Hyland Connect

eswbitto · ‎09-25-2013

I did a search for this in the forums and I came to this THREAD in that thread there is a link to a JIRA issue that was raised on it. Supposedly this was to be fixed in 4.2.d.

I'm having an issue using 4.2.d when trying to log in. Here is the exception that comes up.


javax.servlet.ServletException: Possible CSRF attack noted when asserting referer header 'https://FQDN/share/page/'. Request: POST /share/page/dologin, FAILED TEST: Assert referer POST /share/page/dologin :: referer: 'https://FQDN/share/page/' vs server &amp; context: http://127.0.0.1:8080/ (string) or FQDN:443 (regexp)
   at org.alfresco.web.site.servlet.CSRFFilter$AssertRefererAction.run(CSRFFilter.java:920)
   at org.alfresco.web.site.servlet.CSRFFilter.doFilter(CSRFFilter.java:310)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:378)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
   at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
   at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
   at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
   at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
   at java.lang.Thread.run(Thread.java:724)
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I'm on linux 6.4 CentOS using apache as my ssl authentication. According to the JIRA link in the above link I mentioned there is some code to insert into share-config-custom.xml. I did so and put the referer (4 places) as my FQDN:443
My apache config looks like this…


<VirtualHost *:443>
  ServerName FQDN

  SSLEngine on
  SSLCertificateKeyFile 
  SSLCertificateFile 
  SSLCACertificateFile omitted these lines from your view


  ProxyPass /paste http://192.168.3.125/paste/
  ProxyPassReverse /paste http://192.168.3.125/paste/


  ProxyPass / http://127.0.0.1:8080/
  ProxyPassReverse / http://127.0.0.1:8080/


  ProxyTimeout 300
  SSLProxyEngine on

  <Proxy *>
    allow from all
  </Proxy>

</VirtualHost>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I'm wondering if anyone else is having this issue AND/OR why this is still happening if it was to be fixed in 4.2.d.

Any input on the resolution of this would be great. I'm wanting to move to 4.2.d from 4.2.c.

eswbitto · ‎09-26-2013

What doesn't make sense to me is that….when I first downloaded 4.2.d to install on the server. I installed the software. Configured it and it all worked with no problems whatsoever. I had to reboot the server and since that time I can not get 4.2.d to work.

I followed the instructions from HERE with no success. I'm scratching my head and running out of ideas to try.

eswbitto · ‎09-26-2013

Solved:
The referer I was using was slightly not correct. It is working perfectly now. See the attached txt file.