.rpc.server.RpcServlet.getClientOracle(RpcServlet.java:95) [=
gwt-servlet.jar:]<br
/> at com.go=
ogle.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:205) [gwt-servle=
t.jar:]<br />
at com.google.gwt.u=
ser.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceSer=
vlet.java:62) [gwt-servlet.jar:]<br
/> &=
nbsp; at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jbos=
s-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]<br />.......<br /><br
/=
Hans-Joachim</span></span>
--========GMXBoundary143451375346895812097--
12:58 p.m.
On 08/01/2013 10:48 AM, Hans-Joachim wrote:
Hello,
I'm just installing 3.3 Nightly as of July 31st on my CentOS 6.4 server.
When I try to login to the Web I got 'Error 500'
Here the part of server.log
......
2013-08-01 10:40:05,098 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/webadmin]]
(ajp--127.0.0.1-8702-6) Exception while dispatching incoming RPC call:
java.lang.SecurityException: Blocked request without GWT base path
header (XSRF attack?)
at
com.google.gwt.rpc.server.RpcServlet.getClientOracle(RpcServlet.java:95)
[gwt-servlet.jar:]
at
com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:205)
[gwt-servlet.jar:]
at
com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
[gwt-servlet.jar:]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
[jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
.......
Hans-Joachim
Actually this isn't a problem with GWT RPC, but with the redirection
that is performed from / to /ovirt-engine in the web server. You
probably ended up with the following URL:
https://whatever/ovirt-engine/webadmin/webadmin/WebAdmin.html
This adds an extra "ovirt-engine" path element to the request, that the
server side doesn't expect, so it assumes that there is a XSFR attach
going on. Type an URL like this manually in the browser and it should work:
https://whatever/webadmin/webadmin/WebAdmin.html
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
4185
days inactive
4185
days old
1 comments
2 participants
participants (2)
-
Hans-Joachim -
Juan Hernandez