1. Home
  2. Support
Article - CS100791

Error "A potential security problem was detected" in Windchill PDMLink

Modified: 13-Nov-2025   


Applies To

  • Windchill PDMLink 10.0 to 13.1

Description

  • Windchill is reporting Cross-Site Request Forgery (CSRF) Security errors, for example:
  • When accessing the part structure page, it will show (CSRF) Security errors. it needs to refresh many times to recover this page
  • Users are reporting pop-up warnings in the UI with the error:
A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator
  • In the Windchill Method Server logs there are errors similar to:
<Date/Time>,331 ERROR [ajp-bio-8010-exec-1] com.ptc.jca.mvc.controllers.ActionController wcadmin - (com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.

(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.

at com.ptc.core.appsec.CSRFProtector.handleInvalidNonce(CSRFProtector.java:249)
at com.ptc.core.appsec.CSRFProtector.checkNonce(CSRFProtector.java:216)

 

  • In the Security Audit Reports there are Events of Type "Cross-Site Request Forgery"
  • "com.ptc.cat.ops.client.internal.ClearCollectorCacheOperation A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator" exception occurred on Part Structure veiw page
  • Error in MS logs while Searching the Keyword which has special characters like "*", "?"
error:-------------(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.
(com.ptc.core.appsec.appSecResource/INVALID_NONCE) com.ptc.core.appsec.ApplicationSecurityException: A potential security problem was detected. Refresh the page and try again. If the problem persists, contact your administrator.
	at com.ptc.core.appsec.CSRFProtector.handleInvalidNonce(CSRFProtector.java:316)
	at com.ptc.core.appsec.CSRFProtector.checkNonce(CSRFProtector.java:252)
	at com.ptc.jca.mvc.controllers.Log4JavascriptController.logData(Log4JavascriptController.java:96)
	at sun.reflect.GeneratedMethodAccessor620.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:682)
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:765)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.licenseusage.licensing.LicenseFilter.doFilter(LicenseFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.ptc.core.ui.validation.URLValidationFilter.doFilter(URLValidationFilter.java:85)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.httpgw.filter.WTContextBeanFilter.doWithWtContextBeanHandler(WTContextBeanFilter.java:104)
	at wt.httpgw.filter.WTContextBeanFilter.doFilter(WTContextBeanFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.servlet.CompressionFilter.doFilter(CompressionFilter.java:301)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.servlet.RequestInterrupter.doFilter(RequestInterrupter.java:335)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at wt.servlet.ServletRequestMonitor.doFilter(ServletRequestMonitor.java:1660)
	at wt.servlet.ServletRequestMonitorFilter.doFilter(ServletRequestMonitorFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
	at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:526)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:885)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1698)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

 
This is a printer-friendly version of Article 100791 and may be out of date. For the latest version click CS100791