1110786 – Exception while dispatching incoming RPC call: com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (XSRF token missing)

Bug 1110786 - Exception while dispatching incoming RPC call: com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (XSRF token missing)

Summary: Exception while dispatching incoming RPC call: com.google.gwt.user.client.rpc...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	oVirt
Classification:	Retired
Component:	ovirt-engine-webadmin
Sub Component:
Version:	3.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Alexander Wels
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	ux
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-18 12:52 UTC by Jiri Belka
Modified:	2016-02-10 19:46 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-10-17 12:29:41 UTC
oVirt Team:	UX
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
sosreport-LogCollector-20140618144859.tar.xz (8.48 MB, application/x-xz) 2014-06-18 12:52 UTC, Jiri Belka	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1112404	unspecified	CLOSED	[AAA] UX SSO fixups	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1115918	unspecified	CLOSED	GUI Reconnection after disconnection returns Error 500	2021-02-22 00:41:40 UTC
oVirt gerrit	30849	master	MERGED	userportal,webadmin: XSRF token generation fix	Never

Internal Links: 1112404 1115918

Description Jiri Belka 2014-06-18 12:52:14 UTC

Created attachment 909997 [details]
sosreport-LogCollector-20140618144859.tar.xz

Description of problem:
2014-06-18 14:45:35,665 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/ovirt-engine/webadmin]] (ajp--127.0.0.1-8702-9
) Exception while dispatching incoming RPC call: com.google.gwt.user.client.rpc.RpcTokenException: Invalid RPC token (XSRF token missing)
        at org.ovirt.engine.ui.frontend.server.gwt.XsrfProtectedRpcServlet.validateXsrfToken(XsrfProtectedRpcServlet.java:75) [frontend.jar:]
        at org.ovirt.engine.ui.frontend.server.gwt.AbstractXsrfProtectedRpcServlet.onAfterRequestDeserialized(AbstractXsrfProtectedRpcServlet.java:67) [frontend.jar:]
        at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:171) [gwt-servlet.jar:]
        at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) [gwt-servlet.jar:]
        at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) [gwt-servlet.jar:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.ovirt.engine.ui.frontend.server.gwt.AbstractXsrfProtectedRpcServlet.service(AbstractXsrfProtectedRpcServlet.java:53) [frontend.jar
:]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
        at org.ovirt.engine.core.utils.servlet.HeaderFilter.doFilter(HeaderFilter.java:94) [utils.jar:]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]

Version-Release number of selected component (if applicable):
ovirt-engine-3.5.0-0.0.master.20140605145557.git3ddd2de.el6.noarch

How reproducible:
??

Steps to Reproduce:
1. ??
2.
3.

Actual results:
exception

Expected results:
??

Additional info:

Comment 1 Alexander Wels 2014-07-07 12:21:06 UTC

There are a ton of different ways to generate this 'issue' for instance:

1. Log into webadmin/userportal and restart the engine while logged in. This will cause the http session to be changed and the XSRF token to change as well.
2. There is a known issue with the new AAA implementation where the SSO will cause this error to happen basically due to the same issue, the SSO logs you in and changes the http session after you are logged in, and the error shows up in the log.
3. With the new AAA implementation when you log out due to another known issue it automatically logs you in again, which also changes the http session, making the existing token invalid and causing that exception in the log.

Note that the exception is not BAD, it just stops whatever query/action you are attempting to do, due to the fact that the token you provided is not valid.

BZ#1112404 should solve a lot of the issues noted above, but it is clearly possible for the exception to happen besides that.

Comment 2 Sandro Bonazzola 2014-10-17 12:29:41 UTC

oVirt 3.5 has been released and should include the fix for this issue.

Note You need to log in before you can comment on or make changes to this bug.