After a successful Jaspersoft patch upgrade/install (5.2.1.4 and higher on 6.2.1) the Clarity Advance Reporting UI stuck with 'Please Wait Loading...' message when you Navigate to Advanced Reporting page.
Messages in the jasperserver log will be similar to below:
2017-10-25 12:02:49,040 ERROR CsrfGuard,http-bio-24081-exec-13:44 [jpmc|Q012532] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:169.88.161.56, method:POST, uri:/reportservice/flow.html, error:required token is missing from the request)
2017-10-25 12:02:52,446 ERROR CsrfGuard,http-bio-24081-exec-11:44 [jpmc|Q012532] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:169.88.161.56, method:POST, uri:/reportservice/flow.html, error:required token is missing from the request)
2017-10-25 12:03:54,039 ERROR CsrfGuard,http-bio-24081-exec-9:44 [jpmc|I631298] - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:169.88.161.55, method:POST, uri:/reportservice/flow.html, error:required token is missing from the request)
CSRF Validation Failed in Jaspersoft, there have been few improvements added for securability purposes. To see if you are facing this issue, you can capture the browser network traffic using IE Developer tools and see if any redirection to ‘login.html’ is occurring.
The CA PPM entry URL configured in CSA is different from the URL entered in browser, used to connect. Most usually an IP address or server alias instead of loadbalancer URL. The Entry URL in the CSA/properties.xml should always match the URL you are using to connect to CA PPM. If you are using a loadbalancer, it is mandatory to enter it as Entry URL.
To resolve the issue:
Make sure you don't have trailing ‘/’ in the report server URL configured in CSA if you do, go ahead and remove it, then restart the services.
Note: Do not manually turn off the CSRF properties in Jaspersoft, as this can make your system vulnerable to CSRF attacks