Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Admin UI CSRF error adding subject from workspace

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Admin UI CSRF error adding subject from workspace


Chronological Thread 
  • From: Peter DiCamillo <>
  • To: "" <>
  • Subject: [grouper-users] Admin UI CSRF error adding subject from workspace
  • Date: Wed, 7 Dec 2016 10:15:35 -0500
  • Ironport-phdr: 9a23:PoQnuBQzta6bP4N3jCj5M0vLENpsv+yvbD5Q0YIujvd0So/mwa69bRyN2/xhgRfzUJnB7Loc0qyN4vumBDZLus/JmUtBWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBu7oR/Ru8UIjodvJLs9wQbVr3VVfOhb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnYUAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhSwaMTMy7WPZhdFqjK9DvhyvpwFxzY3abo6bO/VxYqzTcMgGRWdDRMtdSzBND428YoYJEuEPPfxYr474p1YWtxWxGxWsC/31yjRViHH23LM33P4kEQHH2AwgG9UOu2nTodvvKqgSTf66zLPQwjvNbvNbxy3y6I3JchAlpfGMWql9ftHLyUkoGQLFiE+cppL4MDOIz+kAtXWQ4el4Ve+3lmIrtQJ8riKyysojiYTFnJwZx17Z+Slj3oo5Odu1Q1Nhb9G+CptfrSSaOpN2Qsw8R2Fovz43yrgctp66eCgG0Y4nyADba/Odc4mE+AnsVPyWITZ2gnJpYqywiAuv8US4y+38UNe70EpSoyZYjNXBtWoB2wHc58WEUPdx4Ems1SuV2wzN9u1IOUU0mrDaK54lzL4wjJ0TsUHbEyHshkr2kLGZdl889eam6uTqfK/pppqdN49wjgH+Nb8jldelAeQ/PAkOWXKX9vqh273+5UH5WqlFjuUqkqnFt5DXPcsbprS+Aw9IyoYs9Qy/Ay670NQDg3YHNklFdQmDj4joIFHOPOv4Aemlj1Stljdr2+7JPqfnAprTMnjPjq3tcqhg5E5Bm0IPyoUV6IhTF6kMOrfuQULrr/TZCAM0KQq537yhBdlgnMtKVniIH7eUKubPqlKS/couJfWBfokYpGy7JvQ4sa3Al3g8zGcQYaSzlbcWQ3m9H/BiJA3NWXfwj802PWYhtw8/SOjtoFeYViFVIXu+QvRvtXkAFIu6ANKbFciWi7ub0XLjEw==

In Grouper 2.3, I get a CSRF error if I use "Add Members" for a group, and then use "Add privileges to entities in the entity workspace". The log indicated the bad URI was uri:/grouper/assignSavedSubjects.do, and I was able to fix it by adding this line to Owasp.CsrfGuard.overlay.properties:
org.owasp.csrfguard.unprotected.GrouperStrutsassignSavedSubject=%servletContext%/assignSavedSubjects.do

Peter






Archive powered by MHonArc 2.6.19.

Top of Page