Hyland Connect

Linux Server 20.04 LTS

Esta todo por defecto, tal como viene en el Compose.

Mediante IP funciona todo muy bien, y aparte alfresco share no me funciona externamente, es decir, se carga la pagina del login, pero no puedo logearme, al introducir los datos y logearme, me direge a una antigua pagina de alfresco, pero con alfresco content application, externamente todo funcion, puedo logearme.

¿Algún error en el log? ¿Podrías por favor compartirnos el log?

Hola, el problema de localhost ya lo solucione, pero ahora si intento entrar a alfresco share mediante 8089:http://localhost:8080/share/page me aparece la pagina, pero al intentar iniciar sesion me sale otra pagina de alfresco. 

Contenedor Share.

/usr/local/tomcat/logs

05-May-2021 12:05:10.323 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log No Spring WebApplicationInitializer types detected on classpath

05-May-2021 12:05:10.344 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext

05-May-2021 12:05:25.051 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)

05-May-2021 12:05:25.116 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring DispatcherServlet 'Spring Surf Dispatcher Servlet'

05-May-2021 12:35:30.830 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server & context: http://localhost:8080/ (string) or http://localhost/.* (regexp)] with root cause

javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server & context: http://localhost:8080/ (string) or http://localhost/.* (regexp)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

a05-May-2021 14:17:22.968 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server & context: http://localhost:8080/ (string) or  (regexp)] with root cause

javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page/' vs server & context: http://localhost:8080/ (string) or  (regexp)

at org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1072)

at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:346)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:474)

at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:443)

at org.springframework.extensions.webscripts.servlet.BeanProxyFilter.doFilter(BeanProxyFilter.java:80)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:81)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.base/java.lang.Thread.run(Thread.java:834)

05-May-2021 14:24:16.295 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log No Spring WebApplicationInitializer types detected on classpath

05-May-2021 14:24:16.342 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext

05-May-2021 14:24:33.855 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)

05-May-2021 14:24:33.918 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring DispatcherServlet 'Spring Surf Dispatcher Servlet'

05-May-2021 14:26:40.165 SEVERE [http-nio-8080-exec-5] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [Spring Surf Dispatcher Servlet] in context with path [/share] threw exception [Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server & context: http://localhost:8080/ (string) or  (regexp)] with root cause

javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'http://localhost:8089/share/page'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'http://localhost:8089/share/page' vs server & context: http://localhost:8080/ (string) or  (regexp)

at org.springframework.extensions.webscripts.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:1072)

at org.springframework.extensions.webscripts.servlet.CSRFFilter.doFilter(CSRFFilter.java:346)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:474)

at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:443)

at org.springframework.extensions.webscripts.servlet.BeanProxyFilter.doFilter(BeanProxyFilter.java:80)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.alfresco.web.site.servlet.MTAuthenticationFilter.doFilter(MTAuthenticationFilter.java:81)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.base/java.lang.Thread.run(Thread.java:834)

http://www.giuseppeurso.eu/en/alfresco-tips-and-tricks-13-csrf-filter-error-on-share-login-with-apac...

Hola Angel, 

Siento ser tan molesto,

hice los pasos de la guia y me sigue sin funcionar. 

Hice el paso 1:

Step1. Copy the “CSRFPolicy” default config from:
TOMCAT_HOME/webapps/share/WEB-INF/classes/alfresco/share-security-config.xml
to:
TOMCAT_HOME/shared/classes/alfresco/web-extension/share-config-custom.xml

Luego el paso 2:

Step 2. Add the attribute replace=”true” like below

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">

Luego el paso 3:

Step 3. Update the properties referer e origin with the FQDN (https) of the Apache VirtualHost

<config evaluator="string-compare" condition="CSRFPolicy" replace="true">
<properties>
<token>Alfresco-CSRFToken</token>
<!-- Use the pipe | in the regex as OR operator: URL1|URL2|... -->
<referer>https://myalfresco.com/.*</referer>
<origin>https://myalfresco.com</origin>

En <referer>https://myalfresco.com/.*</referer> <origin>https://myalfresco.com</origin>

He probado con localhost:8080 y con la IP en https y en http y sigue sin funcionar, he borrado siempre el historial del navegador para cada prueba.

Esta es mi configuracion:

[root@2373e4da0eba tomcat]# cat /usr/local/tomcat/shared/classes/alfresco/web-extension/share-config-custom.xml 

<alfresco-config>

   <!--

      This setting controls which domains' pages that shall be allowed to be included inside Share using an <iframe>.

      All components in Share that creates an <iframe> (targeted at a user provided url) MUST assert the url is

      provided in the white list below or that it.

      Will be used and exposed to the client side code in Alfresco.contants.IFRAME_POLICY.

      Use the Alfresco.util.IFramePolicy.isUrlAllowed() to check if a url is allowed.

      Note!

      These settings are used to mitigate phishing attacks (i.e. displaying a login form).

      These settings are NOT used to mitigate clickjacking attacks and do NOT control if or when Share is allowed

      to be included into pages (using an <iframe>) from other domains, that is instead controlled by the

      "X-Frame-Options" header inside the "SecurityHeadersPolicy" config.

   -->

   <config evaluator="string-compare" condition="IFramePolicy">

      <!-- Local share pages/resources are governed by the same-domain element which can be set to "allow" or "deny" -->

      <same-domain>allow</same-domain>

      <!--

         Add a list of <url> elements inside this element to form a whitelist of allowed domains.

         The check will assert that the url used for the <iframe> starts with the value of one of the <url> elements.

      -->

      <cross-domain>

         <!--

            Allow all domains by default, it is highly recommended to override this setting and instead keep a

            whitelist of the domains that you trust to be included on Share pages.

         -->

         <url>*</url>

      </cross-domain>

   </config>

   <!--

      CSRF filter config to mitigate CSRF/Seasurfing/XSRF attacks

      To disable the CSRF filter override the <filter> to not contain any values, see share-config-custom.xml for

      an example.

      If you have a custom resource(s) that a client POST to that can't accept a token, for whatever reason, then make

      sure to copy the entire CSRFPolicy config and place it in your share-config-custom.xml file

      with the replace="true" attribute and make sure to add a new <rule> in the top of the <filter> element,

      which has a <request> element matching your requests, and uses only the "assertReferer" & "assertOrigin" actions.

      I.e.

      <rule>

         <request>

            <method>POST</method>

            <path>/proxy/alfresco/custom/repoWebscript/withoutParams|/service/custom/shareResource/thatMayHaveParams(\?.+)?</path>

         </request>

         <action name="assertReferer">

            <param name="referer">{referer}</param>

         </action>

         <action name="assertOrigin">

            <param name="origin">{origin}</param>

         </action>

      </rule>

   -->

   <config evaluator="string-compare" condition="CSRFPolicy">

    replace="true">

      <!--

         Properties that may be used inside the rest of the CSRFPolicy config to avoid repetition but

         also making it possible to provide different values in different environments.

         I.e. Different "Referer" & "Origin" properties for test & production etc.

         Reference a property using "{propertyName}".

      -->

      <properties>

         <!-- There is normally no need to override this property -->

         <token>Alfresco-CSRFToken</token>

         <!--

            Override and set this property with a regexp that if you have placed Share behind a proxy that

            does not rewrite the Referer header.

         -->

         <referer>http://192.168.0.49:8080/.*</referer>

         <!--

            Override and set this property with a regexp that if you have placed Share behind a proxy that

            does not rewrite the Origin header.

         -->

         <origin>http://192.168.0.49:8080</origin>

      </properties>

Buenas. CSRFPolicy normalmente se configura cuando tienes un proxy, https, etc. Si es para localhost puedes deshabilitarlo. Ojea este hilo. Es muy interesante y probablemente te aporte información a lo que ya sabes. Una cosa a destacar: leelo completo y fijate en la respuesta del compañero kevinoudot del 29 de Marzo.

Si aplicando la solución del hilo, sigue sin funcionarte, por favor adjuntanos de nuevo las trazas que den en el log.

Un saludo.