[Esapi-user] Fwd: ESAPI.httpUtilities().sendForward() Help

Kevin W. Wall kevin.w.wall at gmail.com
Thu Aug 25 07:45:27 EDT 2011


Anyone have any ideas?
Asish, please post these to the ESAPI users list and do not send
to indivuals. Thanks.

-kevin

---------- Forwarded message ----------
From: ashish kumar gautam <gautamashishkumar at gmail.com>
Date: Thu, Aug 25, 2011 at 3:36 AM
Subject: Re: ESAPI.httpUtilities().sendForward() Help
To: "Kevin W. Wall" <kevin.w.wall at gmail.com>


Dear Sir,

I am able to call ESAPI.httpUtilities().sendForward(); from jsp file
But sir
I am not able to call ESAPI.httpUtilities().sendForward(); from Servlet file

thanks for Reply


On Wed, Aug 24, 2011 at 7:27 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>
> I meant your log4j *output* file, not the config file. In your case, you are
> using ConsoleAppender, so the output should be going to stdout or stderr
> and will probably end up in catalina.out or wherever Tomcat dumps it.
> Also, set the log level for all ESAPI classes to 'debug'.
>
> -kevin
>
> On Wed, Aug 24, 2011 at 8:54 AM, ashish kumar gautam
> <gautamashishkumar at gmail.com> wrote:
> >
> > Hi.......
> > i am using ESAPI.httpUtilities().sendForward();
> > but i have got exception :
> > Exception massage :
> > org.owasp.esapi.errors.AccessControlException: Forward failed
> > at
> > org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(DefaultHTTPUtilities.java:791)
> > at DataBaseConnection.doPost(DataBaseConnection.java:107)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> > at
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> > at
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> > at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> > at
> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> > at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> > at
> > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> > at
> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> > at java.lang.Thread.run(Unknown Source)
> >
> > My Code Like This:
> > if(role==1)
> > {
> >          session.setAttribute("SERVERToken",str);
> >
> >  ESAPI.httpUtilities().sendForward(request,response,"useraccount.jsp");
> >
> > }
> > else if(role==2)
> > {
> > session.setAttribute("SERVERToken",str);
> > ESAPI.httpUtilities().sendForward(request,response,"adminaccount.jsp");
> > }
> > }
> > else
> > {
> > ESAPI.httpUtilities().sendForward(request,response,"loginfail.jsp");
> > }
> >
> >
> > web.xml file content:
> > <?xml version="1.0" encoding="UTF-8"?>
> > <web-app id="WebApp_ID" version="2.4"
> > xmlns="http://java.sun.com/xml/ns/j2ee"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
> > <display-name>
> > infosystem</display-name>
> > <welcome-file-list>
> > <welcome-file>index.html</welcome-file>
> > <welcome-file>index.htm</welcome-file>
> > <welcome-file>index.jsp</welcome-file>
> > <welcome-file>default.html</welcome-file>
> > <welcome-file>default.htm</welcome-file>
> > <welcome-file>default.jsp</welcome-file>
> > </welcome-file-list>
> > <!-- Database Configration Seeting -->
> > <context-param>
> >         <param-name>datasource</param-name>
> >         <param-value>csgcirt</param-value>
> >     </context-param>
> >     <context-param>
> >         <param-name>dbuser</param-name>
> >         <param-value>sa</param-value>
> >     </context-param>
> >     <context-param>
> >         <param-name>dbpassword</param-name>
> >         <param-value>sa123</param-value>
> > </context-param>
> > <context-param>
> >         <param-name>dbip</param-name>
> >         <param-value>10.1.10.129:1433</param-value>
> >     </context-param>
> > <context-param>
> >         <param-name>dbname</param-name>
> >         <param-value>INFORMATIONSYSTEM</param-value>
> >     </context-param>
> >
> >     <!-- Mapping for DataBaseConnection.java Servlet -->
> > <servlet>
> > <servlet-name>DataBaseConnection</servlet-name>
> > <servlet-class>DataBaseConnection</servlet-class>
> > </servlet>
> > <servlet-mapping>
> >     <servlet-name>DataBaseConnection</servlet-name>
> >       <url-pattern>/servlet/DataBaseConnection</url-pattern>
> > </servlet-mapping>
> >
> >
> >     <!-- Mapping for DataBaseConnection.java Servlet -->
> > <servlet>
> > <servlet-name>DataBaseConnection2</servlet-name>
> > <servlet-class>DataBaseConnection2</servlet-class>
> > </servlet>
> > <servlet-mapping>
> >     <servlet-name>DataBaseConnection2</servlet-name>
> >       <url-pattern>/servlet/DataBaseConnection2</url-pattern>
> > </servlet-mapping>
> > <!-- Mapping for DataBaseConnection.java Servlet -->
> > <servlet>
> > <servlet-name>Logout</servlet-name>
> > <servlet-class>Logout</servlet-class>
> > </servlet>
> > <servlet-mapping>
> >     <servlet-name>Logout</servlet-name>
> >       <url-pattern>/servlet/Logout</url-pattern>
> > </servlet-mapping>
> >
> >
> >     <servlet>
> > <servlet-name>ActiveDeactiveNews</servlet-name>
> > <servlet-class>ActiveDeactiveNews</servlet-class>
> > </servlet>
> > <servlet-mapping>
> >     <servlet-name>ActiveDeactiveNews</servlet-name>
> >       <url-pattern>/servlet/ActiveDeactiveNews</url-pattern>
> > </servlet-mapping>
> > </web-app>
> >
> >
> > log4j.xml
> > <?xml version="1.0" encoding="UTF-8" ?>
> > <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
> > <!-- main resources -->
> > <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
> >   <appender name="console" class="org.apache.log4j.ConsoleAppender">
> >     <param name="Target" value="System.out"/>
> >     <layout class="org.apache.log4j.PatternLayout">
> >       <param name="ConversionPattern" value="%-5p %m%n"/>
> >     </layout>
> >   </appender>
> >     <appender name="file" class="org.apache.log4j.FileAppender">
> >         <param name="File" value="target/unit-tests.log"/>
> >         <layout class="org.apache.log4j.PatternLayout">
> >           <param name="ConversionPattern" value="%-5p %m%n"/>
> >         </layout>
> >     </appender>
> >   <logger name="org.owasp.esapi.reference.TestTrace">
> >     <level value="trace"/>
> >   </logger>
> >   <logger name="org.owasp.esapi.reference.TestDebug">
> >     <level value="debug"/>
> >   </logger>
> >   <logger name="org.owasp.esapi.reference.TestInfo">
> >     <level value="info"/>
> >  </logger>
> >   <logger name="org.owasp.esapi.reference.TestWarning">
> >     <level value="warn"/>
> >   </logger>
> >   <logger name="org.owasp.esapi.reference.TestError">
> >     <level value="error"/>
> >   </logger>
> >   <logger name="org.owasp.esapi.reference.TestFatal">
> >     <level value="fatal"/>
> >   </logger>
> >   <logger name="org.owasp.esapi.reference">
> >     <level value="info"/>
> >   </logger>
> >   <root>
> >     <priority value="debug" />
> >     <appender-ref ref="file" />
> >   </root>
> >   <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
> > </log4j:configuration>
> >
> > --
> > Best regards,
> > Ashish K. Gautam
> >
>
>
>
> --
> Blog: http://off-the-wall-security.blogspot.com/
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We *cause* accidents."        -- Nathaniel Borenstein



--
Best regards,
Ashish K. Gautam



-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein


More information about the Esapi-user mailing list