[Esapi-dev] Issue with ESAPI.properties using ESAPI-1.4.3

Jim Manico jim.manico at owasp.org
Wed Jan 27 20:17:40 EST 2010 

I just pushed out ...

http://owasp-esapi-java.googlecode.com/files/ESAPI-1.4.4-RC1.jar

... for you to test. Can you give it a whirl, Johan?

- Jim

> Hi Jim,
> I tried both methods and that did not help, both methods will produce 
> the following error in the WAS server log:
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O Seeking 
> ESAPI.properties
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in 
> 'org.owasp.esapi.resources' directory or file not readable: C:\Program 
> Files\IBM\WebSphere Studio\Application Developer 
> IE\v5.1.1\ESAPI.properties
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in 
> SystemResource Directory/resourceDirectory: null/ESAPI.properties
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in 
> SystemResource Directory/.esapi: .esapi/ESAPI.properties
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in 
> SystemResource Directory /resources: resources/ESAPI.properties
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in 
> SystemResource Directory: ESAPI.properties
> [28/01/10 12:10:28:234 EST] 354db45b SystemOut     O   Not found in 
> 'user.home' directory: C:\Documents and 
> Settings\johan\.esapi\ESAPI.properties
>
> And with method 1, i.e "WEB-INF\classes\.esapi\ESAPI.properties", the 
> below error is display on the Web Page itself:
> java.lang.NullPointerException
>             java.lang.NullPointerException
>  at java.io.Reader.(Reader.java(Inlined Compiled Code))
>  at java.io.InputStreamReader.(InputStreamReader.java(Inlined Compiled 
> Code))
>  at java.util.Properties.load(Properties.java(Compiled Code))
>  at 
> org.owasp.esapi.reference.DefaultSecurityConfiguration.loadPropertiesFromStream(DefaultSecurityConfiguration.java:729)
>  at 
> org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:226)
>  at 
> org.owasp.esapi.reference.DefaultSecurityConfiguration.(DefaultSecurityConfiguration.java:144)
>  at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:287)
>  at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:220)
>  at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:242)
>  at org.owasp.esapi.reference.DefaultEncoder.(DefaultEncoder.java:83)
>  at org.owasp.esapi.ESAPI.encoder(ESAPI.java:127)
>  at adminbeans.validation.ValidationTag.getField(ValidationTag.java:140)
>  at 
> org.apache.jsp._CustomerMaintenance._jspService(CustomerMaintenance.jsp  
> :130)
>  at 
> com.ibm.ws.webcontainer.jsp.runtime.HttpJspBase.service(HttpJspBase.java:89)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
>  at 
> com.ibm.ws.webcontainer.jsp.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:344)
>  at 
> com.ibm.ws.webcontainer.jsp.servlet.JspServlet.serviceJspFile(JspServlet.java:683)
>  at 
> com.ibm.ws.webcontainer.jsp.servlet.JspServlet.service(JspServlet.java:781)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
>  at 
> com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
>  at 
> com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
>  at 
> com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
>  at 
> com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
>  at 
> com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
>  at 
> com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
>  at 
> com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
>  at 
> com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:1019)
>  at 
> com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:592)
>  at 
> com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:204)
>  at 
> adminservlets.CustomerSearchServlet.doPost(CustomerSearchServlet.java:304)
>  at 
> adminservlets.CustomerSearchServlet.doGet(CustomerSearchServlet.java:70)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
>  at 
> com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
>  at 
> com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
>  at 
> com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
>  at 
> com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
>  at 
> com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
>  at 
> com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
>  at 
> com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
>  at 
> com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:1019)
>  at 
> com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:592)
>  at 
> com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:204)
>  at 
> com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:125)
>  at 
> com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:286)
>  at 
> com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
>  at 
> com.ibm.ws.webcontainer.cache.invocation.CacheableInvocationContext.invoke(CacheableInvocationContext.java:116)
>  at 
> com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:186)
>  at 
> com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
>  at 
> com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
>  at 
> com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:615)
>  at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:449)
>  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:912)
> Johan
> On Thu, Jan 28, 2010 at 11:44 AM, Jim Manico <jim.manico at owasp.org 
> <mailto:jim.manico at owasp.org>> wrote:
>
>     Folks who are struggling with 1.4.3.....
>
>     Can you try putting your property files:
>
>     "WEB-INF\classes\.esapi\ESAPI.properties"
>     or
>     "WEB-INF\classes\resources\ESAPI.properties"
>
>     And see if that helps?
>
>     This is what I mean by "the root of  your classpath" assuming you
>     are building a standard Java web application.
>
>     New jar for testing coming up soon.
>
>
>     -- 
>     Jim Manico
>     OWASP Podcast Host/Producer
>     OWASP ESAPI Project Manager
>     http://www.manico.net <http://www.manico.net/>
>
>


-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-dev/attachments/20100127/1af4040d/attachment.html

More information about the Esapi-dev mailing list