WSO2 EI 6.1.1安装完毕,所有增加Endpoint、服务注册、删除服务代理报403 forbiden,问题最终解决。
报错日志:
[2017-12-14 11:21:13,481] [] WARN - JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:192.168.3.34, method:POST, uri
:/carbon/service-mgt/delete_service_groups_ajaxprocessor.jsp, error:required tok
en is missing from the request)
[2017-12-14 11:21:13,482] [] DEBUG - CarbonSecuredHttpContext Is authenticated t
rue
[2017-12-14 11:21:13,484] [] DEBUG - CarbonSecuredHttpContext CarbonSecuredHttpC
ontext -> handleSecurity() requestURI:/carbon/errors/error_403.html id:E3C4FF093
98218167CE165E7508F5790 resourceURI:../errors/error_403.html
问题原因:
This issue happens due a bug in JDK 1.8.0_151, and you can proceed with approaches.
问题是jdk 1.8.0_151,152(152是当前最新版)的一个人已知bug。
解决办法:
1、Downgrade from build 1.8.0_151 to 1.8.0_144;
2、But if you cannot proceed with the downgrade of, (降级jdk到144)
so you can disable the compression in Tomcat repository/conf/tomcat/catalina-server.xml,
switching compression to "off" instead of the default which is "on".
(tomcat的server.xml把compression=“off”,默认是on,共2处)