[Owasp-csrfguard] Error while using Owasp.CsrfGuard.jar

P Manchanda manchandap at yahoo.com
Tue Dec 11 15:50:03 UTC 2012


Hi,

Please check your web.xml for the entries related to JavascriptServlet. Probably you are missing a init parameter. The entries should look like this:

 <servlet>
      <servlet-name>JavaScriptServlet</servlet-name>
      <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
        <init-param>
          <param-name>source-file</param-name>
          <param-value>WEB-INF/Owasp.CsrfGuard.js</param-value>
        </init-param>
        <init-param>
          <param-name>inject-into-forms</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>inject-into-attributes</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>domain-strict</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>referer-pattern</param-name>
          <param-value>.*</param-value>
        </init-param>
        <init-param>
          <param-name>x-requested-with</param-name>
          <param-value>OWASP CSRFGuard Project</param-value>
        </init-param>
     </servlet>

 
___________________ 
Thks & brgds 
P Manchanda
Mobile: +91-9811210374 



________________________________
 From: sravani chukka <sravs63 at gmail.com>
To: owasp-csrfguard at lists.owasp.org 
Sent: Tuesday, 11 December 2012, 18:19
Subject: [Owasp-csrfguard] Error while using Owasp.CsrfGuard.jar
 

Hi,
 
I have small problem using your jar and require some help using it. I was actually trying to deploy my EAR in jboss and when i host my weblauncher following exceptions are thrown showing these errors in 
Owasp.CsrfGuard.jar.Below is the error 
 15:11:16,407 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:16 IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/loginRealm.jsp
 
15:11:16,498 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pf-system]] (http-/0.0.0.0:8081-2) StandardWrapper.Throwable: java.lang.RuntimeException: missing required parameter referer-pattern 
at org.owasp.csrfguard.servlet.JavaScriptServlet.getRequiredInitParameter(JavaScriptServlet.java:206) [Owasp.CsrfGuard.jar:] 
at org.owasp.csrfguard.servlet.JavaScriptServlet.init(JavaScriptServlet.java:85) [Owasp.CsrfGuard.jar:] 
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1202) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:952) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:188) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1] 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_04]
15:11:16,500ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/pf-system].[JavaScriptServlet]] (http-/0.0.0.0:8081-2) Allocate exception for servlet JavaScriptServlet: java.lang.RuntimeException: missing required parameter referer-pattern 
at org.owasp.csrfguard.servlet.JavaScriptServlet.getRequiredInitParameter(JavaScriptServlet.java:206) [Owasp.CsrfGuard.jar:] 
at org.owasp.csrfguard.servlet.JavaScriptServlet.init(JavaScriptServlet.java:85) [Owasp.CsrfGuard.jar:] 
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1202) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:952) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:188) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1] 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.16.Final-redhat-1.jar:] 
at java.lang.Thread.run(Unknown Source) [rt.jar:1.7.0_04]
15:11:22,714 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:22 IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/webLauncher.do
15:11:37,659 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:37 IST 2012] [Info] CsrfGuard analyzing request /pf-system/styles/styles.css
15:11:37,662 INFO [stdout] (http-/0.0.0.0:8081-4) [Tue Dec 11 15:11:37 IST 2012] [Info] CsrfGuard analyzing request /pf-system/styles/button_style.css
15:11:37,707 INFO [stdout] (http-/0.0.0.0:8081-1) [Tue Dec 11 15:11:37 IST 2012] [Info] CsrfGuard analyzing request /pf-weblauncher/webLauncher.do
 
 
 
and the above INFO logs continue to be printed forever. Can you please suggest about the cause of the error  and required workaround ?
 
 
 
Thanks,
sravs

_______________________________________________
Owasp-csrfguard mailing list
Owasp-csrfguard at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20121211/40db963c/attachment-0001.html>


More information about the Owasp-csrfguard mailing list