Troubleshooting
Problem
When launching the API tester web url, the foundation console login screen will be displayed instead
Symptom
Using Internet Explorer, when launching the API tester web url http://IP:PORT/smcfs/yfshttpapi/yantrahttpapitester.jsp the foundation console login screen will be displayed instead. This happens anytime the Application Console has been accessed already. There is also an error thrown in the console when this happens.
<Errors>
<Error
ErrorCode="exception in authenticating csrf token :/smcfs/yfshttpapi/yantrahttpapitester.jsp"
ErrorDescription="Error description not available" ErrorRelatedMoreInfo="">
<Attribute Name="ErrorCode" Value="exception in authenticating csrf token :/smcfs/yfshttpapi/yantrahttpapitester.jsp"/>
<Attribute Name="ErrorDescription" Value="Error description not available"/>
<Stack>com.yantra.yfc.util.YFCException
at com.sterlingcommerce.security.csrf.SCUIcsrfFilter.handleErrors(SCUIcsrfFilter.java:94)
at com.sterlingcommerce.security.csrf.SCUIcsrfFilter.doFilter(SCUIcsrfFilter.java:69)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.sterlingcommerce.woodstock.security.CrossFrameProtectionFilter.doFilter(CrossFrameProtectionFilter.java:39)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.sterlingcommerce.woodstock.security.UserAuthenticationFilter.doFilter(UserAuthenticationFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3723)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3689)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2285)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2184)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1459)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
</Stack>
</Error>
</Errors>
Cause
When Application Console and HTTP API tester with same context root are both launched, the session gets shared. If API tester is launched after Application Console, this request which does not have a CSRF token set gets invalidated against the CSRF token set in the session when Application Console was launched.
Resolving The Problem
The API tester can be launched in new session of the browser. Click File > New Session. After using the console, always log out first. Next time, open the browser to access the API tester alone.
Product Synonym
SSFS
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21601326