java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER).

Atlassian JIRA | Sultan Maiyaki | 3 years ago
tip
Click on the to mark the solution that helps you, Samebug will learn from it.
As a community member, you’ll be rewarded for you help.
  1. 0

    The new feature to enable [XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection] introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. *Steps to reproduced* # Configure Bamboo to use mod_proxy as detailed here: https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+Apache+HTTP+server # my current settings is like this: {code} ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /bamboo53 http://localhost:1053/bamboo53 ProxyPassReverse /bamboo53 http://localhost:1053/bamboo53 <Location /bamboo53> Order allow,deny Allow from all </Location> {code} # The tomcat connector for Bamboo has proxy related parameters: {code} scheme="http" proxyName="sultan-PC" proxyPort="80" {code} # Set the base_url of Bamboo as appropriately using the proxy url. In my case : http://sultan-pc/bamboo53/ # Try editing the security settings page in Bamboo or even try changing the base URL and you will hit in to the errors below: {noformat} 2013-12-23 22:35:36,365 INFO [http-bio-1053-exec-4] [AccessLogFilter] bamboo GET http://sultan-PC/bamboo53/rest/menu/latest/appswitcher?_=1387809336291 246387kb 2013-12-23 22:35:39,562 INFO [http-bio-1053-exec-7] [AccessLogFilter] bamboo POST http://sultan-PC/bamboo53/admin/configureSecurity.action 245406kb 2013-12-23 22:35:39,564 WARN [http-bio-1053-exec-7] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:CB91741D0541AB8DEFACB782990944F5 due to XSRF_FAILURE_BAD_REFERRER 2013-12-23 22:35:39,564 ERROR [http-bio-1053-exec-7] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.GlobalAdminInterceptor.doIntercept(GlobalAdminInterceptor.java:22) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {noformat} What is happening in the above example is that because the proxyName is specified as "sultan-PC" the incoming request 'HOST' header value is changed to "sultan-PC" where as the referrer will have a host of "sultan-pc". As the host comparison is case sensitive the 'referer' check fails. I think just to be safe we should perform a case insensitive comparison of the 'referer' and the 'host' headers host. *Note* If one does not configure tomcat to have proxy configuration and passes through the HOST header by using the apache httpd 'ProxyPreserveHost' configuration directive then this issue can be avoided. Because ProxyPreserveHost does not cause the scheme or port to be properly set one has to explicitly configure the tomcat connector to include scheme="https" and the proxyPort="443" when using bamboo behind a https proxy. In such a setup we also recommend setting secure="true" in the tomcat connector configuration.

    Atlassian JIRA | 3 years ago | Sultan Maiyaki [Atlassian]
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER).
  2. 0

    The new feature to enable [XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection] introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. *Steps to reproduced* # Configure Bamboo to use mod_proxy as detailed here: https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+Apache+HTTP+server # my current settings is like this: {code} ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /bamboo53 http://localhost:1053/bamboo53 ProxyPassReverse /bamboo53 http://localhost:1053/bamboo53 <Location /bamboo53> Order allow,deny Allow from all </Location> {code} # The tomcat connector for Bamboo has proxy related parameters: {code} scheme="http" proxyName="sultan-PC" proxyPort="80" {code} # Set the base_url of Bamboo as appropriately using the proxy url. In my case : http://sultan-pc/bamboo53/ # Try editing the security settings page in Bamboo or even try changing the base URL and you will hit in to the errors below: {noformat} 2013-12-23 22:35:36,365 INFO [http-bio-1053-exec-4] [AccessLogFilter] bamboo GET http://sultan-PC/bamboo53/rest/menu/latest/appswitcher?_=1387809336291 246387kb 2013-12-23 22:35:39,562 INFO [http-bio-1053-exec-7] [AccessLogFilter] bamboo POST http://sultan-PC/bamboo53/admin/configureSecurity.action 245406kb 2013-12-23 22:35:39,564 WARN [http-bio-1053-exec-7] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:CB91741D0541AB8DEFACB782990944F5 due to XSRF_FAILURE_BAD_REFERRER 2013-12-23 22:35:39,564 ERROR [http-bio-1053-exec-7] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.GlobalAdminInterceptor.doIntercept(GlobalAdminInterceptor.java:22) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {noformat} What is happening in the above example is that because the proxyName is specified as "sultan-PC" the incoming request 'HOST' header value is changed to "sultan-PC" where as the referrer will have a host of "sultan-pc". As the host comparison is case sensitive the 'referer' check fails. I think just to be safe we should perform a case insensitive comparison of the 'referer' and the 'host' headers host. *Note* If one does not configure tomcat to have proxy configuration and passes through the HOST header by using the apache httpd 'ProxyPreserveHost' configuration directive then this issue can be avoided. Because ProxyPreserveHost does not cause the scheme or port to be properly set one has to explicitly configure the tomcat connector to include scheme="https" and the proxyPort="443" when using bamboo behind a https proxy. In such a setup we also recommend setting secure="true" in the tomcat connector configuration.

    Atlassian JIRA | 3 years ago | Sultan Maiyaki
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER).
  3. 0

    Steps to reproduce: # install JIRA 6.1.5 # install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via _Bamboo Admin > Security > Security Settings >_ # integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application # in the JIRA UI, it will shows that JIRA can't connect to Bamboo as per screenshot Error1.png. However, after disabling the XSRF in Bamboo, it will works immediately and show some build of empty build as per shown in ExpectedBehaviour.png In JIRA logs: {code} 2013-12-17 21:26:02,588 http-bio-9615-exec-15 WARN admin 1286x511x1 n79bat 127.0.0.1 /secure/ViewBambooPanelContent.jspa [ext.bamboo.web.ViewBambooPanelContent] Unable to to connect to Bamboo server. Nothing will be shown. com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 500 at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:19) at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13) at com.atlassian.applinks.core.auth.oauth.OAuthApplinksReturningResponseHandler.handle(OAuthApplinksReturningResponseHandler.java:51) {code} In Bamboo log: {code} 2013-12-17 21:26:02,575 ERROR [http-bio-8085-exec-25] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {code}

    Atlassian JIRA | 3 years ago | Janet Albion [Atlassian]
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    As already detailed in BAM-14129, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails: {code:title=Bamboo Log:} 2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE 2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... 2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... {code} After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.

    Atlassian JIRA | 3 years ago | David Robakowski
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
  6. 0

    Stack Trace: java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_PARAMS). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.security.acegi.intercept.web.WebworkSecurityInterceptor.intercept(WebworkSecurityInterceptor.java:57) at com.atlassian.bamboo.security.acegi.intercept.web.WebworkSecurityInterceptorProxy.intercept(WebworkSecurityInterceptorProxy.java:31) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.OnDemandNotSupportedInterceptor.intercept(OnDemandNotSupportedInterceptor.java:31) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.PaginationAwareInterceptor.doIntercept(PaginationAwareInterceptor.java:100) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.StatisticsAwareInterceptor.doIntercept(StatisticsAwareInterceptor.java:39) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.ResultsListAwareInterceptor.doIntercept(ResultsListAwareInterceptor.java:42) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.NavigationAwareInterceptor.doIntercept(NavigationAwareInterceptor.java:121) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.BuildResultsSummaryAwareInteceptor.doIntercept(BuildResultsSummaryAwareInteceptor.java:71) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.ResultsSummaryAwareInteceptor.doIntercept(ResultsSummaryAwareInteceptor.java:74) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.ChainAwareInterceptor.doIntercept(ChainAwareInterceptor.java:111) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.PlanLimitAwareInterceptor.doIntercept(PlanLimitAwareInterceptor.java:39) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.BuildConfigurationInterceptor.doIntercept(BuildConfigurationInterceptor.java:44) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54) at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:564) at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77) at org.apache.struts2.dispatcher.ng.filter.StrutsExecuteFilter.doFilter(StrutsExecuteFilter.java:93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFixupFilter.doFilter(PrettyUrlsSiteMeshFixupFilter.java:36) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsDispatcherFilter.doFilter(PrettyUrlsDispatcherFilter.java:60) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsSiteMeshFilter.doFilter(PrettyUrlsSiteMeshFilter.java:92) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsMatcherFilter.doFilter(PrettyUrlsMatcherFilter.java:56) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.filter.SessionCreationForAnonymousUserFilter.doFilter(SessionCreationForAnonymousUserFilter.java:60) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.filter.NewRelicTransactionNamingFilter.doFilter(NewRelicTransactionNamingFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.ww2.StrutsPrepareFilter$1.doFilter(StrutsPrepareFilter.java:81) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:91) at com.atlassian.bamboo.ww2.StrutsPrepareFilter.handleRequest(StrutsPrepareFilter.java:52) at com.atlassian.bamboo.ww2.StrutsPrepareFilter.doFilter(StrutsPrepareFilter.java:40) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.filter.BambooProfilingFilter.doFilter(BambooProfilingFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.filter.AccessLogFilter.doFilter(AccessLogFilter.java:120) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at com.atlassian.bamboo.filter.SeraphLoginFilter$1.run(SeraphLoginFilter.java:69) at com.atlassian.bamboo.security.ImpersonationHelper.runWith(ImpersonationHelper.java:31) at com.atlassian.bamboo.security.ImpersonationHelper.runAs(ImpersonationHelper.java:67) at com.atlassian.bamboo.filter.SeraphLoginFilter.doFilter(SeraphLoginFilter.java:75) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98) at com.atlassian.bamboo.filter.BambooAcegiProxyFilter.doFilter(BambooAcegiProxyFilter.java:26) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.filter.LicenseFilter.doFilter(LicenseFilter.java:76) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:240) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:148) at com.atlassian.seraph.filter.BambooLoginFilter.doFilter(BambooLoginFilter.java:34) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:61) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:232) at com.atlassian.bamboo.persistence.BambooSessionInViewFilter.doFilterInternal(BambooSessionInViewFilter.java:31) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.planetj.servlet.filter.compression.CompressingFilter.handleDoFilter(CompressingFilter.java:203) at com.planetj.servlet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:193) at com.atlassian.bamboo.filter.CompressingFilter.doFilter(CompressingFilter.java:73) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:27) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.core.filters.HeaderSanitisingFilter.doFilter(HeaderSanitisingFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.prettyurls.filter.PrettyUrlsCombinedMatchDispatcherFilter.doFilter(PrettyUrlsCombinedMatchDispatcherFilter.java:61) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1852) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

    Atlassian JIRA | 2 years ago | Arun
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_PARAMS).

    2 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalArgumentException

      XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER).

      at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept()
    2. com.atlassian.bamboo
      AbstractBambooInterceptor.intercept
      1. com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64)
      2. com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
      2 frames
    3. XWork
      DefaultActionInvocation.invoke
      1. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      1 frame
    4. com.atlassian.xwork
      AroundInterceptor.intercept
      1. com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25)
      1 frame
    5. XWork
      DefaultActionInvocation.invoke
      1. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      1 frame
    6. Struts2
      FileUploadInterceptor.intercept
      1. org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
      1 frame
    7. XWork
      DefaultActionInvocation.invoke
      1. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      2. com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
      3. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      4. com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
      5. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      6. com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
      7. com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
      8. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      9. com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161)
      10. com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
      10 frames
    8. com.atlassian.bamboo
      AbstractBambooInterceptor.intercept
      1. com.atlassian.bamboo.ww2.interceptors.GlobalAdminInterceptor.doIntercept(GlobalAdminInterceptor.java:22)
      2. com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
      2 frames