activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dejan Bosanac (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-3425) Unable to delete a queue via web console
Date Fri, 29 Jul 2011 10:33:10 GMT

    [ https://issues.apache.org/jira/browse/AMQ-3425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072767#comment-13072767
] 

Dejan Bosanac commented on AMQ-3425:
------------------------------------

This is expected behavior. The protection against CSRF attacks is implemented to make sure
you're calling an action from the web application (and not hitting URLs directly). When you
hit "back" button, the browser will pull the page from the cache and it will not be properly
initialized. Try reloading "queues" page before hitting "delete" and it will work.



> Unable to delete a queue via web console
> ----------------------------------------
>
>                 Key: AMQ-3425
>                 URL: https://issues.apache.org/jira/browse/AMQ-3425
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.5.0, 5.6.0
>         Environment: web console, default configuration
>            Reporter: Torsten Mielke
>              Labels: console, web
>
> Using the following steps will make it impossible to delete a queue via the web console
admin interface
> - start ActiveMQ with default configuration (where web console and sample Camel route
are deployed)
> - open the web console http://localhost:8161/admin, click on Queues
> - for the only queue example.A, press browse
> - go back in your browser and now try to Delete the queue using the Delete link
> - it will raise "Exception occurred while processing this request, check the log for
more information!"
> The AMQ log contains:
> {noformat}
> java.lang.UnsupportedOperationException: Possible CSRF attack
> 	at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:58)
> 	at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184)
> 	at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:945)
> 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:753)
> 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
> 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
> 	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:527)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1216)
> 	at org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
> 	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
> 	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
> 	at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:81)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
> 	at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
> 	at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
> 	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:421)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
> 	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:493)
> 	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:930)
> 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:358)
> 	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:866)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
> 	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
> 	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
> 	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
> 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
> 	at org.eclipse.jetty.server.Server.handle(Server.java:351)
> 	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)
> 	at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)
> 	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)
> 	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
> 	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
> 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)
> 	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
> 	at java.lang.Thread.run(Thread.java:636)
> {noformat}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message