1. 主页
  2. 支持
技术文章 - CS100791

Windchill PDMLink 中出现错误“检测到潜在的安全问题”。

已修改: 14-Nov-2025   


注意:本文已使用机器翻译软件翻译,以方便非英语客户阅读。但翻译内容可能包含语法错误或不准确之处。请注意, PTC对本文所含信息的翻译准确性及使用后果不承担任何责任。请在 此处 查看本文的英文原始版本以便参考。有关机器翻译的更多详情,请单击 此处
感谢您告诉我们。我们将尽快审阅此译文。

适用于

  • Windchill PDMLink 10.0 to 13.1

说明

  • Windchill 报告了跨站请求伪造 (CSRF) 安全错误,例如:
  • 访问零件结构页面时,会显示 CSRF 安全错误。需要多次刷新页面才能恢复正常。
  • 用户报告称,用户界面中弹出警告信息,错误信息如下:
A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator
  • Windchill 方法服务器日志中存在类似如下的错误:
<Date/Time>,331 ERROR [ajp-bio-8010-exec-1] com.ptc.jca.mvc.controllers.ActionController wcadmin - (com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.

(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.

at com.ptc.core.appsec.CSRFProtector.handleInvalidNonce(CSRFProtector.java:249)
at com.ptc.core.appsec.CSRFProtector.checkNonce(CSRFProtector.java:216)

  • 安全审计报告中存在类型为“跨站请求伪造”的事件。
  • “com.ptc.cat.ops.client.internal.ClearCollectorCacheOperation 检测到潜在的安全问题。请刷新页面并重试。如果问题仍然存在,请联系您的管理员。”异常发生在“部件结构”页面上。
  • 搜索包含特殊字符(例如“*”、“?”)的关键字时,MS 日志中出现错误。
error:-------------(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.
(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.
	at com.ptc.core.appsec.CSRFProtector.handleInvalidNonce(CSRFProtector.java:316)
	at com.ptc.core.appsec.CSRFProtector.checkNonce(CSRFProtector.java:252)
	at com.ptc.jca.mvc.controllers.Log4JavascriptController.logData(Log4JavascriptController.java:96)
	at sun.reflect.GeneratedMethodAccessor620.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:682)
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:765)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.licenseusage.licensing.LicenseFilter.doFilter(LicenseFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.ptc.core.ui.validation.URLValidationFilter.doFilter(URLValidationFilter.java:85)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.httpgw.filter.WTContextBeanFilter.doWithWtContextBeanHandler(WTContextBeanFilter.java:104)
	at wt.httpgw.filter.WTContextBeanFilter.doFilter(WTContextBeanFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.servlet.CompressionFilter.doFilter(CompressionFilter.java:301)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.servlet.RequestInterrupter.doFilter(RequestInterrupter.java:335)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.servlet.ServletRequestMonitor.doFilter(ServletRequestMonitor.java:1660)
	at wt.servlet.ServletRequestMonitorFilter.doFilter(ServletRequestMonitorFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:526)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:885)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1698)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

这是文章 100791 的 PDF 版本,可能已过期。最新版本 CS100791