Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: Adding public pages to grouper 2.2

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: Adding public pages to grouper 2.2


Chronological Thread 
  • From: "Sachdeva, Vivek" <>
  • To: "" <>
  • Subject: [grouper-users] Re: Adding public pages to grouper 2.2
  • Date: Wed, 23 Jul 2014 17:59:47 +0000
  • Accept-language: en-US

I seem to have solved the problem myself. In Grouper 2.2 CSRF Guard is being used to protect the attacks and when I disabled it in the web.xml, public pages I added worked fine. 

Vivek

From: vivek sachdeva <>
Date: Tue, 22 Jul 2014 11:57:01 -0700
To: "" <>
Subject: Adding public pages to grouper 2.2

Hi,

I am trying to add a couple of public pages to grouper 2.2. In version 2.1.5 I did it by modifying web.xml like below:

<init-param>    

  <param-name>ignore</param-name>    

  <param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/approveDisapprove.do:/acceptDeny.do:</param-value>  

 </init-param>


This url http://localhost:8080/grouper/grouperUi/app/approveDisapprove.do?token=0332642a8aaf4c84953f23ca23e395d1 was working in 2.1.5


I am trying to do the same thing in 2.2 and it does not seem to work. Now, it asks for password.


but when I change the URL to http://localhost:8080/grouper/approveDisapprove.do?token=0332642a8aaf4c84953f23ca23e395d1

it goes in LoginCheckFilter and then throws error and url is redirected to http://localhost:8080/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=M3DE-ROBX-MXJ8-8DQJ-YCFC-4YJ2-PHN3-5RLB


Can someone help?


Thanks,

Vivek






Archive powered by MHonArc 2.6.16.

Top of Page