Miscadmin and Useradmin

mjb54261515

06-06-2019

Hello,

I am trying to access miscadmin and useradmin in mylocal and dev instance. But I dont see it opening or loading. Its showsup empty.

I see following error in my error.log

06.06.2019 11:46:19.443 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The href attribute had a value of "/libs/wcm/core/content/misc.ico". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.443 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The type attribute had a value of "image/vnd.microsoft.icon". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.444 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The rel attribute had a value of "icon". This value could not be accepted for security reasons. We have chosen to remove this attribute from the tag and leave everything else in place so that we could process the input.

06.06.2019 11:46:19.444 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The href attribute had a value of "/libs/wcm/core/content/misc.ico". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.444 *INFO* [0:0:0:0:0:0:0:1 [1559839579442] GET /miscadmin HTTP/1.1] org.apache.sling.xss.impl.HtmlToHtmlContentContext AntiSamy warning: The link tag contained an attribute that we could not process. The type attribute had a value of "image/vnd.microsoft.icon". This value could not be accepted for security reasons. We have chosen to remove the entire link tag in order to continue processing the input.

06.06.2019 11:46:19.522 *WARN* [0:0:0:0:0:0:0:1 [1559839579522] GET /libs/cq/security/userinfo.json HTTP/1.1] com.adobe.granite.xss.impl.XSSFilterImpl Cannot use custom policies.

Any input is appreciated

Accepted Solutions (1)

Accepted Solutions (1)

mjb54261515

07-06-2019

There was error in custom code. When registering servlet. It was not registered in correct way. Fixing this I am able to acess all OOTB in classic UI.

@JadeeBrar I dint notice this issue in Touch UI. Its happened only in Classic UI

Answers (2)

Answers (2)

jbrar

Employee

07-06-2019

In addition to what Akash mentioned, looks like XSS security framework is blocking the URL due to invalid characters in either the URL or in the content.

Check of can access Useradmin in touch UI, Tools-> Security -> Users

akashk22786878

Employee

06-06-2019

Can you confirm if you can access the pages directly skipping the dispatcher/Apache or ELB? If the issue exists directly on instance as well, make sure renderer of JSON is enabled[1].

[1]

  • Go to http ://<host>:<port>/system/console/configMgr/org.apache.sling.servlets.get.DefaultGetServlet
  • Check the "Enable JSON" and save the config.