A Direct URL Report Using the getServerDateTime Function Shows 'OPENING' Message
(Doc ID 1399973.1)
Last updated on AUGUST 05, 2016
Applies to:Oracle SOA Platform – BAM (Business Activity Monitoring) - Version: 184.108.40.206.0
Information in this document applies to any platform.
Defining a report with datatime surface prompt parameters 'From' and 'To' with the default value of SystemDateTime .
Using a 'Direct URL' to access a Report form outside of the (standard) BAM Console (eg: Active Studio, Architect, etc) that makes a call against the system the BAM server itself identifies this request as a potential Cross-site request forgery (CSRF) request and does not return anything to the client browser as the BAM server regards the request as not genuine.
In the log files following error appears:
[2011-08-24T11:26:22.021-04:00] [bam_server1] [WARNING]  [oracle.bam.web.reportserver] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid:
34c759ab1b5d70b0:-52787688:131fb3cda45:-8000-000000000000194f,0] [APP: oracle-bam#11.1.1] ReportServer: Possible CSRF detected. Details:oracle.bam.web.shared.utilities.Utilities:getServerDateTime:null:ReportServer: User:null Remote Address:10.171.114.24 Remote Host:dhcp-oracletower-10-171-114-24.ro.oracle.com Remote Port:2308
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document