grouper-users - [grouper-users] Re: Adding public pages to grouper 2.2
Subject: Grouper Users - Open Discussion List
List archive
- From: "Sachdeva, Vivek" <>
- To: "" <>
- Subject: [grouper-users] Re: Adding public pages to grouper 2.2
- Date: Wed, 23 Jul 2014 17:59:47 +0000
- Accept-language: en-US
I seem to have solved the problem myself. In Grouper 2.2 CSRF Guard is being used to protect the attacks and when I disabled it in the web.xml, public pages I added worked fine.
Vivek
From: vivek sachdeva <>
Date: Tue, 22 Jul 2014 11:57:01 -0700 To: "" <> Subject: Adding public pages to grouper 2.2
Hi,
I am trying to add a couple of public pages to grouper 2.2. In version 2.1.5 I did it by modifying web.xml like below:
<init-param> <param-name>ignore</param-name> <param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/approveDisapprove.do:/acceptDeny.do:</param-value> </init-param>
This url http://localhost:8080/grouper/grouperUi/app/approveDisapprove.do?token=0332642a8aaf4c84953f23ca23e395d1 was working in 2.1.5
I am trying to do the same thing in 2.2 and it does not seem to work. Now, it asks for password.
but when I change the URL to http://localhost:8080/grouper/approveDisapprove.do?token=0332642a8aaf4c84953f23ca23e395d1 it goes in LoginCheckFilter and then throws error and url is redirected to http://localhost:8080/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=M3DE-ROBX-MXJ8-8DQJ-YCFC-4YJ2-PHN3-5RLB
Can someone help?
Thanks, Vivek
|
- [grouper-users] Adding public pages to grouper 2.2, Sachdeva, Vivek, 07/22/2014
- [grouper-users] Re: Adding public pages to grouper 2.2, Sachdeva, Vivek, 07/23/2014
- [grouper-users] RE: Adding public pages to grouper 2.2, Chris Hyzer, 07/23/2014
- [grouper-users] Re: Adding public pages to grouper 2.2, Sachdeva, Vivek, 07/23/2014
- [grouper-users] RE: Adding public pages to grouper 2.2, Chris Hyzer, 07/23/2014
- [grouper-users] Re: Adding public pages to grouper 2.2, Sachdeva, Vivek, 07/23/2014
Archive powered by MHonArc 2.6.16.