Getting "java.lang.UnsupportedOperationException: Possible CSRF attack" when hitting "Delete" or "Purge" after going back to the Queues page with "back" button in A-MQ 6.0 Web Console

Solution Unverified - Updated -

Issue

  • When I hit "Delete" or "Purge" in the destination page ("Queues" or "Topics") after going back to the page by hitting a web browser's "back" button, I got "HTTP Error 500 - Internal server error : A server side exception occurred while processing this request, check the log for more information" with the the following WARN message in amq.log:
2014-08-13 19:27:26,690 | WARN  | qtp239582445-175 | ServletHandler                   | lipse.jetty.util.log.JavaUtilLog   70 | 75 - org.eclipse.jetty.util - 7.6.7.v20120910 | /activemqweb/deleteDestination.action
java.lang.UnsupportedOperationException: Possible CSRF attack
    at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:59)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:288)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1063)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1048)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:886)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)[72:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.2]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[72:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.2]
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1329)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:102)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.ops4j.pax.web.service.internal.WelcomeFilesFilter.doFilter(WelcomeFilesFilter.java:193)[123:org.ops4j.pax.web.pax-web-runtime:1.1.11]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:445)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[124:org.ops4j.pax.web.pax-web-jetty:1.1.11]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:521)[82:org.eclipse.jetty.security:7.6.7.v20120910]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:117)[124:org.ops4j.pax.web.pax-web-jetty:1.1.11]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:75)[124:org.ops4j.pax.web.pax-web-jetty:1.1.11]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.Server.handle(Server.java:363)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:920)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:982)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:635)[77:org.eclipse.jetty.http:7.6.7.v20120910]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[77:org.eclipse.jetty.http:7.6.7.v20120910]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)[76:org.eclipse.jetty.io:7.6.7.v20120910]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)[76:org.eclipse.jetty.io:7.6.7.v20120910]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[75:org.eclipse.jetty.util:7.6.7.v20120910]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[75:org.eclipse.jetty.util:7.6.7.v20120910]
    at java.lang.Thread.run(Thread.java:745)[:1.7.0_65]
2014-08-13 19:27:06,664 | WARN  | qtp239582445-170 | ServletHandler                   | lipse.jetty.util.log.JavaUtilLog   70 | 75 - org.eclipse.jetty.util - 7.6.7.v20120910 | /activemqweb/purgeDestination.action
java.lang.UnsupportedOperationException: Possible CSRF attack
    at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:59)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:288)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1063)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:1048)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:886)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)[72:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.2]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[72:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.2]
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1329)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:102)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)[133:org.jboss.amq.mq-web-console:5.8.0.redhat-60024]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.ops4j.pax.web.service.internal.WelcomeFilesFilter.doFilter(WelcomeFilesFilter.java:193)[123:org.ops4j.pax.web.pax-web-runtime:1.1.11]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:445)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[124:org.ops4j.pax.web.pax-web-jetty:1.1.11]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:521)[82:org.eclipse.jetty.security:7.6.7.v20120910]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:117)[124:org.ops4j.pax.web.pax-web-jetty:1.1.11]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)[83:org.eclipse.jetty.servlet:7.6.7.v20120910]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:75)[124:org.ops4j.pax.web.pax-web-jetty:1.1.11]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.Server.handle(Server.java:363)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:920)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:982)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:635)[77:org.eclipse.jetty.http:7.6.7.v20120910]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)[77:org.eclipse.jetty.http:7.6.7.v20120910]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[81:org.eclipse.jetty.server:7.6.7.v20120910]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)[76:org.eclipse.jetty.io:7.6.7.v20120910]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)[76:org.eclipse.jetty.io:7.6.7.v20120910]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[75:org.eclipse.jetty.util:7.6.7.v20120910]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[75:org.eclipse.jetty.util:7.6.7.v20120910]
    at java.lang.Thread.run(Thread.java:745)[:1.7.0_65]

Environment

  • Red Hat JBoss A-MQ
    • 6.0
  • Web Console

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content