[Esapi-user] Please help a newbie :)

Jeff Williams jeff.williams at owasp.org
Wed Jul 7 10:55:16 EDT 2010 

Great - let us know how it goes!

 

--Jeff

 

 

From: Robert Curl [mailto:curl.robert at gmail.com] 
Sent: Wednesday, July 07, 2010 10:24 AM
To: Jeff Williams
Subject: Re: Please help a newbie :)

 

Jeff,

 

You were right. Although I had added the jar to my API project. It
apparently wasn't being added at runtime for whatever reason. I removed the
jar from the project and then re-included it. Now everything is running
smooth.

 

Thanks a lot for your help.

On Wed, Jul 7, 2010 at 10:05 AM, Jeff Williams <jeff.williams at owasp.org>
wrote:

Hi Robert,

 

It looks to me like the commons-fileupload library isn't on the classpath
*at runtime*.  Could you check to make sure that the jar file is in the
WEB-INF/lib directory?

 

--Jeff

 

From: mailman-bounces at lists.owasp.org
[mailto:mailman-bounces at lists.owasp.org] On Behalf Of Robert Curl
Sent: Wednesday, July 07, 2010 9:49 AM
To: esapi-user-owner
Subject: Please help a newbie :)

 

 

Hi Everyone,

 

In doing research for security APIs that could be used for a Java Web
developer API project that I'm spearheading for my company I stumbled upon
OWASP and eventually ESAPI, and haven't looked back. I read the "book", the
getting started guide and all other materials I could find. However, I am
trying to create some test filters to evaluate the reference implementation
and cannot for the life of me get anything to work. 

 

Here is a code snippet that I am trying to evaluate as a validation
filter...

 

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain
filterChain)throws ServletException,IOException {

    HttpServletRequest request = (HttpServletRequest) req;

    HttpServletResponse response = (HttpServletResponse) resp;

    Boolean result =
ESAPI.validator().isValidHTTPRequestParameterSet(filterName, request,
super.getRequired(), super.getOptional());

    if(result){

        response.sendError(401, "YOU SHALL NOT !!!.");

    } else {

        response.sendError(401, "YOU SHALL NOT PASS!!!.");

    }

}

 

This particular filter class extends the developer API I am working on hence
the references to super. Also, I have added "page" to therequired set, and
"test" to the optional set.

 

Here is the error that I have been getting when running debug in
Netbeans....

 


HTTP Status 500 -

  _____  


type Exception report

message

description The server encountered an internal error () that prevented it
from fulfilling this request.

exception

javax.servlet.ServletException: Filter execution threw an exception
 
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter
.java:393)

root cause

java.lang.NoClassDefFoundError:
org/apache/commons/fileupload/FileItemFactory
        java.lang.Class.forName0(Native Method)
        java.lang.Class.forName(Class.java:169)
        org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:85)
        org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:297)
        org.owasp.esapi.ESAPI.currentRequest(ESAPI.java:133)
 
 
org.owasp.esapi.reference.JavaLogFactory$JavaLogger.log(JavaLogFactory.java:
288)
 
org.owasp.esapi.reference.JavaLogFactory$JavaLogger.warning(JavaLogFactory.j
ava:215)
 
org.owasp.esapi.reference.DefaultIntrusionDetector.addException(DefaultIntru
sionDetector.java:65)
 
org.owasp.esapi.errors.EnterpriseSecurityException.<init>(EnterpriseSecurity
Exception.java:75)
 
org.owasp.esapi.errors.ValidationException.<init>(ValidationException.java:7
6)
 
org.owasp.esapi.reference.DefaultValidator.assertValidHTTPRequestParameterSe
t(DefaultValidator.java:688)
 
org.owasp.esapi.reference.DefaultValidator.isValidHTTPRequestParameterSet(De
faultValidator.java:667)
 
sca.filters.ValidationFilterSCA.doFilter(ValidationFilterSCA.java:52)
 
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter
.java:393)

-- 

 

I have already imported commons-fileupload-1.2.1.jar into my project, and
now just don't know what else to do. Could anyone offer some guidance?

 

Thanks in advance

 

+---------------------------------------+
  Robert Curl                      
  IT & Web App Consultant 
+---------------------------------------+




-- 
+---------------------------------------+
  Robert Curl                      
  IT & Web App Consultant 
+---------------------------------------+

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100707/71f83651/attachment.html

More information about the Esapi-user mailing list