[Esapi-dev] HELP! RE: Exception Using ESAPI Java after Reloading or Stopping/Starting App in Tomcat
Chris Schmidt
chris.schmidt at owasp.org
Thu Jun 30 17:08:48 EDT 2011
On 6/30/2011 1:17 PM, Mark Barnes wrote:
> ===== ./lib/log4j-1.2.15.jar
>
> ===== ./server/webapps/probe/WEB-INF/lib/log4j-1.2.13.jar
This may not be the problem, but it definately isn't helping. One of the
things that will cause strange classloading issues is having multiple
versions of a jar in your classpath. I would remove the
./server/webapps/probe/WEB-INF/lib/log4j-1.2.13.jar and see what that does.
Beyond that, I would bring your container down to bare minimum - that is
start with your app that you are working with as the only app in the
container (remove everything else from ./server/webapps)
Check to see if you are still getting the error, if you are - it is not
something related to the container, rather it is a configuration issue
for your application.
As a side note, the best configuration would be to have ESAPI-2.0GA.jar
in each applications WEB-INF/lib folder and the configuration files
located in each applications WEB-INF/classes/esapi directory.
One of the current limitations of ESAPI is using it acrossed multiple
applications with a central (overridable) configuration.
I understand this is a frustrating issue, but it is difficult for us to
diagnose since we can't duplicate it (at least I can't) without your
environment in front of us.
Keep us posted on your findings - this definately sounds like an FAQ
addition.
More information about the Esapi-dev
mailing list