[Esapi-user] ESAPI.httpUtilities().sendForward() Help
ashish kumar gautam
gautamashishkumar at gmail.com
Wed Aug 24 08:54:07 EDT 2011
Hi.......
i am using ESAPI.httpUtilities().sendForward();
but i have got exception :
*Exception massage :*
*
*
org.owasp.esapi.errors.AccessControlException: Forward failed
at
org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(DefaultHTTPUtilities.java:791)
at DataBaseConnection.doPost(DataBaseConnection.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
*My Code Like This:*
*
*
if(role==1)
{
session.setAttribute("SERVERToken",str);
ESAPI.httpUtilities().sendForward(request,response,"useraccount.jsp");
}
else if(role==2)
{
session.setAttribute("SERVERToken",str);
ESAPI.httpUtilities().sendForward(request,response,"adminaccount.jsp");
}
}
else
{
ESAPI.httpUtilities().sendForward(request,response,"loginfail.jsp");
}
*web.xml file content: *
*
*
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
infosystem</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<!-- Database Configration Seeting -->
<context-param>
<param-name>datasource</param-name>
<param-value>csgcirt</param-value>
</context-param>
<context-param>
<param-name>dbuser</param-name>
<param-value>sa</param-value>
</context-param>
<context-param>
<param-name>dbpassword</param-name>
<param-value>sa123</param-value>
</context-param>
<context-param>
<param-name>dbip</param-name>
<param-value>10.1.10.129:1433</param-value>
</context-param>
<context-param>
<param-name>dbname</param-name>
<param-value>INFORMATIONSYSTEM</param-value>
</context-param>
<!-- Mapping for DataBaseConnection.java Servlet -->
<servlet>
<servlet-name>DataBaseConnection</servlet-name>
<servlet-class>DataBaseConnection</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DataBaseConnection</servlet-name>
<url-pattern>/servlet/DataBaseConnection</url-pattern>
</servlet-mapping>
<!-- Mapping for DataBaseConnection.java Servlet -->
<servlet>
<servlet-name>DataBaseConnection2</servlet-name>
<servlet-class>DataBaseConnection2</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DataBaseConnection2</servlet-name>
<url-pattern>/servlet/DataBaseConnection2</url-pattern>
</servlet-mapping>
<!-- Mapping for DataBaseConnection.java Servlet -->
<servlet>
<servlet-name>Logout</servlet-name>
<servlet-class>Logout</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Logout</servlet-name>
<url-pattern>/servlet/Logout</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ActiveDeactiveNews</servlet-name>
<servlet-class>ActiveDeactiveNews</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ActiveDeactiveNews</servlet-name>
<url-pattern>/servlet/ActiveDeactiveNews</url-pattern>
</servlet-mapping>
</web-app>
*
*
*
*
*log4j.xml*
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<!-- main resources -->
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<appender name="console" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%-5p %m%n"/>
</layout>
</appender>
<appender name="file" class="org.apache.log4j.FileAppender">
<param name="File" value="target/unit-tests.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%-5p %m%n"/>
</layout>
</appender>
<logger name="org.owasp.esapi.reference.TestTrace">
<level value="trace"/>
</logger>
<logger name="org.owasp.esapi.reference.TestDebug">
<level value="debug"/>
</logger>
<logger name="org.owasp.esapi.reference.TestInfo">
<level value="info"/>
</logger>
<logger name="org.owasp.esapi.reference.TestWarning">
<level value="warn"/>
</logger>
<logger name="org.owasp.esapi.reference.TestError">
<level value="error"/>
</logger>
<logger name="org.owasp.esapi.reference.TestFatal">
<level value="fatal"/>
</logger>
<logger name="org.owasp.esapi.reference">
<level value="info"/>
</logger>
<root>
<priority value="debug" />
<appender-ref ref="file" />
</root>
<loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
</log4j:configuration>
--
Best regards,
Ashish K. Gautam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110824/5f291312/attachment.html
More information about the Esapi-user
mailing list