[JBoss JIRA] (GTNWCM-32) Error building 2.0.0 distribution
by Lucas Ponce (JIRA)
Lucas Ponce created GTNWCM-32:
---------------------------------
Summary: Error building 2.0.0 distribution
Key: GTNWCM-32
URL: https://issues.jboss.org/browse/GTNWCM-32
Project: GateIn WCM
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Lucas Ponce
Assignee: Lucas Ponce
User is reporting following error:
[ERROR] The build could not read 3 projects -> [Help 1]
[ERROR]
[ERROR] The project org.gatein.wcm:wcm-api:${version.wcm} (C:\Users\s232392\Documents\JBOSS\gatein-wcm-master\wcm-api\pom.xml) has 1 error
[ERROR] Non-resolvable parent POM: Could not find artifact org.gatein.wcm:wcm-parentom:2.0.0 in exo-public-repository-group (http://repository.exoplatform.org/content/groups/public) and 'parent.relativePath' points at wrong local POM @ line 5, column 11 -> [Help 2]
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 9 months
[JBoss JIRA] (GTNPORTAL-3441) XSS vulnerability in UIFormTabPane
by Tuyen Nguyen The (JIRA)
[ https://issues.jboss.org/browse/GTNPORTAL-3441?page=com.atlassian.jira.pl... ]
Tuyen Nguyen The updated GTNPORTAL-3441:
----------------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request: https://github.com/gatein/gatein-portal/pull/817
> XSS vulnerability in UIFormTabPane
> ----------------------------------
>
> Key: GTNPORTAL-3441
> URL: https://issues.jboss.org/browse/GTNPORTAL-3441
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Tuyen Nguyen The
> Assignee: Tuyen Nguyen The
>
> * *XSS injected vector* via form's currentSelectedTab value:
> *# A bad guy give victims a *link that mal-script injected into the _currentSelectedTab_* of a tabs form to victims
> *# A victim *open the link in a browser*. The browser makes a GET request to the application server.
> *# The mal-script then be loaded by application server into the infected form object's selectedTabId attribute. And the application server response a mal-script infected HTML content back to the browser.
> *# The browser process the injected content and the script executed.
> * *Problem analysis*:
> *# *Screens in eXo projects* that implement the [tabs form UIFormTabPane|https://github.com/gatein/gatein-portal/blob/master/webui/c...] got impacted by *XSS vulnerability*.
> The root cause come from getting/setting UIFormTabPane's selectedTabId attribute that they do not have steps of validating/sanitizing input/output values:
> {code}
> public static String RENDER_TAB = "currentSelectedTab";
> ....
> public void setSelectedTab(String renderTabId) {
> selectedTabId = renderTabId;
> }
> public void setSelectedTab(int index) {
> selectedTabId = ((UIComponent) getChild(index - 1)).getId();
> }
> public void processDecode(WebuiRequestContext context) throws Exception {
> String renderTab = context.getRequestParameter(RENDER_TAB);
> if (renderTab != null)
> selectedTabId = renderTab;
> super.processDecode(context);
> }
> ....
> public static class SelectTabActionListener extends EventListener<UIFormTabPane> {
> public void execute(Event<UIFormTabPane> event) throws Exception {
> WebuiRequestContext context = event.getRequestContext();
> String renderTab = context.getRequestParameter(UIComponent.OBJECTID);
> if (renderTab == null)
> return;
> event.getSource().setSelectedTab(renderTab);
> }
> }
> {code}
> ==> mal-script will be embeded into the form object
> *# The flaw then *leaked* via [UIFormTabPane.gtmpl|https://github.com/gatein/gatein-portal/blob/master/w...]
> {code}
> <%uiform.begin()%>
> <div><input type="hidden" id="<%=uicomponent.RENDER_TAB%>" name="<%=uicomponent.RENDER_TAB%>" value="$uicomponent.selectedTabId"/></div>
> <div class="HorizontalLayout">
> {code}
> And injected form object will be *response back to the browser and being processed* by the browser ==> script executed
> For example: input this into browser
> {code}
> http://localhost:8080/portal/g/:organization:management:executive-board/o...<ScRIpT>alert("abc")</SCriPT><script>alert("Hello")</script>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 9 months
[JBoss JIRA] (GTNPORTAL-3441) XSS vulnerability in UIFormTabPane
by Tuyen Nguyen The (JIRA)
[ https://issues.jboss.org/browse/GTNPORTAL-3441?page=com.atlassian.jira.pl... ]
Tuyen Nguyen The updated GTNPORTAL-3441:
----------------------------------------
Description:
* *XSS injected vector* via form's currentSelectedTab value:
*# A bad guy give victims a *link that mal-script injected into the _currentSelectedTab_* of a tabs form to victims
*# A victim *open the link in a browser*. The browser makes a GET request to the application server.
*# The mal-script then be loaded by application server into the infected form object's selectedTabId attribute. And the application server response a mal-script infected HTML content back to the browser.
*# The browser process the injected content and the script executed.
* *Problem analysis*:
*# *Screens in eXo projects* that implement the [tabs form UIFormTabPane|https://github.com/gatein/gatein-portal/blob/master/webui/c...] got impacted by *XSS vulnerability*.
The root cause come from getting/setting UIFormTabPane's selectedTabId attribute that they do not have steps of validating/sanitizing input/output values:
{code}
public static String RENDER_TAB = "currentSelectedTab";
....
public void setSelectedTab(String renderTabId) {
selectedTabId = renderTabId;
}
public void setSelectedTab(int index) {
selectedTabId = ((UIComponent) getChild(index - 1)).getId();
}
public void processDecode(WebuiRequestContext context) throws Exception {
String renderTab = context.getRequestParameter(RENDER_TAB);
if (renderTab != null)
selectedTabId = renderTab;
super.processDecode(context);
}
....
public static class SelectTabActionListener extends EventListener<UIFormTabPane> {
public void execute(Event<UIFormTabPane> event) throws Exception {
WebuiRequestContext context = event.getRequestContext();
String renderTab = context.getRequestParameter(UIComponent.OBJECTID);
if (renderTab == null)
return;
event.getSource().setSelectedTab(renderTab);
}
}
{code}
==> mal-script will be embeded into the form object
*# The flaw then *leaked* via [UIFormTabPane.gtmpl|https://github.com/gatein/gatein-portal/blob/master/w...]
{code}
<%uiform.begin()%>
<div><input type="hidden" id="<%=uicomponent.RENDER_TAB%>" name="<%=uicomponent.RENDER_TAB%>" value="$uicomponent.selectedTabId"/></div>
<div class="HorizontalLayout">
{code}
And injected form object will be *response back to the browser and being processed* by the browser ==> script executed
For example: input this into browser
{code}
http://localhost:8080/portal/g/:organization:management:executive-board/o...<ScRIpT>alert("abc")</SCriPT><script>alert("Hello")</script>
{code}
was:
* *XSS injected vector* via form's currentSelectedTab value:
*# A bad guy give victims a *link that mal-script injected into the _currentSelectedTab_* of a tabs form to victims
*# A victim *open the link in a browser*. The browser makes a GET request to the application server.
*# The mal-script then be loaded by application server into the infected form object's selectedTabId attribute. And the application server response a mal-script infected HTML content back to the browser.
*# The browser process the injected content and the script executed.
* *Problem analysis*:
*# *Screens in eXo projects* that implement the [tabs form UIFormTabPane|https://github.com/exoplatform/gatein-portal/blob/3.5.x-PLF...] got impacted by *XSS vulnerability*.
The root cause come from getting/setting UIFormTabPane's selectedTabId attribute that they do not have steps of validating/sanitizing input/output values:
{code}
public static String RENDER_TAB = "currentSelectedTab";
....
public void setSelectedTab(String renderTabId) {
selectedTabId = renderTabId;
}
public void setSelectedTab(int index) {
selectedTabId = ((UIComponent) getChild(index - 1)).getId();
}
public void processDecode(WebuiRequestContext context) throws Exception {
String renderTab = context.getRequestParameter(RENDER_TAB);
if (renderTab != null)
selectedTabId = renderTab;
super.processDecode(context);
}
....
public static class SelectTabActionListener extends EventListener<UIFormTabPane> {
public void execute(Event<UIFormTabPane> event) throws Exception {
WebuiRequestContext context = event.getRequestContext();
String renderTab = context.getRequestParameter(UIComponent.OBJECTID);
if (renderTab == null)
return;
event.getSource().setSelectedTab(renderTab);
}
}
{code}
==> mal-script will be embeded into the form object
*# The flaw then *leaked* via [UIFormTabPane.gtmpl|https://github.com/gatein/gatein-portal/blob/master/w...]
{code}
<%uiform.begin()%>
<div><input type="hidden" id="<%=uicomponent.RENDER_TAB%>" name="<%=uicomponent.RENDER_TAB%>" value="$uicomponent.selectedTabId"/></div>
<div class="HorizontalLayout">
{code}
And injected form object will be *response back to the browser and being processed* by the browser ==> script executed
For example: input this into browser
{code}
http://localhost:8080/portal/g/:organization:management:executive-board/o...<ScRIpT>alert("abc")</SCriPT><script>alert("Hello")</script>
{code}
> XSS vulnerability in UIFormTabPane
> ----------------------------------
>
> Key: GTNPORTAL-3441
> URL: https://issues.jboss.org/browse/GTNPORTAL-3441
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Tuyen Nguyen The
> Assignee: Tuyen Nguyen The
>
> * *XSS injected vector* via form's currentSelectedTab value:
> *# A bad guy give victims a *link that mal-script injected into the _currentSelectedTab_* of a tabs form to victims
> *# A victim *open the link in a browser*. The browser makes a GET request to the application server.
> *# The mal-script then be loaded by application server into the infected form object's selectedTabId attribute. And the application server response a mal-script infected HTML content back to the browser.
> *# The browser process the injected content and the script executed.
> * *Problem analysis*:
> *# *Screens in eXo projects* that implement the [tabs form UIFormTabPane|https://github.com/gatein/gatein-portal/blob/master/webui/c...] got impacted by *XSS vulnerability*.
> The root cause come from getting/setting UIFormTabPane's selectedTabId attribute that they do not have steps of validating/sanitizing input/output values:
> {code}
> public static String RENDER_TAB = "currentSelectedTab";
> ....
> public void setSelectedTab(String renderTabId) {
> selectedTabId = renderTabId;
> }
> public void setSelectedTab(int index) {
> selectedTabId = ((UIComponent) getChild(index - 1)).getId();
> }
> public void processDecode(WebuiRequestContext context) throws Exception {
> String renderTab = context.getRequestParameter(RENDER_TAB);
> if (renderTab != null)
> selectedTabId = renderTab;
> super.processDecode(context);
> }
> ....
> public static class SelectTabActionListener extends EventListener<UIFormTabPane> {
> public void execute(Event<UIFormTabPane> event) throws Exception {
> WebuiRequestContext context = event.getRequestContext();
> String renderTab = context.getRequestParameter(UIComponent.OBJECTID);
> if (renderTab == null)
> return;
> event.getSource().setSelectedTab(renderTab);
> }
> }
> {code}
> ==> mal-script will be embeded into the form object
> *# The flaw then *leaked* via [UIFormTabPane.gtmpl|https://github.com/gatein/gatein-portal/blob/master/w...]
> {code}
> <%uiform.begin()%>
> <div><input type="hidden" id="<%=uicomponent.RENDER_TAB%>" name="<%=uicomponent.RENDER_TAB%>" value="$uicomponent.selectedTabId"/></div>
> <div class="HorizontalLayout">
> {code}
> And injected form object will be *response back to the browser and being processed* by the browser ==> script executed
> For example: input this into browser
> {code}
> http://localhost:8080/portal/g/:organization:management:executive-board/o...<ScRIpT>alert("abc")</SCriPT><script>alert("Hello")</script>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 9 months
[JBoss JIRA] (GTNPORTAL-3441) XSS vulnerability in UIFormTabPane
by Tuyen Nguyen The (JIRA)
Tuyen Nguyen The created GTNPORTAL-3441:
-------------------------------------------
Summary: XSS vulnerability in UIFormTabPane
Key: GTNPORTAL-3441
URL: https://issues.jboss.org/browse/GTNPORTAL-3441
Project: GateIn Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Tuyen Nguyen The
Assignee: Tuyen Nguyen The
* *XSS injected vector* via form's currentSelectedTab value:
*# A bad guy give victims a *link that mal-script injected into the _currentSelectedTab_* of a tabs form to victims
*# A victim *open the link in a browser*. The browser makes a GET request to the application server.
*# The mal-script then be loaded by application server into the infected form object's selectedTabId attribute. And the application server response a mal-script infected HTML content back to the browser.
*# The browser process the injected content and the script executed.
* *Problem analysis*:
*# *Screens in eXo projects* that implement the [tabs form UIFormTabPane|https://github.com/exoplatform/gatein-portal/blob/3.5.x-PLF...] got impacted by *XSS vulnerability*.
The root cause come from getting/setting UIFormTabPane's selectedTabId attribute that they do not have steps of validating/sanitizing input/output values:
{code}
public static String RENDER_TAB = "currentSelectedTab";
....
public void setSelectedTab(String renderTabId) {
selectedTabId = renderTabId;
}
public void setSelectedTab(int index) {
selectedTabId = ((UIComponent) getChild(index - 1)).getId();
}
public void processDecode(WebuiRequestContext context) throws Exception {
String renderTab = context.getRequestParameter(RENDER_TAB);
if (renderTab != null)
selectedTabId = renderTab;
super.processDecode(context);
}
....
public static class SelectTabActionListener extends EventListener<UIFormTabPane> {
public void execute(Event<UIFormTabPane> event) throws Exception {
WebuiRequestContext context = event.getRequestContext();
String renderTab = context.getRequestParameter(UIComponent.OBJECTID);
if (renderTab == null)
return;
event.getSource().setSelectedTab(renderTab);
}
}
{code}
==> mal-script will be embeded into the form object
*# The flaw then *leaked* via [UIFormTabPane.gtmpl|https://github.com/gatein/gatein-portal/blob/master/w...]
{code}
<%uiform.begin()%>
<div><input type="hidden" id="<%=uicomponent.RENDER_TAB%>" name="<%=uicomponent.RENDER_TAB%>" value="$uicomponent.selectedTabId"/></div>
<div class="HorizontalLayout">
{code}
And injected form object will be *response back to the browser and being processed* by the browser ==> script executed
For example: input this into browser
{code}
http://localhost:8080/portal/g/:organization:management:executive-board/o...<ScRIpT>alert("abc")</SCriPT><script>alert("Hello")</script>
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 9 months
[JBoss JIRA] (GTNPORTAL-3423) Cannot edit page with IE when Dashboard 2nd tab name contains multibyte characters
by Toshiya Kobayashi (JIRA)
[ https://issues.jboss.org/browse/GTNPORTAL-3423?page=com.atlassian.jira.pl... ]
Toshiya Kobayashi commented on GTNPORTAL-3423:
----------------------------------------------
GTNPORTAL-3253 is also required to make it work with IE9
> Cannot edit page with IE when Dashboard 2nd tab name contains multibyte characters
> ----------------------------------------------------------------------------------
>
> Key: GTNPORTAL-3423
> URL: https://issues.jboss.org/browse/GTNPORTAL-3423
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: WebUI
> Affects Versions: 3.6.0.Final
> Environment: Windows 7 (Japanese Edition)
> Internet Explorer 9
> Reporter: Takayuki Konishi
>
> Cannot edit page with IE when Dashboard 2nd tab name contains multibyte character
> See "Steps to Reproduce".
> Actual result:
> Move to first tab ("Click & Type Page Name") and IllegalArgumentException is thrown[1].
> Expected results:
> Open editor for second tab ("なかむら")
> Additional info:
> After I clicked "Edit Page", IE sent this request [2]. The tab name is not url encoded in UTF-8
> Actual) %82%C8%82%A9%82%DE%82%E7 (SJIS)
> Expected) %E3%81%AA%E3%81%8B%E3%82%80%E3%82%89 (UTF-8)
> [1]
> {code}
> 21:37:57,516 WARN [org.exoplatform.web.CacheUserProfileFilter] (http--0.0.0.0-8080-2) An error occured while cache user profile: javax.servlet.ServletException: java.lang.IllegalArgumentException: Invalid percent escape in /u/root/%82%C8%82%A9%82%DE%82%E7
> at org.exoplatform.portal.application.PortalController.onService(PortalController.java:110) [exo.portal.webui.portal-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:132) [exo.kernel.container-2.4.3-GA.jar:2.4.3-GA]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:96) [exo.portal.component.web.api-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:71) [exo.portal.component.web.api-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:70) [exo.portal.component.web.api-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:67) [exo.portal.component.web.security-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.frameworks.jcr.web.ThreadLocalSessionProviderInitializedFilter.doFilter(ThreadLocalSessionProviderInitializedFilter.java:122) [exo.jcr.framework.web-1.15.3-GA.jar:1.15.3-GA]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.web.login.ConversationStateUpdateFilter.doFilter(ConversationStateUpdateFilter.java:66) [exo.portal.component.web.security-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:88) [exo.core.component.security.core-2.5.3-GA.jar:2.5.3-GA]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.web.login.RememberMeFilter.doFilter(RememberMeFilter.java:81) [exo.portal.component.web.security-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.login.RememberMeFilter.doFilter(RememberMeFilter.java:49) [exo.portal.component.web.security-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.gatein.security.oauth.webapi.OAuthDelegateFilter.doFilter(OAuthDelegateFilter.java:58) [exo.portal.component.web.oauth-web-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.gatein.sso.integration.SSODelegateFilter.doFilter(SSODelegateFilter.java:60) [sso-integration-1.3.3.Final.jar:1.3.3.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.exoplatform.container.web.PortalContainerFilter.doFilter(PortalContainerFilter.java:78) [exo.kernel.container-2.4.3-GA.jar:2.4.3-GA]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.gatein.portal.installer.PortalSetupFilter.doFilter(PortalSetupFilter.java:61) [exo.portal.component.portal-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.gatein.portal.init.PortalCheckInitFilter.doFilter(PortalCheckInitFilter.java:66) [exo.portal.component.portal-3.6.0.Final.jar:3.6.0.Final]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397) [jbossweb-7.0.13.Final.jar:]
> at org.gatein.sso.integration.SSODelegateValve.invoke(SSODelegateValve.java:159) [sso-integration-1.3.3.Final.jar:1.3.3.Final]
> at org.gatein.portal.security.jboss.PortalClusteredSSOSupportValve.invoke(PortalClusteredSSOSupportValve.java:88) [exo.portal.component.web.security-jboss-3.6.0.Final.jar:3.6.0.Final]
> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
> at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_45]
> Caused by: java.lang.IllegalArgumentException: Invalid percent escape in /u/root/%82%C8%82%A9%82%DE%82%E7
> at org.exoplatform.web.controller.router.Path$Data.<init>(Path.java:108) [exo.portal.component.web.controller-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.controller.router.Path$Data.<init>(Path.java:44) [exo.portal.component.web.controller-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.controller.router.Path.parse(Path.java:34) [exo.portal.component.web.controller-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.controller.router.Route.route(Route.java:425) [exo.portal.component.web.controller-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.controller.router.Router.matcher(Router.java:164) [exo.portal.component.web.controller-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.web.WebAppController.service(WebAppController.java:300) [exo.portal.component.web.controller-3.6.0.Final.jar:3.6.0.Final]
> at org.exoplatform.portal.application.PortalController.onService(PortalController.java:108) [exo.portal.webui.portal-3.6.0.Final.jar:3.6.0.Final]
> ... 54 more
> {code}
> [2]
> {code}
> ===============================================================
> REQUEST URI =/portal/u/root/%82%C8%82%A9%82%DE%82%E7
> authType=null
> characterEncoding=UTF-8
> contentLength=-1
> contentType=text/plain;charset=UTF-8
> contextPath=/portal
> cookie=gtn.site.preference=/zXAkOBtwlk=
> cookie=JSESSIONID=UB3vwkW4kz8G5s7P0NQpXvyW.undefined
> header=accept=*/*
> header=content-type=text/plain;charset=UTF-8
> header=x-requested-with=XMLHttpRequest
> header=referer=http://192.168.122.1:8080/portal/u/root/%E3%81%AA%E3%81%8B%E3%82%80%E3%82%89
> header=accept-language=ja
> header=accept-encoding=gzip, deflate
> header=user-agent=Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
> header=host=192.168.122.1:8080
> header=connection=Keep-Alive
> header=cookie=gtn.site.preference="/zXAkOBtwlk="; JSESSIONID=UB3vwkW4kz8G5s7P0NQpXvyW.undefined
> locale=ja
> method=GET
> parameter=portal:componentId=1642164311
> parameter=ajaxRequest=true
> parameter=_=1394801693542
> parameter=portal:action=EditCurrentPage
> pathInfo=null
> protocol=HTTP/1.1
> queryString=portal:componentId=1642164311&portal:action=EditCurrentPage&ajaxRequest=true&_=1394801693542
> remoteAddr=192.168.122.10
> remoteHost=192.168.122.10
> remoteUser=null
> requestedSessionId=UB3vwkW4kz8G5s7P0NQpXvyW.undefined
> scheme=http
> serverName=192.168.122.1
> serverPort=8080
> servletPath=/u/root/<82>È<82>©<82>Þ<82>ç
> isSecure=false
> ---------------------------------------------------------------
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 9 months