Return-Path: X-Original-To: apmail-activemq-dev-archive@www.apache.org Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7566C8AA8 for ; Wed, 10 Aug 2011 13:41:50 +0000 (UTC) Received: (qmail 32157 invoked by uid 500); 10 Aug 2011 13:41:50 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 31948 invoked by uid 500); 10 Aug 2011 13:41:49 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 31940 invoked by uid 99); 10 Aug 2011 13:41:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Aug 2011 13:41:49 +0000 X-ASF-Spam-Status: No, hits=-2000.8 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Aug 2011 13:41:48 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id A183BB5D04 for ; Wed, 10 Aug 2011 13:41:27 +0000 (UTC) Date: Wed, 10 Aug 2011 13:41:27 +0000 (UTC) From: "Malcolm McMahon (JIRA)" To: dev@activemq.apache.org Message-ID: <432469080.23692.1312983687658.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (AMQ-2886) Getting: "java.lang.UnsupportedOperationException: Possible CSRF attack" when trying to purge queue MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMQ-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13082334#comment-13082334 ] Malcolm McMahon commented on AMQ-2886: -------------------------------------- Sorry, I'm putting it down to AMQ-3425 instead. > Getting: "java.lang.UnsupportedOperationException: Possible CSRF attack" when trying to purge queue > --------------------------------------------------------------------------------------------------- > > Key: AMQ-2886 > URL: https://issues.apache.org/jira/browse/AMQ-2886 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.3.2 > Environment: Linux 2.6.18-128.1.10.el5.xs5.5.0.51xen #1 SMP Wed Nov 11 07:38:08 EST 2009 i686 i686 i386 GNU/Linux > Reporter: C Velo > > When trying to purge the contents of any queue, I receive: > HTTP ERROR: 500 > Possible CSRF attack > RequestURI=/admin/purgeDestination.action > Caused by: > java.lang.UnsupportedOperationException: Possible CSRF attack > at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:58) > at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184) > at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1057) > at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:854) > at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) > at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) > at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:693) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487) > at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093) > at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83) > at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) > at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:81) > at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) > at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118) > at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52) > at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) > at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360) > at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) > at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) > at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726) > at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405) > at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206) > at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) > at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) > at org.mortbay.jetty.Server.handle(Server.java:324) > at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505) > at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:828) > at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514) > at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211) > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380) > at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395) > at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450) -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira