[Esapi-user] ESAPI.httpUtilities().sendForward() Help

ashish kumar gautam gautamashishkumar at gmail.com
Wed Aug 24 08:54:07 EDT 2011


Hi.......

i am using ESAPI.httpUtilities().sendForward();

but i have got exception :

*Exception massage :*
*
*
org.owasp.esapi.errors.AccessControlException: Forward failed
at
org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(DefaultHTTPUtilities.java:791)
at DataBaseConnection.doPost(DataBaseConnection.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)


*My Code Like This:*
*
*
if(role==1)
{
         session.setAttribute("SERVERToken",str);
        ESAPI.httpUtilities().sendForward(request,response,"useraccount.jsp");

}
else if(role==2)
{
session.setAttribute("SERVERToken",str);
 ESAPI.httpUtilities().sendForward(request,response,"adminaccount.jsp");
 }
}
else
{
ESAPI.httpUtilities().sendForward(request,response,"loginfail.jsp");
}



*web.xml file content: *
*
*
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
infosystem</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>

<!-- Database Configration Seeting -->
<context-param>
        <param-name>datasource</param-name>
        <param-value>csgcirt</param-value>
    </context-param>
    <context-param>
        <param-name>dbuser</param-name>
        <param-value>sa</param-value>
    </context-param>
    <context-param>
        <param-name>dbpassword</param-name>
        <param-value>sa123</param-value>
</context-param>
<context-param>
        <param-name>dbip</param-name>
        <param-value>10.1.10.129:1433</param-value>
    </context-param>
<context-param>
        <param-name>dbname</param-name>
        <param-value>INFORMATIONSYSTEM</param-value>
    </context-param>

    <!-- Mapping for DataBaseConnection.java Servlet -->

<servlet>
<servlet-name>DataBaseConnection</servlet-name>
<servlet-class>DataBaseConnection</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>DataBaseConnection</servlet-name>
      <url-pattern>/servlet/DataBaseConnection</url-pattern>
</servlet-mapping>


    <!-- Mapping for DataBaseConnection.java Servlet -->

<servlet>
<servlet-name>DataBaseConnection2</servlet-name>
<servlet-class>DataBaseConnection2</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>DataBaseConnection2</servlet-name>
      <url-pattern>/servlet/DataBaseConnection2</url-pattern>
</servlet-mapping>
  <!-- Mapping for DataBaseConnection.java Servlet -->

<servlet>
<servlet-name>Logout</servlet-name>
<servlet-class>Logout</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Logout</servlet-name>
      <url-pattern>/servlet/Logout</url-pattern>
</servlet-mapping>


    <servlet>
<servlet-name>ActiveDeactiveNews</servlet-name>
<servlet-class>ActiveDeactiveNews</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>ActiveDeactiveNews</servlet-name>
      <url-pattern>/servlet/ActiveDeactiveNews</url-pattern>
</servlet-mapping>
 </web-app>

*
*
*
*
*log4j.xml*

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<!-- main resources -->
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">

  <appender name="console" class="org.apache.log4j.ConsoleAppender">
    <param name="Target" value="System.out"/>
    <layout class="org.apache.log4j.PatternLayout">
      <param name="ConversionPattern" value="%-5p %m%n"/>
    </layout>
  </appender>

    <appender name="file" class="org.apache.log4j.FileAppender">
        <param name="File" value="target/unit-tests.log"/>
        <layout class="org.apache.log4j.PatternLayout">
          <param name="ConversionPattern" value="%-5p %m%n"/>
        </layout>
    </appender>

  <logger name="org.owasp.esapi.reference.TestTrace">
    <level value="trace"/>
  </logger>

  <logger name="org.owasp.esapi.reference.TestDebug">
    <level value="debug"/>
  </logger>

  <logger name="org.owasp.esapi.reference.TestInfo">
    <level value="info"/>
 </logger>

  <logger name="org.owasp.esapi.reference.TestWarning">
    <level value="warn"/>
  </logger>

  <logger name="org.owasp.esapi.reference.TestError">
    <level value="error"/>
  </logger>

  <logger name="org.owasp.esapi.reference.TestFatal">
    <level value="fatal"/>
  </logger>

  <logger name="org.owasp.esapi.reference">
    <level value="info"/>
  </logger>

  <root>
    <priority value="debug" />
    <appender-ref ref="file" />
  </root>

  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>

</log4j:configuration>


-- 
Best regards,
Ashish K. Gautam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110824/5f291312/attachment.html 


More information about the Esapi-user mailing list