GoogleCodeExporter
commented
9 years ago [deleted comment]Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago [deleted comment]Plus, an exception with the message
"com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (Session
cookie is not set or empty! Unable to generate XSRF cookie)" is thrown in
tomcat.logOriginal comment by crockabiscuit@gmail.com on 9 Dec 2012 at 5:47
GoogleCodeExporter
commented
9 years ago I also deployed it on / instead of /webpasswordsafeOriginal comment by crockabiscuit@gmail.com on 9 Dec 2012 at 6:18
GoogleCodeExporter
commented
9 years ago If I deploy it on /webpasswordsafe, it works without any exception.
But if I deploy it on /, I get that exception repetitively.
What's wrong?Original comment by crockabiscuit@gmail.com on 9 Dec 2012 at 6:31
GoogleCodeExporter
commented
9 years ago I can reproduce the same issue. Looks like some uri/path are hard coded.Original comment by Misha.Do...@gmail.com on 5 Feb 2013 at 12:02
GoogleCodeExporter
commented
9 years ago I got this working. I did some troubleshooting via Chrome developer tools. So,
basically you need to adjust some web.xml config and it will work from / point.
I did it at least without any coding etc.Original comment by Misha.Do...@gmail.com on 5 Feb 2013 at 1:48
GoogleCodeExporter
commented
9 years ago in web.xml(changed)
<servlet-mapping>
<servlet-name>webservice</servlet-name>
<url-pattern>/webservice/*</url-pattern>
</servlet-mapping>
in webservice-servlet.xml
<property name="portTypeName" value="WebPasswordSafe" />
<property name="locationUri" value="http://localhost/webservice" />
Original comment by Misha.Do...@gmail.com on 5 Feb 2013 at 1:49
GoogleCodeExporter
commented
9 years ago P.S. My server i using port 80 instead of default 8080Original comment by Misha.Do...@gmail.com on 5 Feb 2013 at 1:50
GoogleCodeExporter
commented
9 years ago crockabiscuit- you are trying to deploy webpasswordsafe as the ROOT context in
tomcat?
Misha.Dobrovolskyy- yes that is if you want to enable webservices, not the
default application though
Original comment by joshdrum...@gmail.com on 17 Mar 2013 at 1:07
GoogleCodeExporter
commented
9 years ago [deleted comment]Yes, I'm trying to deploy webpasswordsafe as the ROOT context in tomcat.Original comment by crockabiscuit@gmail.com on 17 Mar 2013 at 10:37
GoogleCodeExporter
commented
9 years ago [deleted comment]I can reproduce this issue as well.
I am *not* trying to deploy webpasswordsafe as the ROOT context in tomcat,
however i am trying to create a VirtualHost in Apache where / redirects to the
/WebPasswordSafe path in Tomcat via the AJP connector.
I have tried using both
ProxyPass / ajp://localhost:8009/WebPasswordSafe
or
RewriteRule / ajp://localhost:8009/WebPasswordSafe
When I change the Apache configuration to require the same path as Tomcat's:
ProxyPass /WebPasswordSafe ajp://localhost:8009/WebPasswordSafe
and go to the specified URL, I don't get the infinite "Session Timeout"
problem, just as crockabiscuit reports.
I am trying to set up a rewriterule that will redirect all / requests to the
/WebPasswordSafe path as a workaround, but am curious why we are seeing this
problem in the first place; it does seem like a bug.
Original comment by ferf...@gmail.com on 4 Apr 2013 at 1:20
GoogleCodeExporter
commented
9 years ago Original comment by joshdrum...@gmail.com on 30 Jun 2013 at 7:27
GoogleCodeExporter
commented
9 years ago @crockabiscuit- this will be fixed in v1.3, or for now you can patch it by
editing src/main/java/net/webpasswordsafe/server/ServerSessionUtil.java and
replacing the line:
cookie.setPath(ServletUtils.getRequest().getContextPath());
with:
cookie.setPath("".equals(ServletUtils.getRequest().getContextPath()) ? "/" :
ServletUtils.getRequest().getContextPath());
@ferfong- in trying to reproduce your case, i got a little further by adding:
ProxyPassReverseCookiePath /WebPasswordSafe /
to my apache config. This is needed so that the csrf token cookie when set to
the response in tomcat gets rewritten to the proxy'ed path in apache. However,
then I just hit another roadblock, and after searching and reading many blogs,
bug reports, and source code, have determined this is a limitation in GWT. GWT
just does not handle reverse proxy configurations where the apache and tomcat
paths are different. A good resource explaining it is here
http://blog.mograbi.info/2013/04/gwt-and-reverse-proxy-is-no-go.html I'll see
how feasible it is to implement the proposed workaround of GWT's design
limitation by subclassing XsrfProtectedServiceServlet, but since
webpasswordsafe extends XsrfProtectedServiceServlet already instead it might be
tricky.Original comment by joshdrum...@gmail.com on 30 Jun 2013 at 10:05
GoogleCodeExporter
commented
9 years ago How will I set up tomcat and webpasswordsafe 1.3 to deploy it on root?Original comment by crockabiscuit@gmail.com on 30 Jun 2013 at 9:03
GoogleCodeExporter
commented
9 years ago @crockabiscuit - simplest way is to rename the webpasswordsafe-1.x.war file as
ROOT.war, and replace the existing tomcat ROOT webapp with it.
@ferfong - i got a workaround for this that looks like it works in all the
different reverse proxy cases i've tested, will be included in v1.3Original comment by joshdrum...@gmail.com on 2 Jul 2013 at 5:28
GoogleCodeExporter
commented
9 years ago Original comment by joshdrum...@gmail.com on 2 Jul 2013 at 5:28
GoogleCodeExporter
commented
9 years ago Hi, I am using v1.3 and trying to use a ProxyPass on apache. However I am still
getting the Session Timeout error loop. Following is the settings in apache
ProxyPass /password http://localhost:8080/webpasswordsafe
ProxyPassReverse /password http://localhost:8080/webpasswordsafe
ProxyPassReverseCookiePath /password http://localhost:8080/webpasswordsafe
The log shows:
EVERE: Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public
abstract com.google.gwt.user.client.rpc.XsrfToken
com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()' threw an
unexpected exception: com.google.gwt.user.client.rpc.RpcTokenException: Invalid
RPC token (Session cookie is not set or empty! Unable to generate XSRF cookie)
at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:389)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:579)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at net.webpasswordsafe.server.filter.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:64)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
(Session cookie is not set or empty! Unable to generate XSRF cookie)
at com.google.gwt.user.server.rpc.XsrfTokenServiceServlet.generateTokenValue(XsrfTokenServiceServlet.java:195)
at com.google.gwt.user.server.rpc.XsrfTokenServiceServlet.getNewXsrfToken(XsrfTokenServiceServlet.java:164)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:561)
... 24 more
Can this be resolved?
Original comment by hira...@hiraash.org on 30 Jul 2013 at 9:51
GoogleCodeExporter
commented
9 years ago I just got the same problem with 1.3 it seems not fixed!
Adding :
ProxyPassReverseCookiePath /webpasswordsafe-1.3 /
As suggested by joshdrum and it worked..
Original comment by rene.pur...@gmail.com on 27 Apr 2014 at 6:57
GoogleCodeExporter
commented
9 years ago [deleted comment]My issue was fixed by doing the following:
vi /etc/tomcat/server.xml
changed this line: <Context path="" docBase="/srv/tomcat/webapps/webpasswordsafe"
to: <Context path="" docBase="/srv/tomcat/webapps/webpasswordsafe/webpasswordsafe"Original comment by annuti...@gmail.com on 30 Oct 2014 at 6:50
Original issue reported on code.google.com by
crockabiscuit@gmail.comon 9 Dec 2012 at 5:43