OWASP ESAPI simpleTest in a Maven Java EE project

security jakarta-ee maven owasp esapi
18,361

Solution 1

You have multiple versions of the Log4J library in your classpath, likely as a result of a downstream dependency from another library being used by your application. Examine your dependency tree to figure out where the duplicate library is being loaded and exclude it in your pom.xml

mvn dependency:tree

This will show you the dependency tree for your application.

<exclusion>
    <groupId>log4j</groupId>
    <artifactId>log4j</artifactId>
</exclusion>

Add this exclusion to the culprit dependency in your pom.xml and all should be right with the world.

Solution 2

I wasted a day trying to fix this issue ClassNotFoundException Log4JLogFactory2. Tried to see if there were any log4j duplicate dependencies as top rated accepted answer suggested but to no avail.

Finally I realized ESAPI looks for configuration in $HOME/.esapi/ folder first and only if its not there it falls back to classpath's esapi folder. The problem in my case was I had just deployed the example Swingset application and as described in its README I had copied over its configuration to my home folder, in that configuration this was the offending line

ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory2

Then I assumed my app would take configuration from its classpath's esapi folder. Log4JLogFactory2 is present in the Demo code base ghost that I have been chasing the whole time.

Solution 3

All I can say is that esapi is correctly installed. Esapi loves to output a lot but the interesting parts are:

Found in 'user.home' directory: /home/joergi/.esapi/ESAPI.properties
Loaded 'ESAPI.properties' properties file
Found in 'user.home' directory: /home/joergi/.esapi/validation.properties
Loaded 'validation.properties' properties file
Found in 'user.home' directory: /home/joergi/.esapi/ESAPI_logging_file

I think you are missing a dependency in your project. Check the following line from the stack-trace:

Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader]

It might be in the wrong class loader or you might have configured the wrong logger for your project in the esapi.properties file.

[edit]

In the ESPAI.properties file there are the following lines:

# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory

I think these are quiet important in your case.

Beside that, the class Log4JLogFactory exists in the esapi jar so there should not really be a problem.

Share:
18,361

Related videos on Youtube

Joergi
Author by

Joergi

me on Twitter me on Github.com me on Gitlab.com

Updated on June 04, 2022

Comments

  • Joergi
    Joergi almost 2 years

    i have a litte JavaEE project, and i have to secure it with the OWASP ESAPI

    i integrated the ESAPI like this in Maven:

    <!-- ESAPI Version 2.0.1 -->
<dependency>
    <groupId>org.owasp.esapi</groupId>
    <artifactId>esapi</artifactId>
    <version>2.0.1</version>
</dependency>

    So after this i can use the ESAPI classes for programming.

    i also included the .esapi folder in the server start:

     -Dorg.owasp.esapi.resources=/home/joergi/.esapi/

    I also copied the ESAPI.properties and the validation.properties into

    src/main/resources

    (I'm not sure if it works, but i get no error while starting the server)

    I looked at the ESAPI install guide (pdf) (really bad documented) and copied the example

    "To test if ESAPI has been successfully integrated and configured, create a file called EsapiIntegrationTest.java and paste in:"

     import org.owasp.esapi.ESAPI;
 public class EsapiTest {
     public static void main(String[] args){
         System.out.println("ESAPI.accessController found: " 
                                + ESAPI.accessController());
     }
 }

    "If you can run this file and see the println output, then ESAPI has been successfully installed and configured! You can now begin using ESAPI functionality to secure your web applications!"

    I "translated" it for my example:

    @ManagedBean(name="testController")
@RequestScoped
public class TestController  {  

    public String esapiTest(){

    System.out.println("ESAPI.accessController found: " 
                               + ESAPI.accessController());

    return "ESAPI.accessController found: " + ESAPI.accessController();
    }
}

    and i have a file test.xhtml: 

    <?xml version="1.0" encoding="UTF-8"?>
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
template="/WEB-INF/templates/default.xhtml">
<ui:define name="content">

    <h2>esapi test</h2>

        <h:outputText value="#{testController.esapiTest()}" />  

</ui:define>
</ui:composition>

    when entering the test.xhtml i get this really long error (for a nicer few you can see it also in pastebin)

    03:32:00,521 Schwerwiegend [javax.enterprise.resource.webcontainer.jsf.application] (http--127.0.0.1-8080-2) Error Rendering View[/pages/test/test.xhtml]: javax.el.ELException: /pages/test/test.xhtml @10,58 value="#{testController.esapiTest()}": org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException AccessController class (org.owasp.esapi.reference.DefaultAccessController) CTOR threw exception.
    at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:114) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:182) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIOutput.getValue(UIOutput.java:169) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:205) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:355) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:164) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:875) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1764) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:402) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
    at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:161) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [jbossweb-7.0.10.Final.jar:]
    at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.0.Final.jar:7.1.0.Final]
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.10.Final.jar:]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.10.Final.jar:]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.10.Final.jar:]
    at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException AccessController class (org.owasp.esapi.reference.DefaultAccessController) CTOR threw exception.
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85) [esapi-2.0.1.jar:2.0.1]
    at de.liedl.bachelor.controller.TestController.esapiTest(TestController.java:45) [classe:]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
    at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
    at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:735) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
    at javax.el.BeanELResolver.invoke(BeanELResolver.java:467) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
    at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:246) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
    at org.apache.el.parser.AstValue.getValue(AstValue.java:159) [jbossweb-7.0.10.Final.jar:]
    at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189) [jbossweb-7.0.10.Final.jar:]
    at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
    at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    ... 35 more
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
    at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) [esapi-2.0.1.jar:2.0.1]
    ... 48 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader] LogFactory class (org.owasp.esapi.reference.Log4JLogFactory2) must be in class path.
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.reference.DefaultAccessController.<init>(DefaultAccessController.java:29) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.reference.DefaultAccessController.getInstance(DefaultAccessController.java:22) [esapi-2.0.1.jar:2.0.1]
    ... 53 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader]
    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
    at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_03]
    at java.lang.Class.forName(Class.java:186) [rt.jar:1.7.0_03]
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) [esapi-2.0.1.jar:2.0.1]
    ... 57 more

03:32:00,574 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/bachelor_demo].[FacesServlet]] (http--127.0.0.1-8080-2) Servlet.service() for servlet FacesServlet threw exception: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader]
    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
    at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_03]
    at java.lang.Class.forName(Class.java:186) [rt.jar:1.7.0_03]
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.reference.DefaultAccessController.<init>(DefaultAccessController.java:29) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.reference.DefaultAccessController.getInstance(DefaultAccessController.java:22) [esapi-2.0.1.jar:2.0.1]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
    at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) [esapi-2.0.1.jar:2.0.1]
    at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85) [esapi-2.0.1.jar:2.0.1]
    at de.liedl.bachelor.controller.TestController.esapiTest(TestController.java:45) [classe:]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
    at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
    at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:735) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
    at javax.el.BeanELResolver.invoke(BeanELResolver.java:467) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
    at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:246) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
    at org.apache.el.parser.AstValue.getValue(AstValue.java:159) [jbossweb-7.0.10.Final.jar:]
    at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189) [jbossweb-7.0.10.Final.jar:]
    at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
    at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:182) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIOutput.getValue(UIOutput.java:169) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:205) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:355) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:164) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:875) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1764) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:402) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
    at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:161) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [jbossweb-7.0.10.Final.jar:]
    at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.0.Final.jar:7.1.0.Final]
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.10.Final.jar:]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.10.Final.jar:]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.10.Final.jar:]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.10.Final.jar:]
    at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]

    i know the ESAPI Swingset Demo - and this is running in my configuration

    I have 2 questions:
    is my maven and my server start configuration right?
    because the error looks like the ESAPI can't find the ESAPI Logger functions....

    And
    Is it even possible to use the simple test code-snippet in my setup at all?

    (p.s. also tried to it without maven and just with including the downloaded jar - but its not working)

    I miss something like:
    (this is from the swingset demo example, NOT from my own project)

    Seeking ESAPI.properties
  Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI.properties
  Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
  Not found in SystemResource Directory/.esapi: .esapi/ESAPI.properties
  Not found in SystemResource Directory: ESAPI.properties
  Found in 'user.home' directory: /home/joergi/.esapi/ESAPI.properties
Loaded 'ESAPI.properties' properties file
Seeking validation.properties
  Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/validation.properties
  Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
  Not found in SystemResource Directory/.esapi: .esapi/validation.properties
  Not found in SystemResource Directory: validation.properties
  Found in 'user.home' directory: /home/joergi/.esapi/validation.properties
Loaded 'validation.properties' properties file
Seeking ESAPI_logging_file
  Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI_logging_file
  Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI_logging_file
  Not found in SystemResource Directory/.esapi: .esapi/ESAPI_logging_file
  Not found in SystemResource Directory: ESAPI_logging_file
  Found in 'user.home' directory: /home/joergi/.esapi/ESAPI_logging_file

    Hopefully somebody can help!

  • Joergi
    Joergi about 12 years
    Thanks a lot!!! this helped me so much... now everything is working... thank you so much Chris!
  • medokr
    medokr almost 10 years
    +1, I was experiencing the same issue. Here is a link to a SwingSet page that discusses configuration settings related to this answer. Scroll down to "Configuration".
  • medokr
    medokr almost 10 years
    It may be beneficial to use the production version of ESAPI.properties file if you are developing your web app while using SwingSet as an example.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

OWASP-ESAPI logger help needed
Java - compilation error: cannot access Function
How to create a secure licensed Java EE application?
How to use Encode.forHtml() in a javascript file?
How do you get Maven to accept invalid SSL certificates?
getting error while trying to compile maven based application
Can't use classes from different Maven modules
Which JAR contains the weblogic.servlet.security.ServletAuthentication class?
Where is the ESAPI documentation located?
java.io.FileNotFoundException: Could not open ServletContext resource [/WEB-INF/final-servlet.xml]