A Direct URL Report Using the getServerDateTime Function Shows 'OPENING' Message
Last updated on AUGUST 05, 2016
Applies to:Oracle SOA Platform – BAM (Business Activity Monitoring) - Version: 18.104.22.168.0
Information in this document applies to any platform.
Defining a report with datatime surface prompt parameters 'From' and 'To' with the default value of SystemDateTime .
Using a 'Direct URL' to access a Report form outside of the (standard) BAM Console (eg: Active Studio, Architect, etc) that makes a call against the system the BAM server itself identifies this request as a potential Cross-site request forgery (CSRF) request and does not return anything to the client browser as the BAM server regards the request as not genuine.
In the log files following error appears:
[2011-08-24T11:26:22.021-04:00] [bam_server1] [WARNING]  [oracle.bam.web.reportserver] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid:
34c759ab1b5d70b0:-52787688:131fb3cda45:-8000-000000000000194f,0] [APP: oracle-bam#11.1.1] ReportServer: Possible CSRF detected. Details:oracle.bam.web.shared.utilities.Utilities:getServerDateTime:null:ReportServer: User:null Remote Address:10.171.114.24 Remote Host:dhcp-oracletower-10-171-114-24.ro.oracle.com Remote Port:2308
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms