Broadleaf Commerce Discussion Forums


http://forum.broadleafcommerce.org/

XSRF error on addToCart event

http://forum.broadleafcommerce.org/viewtopic.php?f=14&t=1689

Page 1 of 1

XSRF error on addToCart event

Posted: Mon Feb 25, 2013 2:23 am
by gk12
Can anyone help why I am getting the following error?
javax.servlet.ServletException: org.broadleafcommerce.common.exception.ServiceException: XSRF token mismatch (null). Session may be expired.
org.broadleafcommerce.common.security.handler.CsrfFilter.doFilter(CsrfFilter.java:79)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
org.broadleafcommerce.common.web.BroadleafRequestFilter.doFilterInternal(BroadleafRequestFilter.java:146)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
org.broadleafcommerce.common.exception.ServiceException: XSRF token mismatch (null). Session may be expired.
org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl.compareToken(ExploitProtectionServiceImpl.java:107)
org.broadleafcommerce.common.security.handler.CsrfFilter.doFilter(CsrfFilter.java:77)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
org.broadleafcommerce.common.web.BroadleafRequestFilter.doFilterInternal(BroadleafRequestFilter.java:146)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:147)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
The full stack trace of the root cause is available in the Apache Tomcat/6.0.35 logs.

Re: XSRF error on addToCart event

Posted: Mon Feb 25, 2013 5:24 am
by gk12
To change the PriceTextDisplayProcessor, I added the following to site/../application-Context.xml
If I remove the following snippet, no XSRF error.

Code: Select all

<bean id="blDialect" class="org.broadleafcommerce.common.web.dialect.BLCDialect">
       <property name="processors">
        <set>
         <bean class="org.broadleafcommerce.cms.web.processor.ContentProcessor" />
         <bean class="org.broadleafcommerce.core.web.processor.AddSortLinkProcessor" />
         <bean class="org.broadleafcommerce.core.web.processor.CategoriesProcessor" />
         <bean class="org.broadleafcommerce.core.web.processor.HeadProcessor" />
                        <bean class="org.broadleafcommerce.core.web.processor.NamedOrderProcessor" />
[b]         <bean class="com.gks.core.web.processor.PriceTextDisplayProcessor" />[/b]
         <bean class="org.broadleafcommerce.core.web.processor.RelatedProductProcessor" />
         <bean class="org.broadleafcommerce.core.web.processor.ToggleFacetLinkProcessor" />
         <bean class="org.broadleafcommerce.core.web.processor.UrlRewriteProcessor" />
         <bean class="org.broadleafcommerce.core.web.processor.RatingsProcessor" />
        </set>
      </property>     
   </bean>
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/