[Esapi-user] Problems with DefaultSecurityConfiguration

Owen Berger owen.k.berger at gmail.com
Tue Aug 9 13:28:33 EDT 2011

Okay, so I attempted to set the DefaultSecurityConfiguration using both the
initialize and override methods from my previous post (Setter Methods in
ESAPI Class), and neither are quite working as expected, plus the explicit
warnings in the code-base make be nervous to use this as a long-term

I guess my problem with the DefaultSecurityConfiguration is as follows:

1) The first reason I wanted to override the DefaultSecurityConfiguration is
because it was not able to locate my ESAPI.properties or
validation.properties in the WEB-INF/classes/resources folder. It still
could not locate the files inside after using the security configuration's
setResourceDirectory() method. I overrode the original configuration to
directly load the file from the web application's resource folder. I
understand that I can just move the two properties files to a location where
they can be found by the DefaultSecConfig, but it just makes more sense to
me to keep them bundled with the web app in the resource folder, is that
incorrect or misguided thinking?

2) There is a lot of extra (and inaccurate) log chatter with the
DefaultSecurityConfiguration, and I couldn't figure out where it was coming

Is there a better way to override the DefaultSecurityConfiguration other
than the initialize or override functions that K. Wall told me about? Or
should I try to work around my above-listed problems because the
DefaultSecurityConfiguration is not meant to ever be overriden?

Thank you,

Owen Berger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110809/342620bd/attachment.html 

More information about the Esapi-user mailing list