Uploaded image for project: 'Alfresco One Platform'
  1. Alfresco One Platform
  2. ACE-1347 Release 35 - Regression testing on Enterprise
  3. ACE-1498

Error "Possible CSRF attack noted when comparing token in session and request parameter. Request: POST /share/proxy/alfresco/api/upload" was detected during to bm-0002 Jmeter test upload file sampler.

    Details

    • Type: Feature Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Won't Fix
    • Affects Version/s: 5.0
    • Fix Version/s: None
    • Component/s: Benchmarking
    • Labels:
      None
    • Environment:
      BM Lab. JMeter, Alfresco v4.3.0 (build-1672)
    • Test In:
      Enterprise
    • Sprint:
      WAT 2 - Release Sprint 1

      Description

      File upload action doesn't work correctly under load during to bm-0002 jmeter test. Some files can be uploaded by users without any errors but for some users upload file action failed with next error:

      javax.servlet.ServletException: Possible CSRF attack noted when comparing token in session and request parameter. Request: POST /share/proxy/alfresco/api/upload
      	at org.alfresco.web.site.servlet.CSRFFilter$AssertTokenAction.run(CSRFFilter.java:845)
      	at org.alfresco.web.site.servlet.CSRFFilter.doFilter(CSRFFilter.java:312)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      	at org.alfresco.web.site.servlet.SSOAuthenticationFilter.doFilter(SSOAuthenticationFilter.java:391)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
      	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
      	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:724)
      

      It was bm-0002 test for 360 users.
      For more information about bm-0002, please, see BenchmarkProjectProposal-BM-0002.docx (https://ts.alfresco.com/share/page/site/bm/documentlibrary#filter=path|%2FProjects%2FBM-0002%2F1-Definition|&page=1).
      All jmeter tests were modified to support csrf-tokens and worked correctly for 4.3.0 (build-1649).

      Snezhana Z.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedissues Closed Issues
                  Reporter:
                  alfrescoqa Alfresco QA Team
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel