org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'

Apereo Issues | Ken Maruyama | 4 years ago
  1. 0

    We use a security software that will scan our web applications, and it detected a cross-site scripting security issue with severity high. I'm not sure if this is a real security concern because it doesn't appear that the browser will actually execute the javascript that gets embedded to the http response. However at least it is something that a security software detects it as a cross-site scripting security issue. And some organizations like ours are very sensitive to what the security software reports. It might be worth to at least not make any valid Javascript code appear in the http response. At the end of the message I will put what the security software put in the report. Here is how to replicate this: Use url: /login?execution=e2s1%3Ciframe+src%3Djavascript%3Aalert%2826748% 29+ The result will be this displayed on the browser: {"exception.message":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'\r\n\tat org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseSnapshotId(AbstractFlowExecutionRepository.java:221)\r\n\tat org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseFlowExecutionKey(AbstractFlowExecutionRepository.java:120)\r\n\tat org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:164)\r\n\tat org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)\r\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)\r\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)\r\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)\r\n\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:617)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:717)\r\n\tat org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)\r\n\tat org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)\r\n\tat org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\r\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)\r\n\tat org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)\r\n\tat org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\r\n\tat com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\r\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)\r\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)\r\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)\r\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\r\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)\r\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)\r\n\tat org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)\r\n\tat org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)\r\n\tat org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)\r\n\tat java.lang.Thread.run(Unknown Source)\r\nCaused by: java.lang.NumberFormatException: For input string: \"1<iframe src=javascript:alert(26748) \"\r\n\tat java.lang.NumberFormatException.forInputString(Unknown Source)\r\n\tat java.lang.Integer.parseInt(Unknown Source)\r\n\tat java.lang.Integer.valueOf(Unknown Source)\r\n\tat org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseSnapshotId(AbstractFlowExecutionRepository.java:219)\r\n\t... 33 more\r\n","failure":"true"} Report generated by the security application: [1 of 4] Cross-Site Scripting Severity: High Test Type: Application Vulnerable URL: https://xxx.xxx.xxx.xxx/cas-server-webapp-3.5.1/login (Parameter: execution) CVE ID(s): N/A CWE ID(s): 79 (parent of 82,83) Remediation Tasks: Review possible solutions for hazardous character injection Variant 1 of 9 [ID=12556] The following changes were applied to the original request: • Set parameter 'execution's value to 'e2s1%3Ciframe+src%3Djavascript%3Aalert%2826748% 29+' Request/Response: This request/response contains binary content, which is not included in generated reports. Validation In Response: • alert(26748) Reasoning: The test result seems to indicate a vulnerability because Appscan successfully embedded a script in the response, which will be executed when the page loads in the user's browser.

    Apereo Issues | 4 years ago | Ken Maruyama
    org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'
  2. 0

    We use a security software that will scan our web applications, and it detected a cross-site scripting security issue with severity high. I'm not sure if this is a real security concern because it doesn't appear that the browser will actually execute the javascript that gets embedded to the http response. However at least it is something that a security software detects it as a cross-site scripting security issue. And some organizations like ours are very sensitive to what the security software reports. It might be worth to at least not make any valid Javascript code appear in the http response. At the end of the message I will put what the security software put in the report. Here is how to replicate this: Use url: /login?execution=e2s1%3Ciframe+src%3Djavascript%3Aalert%2826748% 29+ The result will be this displayed on the browser: {"exception.message":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'\r\n\tat org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseSnapshotId(AbstractFlowExecutionRepository.java:221)\r\n\tat org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseFlowExecutionKey(AbstractFlowExecutionRepository.java:120)\r\n\tat org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:164)\r\n\tat org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)\r\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)\r\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)\r\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)\r\n\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:617)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:717)\r\n\tat org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)\r\n\tat org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)\r\n\tat org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\r\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)\r\n\tat org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)\r\n\tat org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\r\n\tat com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)\r\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)\r\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)\r\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)\r\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\r\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)\r\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)\r\n\tat org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)\r\n\tat org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)\r\n\tat org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)\r\n\tat java.lang.Thread.run(Unknown Source)\r\nCaused by: java.lang.NumberFormatException: For input string: \"1<iframe src=javascript:alert(26748) \"\r\n\tat java.lang.NumberFormatException.forInputString(Unknown Source)\r\n\tat java.lang.Integer.parseInt(Unknown Source)\r\n\tat java.lang.Integer.valueOf(Unknown Source)\r\n\tat org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseSnapshotId(AbstractFlowExecutionRepository.java:219)\r\n\t... 33 more\r\n","failure":"true"} Report generated by the security application: [1 of 4] Cross-Site Scripting Severity: High Test Type: Application Vulnerable URL: https://xxx.xxx.xxx.xxx/cas-server-webapp-3.5.1/login (Parameter: execution) CVE ID(s): N/A CWE ID(s): 79 (parent of 82,83) Remediation Tasks: Review possible solutions for hazardous character injection Variant 1 of 9 [ID=12556] The following changes were applied to the original request: • Set parameter 'execution's value to 'e2s1%3Ciframe+src%3Djavascript%3Aalert%2826748% 29+' Request/Response: This request/response contains binary content, which is not included in generated reports. Validation In Response: • alert(26748) Reasoning: The test result seems to indicate a vulnerability because Appscan successfully embedded a script in the response, which will be executed when the page loads in the user's browser.

    Apereo Issues | 4 years ago | Ken Maruyama
    org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'
  3. 0

    Attempting to edit an existing Simple Content Portlet (for example, the uPortal links portlet)'s rich configuration section leads to a stack trace when pressing "save". This error occurs even if no changes have been made. java.util.concurrent.ExecutionException: org.jasig.portal.portlet.PortletDispatchException: The portlet window 'PortletWindow [portletWindowId=46_ctf3_26, delegationParentId=null, portletMode=view, windowState=maximized, expirationCache=null, renderParameters={}, publicRenderParameters={}, portletEntity=PortletEntity [portletEntityId=46_ctf3_26, layoutNodeId=ctf3, userId=26, portletDefinition=PortletDefinition [portletDefinitionId=46, fname=portlet-admin, portletDescriptorKey=PortletDescriptorKey [frameworkPortlet=true, webAppName=null, portletName=PortletAdministration], portletType=PortletTypeImpl [internalId=3, name=Portlet, descr=Adapter for JSR-168 Portlets, cpdUri=/org/jasig/portal/portlets/GenericPortlet.cpd.xml]]]]' threw an exception while executing renderMarkup. at java.util.concurrent.FutureTask$Sync.innerGet(FutureTask.java:232) at java.util.concurrent.FutureTask.get(FutureTask.java:91) at org.jasig.portal.portlet.rendering.worker.PortletExecutionWorker.get(PortletExecutionWorker.java:202) at org.jasig.portal.portlet.rendering.worker.PortletRenderExecutionWorker.getOutput(PortletRenderExecutionWorker.java:67) at org.jasig.portal.portlet.rendering.PortletExecutionManager.getPortletOutput(PortletExecutionManager.java:481) at org.jasig.portal.rendering.PortletRenderingIncorporationComponent$PortletIncorporatingEventReader.filterEvent(PortletRenderingIncorporationComponent.java:106) at org.jasig.portal.character.stream.FilteringCharacterEventReader.internalNext(FilteringCharacterEventReader.java:76) at org.jasig.portal.character.stream.FilteringCharacterEventReader.peek(FilteringCharacterEventReader.java:61) at org.jasig.portal.character.stream.FilteringCharacterEventReader.hasNext(FilteringCharacterEventReader.java:43) at org.jasig.portal.rendering.DynamicRenderingPipeline.renderState(DynamicRenderingPipeline.java:75) at org.jasig.portal.rendering.PortalController.renderRequest(PortalController.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:426) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.portal.utils.web.CreatePortletCookieFilter.doFilterInternal(CreatePortletCookieFilter.java:60) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:70) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.portal.url.UrlCanonicalizingFilter.doFilterInternal(UrlCanonicalizingFilter.java:118) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:113) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:680) Caused by: org.jasig.portal.portlet.PortletDispatchException: The portlet window 'PortletWindow [portletWindowId=46_ctf3_26, delegationParentId=null, portletMode=view, windowState=maximized, expirationCache=null, renderParameters={}, publicRenderParameters={}, portletEntity=PortletEntity [portletEntityId=46_ctf3_26, layoutNodeId=ctf3, userId=26, portletDefinition=PortletDefinition [portletDefinitionId=46, fname=portlet-admin, portletDescriptorKey=PortletDescriptorKey [frameworkPortlet=true, webAppName=null, portletName=PortletAdministration], portletType=PortletTypeImpl [internalId=3, name=Portlet, descr=Adapter for JSR-168 Portlets, cpdUri=/org/jasig/portal/portlets/GenericPortlet.cpd.xml]]]]' threw an exception while executing renderMarkup. at org.jasig.portal.portlet.rendering.PortletRendererImpl.doRenderMarkupInternal(PortletRendererImpl.java:286) at org.jasig.portal.portlet.rendering.PortletRendererImpl.doRenderMarkup(PortletRendererImpl.java:228) at org.jasig.portal.portlet.rendering.worker.PortletRenderExecutionWorker.callInternal(PortletRenderExecutionWorker.java:60) at org.jasig.portal.portlet.rendering.worker.PortletRenderExecutionWorker.callInternal(PortletRenderExecutionWorker.java:1) at org.jasig.portal.portlet.rendering.worker.PortletExecutionWorker$1.call(PortletExecutionWorker.java:125) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) ... 1 more Caused by: javax.portlet.PortletException: Request processing failed at org.springframework.web.portlet.FrameworkPortlet.processRequest(FrameworkPortlet.java:544) at org.springframework.web.portlet.FrameworkPortlet.doDispatch(FrameworkPortlet.java:470) at javax.portlet.GenericPortlet.render(GenericPortlet.java:248) at org.jasig.portal.portlet.container.FilterChainImpl.doFilter(FilterChainImpl.java:184) at org.jasig.portal.portlet.container.FilterChainImpl.processFilter(FilterChainImpl.java:100) at org.jasig.portal.portlet.container.FilterManagerImpl.processFilter(FilterManagerImpl.java:111) at org.apache.pluto.container.driver.PortletServlet.dispatch(PortletServlet.java:340) at org.apache.pluto.container.driver.PortletServlet.doGet(PortletServlet.java:261) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488) at org.apache.pluto.driver.container.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:233) at org.apache.pluto.driver.container.DefaultPortletInvokerService.render(DefaultPortletInvokerService.java:117) at org.apache.pluto.container.impl.PortletContainerImpl.doRender(PortletContainerImpl.java:157) at org.jasig.portal.portlet.rendering.PortletRendererImpl.doRenderMarkupInternal(PortletRendererImpl.java:283) ... 9 more Caused by: org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'null', the expected format is 'The string-encoded flow execution key is required' at org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseFlowExecutionKey(AbstractFlowExecutionRepository.java:115) at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:164) at org.jasig.portal.webflow.portlet.FlowHandlerAdapter.handleAction(FlowHandlerAdapter.java:147) at org.springframework.web.portlet.DispatcherPortlet.doActionService(DispatcherPortlet.java:641) at org.springframework.web.portlet.FrameworkPortlet.processRequest(FrameworkPortlet.java:519) at org.springframework.web.portlet.FrameworkPortlet.processAction(FrameworkPortlet.java:460) at org.jasig.portal.portlet.container.FilterChainImpl.doFilter(FilterChainImpl.java:130) at org.jasig.portal.portlet.container.FilterChainImpl.processFilter(FilterChainImpl.java:92) at org.jasig.portal.portlet.container.FilterManagerImpl.processFilter(FilterManagerImpl.java:119) at org.apache.pluto.container.driver.PortletServlet.dispatch(PortletServlet.java:359) at org.apache.pluto.container.driver.PortletServlet.doPost(PortletServlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488) at org.apache.pluto.driver.container.DefaultPortletInvokerService.invoke(DefaultPortletInvokerService.java:233) at org.apache.pluto.driver.container.DefaultPortletInvokerService.action(DefaultPortletInvokerService.java:101) at org.apache.pluto.container.impl.PortletContainerImpl.doAction(PortletContainerImpl.java:251) at org.jasig.portal.portlet.rendering.PortletRendererImpl.doAction(PortletRendererImpl.java:138) at org.jasig.portal.portlet.rendering.worker.PortletActionExecutionWorker.callInternal(PortletActionExecutionWorker.java:46) at org.jasig.portal.portlet.rendering.worker.PortletActionExecutionWorker.callInternal(PortletActionExecutionWorker.java:1) ... 6 more

    Apereo Issues | 5 years ago | Jennifer Bourey
    java.util.concurrent.ExecutionException: org.jasig.portal.portlet.PortletDispatchException: The portlet window 'PortletWindow [portletWindowId=46_ctf3_26, delegationParentId=null, portletMode=view, windowState=maximized, expirationCache=null, renderParameters={}, publicRenderParameters={}, portletEntity=PortletEntity [portletEntityId=46_ctf3_26, layoutNodeId=ctf3, userId=26, portletDefinition=PortletDefinition [portletDefinitionId=46, fname=portlet-admin, portletDescriptorKey=PortletDescriptorKey [frameworkPortlet=true, webAppName=null, portletName=PortletAdministration], portletType=PortletTypeImpl [internalId=3, name=Portlet, descr=Adapter for JSR-168 Portlets, cpdUri=/org/jasig/portal/portlets/GenericPortlet.cpd.xml]]]]' threw an exception while executing renderMarkup.
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    After a month, no tickets created in 4.2.2?

    Google Groups | 5 months ago | Jeffrey Wong
    org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key '', the expected format is '<uuid>_<base64-encoded-flow-state>'
  6. 0

    After a month, no tickets created in 4.2.2?

    Google Groups | 5 months ago | Jeffrey Wong
    org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key '', the expected format is '<uuid>_<base64-encoded-flow-state>'

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException

      Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'","exception.stacktrace":"org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'e2s1<iframe src=javascript:alert(26748) ', the expected format is 'e<executionId>s<snapshotId>'

      at org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseSnapshotId()
    2. Spring Web Flow
      FlowHandlerAdapter.handle
      1. org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseSnapshotId(AbstractFlowExecutionRepository.java:221)
      2. org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.parseFlowExecutionKey(AbstractFlowExecutionRepository.java:120)
      3. org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution(FlowExecutorImpl.java:164)
      4. org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
      4 frames
    3. Spring MVC
      FrameworkServlet.doGet
      1. org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
      2. org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
      3. org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
      4. org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
      4 frames
    4. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
      2. javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      2 frames
    5. Jasig CAS Core
      SafeDispatcherServlet.service
      1. org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128)
      2. org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57)
      3. org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
      3 frames
    6. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    7. Spring
      DelegatingFilterProxy.doFilter
      1. org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
      2. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      3. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
      4. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
      4 frames
    8. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    9. Inspektr - Common API
      ClientInfoThreadLocalFilter.doFilter
      1. com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
      1 frame
    10. Glassfish Core
      CoyoteAdapter.service
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      5. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      6. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
      7. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      8. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
      8 frames
    11. Grizzly HTTP
      JIoEndpoint$Worker.run
      1. org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
      2. org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
      3. org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
      3 frames