java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).

Atlassian JIRA | Janet Albion [Atlassian] | 3 years ago
  1. 0

    As already detailed in BAM-14129, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails: {code:title=Bamboo Log:} 2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE 2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... 2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... {code} After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.

    Atlassian JIRA | 3 years ago | David Robakowski
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
  2. 0

    Steps to reproduce: # install JIRA 6.1.5 # install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via _Bamboo Admin > Security > Security Settings >_ # integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application # in the JIRA UI, it will shows that JIRA can't connect to Bamboo as per screenshot Error1.png. However, after disabling the XSRF in Bamboo, it will works immediately and show some build of empty build as per shown in ExpectedBehaviour.png In JIRA logs: {code} 2013-12-17 21:26:02,588 http-bio-9615-exec-15 WARN admin 1286x511x1 n79bat 127.0.0.1 /secure/ViewBambooPanelContent.jspa [ext.bamboo.web.ViewBambooPanelContent] Unable to to connect to Bamboo server. Nothing will be shown. com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 500 at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:19) at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13) at com.atlassian.applinks.core.auth.oauth.OAuthApplinksReturningResponseHandler.handle(OAuthApplinksReturningResponseHandler.java:51) {code} In Bamboo log: {code} 2013-12-17 21:26:02,575 ERROR [http-bio-8085-exec-25] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {code}

    Atlassian JIRA | 3 years ago | Janet Albion [Atlassian]
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
  3. 0

    Steps to reproduce: # install JIRA 6.1.5 # install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via _Bamboo Admin > Security > Security Settings >_ # integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application # in the JIRA UI, it will shows that JIRA can't connect to Bamboo as per screenshot Error1.png. However, after disabling the XSRF in Bamboo, it will works immediately and show some build of empty build as per shown in ExpectedBehaviour.png In JIRA logs: {code} 2013-12-17 21:26:02,588 http-bio-9615-exec-15 WARN admin 1286x511x1 n79bat 127.0.0.1 /secure/ViewBambooPanelContent.jspa [ext.bamboo.web.ViewBambooPanelContent] Unable to to connect to Bamboo server. Nothing will be shown. com.atlassian.sal.api.net.ResponseStatusException: Unexpected response received. Status code: 500 at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:19) at com.atlassian.applinks.core.auth.ApplicationLinksStringReturningResponseHandler.handle(ApplicationLinksStringReturningResponseHandler.java:13) at com.atlassian.applinks.core.auth.oauth.OAuthApplinksReturningResponseHandler.handle(OAuthApplinksReturningResponseHandler.java:51) {code} In Bamboo log: {code} 2013-12-17 21:26:02,575 ERROR [http-bio-8085-exec-25] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) {code}

    Atlassian JIRA | 3 years ago | Janet Albion [Atlassian]
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    As already detailed in BAM-14129, we're also facing the same error with Stash and Bamboo. When Stash tries to trigger a build request over the Post-Receive WebHook and XSRF protection is enabled this request fails: {code:title=Bamboo Log:} 2014-01-31 09:44:28,008 WARN [http-bio-8085-exec-19] [BambooXsrfTokenInterceptor] XSRF token validation failed in session:null due to XSRF_FAILURE_NO_TOKEN_IN_COOKIE 2014-01-31 09:44:28,008 ERROR [http-bio-8085-exec-19] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... 2014-01-31 09:44:28,013 ERROR [http-bio-8085-exec-19] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) ... {code} After disabling XSRF protection the build starts just fine. We're using Stash v2.10.1 and Bamboo 5.3 behind a proxy.

    Atlassian JIRA | 3 years ago | David Robakowski
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).
  6. 0

    h3. Summary Bamboo is not able to handle Bitbucket webhook without disabling XSRF protection h3. Environment * Bamboo 5.10.3 * Bitbucket Cloud h3. Steps to Reproduce *In Bitbucket Cloud* # Go to *Repositories > Your_repo > Settings > Webhooks > Add Webhook* # Add the following URL: {{http://bamboo-host/updateAndBuild.action?planKey=FOO-BAR}} # And customize it the way you want *In Bamboo* # Make sure the there is a remote trigger configured for the plan FOO-BAR # Go to *Admin > Security Settings* then uncheck the option *Enable XSRF protection* h3. Expected Results The build is triggered by the changes in Bitbucket h3. Actual Resuts No build is triggered The following errors can be seen in the catalina.out {noformat} 2016-04-08 16:26:58,215 ERROR [http-nio-8086-exec-12] [ExceptionMappingInterceptor] XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139) ... 2016-04-08 16:26:58,235 ERROR [http-nio-8086-exec-12] [FiveOhOh] 500 Exception was thrown. java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE). at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:66) at com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.atlassian.xwork.interceptors.AroundInterceptor.intercept(AroundInterceptor.java:25) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246) at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171) ... {noformat} h3.Workaround # Go to *Admin > Security Settings* then uncheck the option *Enable XSRF protection* # Use the Services feature: [Bamboo service management|https://confluence.atlassian.com/display/BITBUCKET/Bamboo+service+management]

    Atlassian JIRA | 8 months ago | Daniel Santos
    java.lang.IllegalArgumentException: XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalArgumentException

      XSRF Token Validation failed (XSRF_FAILURE_NO_TOKEN_IN_COOKIE).

      at com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept()
    2. com.atlassian.bamboo
      AbstractBambooInterceptor.intercept
      1. com.atlassian.bamboo.ww2.interceptors.BambooXsrfTokenInterceptor.doIntercept(BambooXsrfTokenInterceptor.java:64)
      2. com.atlassian.bamboo.ww2.interceptors.AbstractBambooInterceptor.intercept(AbstractBambooInterceptor.java:34)
      2 frames