Description of problem: After upgrade from RHEV 3.2 to RHEV 3.3 it is not possible to log onthe customer portal in some cases. The following ERROR messsge is returned by the UI: Error while executing action: A Request to the Server failed with the following Status Code: 500 Then he login form is displayed but all fields are grey. This eror is followed by a jave exception in jboss server.log ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/webadmin]] (ajp-/127.0.0.1:8702-27) Exception while dispatching incoming RPC call: java.lang.SecurityException: Blocked request wi 1 thout GWT base path header (XSRF attack?) 2 at com.google.gwt.rpc.server.RpcServlet.getClientOracle(RpcServlet.java:95) [gwt-servlet.jar:] 3 at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:205) [gwt-servlet.jar:] 4 at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet.jar:] 5 at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec.jar:1.0.2.Final-redhat-1] 6 at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec.jar:1.0.2.Final-redhat-1] 7 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb.jar:7.2.2.Final-redhat-1] 8 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb.jar:7.2.2.Final-redhat-1] 9 at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) [frontend.jar:] 10 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb.jar:7.2.2.Final-redhat-1] 11 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb.jar:7.2.2.Final-redhat-1] 12 at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) [branding.jar:] 13 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb.jar:7.2.2.Final-redhat-1] 14 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb.jar:7.2.2.Final-redhat-1] 15 at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] 16 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb.jar:7.2.2.Final-redhat-1] 17 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb.jar:7.2.2.Final-redhat-1] 18 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb.jar:7.2.2.Final-redhat-1] 19 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb.jar:7.2.2.Final-redhat-1] 20 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:499) [jbossweb.jar:7.2.2.Final-redhat-1] 21 at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web.jar:7.3.0.Final-redhat-14] 22 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb.jar:7.2.2.Final-redhat-1] 23 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb.jar:7.2.2.Final-redhat-1] 24 at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) [jbossweb.jar:7.2.2.Final-redhat-1] 25 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb.jar:7.2.2.Final-redhat-1] 26 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb.jar:7.2.2.Final-redhat-1] 27 at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:488) [jbossweb.jar:7.2.2.Final-redhat-1] 28 at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:420) [jbossweb.jar:7.2.2.Final-redhat-1] 29 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb.jar:7.2.2.Final-redhat-1] 30 at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] Version-Release number of selected component (if applicable): RHEV 3.3 How reproducible: Sometimes. The same client and browser works for some time and then stops working later. In the same time when one clinet is not woring another client is. Steps to Reproduce: Not clear yet Actual results: Error messge displayed and it is not possible to log onthe portal Expected results: It is possible to log on the portal
Created attachment 862260 [details] Apache configuration file (1 of 2)
Created attachment 862261 [details] Apache configuration file (2 of 2)
The link to "Administration Portal" should not point to https://RHEVM-FQDN/ovirt-engine/webadmin, but to https://RHEVM-QDN/webadmin/webadmin. Please try the following and report the result: # wget wget --no-check-certificate https://RHEVM-QDN # grep "Administration Portal" index.html The result should be this: <a href="/webadmin/webadmin/WebAdmin.html?locale=en_US">Administration Portal</a> The relevant thing here is that the href should be absolute, starting with slash. It may also happen that during the upgrade the the Apache configuration hasn't been updated correctly. Please check the configuration files in the /etc/httpd/conf.d directory. There should be only two RHEV-M related files there, and should contain the same that the attached ovirt-engine-root-redirect.conf and z-ovirt-engine-proxy.conf files.
Note that this GWT error may still happen if the user types manually the wrong URL, for example: https://RHEVM-FQDN/ovirt-engine/webadmin/webadmin This will load the application, but it won't work due to the GWT security restrictions.
I believe this issue is due to the wrong branding package installed. My guess is they have 1-4 installed and they need 1-5 which fixes this issue. They also probably have duplicate links to webadmin and user portal. I believe this is a duplicate of [1] [1] https://bugzilla.redhat.com/show_bug.cgi?id=1059082