[Owasp-csrfguard] Error while using Owasp.CsrfGuard.jar

sravani chukka sravs63 at gmail.com
Tue Dec 11 12:49:05 UTC 2012


Hi,



I have small problem using your jar and require some help using it. I was
actually trying to deploy my EAR in jboss and when i host my weblauncher
following exceptions are thrown showing these errors in

Owasp.CsrfGuard.jar.Below is the error



15:11:16,407 *INFO* [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:16
IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/loginRealm.jsp



15:11:16,498 *ERROR*[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pf-system]]
(http-/0.0.0.0:8081-2) StandardWrapper.Throwable: *
java.lang.RuntimeException*: missing required parameter referer-pattern

at org.owasp.csrfguard.servlet.JavaScriptServlet.getRequiredInitParameter(*
JavaScriptServlet.java:206*) [Owasp.CsrfGuard.jar:]

at org.owasp.csrfguard.servlet.JavaScriptServlet.init(*
JavaScriptServlet.java:85*) [Owasp.CsrfGuard.jar:]

at org.apache.catalina.core.StandardWrapper.loadServlet(*
StandardWrapper.java:1202*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardWrapper.allocate(*
StandardWrapper.java:952*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardWrapperValve.invoke(*
StandardWrapperValve.java:188*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardContextValve.invoke(*
StandardContextValve.java:161*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(*
AuthenticatorBase.java:397*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(*
SecurityContextAssociationValve.java:153*)
[jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]

at org.apache.catalina.core.StandardHostValve.invoke(*
StandardHostValve.java:155*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.valves.ErrorReportValve.invoke(*
ErrorReportValve.java:102*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardEngineValve.invoke(*
StandardEngineValve.java:109*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.connector.CoyoteAdapter.service(*
CoyoteAdapter.java:368*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.coyote.http11.Http11Processor.process(*
Http11Processor.java:877*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(*
Http11Protocol.java:679*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(*JIoEndpoint.java:931*)
[jbossweb-7.0.16.Final-redhat-1.jar:]

at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_04]

15:11:16,500* ERROR*[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pf-system].[JavaScriptServlet]]
(http-/0.0.0.0:8081-2) Allocate exception for servlet JavaScriptServlet: *
java.lang.RuntimeException*: missing required parameter referer-pattern

at org.owasp.csrfguard.servlet.JavaScriptServlet.getRequiredInitParameter(*
JavaScriptServlet.java:206*) [Owasp.CsrfGuard.jar:]

at org.owasp.csrfguard.servlet.JavaScriptServlet.init(*
JavaScriptServlet.java:85*) [Owasp.CsrfGuard.jar:]

at org.apache.catalina.core.StandardWrapper.loadServlet(*
StandardWrapper.java:1202*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardWrapper.allocate(*
StandardWrapper.java:952*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardWrapperValve.invoke(*
StandardWrapperValve.java:188*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardContextValve.invoke(*
StandardContextValve.java:161*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(*
AuthenticatorBase.java:397*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(*
SecurityContextAssociationValve.java:153*)
[jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]

at org.apache.catalina.core.StandardHostValve.invoke(*
StandardHostValve.java:155*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.valves.ErrorReportValve.invoke(*
ErrorReportValve.java:102*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.core.StandardEngineValve.invoke(*
StandardEngineValve.java:109*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.catalina.connector.CoyoteAdapter.service(*
CoyoteAdapter.java:368*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.coyote.http11.Http11Processor.process(*
Http11Processor.java:877*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(*
Http11Protocol.java:679*) [jbossweb-7.0.16.Final-redhat-1.jar:]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(*JIoEndpoint.java:931*)
[jbossweb-7.0.16.Final-redhat-1.jar:]

at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_04]

15:11:22,714 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:22 IST
2012] [Info] CsrfGuard analyzing request /pf-weblauncher/webLauncher.do

15:11:37,659 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:37 IST
2012] [Info] CsrfGuard analyzing request /pf-system/styles/styles.css

15:11:37,662 INFO [stdout] (http-/0.0.0.0:8081-4) [Tue Dec 11 15:11:37 IST
2012] [Info] CsrfGuard analyzing request /pf-system/styles/button_style.css

15:11:37,707 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:37 IST
2012] [Info] CsrfGuard analyzing request /pf-weblauncher/webLauncher.do







and the above INFO logs continue to be printed forever. Can you please
suggest about the cause of the error  and required workaround ?







Thanks,

sravs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20121211/457e803a/attachment.html>


More information about the Owasp-csrfguard mailing list