[Esapi-user] ESAPI.httpUtilities().sendRedirect()

John Melton jtmelton at gmail.com
Wed Aug 24 08:36:38 EDT 2011


Ashish,
My suspicion is you're using the sendForward method (not sendRedirect as
your email states). If you're using sendForward (and the
DefaultHTTPUtilities), then you must send to a resource within the WEB-INF.
This line is from DefaultHTTPUtilities

if (!location.startsWith("WEB-INF")) {
    throw new AccessControlException("Forward failed", "Bad forward
location: " + location);
}

Hope this helps.

Thanks,
John

On Wed, Aug 24, 2011 at 5:22 AM, ashish kumar gautam <
gautamashishkumar at gmail.com> wrote:

>
> Hi….
>
>
>
> i am using ESAPI.httpUtilities().sendRedirect() method for redirect.
>
>
> Code is like this: ESAPI.httpUtilities().sendForward("useraccount.jsp");
>
>
>
>
>
> I have set log4j.xml  and set the path for log4j.xml like this
>
>
>
>  -Dlog4j.configuration="
> D:\Projects\infosystem\WebContent\WEB-INF\log4j.xml"
>
>
>
> But I have got an exception:
>
>
>
>
> *org.owasp.esapi.errors.AccessControlException*: Forward failed
>
>       at org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(*
> DefaultHTTPUtilities.java:791*)
>
>       at org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(*
> DefaultHTTPUtilities.java:801*)
>
>       at DataBaseConnection.doPost(*DataBaseConnection.java:103*)
>
>       at javax.servlet.http.HttpServlet.service(*HttpServlet.java:637*)
>
>       at javax.servlet.http.HttpServlet.service(*HttpServlet.java:717*)
>
>       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> *ApplicationFilterChain.java:290*)
>
>       at org.apache.catalina.core.ApplicationFilterChain.doFilter(*
> ApplicationFilterChain.java:206*)
>
>       at org.apache.catalina.core.StandardWrapperValve.invoke(*
> StandardWrapperValve.java:233*)
>
>       at org.apache.catalina.core.StandardContextValve.invoke(*
> StandardContextValve.java:191*)
>
>       at org.apache.catalina.core.StandardHostValve.invoke(*
> StandardHostValve.java:127*)
>
>       at org.apache.catalina.valves.ErrorReportValve.invoke(*
> ErrorReportValve.java:102*)
>
>       at org.apache.catalina.core.StandardEngineValve.invoke(*
> StandardEngineValve.java:109*)
>
>       at org.apache.catalina.connector.CoyoteAdapter.service(*
> CoyoteAdapter.java:298*)
>
>       at org.apache.coyote.http11.Http11Processor.process(*
> Http11Processor.java:859*)
>
>       at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(*
> Http11Protocol.java:588*)
>
>       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(*
> JIoEndpoint.java:489*)
>
>       at java.lang.Thread.run(Unknown Source)
>
>
>
>
>
>
>
> what wrong with my code ?
>
>
>
>
> --
> Best regards,
> Ashish K. Gautam
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110824/17887c1d/attachment.html 


More information about the Esapi-user mailing list