Invalid CSRF and insufficient privileges for a data type

[Félix Navarro Guirado]

Hello everyone, please let me explain you my situation and ask for advice.

I've just installed a new XNAT instance in a new server but I'm having invalid CRSF error randomly, in example when I log in, sometimes it works sometimes an error like this one  is shown.:

2017-06-19 19:24:18,104 [http-bio-8080-exec-5] ERROR org.apache.turbine.Turbine - Turbine.handleException: 

java.lang.Exception: INVALID CSRF (POST on URL: http://10.202.7.85:8080/app/action/ManageDataTypes from 10.202.1.101 (53449) user: 10.202.1.101

Headers:

...

cookie: SESSION_ACTIVE=true; SESSION_DIALOG_OPEN=false; SESSION_DIALOG_CANCELLED=false; SESSION_TIMED_OUT=true; SESSION_TIMEOUT_TIME=1497892962754; SESSION_LOGOUT_REDIRECT=true; SESSION_LAST_PAGE=http://10.202.7.85:8080/app/action/ManageDataTypes; WARNING_BAR=OPEN; guest=true; JSESSIONID=55A5002781E9E7B5FF068C00CB423327; SESSION_EXPIRATION_TIME="1497892948686,900000"

....

I'm having another issue that is not allowing me to use this instance of XNAT. When I try to archive a session from prearchive I get the following error:

2017-06-19 19:34:52,266 [http-bio-8080-exec-10] ERROR org.nrg.xnat.helpers.merge.MergeSessionsA - 

org.nrg.xft.exception.InvalidPermissionException: This user has insufficient privileges for the data type 'xnat:mrScanData'.

Please see attached xdat.log and turbine.log files.

The context of the instance is this: Ubuntu 16.10 64 bits virtual machine where onlythe required software for XNAT is running. We run under a proxy. I just created a super user, a project, a pipeline and enabled the pipeline build action for xnat:mrSessionData as it is described in the documentation. Then I sent a session from the PACS. Since the problem appeared when I tried to archive the session I rebooted tomcat.

Please notice that when I reboot tomcat another error appears for another data type in xdat.log.

I realized that content.log logs this:

 [localhost-startStop-1] ERROR org.apache.axis.configuration.EngineConfigurationFactoryServlet  - Unable to find config file.  Creating new servlet engine config file: /WEB-INF/server-config.wsdd

Do any of you have any idea about how to solve this situation?

Any help would be appreciated.

Thank you in advance.

[Moore, Charlie]

Félix,

 

For the error when uploading a session, I just want to confirm: you didn’t set up the xnat:mrScanData data type to your XNAT via the Data Types page, right? That would likely cause that issue, if so. For your first issue, my best guess is that it’s a proxy issue, but that’s not my area of expertise at all…

 

Thanks,

Charlie

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To post to this group, send email to xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.

 

---

The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[Félix Navarro Guirado]

Thank you very much, Charlie, for your answer.

I did: Administer -> Data Types -> xnat:mrSessionData -> edit -> added a new Available Report Action.

In fact, I followed the procedure described here: https://wiki.xnat.org/documentation/xnat-administration/configuring-the-pipeline-engine/installing-pipelines-in-xnat

This seems to be the seed of my problem. Do any of you know how to fix it?

Thanks!!

[Félix Navarro Guirado]

I tried removing de "secured" tick but the problem is still there.

Do any of you know a workaround for this? This issue is halting the whole project.

[Moore, Charlie]

There’s a section in the Admin UI where you can disable the requirement for CSRF tokens (in the top bar, Administer > Site Administration. Then click Security > CSRF). However, this is a workaround, at best, and it’s possible some things aren’t really checking this setting (and will still require a CSRF token). For the permissions issue, you added the pipeline launch action for the xnat:mrSessionData data type, which shouldn’t cause that issue for any reason I can think of, so I’ve got no ideas there… (I don’t think you want to mess with the default value for ‘secured’ though).

[Félix Navarro Guirado]

Finally, I decided to drop de database and clean Xnat's folders. I repeated the process but this time everything works fine.

[Félix Navarro Guirado]

Finally, I decided to drop de database and clean Xnat's folders. I repeated the process but this time everything works fine.

El miércoles, 21 de junio de 2017, 16:49:02 (UTC+2), Moore, Charlie escribió: