Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] CSRF errors in the Grouper UI

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] CSRF errors in the Grouper UI


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Christopher Hubing <>, "Redman, Chad" <>
  • Cc: Mark Day <>, "" <>
  • Subject: Re: [grouper-users] CSRF errors in the Grouper UI
  • Date: Sun, 16 Dec 2018 17:18:56 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:HNPv5x+xibq30/9uRHKM819IXTAuvvDOBiVQ1KB+0+MSIJqq85mqBkHD//Il1AaPAd2Lraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze+/94HQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfVzBPDI2/YYsADesBMvpXoITmvVQCsQeyCBOwCO/zyjJFgGL9060g0+QmFAHLxAIsEdAOsXXVstr1Lr8eWv2rwanI1zXDbuhW1Tng44XPdxAuvfGMXLJxcMXP00kiDALFjk6MpoD/IjOVzvoCs26d7+Z6S+2glnMnphh3rzOyyMksjYzJiZgUylDC7Sh5z4c1JcG4SE5metGoCodftyafN4ZwX8gsQHlotT4kxrIcpZK3YS0HxIk6yxLCbvGHfYeF7g7/WOuUIzp3mn1odbO6ihu370Ss1unxWtGp3FtEsiZJiN3Bum0X2xDN98SKTuFx8lqj1DuOzwzT5P9LLEMomafeLpMu3709mYASvEnGACD7lln6gaqMeUo69Oik9+Hqb7b4qZCHNIJ5jBz1PL40lcylG+s4NxADX2iF9uS4073u5VX3TalNgPEqjKXVqY3XK8IFqqKgBA9ayZgs5wy4Dze7zNQXhn4HLE9DeB2alYTpI0vOIPfkDfihn1usjDZrx/fAPrH7BZXNM2TDkLPmfbZ66E5Q0hY8zdda555MC7EBJuz8WlPpudDGFBA1LxG4zuP6BNlgy48TXGyPD6CFPK/OtFKF5PwgLuaNaYIQvTvxNeQp6vr2gX88g1AdfK2p3ZUNaHC/G/RrO0CZbmbsgtYBEGYFoBA+QffriF2ZTTFffWuyX7oi6TE9DoKqF5nMSZ2wgLCZxie0AoVWZnxaClCLCXroeJ+EW/ARaCKKPMBhiCUIVaW6S4A/zxGurxT3y75mLurP5i0Yrozv2MJ05+3ViRE96yZ0D8KD3GGRUW14hH0HSCIr3Kpnu0xy1k+D0bRkg/xfDdFc+/NJUhohOp7dyex6BMv/WgPHfteVVlmmWNOmDi8tTt4v2dMBfVtyG8jxxizEigGqGb4Oi7uTBJEuuoLB1Xn3KI4pwHbb3qgngHEnRNdCL2urmvQ5+gTOUcqB2X+Um6Ojc+BU9y7E+C3LmWGOtU1vSgN8VKzDdW0ZbQ3bocmvtW3YSLr7Q5Q2IAZbjYapKrFLcZeh2VBNRObxNc72Ynm63XqoCBCOgL6Acdy5KC0mwCzBBR1cwEgo9nGcOF17X3/5+TiMBSFyFV/pf0Ln+PV/r3X+VEIv0gWWdBM9haGt9EsTgvqRA7MI07QItT1pig08HU31nre0Q8GFuxIneaxdZd0n51IS0GnZph5wJLShNKskm0YTdQIxsk/zhF16
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

> Also, to force all constructed URLs to be https, modify the Tomcat 
> server.xml and change the Connector stanza for AJP to deal with that by 
> deleting add secure=“true” scheme=“https” and then it worked.


I think the CSRF error where it expects https but gets http, the above will fix that (add secure="true" and scheme="https").


Regarding this:


> In your Apache configuration, add the following:

> RemoteIPHeader X-Forwarded-For

That sends the IP header but will tomcat use that?  Ive had to write a tad of java to make that happen...

Download:


Put it in WEB-INF/lib, and add this to the top of the web.xml

  <filter>
    <filter-name>proxyWrapper</filter-name>
    <filter-class>edu.upenn.isc.proxyWrapper.ProxyWrapperFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>proxyWrapper</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>


Maybe we should put that logic in Grouper if it is useful...  anyone let me know

thanks
Chris






Archive powered by MHonArc 2.6.19.

Top of Page