grouper-users - RE: [grouper-users] Admin UI CSRF error adding subject from workspace

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Admin UI CSRF error adding subject from workspace

From: "Hyzer, Chris" <>
To: Peter DiCamillo <>, "" <>
Subject: RE: [grouper-users] Admin UI CSRF error adding subject from workspace
Date: Wed, 7 Dec 2016 19:54:12 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is ) ;
Ironport-phdr: 9a23:+XjXJxTGwAxyAMT06uKUzqikItpsv+yvbD5Q0YIujvd0So/mwa6zbBON2/xhgRfzUJnB7Loc0qyN4vumBDZLvMfJmUtBWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBu7oR/Ru8UIjodvKqI8wQbVr3VVfOhb2XlmLk+JkRbm4cew8p9j8yBOtP8k6sVNT6b0cbkmQLJBFDgpPHw768PttRnYUAuA/WAcXXkMkhpJGAfK8hf3VYrsvyTgt+p93C6aPdDqTb0xRD+v4btnRAPuhSwaLDMy7n3ZhdJsg6JauBKhpgJww4jIYIGOKfFyerrRcc4GSWZdW8pcUTFKDIGhYIsVF+cPPfhWoZThp1UArhW+CwujBOLzxTFHiXD7xrE60/09HQ3awAAsA8wCvXLJp9v1LqcSVuW1wbHGwTvBb/JX2Cny6JLQfhs8v/yMXahwccvKyUUhCgjIiVCQppDlPzKV1+UCrXKb4vFhVeK0l2ErsRxxoiCxyccqjInFnJwaxU3Z9Shgxos+ONO2SEl+YdG+EZtQsTmXN4pwQsM+XW5ooiA6xaMauZKlZiQF1okoxwPZZveacIaI+gruWPiNLTp6nn5od7Oyiwyv/UWhxODwTNS43VJSoiZYnNTAqmoB2hjO5sSdVPdx40Os1SyS2w3R6+xJJ10/m7DBJJ472LEwk4IesUTdES/yn0X7lLeYe1kj9OS05enre7voqJiSOoNtjQHxKbohlta4AeQlLggBRG+b+fm61LL+50H5WK9KjvoqkqbHrJ/aOcUbpqm/AwNP1YYj9gq/DzOh0NQfnnkLNk5KeBWCj4TxOlHOJu73DeunjliyjDtmxerKM7LgD5nXM3TOkbnscaxg50NY0AYzyMpQ55NQCrEPOvLzXUrxucTdDhAlMwy1w+fmB8tn1o4FWGKPGbOWPLnPsV+Q+O0vJe+MaJULtzngNvgp/+TugmMhmV8BYamp2oMaaH+iHvRhPkWZeWTjgs0YHWcXpQoxUvbqiEaZXD5XZnayRL485iolBI68DIfDQJytj6Kb3Ce9AJJWen5KBkqSHnj1aoXXE8sLPRqfPsJ72hAFfrGkSosl0ln6jALmxqBQAuv/8ygZsZbk/NJv4PLV0xw+6GowR46SyWaQV2xu234TSiUt9KF5vUFnzFqfi+51j+ESXYhc/fRUSgogcIPHwvZhI9H0Rg/beNqVEhCrTsjwUh8rSddkif8fcUtnX52JjgrCxGDiV7oel62ZCYYc87nXmWXpKsB7jXvKyf9y3BEdXsJTODj+1eZE/A/JCtuMyh3Bmg==
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

Thanks for the report and the code to fix it.

Fixed in 2.3.0 ui patch #10

https://bugs.internet2.edu/jira/browse/GRP-1438

Thanks
Chris

-----Original Message-----
From:

[mailto:]
On Behalf Of Peter DiCamillo
Sent: Wednesday, December 07, 2016 10:16 AM
To:

Subject: [grouper-users] Admin UI CSRF error adding subject from workspace

In Grouper 2.3, I get a CSRF error if I use "Add Members" for a group,
and then use "Add privileges to entities in the entity workspace". The
log indicated the bad URI was uri:/grouper/assignSavedSubjects.do, and I
was able to fix it by adding this line to
Owasp.CsrfGuard.overlay.properties:
org.owasp.csrfguard.unprotected.GrouperStrutsassignSavedSubject=%servletContext%/assignSavedSubjects.do

Peter

[grouper-users] Admin UI CSRF error adding subject from workspace, Peter DiCamillo, 12/07/2016
- RE: [grouper-users] Admin UI CSRF error adding subject from workspace, Hyzer, Chris, 12/07/2016

List archive

RE: [grouper-users] Admin UI CSRF error adding subject from workspace