[Esapi-dev] Issue with ESAPI.properties using ESAPI-1.4.3

Johan Lim johanlim76 at gmail.com
Wed Jan 27 20:14:54 EST 2010 

Hi Jim,

I tried both methods and that did not help, both methods will produce the
following error in the WAS server log:

[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O Seeking
ESAPI.properties
[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in
'org.owasp.esapi.resources' directory or file not readable: C:\Program
Files\IBM\WebSphere Studio\Application Developer IE\v5.1.1\ESAPI.properties
[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in
SystemResource Directory/resourceDirectory: null/ESAPI.properties
[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in
SystemResource Directory/.esapi: .esapi/ESAPI.properties
[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in
SystemResource Directory /resources: resources/ESAPI.properties
[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in
SystemResource Directory: ESAPI.properties
[28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in
'user.home' directory: C:\Documents and
Settings\johan\.esapi\ESAPI.properties

And with method 1, i.e "WEB-INF\classes\.esapi\ESAPI.properties", the below
error is display on the Web Page itself:

java.lang.NullPointerException
            java.lang.NullPointerException
 at java.io.Reader.(Reader.java(Inlined Compiled Code))
 at java.io.InputStreamReader.(InputStreamReader.java(Inlined Compiled
Code))
 at java.util.Properties.load(Properties.java(Compiled Code))
 at
org.owasp.esapi.reference.DefaultSecurityConfiguration.loadPropertiesFromStream(DefaultSecurityConfiguration.java:729)
 at
org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:226)
 at
org.owasp.esapi.reference.DefaultSecurityConfiguration.(DefaultSecurityConfiguration.java:144)
 at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:287)
 at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:220)
 at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:242)
 at org.owasp.esapi.reference.DefaultEncoder.(DefaultEncoder.java:83)
 at org.owasp.esapi.ESAPI.encoder(ESAPI.java:127)
 at adminbeans.validation.ValidationTag.getField(ValidationTag.java:140)
 at org.apache.jsp._CustomerMaintenance._jspService(CustomerMaintenance.jsp
:130)
 at
com.ibm.ws.webcontainer.jsp.runtime.HttpJspBase.service(HttpJspBase.java:89)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at
com.ibm.ws.webcontainer.jsp.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:344)
 at
com.ibm.ws.webcontainer.jsp.servlet.JspServlet.serviceJspFile(JspServlet.java:683)
 at
com.ibm.ws.webcontainer.jsp.servlet.JspServlet.service(JspServlet.java:781)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at
com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
 at
com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
 at
com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
 at
com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
 at
com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
 at
com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
 at
com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
 at
com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:1019)
 at
com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:592)
 at
com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:204)
 at
adminservlets.CustomerSearchServlet.doPost(CustomerSearchServlet.java:304)
 at adminservlets.CustomerSearchServlet.doGet(CustomerSearchServlet.java:70)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at
com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
 at
com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
 at
com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
 at
com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
 at
com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
 at
com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
 at
com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
 at
com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:1019)
 at
com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:592)
 at
com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:204)
 at
com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:125)
 at
com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:286)
 at
com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
 at
com.ibm.ws.webcontainer.cache.invocation.CacheableInvocationContext.invoke(CacheableInvocationContext.java:116)
 at
com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:186)
 at
com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
 at
com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
 at
com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:615)
 at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:449)
 at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:912)


Johan
On Thu, Jan 28, 2010 at 11:44 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Folks who are struggling with 1.4.3.....
>
> Can you try putting your property files:
>
> "WEB-INF\classes\.esapi\ESAPI.properties"
> or
> "WEB-INF\classes\resources\ESAPI.properties"
>
> And see if that helps?
>
> This is what I mean by "the root of  your classpath" assuming you are
> building a standard Java web application.
>
> New jar for testing coming up soon.
>
>
> --
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> http://www.manico.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-dev/attachments/20100128/9e61f16a/attachment-0001.html

More information about the Esapi-dev mailing list