java.lang.IllegalArgumentException

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • As already detailed in BAM-14129, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails: {code:title=Bamboo Log:} 2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE 2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... 2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... {code} After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.
    via by David Robakowski,
  • Steps to reproduce: # install JIRA 6.1.5 # install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via _Bamboo Admin > Security > Security Settings >_ # integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application # in the JIRA UI, it will shows that JIRA can't connect to Bamboo as per screenshot Error1.png. However, after disabling the XSRF in Bamboo, it will works immediately and show some build of empty build as per shown in ExpectedBehaviour.png In JIRA logs: {code} 2013-12-17 21:26:02,588 http-bio-9615-exec-15 WARN admin 1286x511x1 n79bat 127.0.0.1 /secure/ViewBambooPanelContent.jspa [ext.bamboo.web.ViewBambooPanelContent] Unable to to connect to Bamboo server. Nothing will be shown. com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 500 at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:19) at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13) at com.atlassian.applinks.core.auth.oauth.OAuthApplinksReturningResponseHandler.handle(OAuthApplinksReturningResponseHandler.java:51) {code} In Bamboo log: {code} 2013-12-17 21:26:02,575 ERROR [http-bio-8085-exec-25] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {code}
    via by Janet Albion [Atlassian],
  • Steps to reproduce: # install JIRA 6.1.5 # install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via _Bamboo Admin > Security > Security Settings >_ # integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application # in the JIRA UI, it will shows that JIRA can't connect to Bamboo as per screenshot Error1.png. However, after disabling the XSRF in Bamboo, it will works immediately and show some build of empty build as per shown in ExpectedBehaviour.png In JIRA logs: {code} 2013-12-17 21:26:02,588 http-bio-9615-exec-15 WARN admin 1286x511x1 n79bat 127.0.0.1 /secure/ViewBambooPanelContent.jspa [ext.bamboo.web.ViewBambooPanelContent] Unable to to connect to Bamboo server. Nothing will be shown. com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 500 at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:19) at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13) at com.atlassian.applinks.core.auth.oauth.OAuthApplinksReturningResponseHandler.handle(OAuthApplinksReturningResponseHandler.java:51) {code} In Bamboo log: {code} 2013-12-17 21:26:02,575 ERROR [http-bio-8085-exec-25] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {code}
    via by Janet Albion [Atlassian],
  • As already detailed in BAM-14129, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails: {code:title=Bamboo Log:} 2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE 2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... 2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... {code} After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.
    via by David Robakowski,
  • h3. Summary Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection h3. Environment * Bamboo 5.10.3 * Bitbucket Cloud h3. Steps to Reproduce *In Bitbucket Cloud* # Go to *Repositories > Your_repo > Settings > Webhooks > Add Webhook* # Add the following URL: {{http://bamboo-host/updateAndBuild.action?planKey=FOO-BAR}} # And customize it the way you want *In Bamboo* # Make sure the there is a remote trigger configured for the plan FOO-BAR # Go to *Admin > Security Settings* then uncheck the option *Enable XSRF protection* h3. Expected Results The build is triggered by the changes in Bitbucket h3. Actual Resuts No build is triggered The following errors can be seen in the catalina.out {noformat} 2016-04-08 16:26:58,215 ERROR [http-nio-8086-exec-12] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139) ... 2016-04-08 16:26:58,235 ERROR [http-nio-8086-exec-12] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) ... {noformat} h3.Workaround # Go to *Admin > Security Settings* then uncheck the option *Enable XSRF protection* # Use the Services feature: [Bamboo service management|https://confluence.atlassian.com/display/BITBUCKET/Bamboo+service+management]
    via by Daniel Santos,
  • h3. Summary Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection h3. Environment * Bamboo 5.10.3 * Bitbucket Cloud h3. Steps to Reproduce *In Bitbucket Cloud* # Go to *Repositories > Your_repo > Settings > Webhooks > Add Webhook* # Add the following URL: {{http://bamboo-host/updateAndBuild.action?planKey=FOO-BAR}} # And customize it the way you want *In Bamboo* # Make sure the there is a remote trigger configured for the plan FOO-BAR # Go to *Admin > Security Settings* then uncheck the option *Enable XSRF protection* h3. Expected Results The build is triggered by the changes in Bitbucket h3. Actual Resuts No build is triggered The following errors can be seen in the catalina.out {noformat} 2016-04-08 16:26:58,215 ERROR [http-nio-8086-exec-12] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139) ... 2016-04-08 16:26:58,235 ERROR [http-nio-8086-exec-12] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) ... {noformat} h3.Workaround # Go to *Admin > Security Settings* then uncheck the option *Enable XSRF protection* # Use the Services feature: [Bamboo service management|https://confluence.atlassian.com/display/BITBUCKET/Bamboo+service+management]
    via by Daniel Santos,
  • The new feature to enable [XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection] introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. *Steps to reproduced* # Configure Bamboo to use mod_proxy as detailed here: https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+Apache+HTTP+server # my current settings is like this: {code} ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /bamboo53 http://localhost:1053/bamboo53 ProxyPassReverse /bamboo53 http://localhost:1053/bamboo53 <Location /bamboo53> Order allow,deny Allow from all </Location> {code} # The tomcat connector for Bamboo has proxy related parameters: {code} scheme="http" proxyName="sultan-PC" proxyPort="80" {code} # Set the base_url of Bamboo as appropriately using the proxy url. In my case : http://sultan-pc/bamboo53/ # Try editing the security settings page in Bamboo or even try changing the base URL and you will hit in to the errors below: {noformat} 2013-12-23 22:35:36,365 INFO [http-bio-1053-exec-4] [AccessLogFilter] bamboo GET http://sultan-PC/bamboo53/rest/menu/latest/appswitcher?_=1387809336291 246387kb 2013-12-23 22:35:39,562 INFO [http-bio-1053-exec-7] [AccessLogFilter] bamboo POST http://sultan-PC/bamboo53/admin/configureSecurity.action 245406kb 2013-12-23 22:35:39,564 WARN [http-bio-1053-exec-7] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:CB91741D0541AB8DEFACB782990944F5 due to XSRF_FAILURE_BAD_REFERRER 2013-12-23 22:35:39,564 ERROR [http-bio-1053-exec-7] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.GlobalAdminInterceptor.doIntercept(GlobalAdminInterceptor.java:22) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {noformat} What is happening in the above example is that because the proxyName is specified as "sultan-PC" the incoming request 'HOST' header value is changed to "sultan-PC" where as the referrer will have a host of "sultan-pc". As the host comparison is case sensitive the 'referer' check fails. I think just to be safe we should perform a case insensitive comparison of the 'referer' and the 'host' headers host. *Note* If one does not configure tomcat to have proxy configuration and passes through the HOST header by using the apache httpd 'ProxyPreserveHost' configuration directive then this issue can be avoided. Because ProxyPreserveHost does not cause the scheme or port to be properly set one has to explicitly configure the tomcat connector to include scheme="https" and the proxyPort="443" when using bamboo behind a https proxy. In such a setup we also recommend setting secure="true" in the tomcat connector configuration.
    via by Sultan Maiyaki [Atlassian],
  • The new feature to enable [XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection] introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. *Steps to reproduced* # Configure Bamboo to use mod_proxy as detailed here: https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+Apache+HTTP+server # my current settings is like this: {code} ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /bamboo53 http://localhost:1053/bamboo53 ProxyPassReverse /bamboo53 http://localhost:1053/bamboo53 <Location /bamboo53> Order allow,deny Allow from all </Location> {code} # The tomcat connector for Bamboo has proxy related parameters: {code} scheme="http" proxyName="sultan-PC" proxyPort="80" {code} # Set the base_url of Bamboo as appropriately using the proxy url. In my case : http://sultan-pc/bamboo53/ # Try editing the security settings page in Bamboo or even try changing the base URL and you will hit in to the errors below: {noformat} 2013-12-23 22:35:36,365 INFO [http-bio-1053-exec-4] [AccessLogFilter] bamboo GET http://sultan-PC/bamboo53/rest/menu/latest/appswitcher?_=1387809336291 246387kb 2013-12-23 22:35:39,562 INFO [http-bio-1053-exec-7] [AccessLogFilter] bamboo POST http://sultan-PC/bamboo53/admin/configureSecurity.action 245406kb 2013-12-23 22:35:39,564 WARN [http-bio-1053-exec-7] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:CB91741D0541AB8DEFACB782990944F5 due to XSRF_FAILURE_BAD_REFERRER 2013-12-23 22:35:39,564 ERROR [http-bio-1053-exec-7] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_BAD_REFERRER). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:161) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.bamboo.ww2.interceptors.GlobalAdminInterceptor.doIntercept(GlobalAdminInterceptor.java:22) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {noformat} What is happening in the above example is that because the proxyName is specified as "sultan-PC" the incoming request 'HOST' header value is changed to "sultan-PC" where as the referrer will have a host of "sultan-pc". As the host comparison is case sensitive the 'referer' check fails. I think just to be safe we should perform a case insensitive comparison of the 'referer' and the 'host' headers host. *Note* If one does not configure tomcat to have proxy configuration and passes through the HOST header by using the apache httpd 'ProxyPreserveHost' configuration directive then this issue can be avoided. Because ProxyPreserveHost does not cause the scheme or port to be properly set one has to explicitly configure the tomcat connector to include scheme="https" and the proxyPort="443" when using bamboo behind a https proxy. In such a setup we also recommend setting secure="true" in the tomcat connector configuration.
    via by Sultan Maiyaki,
  • If a System error log is shown, clicking on delete throws the following error: {noformat} Request Information: Request URL: https://instancename.atlassian.net/builds/admin/removeErrorFromLog.action Scheme: https Server: instancename.atlassian.net Port: 443 URI: /builds/admin/removeErrorFromLog.action Context Path: /builds Servlet Path: /admin/removeErrorFromLog.action Path Info: Query String: buildKey=Elastic%20Bamboo&error=0&returnUrl=/admin/systemErrors.action Stack Trace: java.lang.IllegalArgumentException: Could not parse key 'Elastic Bamboo' at com.atlassian.bamboo.plan.PlanKeys.getPlanKey(PlanKeys.java:283) at com.atlassian.bamboo.ww2.interceptors.NavigationAwareInterceptor.getNavObject(NavigationAwareInterceptor.java:141) at com.atlassian.bamboo.ww2.interceptors.NavigationAwareInterceptor.doIntercept(NavigationAwareInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:36) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:32) at com.atlassian.bamboo.util.BambooProfilingUtils.withUtilTimerStack(BambooProfilingUtils.java:49) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.atlassian.bamboo.ww2.interceptors.BuildResultsSummaryAwareInteceptor.doIntercept(BuildResultsSummaryAwareInteceptor.java:70) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:36) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:32) at com.atlassian.bamboo.util.BambooProfilingUtils.withUtilTimerStack(BambooProfilingUtils.java:49) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.atlassian.bamboo.ww2.interceptors.ResultsSummaryAwareInteceptor.doIntercept(ResultsSummaryAwareInteceptor.java:69) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:36) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:32) at com.atlassian.bamboo.util.BambooProfilingUtils.withUtilTimerStack(BambooProfilingUtils.java:49) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.atlassian.bamboo.ww2.interceptors.ChainAwareInterceptor.doIntercept(ChainAwareInterceptor.java:112) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:36) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor$1.call(AbstractBambooInterceptor.java:32) at com.atlassian.bamboo.util.BambooProfilingUtils.withUtilTimerStack(BambooProfilingUtils.java:49) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:31) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:186) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:190) at com.opensymphony.xwork.DefaultActionProxy.execute(DefaultActionProxy.java:116) at com.opensymphony.webwork.dispatcher.DispatcherUtils.serviceAction(DispatcherUtils.java:274) at com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:202) at com.atlassian.bamboo.ww2.BambooFilterDispatcher.doFilter(BambooFilterDispatcher.java:20) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.labs.botkiller.BotKillerFilter.doFilter(BotKillerFilter.java:36) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.studio.core.servlet.filter.AlacarteLicenseEnforcer.doFilter(AlacarteLicenseEnforcer.java:71) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118) at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.bamboo.ww2.ValidActionContextMarker.doFilter(ValidActionContextMarker.java:37) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.bamboo.filter.BambooProfilingFilter.doFilter(BambooProfilingFilter.java:30) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.bamboo.filter.AccessLogFilter.doFilter(AccessLogFilter.java:66) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:265) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at com.atlassian.bamboo.filter.SeraphLoginFilter.doFilter(SeraphLoginFilter.java:71) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:275) at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:98) at com.atlassian.bamboo.filter.BambooAcegiProxyFilter.doFilter(BambooAcegiProxyFilter.java:25) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.bamboo.filter.LicenseFilter.doFilter(LicenseFilter.java:73) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:211) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:150) at com.atlassian.seraph.filter.BambooLoginFilter.doFilter(BambooLoginFilter.java:34) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:55) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:98) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.hibernate.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:170) at com.atlassian.bamboo.persistence.BambooSessionInViewFilter.doFilterInternal(BambooSessionInViewFilter.java:36) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.planetj.servlet.filter.compression.CompressingFilter.handleDoFilter(CompressingFilter.java:203) at com.planetj.servlet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:193) at com.atlassian.bamboo.filter.CompressingFilter.doFilter(CompressingFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.bamboo.filter.RequestCacheThreadLocalFilter.doFilter(RequestCacheThreadLocalFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) {noformat} Clicking on 'Clear all error logs' still works.
    via by Ivan Maduro [Out of Office],
    • java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)

    Users with the same issue

    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,