ActiveMQ
  1. ActiveMQ
  2. AMQ-3425

Unable to delete a queue via web console

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Not a Problem
    • Affects Version/s: 5.5.0, 5.x
    • Fix Version/s: None
    • Component/s: Broker
    • Labels:
    • Environment:

      web console, default configuration

      Description

      Using the following steps will make it impossible to delete a queue via the web console admin interface

      • start ActiveMQ with default configuration (where web console and sample Camel route are deployed)
      • open the web console http://localhost:8161/admin, click on Queues
      • for the only queue example.A, press browse
      • go back in your browser and now try to Delete the queue using the Delete link
      • it will raise "Exception occurred while processing this request, check the log for more information!"

      The AMQ log contains:

      java.lang.UnsupportedOperationException: Possible CSRF attack
      	at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:58)
      	at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184)
      	at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:945)
      	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:753)
      	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
      	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
      	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:527)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1216)
      	at org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
      	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
      	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
      	at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
      	at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
      	at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:421)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:493)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:930)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:358)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:866)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
      	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
      	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
      	at org.eclipse.jetty.server.Server.handle(Server.java:351)
      	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)
      	at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
      	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
      	at java.lang.Thread.run(Thread.java:636)
      

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Torsten Mielke
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development