[英]Why am I getting “uri:/carbon/admin/login.jsp, error:required token is missing from the request” when trying to log into WSO2 APIM?
I configured my cluster in AWS for WSO2 API Manager, with load balancers for each section: The store, the publisher, the gateway managers and the gateway workers. 我在AWS中为WSO2 API Manager配置了群集,并为每个部分配备了负载均衡器:商店,发布者,网关管理器和网关工作程序。
However, when I try to log into the Store, the Publisher or Carbon, with the correct username and password, I get the following error in the logs: 但是,当我尝试使用正确的用户名和密码登录到Store,Publisher或Carbon时,在日志中出现以下错误:
ARN - JavaLogger potential cross-site request forgery (CSRF) attack thwarted
(user:<anonymous>, ip:10.0.1.125, method:HEAD, uri:/carbon/admin/login.jsp,
error:required token is missing from the request)
That's all the information the log gives me, and I know for sure the user/pass is correct. 这就是日志提供给我的所有信息,而且我确定用户/密码正确无误。 Why can't I log in? 为什么我不能登录?
I only posted this question for share the answer, because I couldn't find anything about it on Google. 我只发布此问题以分享答案,因为我在Google上找不到任何有关此问题的信息。
My problem was that the load balancer was configure to distribute the requests evenly among it's instances. 我的问题是负载平衡器配置为在实例之间平均分配请求。 So, when I tried to log in, the request always was sent to a different node, which by definition is a CSRF attack. 因此,当我尝试登录时,请求始终发送到另一个节点,根据定义,这是CSRF攻击。
As soon as I allowed those requests to be sticky, so a login request from a node goes to itself, the log in works. 一旦我允许这些请求变得棘手,所以来自节点的登录请求就转到了自己,登录就起作用了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.