Closed GoogleCodeExporter closed 9 years ago
[deleted comment]
Plus, an exception with the message
"com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (Session
cookie is not set or empty! Unable to generate XSRF cookie)" is thrown in
tomcat.log
Original comment by crockabiscuit@gmail.com
on 9 Dec 2012 at 5:47
I also deployed it on / instead of /webpasswordsafe
Original comment by crockabiscuit@gmail.com
on 9 Dec 2012 at 6:18
If I deploy it on /webpasswordsafe, it works without any exception.
But if I deploy it on /, I get that exception repetitively.
What's wrong?
Original comment by crockabiscuit@gmail.com
on 9 Dec 2012 at 6:31
I can reproduce the same issue. Looks like some uri/path are hard coded.
Original comment by Misha.Do...@gmail.com
on 5 Feb 2013 at 12:02
I got this working. I did some troubleshooting via Chrome developer tools. So,
basically you need to adjust some web.xml config and it will work from / point.
I did it at least without any coding etc.
Original comment by Misha.Do...@gmail.com
on 5 Feb 2013 at 1:48
in web.xml(changed)
<servlet-mapping>
<servlet-name>webservice</servlet-name>
<url-pattern>/webservice/*</url-pattern>
</servlet-mapping>
in webservice-servlet.xml
<property name="portTypeName" value="WebPasswordSafe" />
<property name="locationUri" value="http://localhost/webservice" />
Original comment by Misha.Do...@gmail.com
on 5 Feb 2013 at 1:49
P.S. My server i using port 80 instead of default 8080
Original comment by Misha.Do...@gmail.com
on 5 Feb 2013 at 1:50
crockabiscuit- you are trying to deploy webpasswordsafe as the ROOT context in
tomcat?
Misha.Dobrovolskyy- yes that is if you want to enable webservices, not the
default application though
Original comment by joshdrum...@gmail.com
on 17 Mar 2013 at 1:07
[deleted comment]
Yes, I'm trying to deploy webpasswordsafe as the ROOT context in tomcat.
Original comment by crockabiscuit@gmail.com
on 17 Mar 2013 at 10:37
[deleted comment]
I can reproduce this issue as well.
I am *not* trying to deploy webpasswordsafe as the ROOT context in tomcat,
however i am trying to create a VirtualHost in Apache where / redirects to the
/WebPasswordSafe path in Tomcat via the AJP connector.
I have tried using both
ProxyPass / ajp://localhost:8009/WebPasswordSafe
or
RewriteRule / ajp://localhost:8009/WebPasswordSafe
When I change the Apache configuration to require the same path as Tomcat's:
ProxyPass /WebPasswordSafe ajp://localhost:8009/WebPasswordSafe
and go to the specified URL, I don't get the infinite "Session Timeout"
problem, just as crockabiscuit reports.
I am trying to set up a rewriterule that will redirect all / requests to the
/WebPasswordSafe path as a workaround, but am curious why we are seeing this
problem in the first place; it does seem like a bug.
Original comment by ferf...@gmail.com
on 4 Apr 2013 at 1:20
Original comment by joshdrum...@gmail.com
on 30 Jun 2013 at 7:27
@crockabiscuit- this will be fixed in v1.3, or for now you can patch it by
editing src/main/java/net/webpasswordsafe/server/ServerSessionUtil.java and
replacing the line:
cookie.setPath(ServletUtils.getRequest().getContextPath());
with:
cookie.setPath("".equals(ServletUtils.getRequest().getContextPath()) ? "/" :
ServletUtils.getRequest().getContextPath());
@ferfong- in trying to reproduce your case, i got a little further by adding:
ProxyPassReverseCookiePath /WebPasswordSafe /
to my apache config. This is needed so that the csrf token cookie when set to
the response in tomcat gets rewritten to the proxy'ed path in apache. However,
then I just hit another roadblock, and after searching and reading many blogs,
bug reports, and source code, have determined this is a limitation in GWT. GWT
just does not handle reverse proxy configurations where the apache and tomcat
paths are different. A good resource explaining it is here
http://blog.mograbi.info/2013/04/gwt-and-reverse-proxy-is-no-go.html I'll see
how feasible it is to implement the proposed workaround of GWT's design
limitation by subclassing XsrfProtectedServiceServlet, but since
webpasswordsafe extends XsrfProtectedServiceServlet already instead it might be
tricky.
Original comment by joshdrum...@gmail.com
on 30 Jun 2013 at 10:05
How will I set up tomcat and webpasswordsafe 1.3 to deploy it on root?
Original comment by crockabiscuit@gmail.com
on 30 Jun 2013 at 9:03
@crockabiscuit - simplest way is to rename the webpasswordsafe-1.x.war file as
ROOT.war, and replace the existing tomcat ROOT webapp with it.
@ferfong - i got a workaround for this that looks like it works in all the
different reverse proxy cases i've tested, will be included in v1.3
Original comment by joshdrum...@gmail.com
on 2 Jul 2013 at 5:28
Original comment by joshdrum...@gmail.com
on 2 Jul 2013 at 5:28
Hi, I am using v1.3 and trying to use a ProxyPass on apache. However I am still
getting the Session Timeout error loop. Following is the settings in apache
ProxyPass /password http://localhost:8080/webpasswordsafe
ProxyPassReverse /password http://localhost:8080/webpasswordsafe
ProxyPassReverseCookiePath /password http://localhost:8080/webpasswordsafe
The log shows:
EVERE: Exception while dispatching incoming RPC call
com.google.gwt.user.server.rpc.UnexpectedException: Service method 'public
abstract com.google.gwt.user.client.rpc.XsrfToken
com.google.gwt.user.client.rpc.XsrfTokenService.getNewXsrfToken()' threw an
unexpected exception: com.google.gwt.user.client.rpc.RpcTokenException: Invalid
RPC token (Session cookie is not set or empty! Unable to generate XSRF cookie)
at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:389)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:579)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at net.webpasswordsafe.server.filter.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:64)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
Caused by: com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token
(Session cookie is not set or empty! Unable to generate XSRF cookie)
at com.google.gwt.user.server.rpc.XsrfTokenServiceServlet.generateTokenValue(XsrfTokenServiceServlet.java:195)
at com.google.gwt.user.server.rpc.XsrfTokenServiceServlet.getNewXsrfToken(XsrfTokenServiceServlet.java:164)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:561)
... 24 more
Can this be resolved?
Original comment by hira...@hiraash.org
on 30 Jul 2013 at 9:51
I just got the same problem with 1.3 it seems not fixed!
Adding :
ProxyPassReverseCookiePath /webpasswordsafe-1.3 /
As suggested by joshdrum and it worked..
Original comment by rene.pur...@gmail.com
on 27 Apr 2014 at 6:57
[deleted comment]
My issue was fixed by doing the following:
vi /etc/tomcat/server.xml
changed this line: <Context path="" docBase="/srv/tomcat/webapps/webpasswordsafe"
to: <Context path="" docBase="/srv/tomcat/webapps/webpasswordsafe/webpasswordsafe"
Original comment by annuti...@gmail.com
on 30 Oct 2014 at 6:50
Original issue reported on code.google.com by
crockabiscuit@gmail.com
on 9 Dec 2012 at 5:43