We Keep Coding

Spark Java - strange behavior when uploading files

In my project I want to try to upload files, here is the part of the code responsible for this:
MultipartConfigElement multipartConfigElement =
new MultipartConfigElement(
"/tmp_files",
avatarSize,
avatarSize,
1024
);
request.raw().setAttribute(
"org.eclipse.jetty.multipartConfig",
multipartConfigElement
);
Part uploadedFile = request.raw().getPart("file");
And a request to upload a file using Idea's http client:
POST http://localhost:8080/users/me/avatar
Content-Type: multipart/form-data; boundary=abcd
Authorization: Bearer {{authToken}}
--abcd
Content-Disposition: form-data; name="file"; filename="test.png"
< /Users/user1/resources/test.png
--abcd--
where test.png is a regular picture.
But when I try to load in this code place:
Part uploadedFile = request.raw().getPart("file");
I get an error:
java.nio.file.NoSuchFileException: /tmp_files/MultiPart11851484240893602177
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
at java.base/java.nio.file.Files.createFile(Files.java:652)
It can be assumed that this error is due to the fact that there are no write permissions to the root of the file system (I'm testing on mac os, under the user).
But if i try to upload another file - which is just a zip file then everything works.
POST http://{{host}}/users/me/avatar
Content-Type: multipart/form-data; boundary=abcd
Authorization: Bearer {{authToken}}
--abcd
Content-Disposition: form-data; name="file"; filename="file123.zip"
< /Users/18493151/develop/icandev/api-gateway/src/main/resources/file123.zip
--abcd--
and no exception in this line:
Part uploadedFile = request.raw().getPart("file");
Why is this happening? Why does the result depend on the file type?
sparkjava version 2.9.4

How to use "POST url" JSON file in RoR website?

I am using Ruby on Rails and Kibana to show visualisation in my website(Ruby2.6.0, Rails5.2.3, Kibana6.6.1). By using Xpack->Share->Generate PDF/PNG, I find 'copy POST url'. I can get the following JSON file from the POST url by using 'net/http', but how can I use POST url/JSON file in my RoR website to download PNG file in 'assets' folder?
JSON file I got from POST url:
{'path': '/api/reporting/jobs/download/jvds4zs10qv79d0062b9cel6',
'job': {'id': 'jvds4zs10qv79d0062b9cel6', 'index':
'.reporting-2019.05.05', 'type': 'esqueue', 'jobtype': 'PNG',
'created_by': False, 'payload': {'type': 'visualization', 'title':
'[eCommerce] Sales by Gender', 'relativeUrl':
"/app/kibana#/visualize/edit/ed8436b0-b88b-11e8-a6d9-e546fe2bba5f?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-60d,mode:quick,to:now))&_a=(filters:!(),linked:!f,query:(language:lucene,query:''),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(),schema:metric,type:count),(enabled:!t,id:'2',params:(field:customer_gender,json:'',missingBucket:!f,missingBucketLabel:Missing,order:desc,orderBy:'1',otherBucket:!f,otherBucketLabel:Other,size:5),schema:segment,type:terms)),params:(addLegend:!t,addTooltip:!t,isDonut:!t,labels:(last_level:!t,show:!t,truncate:100,values:!t),legendPosition:right,type:pie),title:'%5BeCommerce%5D+Sales+by+Gender',type:pie))",
'headers':
'uxY4w6gCRwwLZyFkDX0ujVlANYq7ae5UuNJAN0GpbTOX7vw5aPuCuyr37nNcpz3vtA8kNVaL6Gacs24mPjZfwl4mB9xRKGA62CkCLo8Xz1amuIEthI+BtKPGo5QAk2k2+7zLvLgX3KouVvYdd61U5rLAvfjv4TydcpH9qJ4qrL5OELkzAJGrNdujtDLWaoy2Qj9YXbLnh7gSdI+lrNml6usZIh4pMzz8qdRo597iO/4AeSJRa2JfAruyGB3zYInZRtMuCbA4f3ANvT2WeAn6lpiwThB993uEjwu4LBVUZuo2XL0TcB29YNNa9oMCUEhWjdJ1ase5VQdz8V2IOgecQ1W52V5JuVTvl9SkVvFWSBhXJg==',
'browserTimezone': 'Europe/Zurich', 'layout': {'dimensions':
{'height': 589.234375, 'width': 866}}, 'basePath': '', 'forceNow':
'2019-05-07T12:38:12.768Z'}, 'timeout': 120000, 'max_attempts': 3,
'priority': 10, 'browser_type': 'chromium'}}
I am trying to use 'net/http', What I added in controller:
class MaisonController < ApplicationController
require 'net/http'
def require_post
uri = URI.parse("http://localhost:5601/api/reporting/generate/png?jobParams=(browserTimezone:Europe%2FZurich,layout:(dimensions:(height:589.234375,width:866)),objectType:visualization,relativeUrl:%27%2Fapp%2Fkibana%23%2Fvisualize%2Fedit%2Fed8436b0-b88b-11e8-a6d9-e546fe2bba5f%3F_g%3D(refreshInterval:(pause:!!t,value:0),time:(from:now-60d,mode:quick,to:now))%26_a%3D(filters:!!(),linked:!!f,query:(language:lucene,query:!%27!%27),uiState:(),vis:(aggs:!!((enabled:!!t,id:!%271!%27,params:(),schema:metric,type:count),(enabled:!!t,id:!%272!%27,params:(field:customer_gender,json:!%27!%27,missingBucket:!!f,missingBucketLabel:Missing,order:desc,orderBy:!%271!%27,otherBucket:!!f,otherBucketLabel:Other,size:5),schema:segment,type:terms)),params:(addLegend:!!t,addTooltip:!!t,isDonut:!!t,labels:(last_level:!!t,show:!!t,truncate:100,values:!!t),legendPosition:right,type:pie),title:!%27%255BeCommerce%255D%2BSales%2Bby%2BGender!%27,type:pie))%27,title:%27%5BeCommerce%5D%20Sales%20by%20Gender%27)")
http = Net::HTTP.new(uri.host,uri.port)
request = Net::HTTP::Post.new(uri.request_uri)
response = http.request(request)
render :json => response.body
end
end
Edit:
I try to use 'attachment_fu' gem to download png file with the above JSON file. Modify the code in Controller to the following code:
class MaisonController < ApplicationController
require 'net/http'
require 'open-uri'
def require_post
uri = URI.parse("http://localhost:5601/api/reporting/generate/png?jobParams=(browserTimezone:Europe%2FZurich,layout:(dimensions:(height:589.234375,width:866)),objectType:visualization,relativeUrl:%27%2Fapp%2Fkibana%23%2Fvisualize%2Fedit%2Fed8436b0-b88b-11e8-a6d9-e546fe2bba5f%3F_g%3D(refreshInterval:(pause:!!t,value:0),time:(from:now-60d,mode:quick,to:now))%26_a%3D(filters:!!(),linked:!!f,query:(language:lucene,query:!%27!%27),uiState:(),vis:(aggs:!!((enabled:!!t,id:!%271!%27,params:(),schema:metric,type:count),(enabled:!!t,id:!%272!%27,params:(field:customer_gender,json:!%27!%27,missingBucket:!!f,missingBucketLabel:Missing,order:desc,orderBy:!%271!%27,otherBucket:!!f,otherBucketLabel:Other,size:5),schema:segment,type:terms)),params:(addLegend:!!t,addTooltip:!!t,isDonut:!!t,labels:(last_level:!!t,show:!!t,truncate:100,values:!!t),legendPosition:right,type:pie),title:!%27%255BeCommerce%255D%2BSales%2Bby%2BGender!%27,type:pie))%27,title:%27%5BeCommerce%5D%20Sales%20by%20Gender%27)")
http = Net::HTTP.new(uri.host,uri.port)
request = Net::HTTP::Post.new(uri.request_uri)
response = http.request(request)
render :json => response.body
http.start() { |http|
tempfile = Tempfile.new('test.png')
File.open(tempfile.path, 'w') do |f|
f.write response.body
end
attachment = Attachment.new(:upload_data => LocalFile.new(tempfile.path))
attachment.save
}
end
The error I get is 'uninitialized constant MaisonController::Attachment'.
Expected result: download png file in assets by using the above JSON file.

I will answer my own question about what I tried in my project and close this question.
I got 'copy POST url' in 'Kibana->Visualisation/Dashboard->PDF/PNG'. It is a post url. I sent post request with this url to kibana server. The action will trigger kibana server to 'pending', 'processing' and generate the report. And I will get a JSON file back from the server. There is an important job ID in JSON file, like this 'jvi53ajd21w09d006233kcvo'. I can find all history reports in 'Management->Reporting'. Finally, I use the generated url 'http://localhost:5601/api/reporting/jobs/download/jvi53ajd21w09d006233kcvo' with 'wget' command to download the report in my local folder.
You can find similar answer here: https://discuss.elastic.co/t/how-to-use-post-url-to-share-visualisation-in-my-website/179671/4
Hope my answer can help those who want to use POST URL in Kibana.

How to upload files in REST API Application on Elixir Phoenix?

I'm trying to send file with Content-Type: multipart/form-data and i catch an error:
** (Plug.Parsers.ParseError) malformed request, a MatchError exception was raised with message "no match of right hand side value: false"
(cowboy) /home/erlan/Documents/Work/Erlang/Elixir/api_pager/deps/cowboy/src/cowboy_req.erl:735: :cowboy_req.init_multipart/1
(cowboy) /home/erlan/Documents/Work/Erlang/Elixir/api_pager/deps/cowboy/src/cowboy_req.erl:673: :cowboy_req.part/2
(plug) lib/plug/adapters/cowboy/conn.ex:76: Plug.Adapters.Cowboy.Conn.parse_req_multipart/3
(plug) lib/plug/parsers/multipart.ex:17: Plug.Parsers.MULTIPART.parse/5
(plug) lib/plug/parsers.ex:212: Plug.Parsers.reduce/4
(api_pager) lib/api_pager/endpoint.ex:1: ApiPager.Endpoint.phoenix_pipeline/1
(api_pager) lib/plug/debugger.ex:123: ApiPager.Endpoint."call (overridable 3)"/2
(api_pager) lib/api_pager/endpoint.ex:1: ApiPager.Endpoint.call/2
(plug) lib/plug/adapters/cowboy/handler.ex:15: Plug.Adapters.Cowboy.Handler.upgrade/4
(cowboy) /home/erlan/Documents/Work/Erlang/Elixir/api_pager/deps/cowboy/src/cowboy_protocol.erl:442: :cowboy_protocol.execute/4
Controller.ex:
def upload_user_avatar(conn, %{"upload_file" => upload_file}) do
IO.inspect(upload_file)
json(conn, %{"message" => "Action will created, but file uploading still not working..."})
end
There is some screenshots:
Request Settings
Response from server
really don't know 'cuz of what it happens... Have any ideas?

rails - "WARNING: Can't verify CSRF token authenticity" for json devise requests

How can I retrieve the CSRF token to pass with a JSON request?
I know that for security reasons Rails is checking the CSRF token on all the request types (including JSON/XML).
I could put in my controller skip_before_filter :verify_authenticity_token, but I would lose the CRSF protection (not advisable :-) ).
This similar (still not accepted) answer suggests to
Retrieve the token with <%= form_authenticity_token %>
The question is how? Do I need to do a first call to any of my pages to retrieve the token and then do my real authentication with Devise? Or it is an information one-off that I can get from my server and then use consistently (until I manually change it on the server itself)?

EDIT:
In Rails 4 I now use what #genkilabs suggests in the comment below:
protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format == 'application/json' }
Which, instead of completely turning off the built in security, kills off any session that might exist when something hits the server without the CSRF token.
skip_before_filter :verify_authenticity_token, :if => Proc.new { |c| c.request.format == 'application/json' }
This would turn off the CSRF check for json posts/puts that have properly been marked as such.
For example, in iOS setting the following to your NSURLRequest where "parameters" are your parameters:
[request setHTTPMethod:#"POST"];
[request setValue:#"application/json"
forHTTPHeaderField:#"content-type"];
[request setValue:#"application/json"
forHTTPHeaderField:#"accept"];
[request setHTTPBody:[NSData dataWithBytes:[parameters UTF8String]
length:[parameters length]]];

You can send the CSRF token, after a successful log-in, using a custom header.
E.g, put this in your sessions#create :
response.headers['X-CSRF-Token'] = form_authenticity_token
Sample log-in response header providing the CSRF token:
HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Connection: Keep-Alive
Content-Length: 35
Content-Type: application/json; charset=utf-8
Date: Mon, 22 Oct 2012 11:39:04 GMT
Etag: "9d719d3b9aabd413c3603e04e8a3933d"
Server: WEBrick/1.3.1 (Ruby/1.9.3/2012-10-12)
Set-Cookie: [cut for readability]
X-Csrf-Token: PbtMPfrszxH6QfRcWJCCyRo7BlxJUPU7HqC2uz2tKGw=
X-Request-Id: 178746992d7aca928c876818fcdd4c96
X-Runtime: 0.169792
X-Ua-Compatible: IE=Edge
This Token is valid until you log-in again or (log-out if you support this through your API).
Your client can extract and store the token from the log-in response headers. Then, each POST/PUT/DELETE request must set the X-CSRF-Token header with the value received at the log-in time.
Sample POST headers with the CSRF token:
POST /api/report HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate, compress
Content-Type: application/json; charset=utf-8
Cookie: [cut for readability]
Host: localhost:3000
User-Agent: HTTPie/0.3.0
X-CSRF-Token: PbtMPfrszxH6QfRcWJCCyRo7BlxJUPU7HqC2uz2tKGw=
Documentation: form_authenticity_token

Indeed simplest way. Don't bother with changing the headers.
Make sure you have:
<%= csrf_meta_tag %>
in your layouts/application.html.erb
Just do a hidden input field like so:
<input name="authenticity_token"
type="hidden"
value="<%= form_authenticity_token %>"/>
Or if you want a jquery ajax post:
$.ajax({
type: 'POST',
url: "<%= someregistration_path %>",
data: { "firstname": "text_data_1", "last_name": "text_data2", "authenticity_token": "<%= form_authenticity_token %>" },
error: function( xhr ){
alert("ERROR ON SUBMIT");
},
success: function( data ){
//data response can contain what we want here...
console.log("SUCCESS, data="+data);
}
});
Basically when you post your json data just add a valid authenticity_token field to the post data and the warning should go away...

I resolved that error this way:
class ApplicationController < ActionController::Base
protect_from_forgery
skip_before_action :verify_authenticity_token, if: :json_request?
protected
def json_request?
request.format.json?
end
end
Source:
http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html

What's worrying is that in Rails 3.2.3 we now get the CSRF warning in production.log but the post does not fail! I want it to fail as it protects me from attacks. And you can add the csrf token with jquery before filter btw:
http://jasoncodes.com/posts/rails-csrf-vulnerability

I have used the below. Using include? so if the content type is application/json;charset=utf-8 then it is still working.
protect_from_forgery with: :null_session, if: Proc.new { |c| c.request.format.include? 'application/json' }

This answer is better.
You get to keep the CSRF-TOKEN validation with no extra effort (the token is appended) before any XMLHttpRequest send. No JQuery, no nothing just copy/paste and refresh.
Simply add this code.
(function() {
var send = XMLHttpRequest.prototype.send,
token = $('meta[name=csrf-token]').attr('content');
XMLHttpRequest.prototype.send = function(data) {
this.setRequestHeader('X-CSRF-Token', token);
return send.apply(this, arguments);
};
}());

I had the same issue with the following version of Rails:
gem 'rails', :git => 'git://github.com/rails/rails.git', :branch => '3-2-stable'
I updated to 3.2.2 and everything works fine for me now. :)
gem 'rails', '3.2.2'

I ran into the same issue tonight.
The reason that happens is because when you sign in the last csrf-token is no longer valid.
What I did was:
$("meta[name=csrf-token]").attr('content', '<%= form_authenticity_token %>'); in your app/views/devise/sessions/create.js.rb.
Now it does have a valid csrf-token :)
I hope it helps

Also for development/test mode.
protect_from_forgery with: :exception unless %w(development test).include? Rails.env
This warning shows because you are using :null_session, in Rails 4.1 it works by default if no with: options specified.
protect_from_forgery

Rails session gets destroy whenever model destroy link is clicked

If I click destroy on any record for my 3 models models, the user gets logged out. I'm using Devise and Ominauth.
#This logs out a user
def destroy
#rating = Rating.find(params[:id])
#rating.destroy
end
Started POST "/ratings/29" for 192.168.1.103 at 2011-02-26 20:11:45 +0000
Processing by RatingsController#destroy as HTML
Parameters: {"id"=>"29"}
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 2 LIMIT 1
Rating Load (0.3ms) SELECT `ratings`.* FROM `ratings` WHERE `ratings`.`id` = 29 LIMIT 1
SQL (0.0ms) BEGIN
AREL (0.5ms) DELETE FROM `ratings` WHERE `ratings`.`id` = 29
SQL (2.7ms) COMMIT
Request
Parameters:
None
Show session dump
session_id: "16a92c418fdfa8966b60b09e76346443"
Show env dump
GATEWAY_INTERFACE: "CGI/1.1"
HTTP_ACCEPT: "application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
HTTP_ACCEPT_CHARSET: "ISO-8859-1,utf-8;q=0.7,*;q=0.3"
HTTP_ACCEPT_ENCODING: "gzip,deflate,sdch"
HTTP_ACCEPT_LANGUAGE: "en-US,en;q=0.8"
HTTP_CACHE_CONTROL: "max-age=0"
HTTP_CONNECTION: "keep-alive"
HTTP_COOKIE: "_traitly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY%3D--4c140502f8a075f61742fdf11e6fc7100722ca14"
HTTP_HOST: "192.168.1.105:3000"
HTTP_IF_NONE_MATCH: "\"2d7f4ba60c47e0cf39f1361e2274fa89\""
HTTP_REFERER: "http://192.168.1.105:3000/subjects"
HTTP_USER_AGENT: "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.82 Safari/534.16"
HTTP_VERSION: "HTTP/1.1"
PATH_INFO: "/subjects"
QUERY_STRING: ""
REMOTE_ADDR: "192.168.1.103"
REMOTE_HOST: "192.168.1.103"
REQUEST_METHOD: "GET"
REQUEST_PATH: "/"
REQUEST_URI: "http://192.168.1.105:3000/subjects"
SCRIPT_NAME: ""
SERVER_NAME: "192.168.1.105"
SERVER_PORT: "3000"
SERVER_PROTOCOL: "HTTP/1.1"
SERVER_SOFTWARE: "WEBrick/1.3.1 (Ruby/1.9.2/2010-12-25)"
action_controller.instance: #<SubjectsController:0x90ecc1c #action_has_layout=true, #view_context_class=nil, #_headers={"Content-Type"=>"text/html"}, #_status=200, #_response=#<ActionDispatch::Response:0x90ecb68 ......Too long - had to cut it off
action_dispatch.cookies: {"_traitly_session"=>"BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY=--4c140502f8a075f61742fdf11e6fc7100722ca14"}
action_dispatch.parameter_filter: [:password, :password, :password_confirmation]
action_dispatch.remote_ip: 192.168.1.103
action_dispatch.request.content_type: nil
action_dispatch.request.formats: [text/html]
action_dispatch.request.parameters: {"action"=>"index", "controller"=>"subjects"}
action_dispatch.request.path_parameters: {:action=>"index", :controller=>"subjects"}
action_dispatch.request.query_parameters: {}
action_dispatch.request.request_parameters: {}
action_dispatch.request.unsigned_session_cookie: {"session_id"=>"199411b3c1c3ce55b0d3cb86cab0cb76"}
action_dispatch.secret_token: "b3dc65e5cc9d1af31fb06160a604132f5a1f4d13edc313d74cb1bfd7e63994d429f6e8032669ea26ff4a8dab66b79f6070f8449b4a422a7862bb4307a4d84416"
rack.errors: #<IO:<STDERR>>
rack.input: #<StringIO:0x913578c>
rack.multiprocess: false
rack.multithread: false
rack.request.cookie_hash: {"_traitly_session"=>"BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY=--4c140502f8a075f61742fdf11e6fc7100722ca14"}
rack.request.cookie_string: "_traitly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY%3D--4c140502f8a075f61742fdf11e6fc7100722ca14"
rack.request.query_hash: {}
rack.request.query_string: ""
rack.run_once: false
rack.session: {"session_id"=>"199411b3c1c3ce55b0d3cb86cab0cb76"}
rack.session.options: {:path=>"/", :domain=>nil, :expire_after=>nil, :secure=>false, :httponly=>true, :id=>"199411b3c1c3ce55b0d3cb86cab0cb76"}
rack.url_scheme: "http"
rack.version: [1, 1]
warden: #<Warden::Proxy:0x9133bf8 #winning_strategies={}, #users={:user=>nil}, #env={"GATEWAY_INTERFACE"=>"CGI/1.1", "PATH_INFO"=>"/subjects", "QUERY_STRING"=>"", "REMOTE_ADDR"=>"192.168.1.103", "REMOTE_HOST"=>"192.168.1.103", "REQUEST_METHOD"=>"GET", "REQUEST_URI"=>"http://192.168.1.105:3000/subjects", "SCRIPT_NAME"=>"", "SERVER_NAME"=>"192.168.1.105", "SERVER_PORT"=>"3000", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"WEBrick/1.3.1 (Ruby/1.9.2/2010-12-25)", "HTTP_HOST"=>"192.168.1.105:3000", "HTTP_CONNECTION"=>"keep-alive", "HTTP_REFERER"=>"http://192.168.1.105:3000/subjects", "HTTP_CACHE_CONTROL"=>"max-age=0", "HTTP_USER_AGENT"=>"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.82 Safari/534.16", "HTTP_ACCEPT"=>"application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", "HTTP_ACCEPT_ENCODING"=>"gzip,deflate,sdch", "HTTP_ACCEPT_LANGUAGE"=>"en-US,en;q=0.8", "HTTP_ACCEPT_CHARSET"=>"ISO-8859-1,utf-8;q=0.7,*;q=0.3", "HTTP_COOKIE"=>"_traitly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY%3D--4c140502f8a075f61742fdf11e6fc7100722ca14", "HTTP_IF_NONE_MATCH"=>"\"2d7f4ba60c47e0cf39f1361e2274fa89\"", "rack.version"=>[1, 1], "rack.input"=>#<StringIO:0x913578c>, "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>false, "rack.multiprocess"=>false, "rack.run_once"=>false, "rack.url_scheme"=>"http", "HTTP_VERSION"=>"HTTP/1.1", "REQUEST_PATH"=>"/", "action_dispatch.parameter_filter"=>[:password, :password, :password_confirmation], "action_dispatch.secret_token"=>"b3dc65e5cc9d1af31fb06160a604132f5a1f4d13edc313d74cb1bfd7e63994d429f6e8032669ea26ff4a8dab66b79f6070f8449b4a422a7862bb4307a4d84416", "action_dispatch.remote_ip"=>192.168.1.103, "rack.session"=>{"session_id"=>"199411b3c1c3ce55b0d3cb86cab0cb76"}, "rack.session.options"=>{:path=>"/", :domain=>nil, :expire_after=>nil, :secure=>false, :httponly=>true, :id=>"199411b3c1c3ce55b0d3cb86cab0cb76"}, "rack.request.cookie_string"=>"_traitly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY%3D--4c140502f8a075f61742fdf11e6fc7100722ca14", "rack.request.cookie_hash"=>{"_traitly_session"=>"BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY=--4c140502f8a075f61742fdf11e6fc7100722ca14"}, "action_dispatch.cookies"=>{"_traitly_session"=>"BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMTk5NDExYjNjMWMzY2U1NWIwZDNjYjg2Y2FiMGNiNzY=--4c140502f8a075f61742fdf11e6fc7100722ca14"}, "action_dispatch.request.unsigned_session_cookie"=>{"session_id"=>"199411b3c1c3ce55b0d3cb86cab0cb76"}, "warden"=>#<Warden::Proxy:0x9133bf8 ...>, "action_dispatch.request.path_parameters"=>{:action=>"index", :controller=>"subjects"}, "action_controller.instance"=>#<SubjectsController:0x90ecc1c #action_has_layout=true, #view_context_class=nil, #_headers={"Content-Type"=>"text/html"}, #_status=200, #_response=#<ActionDispatch::Response:0x90ecb68 #writer=#<Proc:0x90ecaf0#/usr/local/rvm/gems/ruby-1.9.2-p136#traitly/gems/actionpack-3.0.4/lib/action_dispatch/http/response.rb:43 (lambda)>, #block=nil, #length=0, #header={}, #status=200, #body=[], #cookie=[], #sending_file=false, #blank=false, #cache_control={}, #etag=nil, #request=#<ActionDispatch::Request:0x90ecb7c #env={...}, #fullpath="/subjects", #request_method="GET", #filtered_parameters={"action"=>"index", "controller"=>"subjects"}, #method="GET">>, #_request=#<ActionDispatch::Request:0x90ecb7c #env={...}, #fullpath="/subjects", #request_method="GET", #filtered_parameters={"action"=>"index", "controller"=>"subjects"}, #method="GET">, #_env={...}, #lookup_context=#<ActionView::LookupContext:0x90ec4c4 #details_key=nil, #details={:handlers=>[:erb, :rjs, :builder, :rhtml, :rxml], :formats=>[:html], :locale=>[:en, :en]}, #skip_default_locale=false, #frozen_formats=false, #view_paths=[/root/projects/traitly/app/views, /usr/local/rvm/gems/ruby-1.9.2-p136#traitly/gems/devise-1.1.7/app/views]>, #_action_name="index", #_response_body=nil, #_config={}, #current_user=nil>, "action_dispatch.request.content_type"=>nil, "action_dispatch.request.request_parameters"=>{}, "rack.request.query_string"=>"", "rack.request.query_hash"=>{}, "action_dispatch.request.query_parameters"=>{}, "action_dispatch.request.parameters"=>{"action"=>"index", "controller"=>"subjects"}, "action_dispatch.request.formats"=>[t

You're using Rails 3, which uses JavaScript to issue delete requests. Because the request isn't set up properly, your log is showing Started POST instead of the correct Started DELETE.
The request will also not include the required CSRF data, and as of Rails 3.0.4 the session is silently reset instead of throwing an ActionController::InvalidAuthenticityToken error. This is why you suspect the authentication issue lies with Devise, but it is actually being triggered within Rails itself.
To fix this include the following in your layout:
<%= javascript_include_tag :defaults %>
<%= csrf_meta_tag %>
Also ensure you have an updated rails.js (which contains the JavaScript code used for delete requests). The Rails 3.0.4 upgrade notes explain the issue in more detail.
If you're using the jquery rails.js replacement, you can get the updated version from here.