[Esapi-user] Fwd: ESAPI.httpUtilities().sendForward() Help

Jeff Williams jeff.williams at aspectsecurity.com
Thu Aug 25 08:07:39 EDT 2011


What happens?  Do you get an error?  Sounds like a classpath or import problem, but you can't devug problems without information.

--Jeff



On Aug 25, 2011, at 7:47 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:

> Anyone have any ideas?
> Asish, please post these to the ESAPI users list and do not send
> to indivuals. Thanks.
> 
> -kevin
> 
> ---------- Forwarded message ----------
> From: ashish kumar gautam <gautamashishkumar at gmail.com>
> Date: Thu, Aug 25, 2011 at 3:36 AM
> Subject: Re: ESAPI.httpUtilities().sendForward() Help
> To: "Kevin W. Wall" <kevin.w.wall at gmail.com>
> 
> 
> Dear Sir,
> 
> I am able to call ESAPI.httpUtilities().sendForward(); from jsp file
> But sir
> I am not able to call ESAPI.httpUtilities().sendForward(); from Servlet file
> 
> thanks for Reply
> 
> 
> On Wed, Aug 24, 2011 at 7:27 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>> 
>> I meant your log4j *output* file, not the config file. In your case, you are
>> using ConsoleAppender, so the output should be going to stdout or stderr
>> and will probably end up in catalina.out or wherever Tomcat dumps it.
>> Also, set the log level for all ESAPI classes to 'debug'.
>> 
>> -kevin
>> 
>> On Wed, Aug 24, 2011 at 8:54 AM, ashish kumar gautam
>> <gautamashishkumar at gmail.com> wrote:
>>> 
>>> Hi.......
>>> i am using ESAPI.httpUtilities().sendForward();
>>> but i have got exception :
>>> Exception massage :
>>> org.owasp.esapi.errors.AccessControlException: Forward failed
>>> at
>>> org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(DefaultHTTPUtilities.java:791)
>>> at DataBaseConnection.doPost(DataBaseConnection.java:107)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>> at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
>>> at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
>>> at
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
>>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>>> at java.lang.Thread.run(Unknown Source)
>>> 
>>> My Code Like This:
>>> if(role==1)
>>> {
>>>          session.setAttribute("SERVERToken",str);
>>> 
>>>  ESAPI.httpUtilities().sendForward(request,response,"useraccount.jsp");
>>> 
>>> }
>>> else if(role==2)
>>> {
>>> session.setAttribute("SERVERToken",str);
>>> ESAPI.httpUtilities().sendForward(request,response,"adminaccount.jsp");
>>> }
>>> }
>>> else
>>> {
>>> ESAPI.httpUtilities().sendForward(request,response,"loginfail.jsp");
>>> }
>>> 
>>> 
>>> web.xml file content:
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <web-app id="WebApp_ID" version="2.4"
>>> xmlns="http://java.sun.com/xml/ns/j2ee"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
>>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
>>> <display-name>
>>> infosystem</display-name>
>>> <welcome-file-list>
>>> <welcome-file>index.html</welcome-file>
>>> <welcome-file>index.htm</welcome-file>
>>> <welcome-file>index.jsp</welcome-file>
>>> <welcome-file>default.html</welcome-file>
>>> <welcome-file>default.htm</welcome-file>
>>> <welcome-file>default.jsp</welcome-file>
>>> </welcome-file-list>
>>> <!-- Database Configration Seeting -->
>>> <context-param>
>>>         <param-name>datasource</param-name>
>>>         <param-value>csgcirt</param-value>
>>>     </context-param>
>>>     <context-param>
>>>         <param-name>dbuser</param-name>
>>>         <param-value>sa</param-value>
>>>     </context-param>
>>>     <context-param>
>>>         <param-name>dbpassword</param-name>
>>>         <param-value>sa123</param-value>
>>> </context-param>
>>> <context-param>
>>>         <param-name>dbip</param-name>
>>>         <param-value>10.1.10.129:1433</param-value>
>>>     </context-param>
>>> <context-param>
>>>         <param-name>dbname</param-name>
>>>         <param-value>INFORMATIONSYSTEM</param-value>
>>>     </context-param>
>>> 
>>>     <!-- Mapping for DataBaseConnection.java Servlet -->
>>> <servlet>
>>> <servlet-name>DataBaseConnection</servlet-name>
>>> <servlet-class>DataBaseConnection</servlet-class>
>>> </servlet>
>>> <servlet-mapping>
>>>     <servlet-name>DataBaseConnection</servlet-name>
>>>       <url-pattern>/servlet/DataBaseConnection</url-pattern>
>>> </servlet-mapping>
>>> 
>>> 
>>>     <!-- Mapping for DataBaseConnection.java Servlet -->
>>> <servlet>
>>> <servlet-name>DataBaseConnection2</servlet-name>
>>> <servlet-class>DataBaseConnection2</servlet-class>
>>> </servlet>
>>> <servlet-mapping>
>>>     <servlet-name>DataBaseConnection2</servlet-name>
>>>       <url-pattern>/servlet/DataBaseConnection2</url-pattern>
>>> </servlet-mapping>
>>> <!-- Mapping for DataBaseConnection.java Servlet -->
>>> <servlet>
>>> <servlet-name>Logout</servlet-name>
>>> <servlet-class>Logout</servlet-class>
>>> </servlet>
>>> <servlet-mapping>
>>>     <servlet-name>Logout</servlet-name>
>>>       <url-pattern>/servlet/Logout</url-pattern>
>>> </servlet-mapping>
>>> 
>>> 
>>>     <servlet>
>>> <servlet-name>ActiveDeactiveNews</servlet-name>
>>> <servlet-class>ActiveDeactiveNews</servlet-class>
>>> </servlet>
>>> <servlet-mapping>
>>>     <servlet-name>ActiveDeactiveNews</servlet-name>
>>>       <url-pattern>/servlet/ActiveDeactiveNews</url-pattern>
>>> </servlet-mapping>
>>> </web-app>
>>> 
>>> 
>>> log4j.xml
>>> <?xml version="1.0" encoding="UTF-8" ?>
>>> <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
>>> <!-- main resources -->
>>> <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
>>>   <appender name="console" class="org.apache.log4j.ConsoleAppender">
>>>     <param name="Target" value="System.out"/>
>>>     <layout class="org.apache.log4j.PatternLayout">
>>>       <param name="ConversionPattern" value="%-5p %m%n"/>
>>>     </layout>
>>>   </appender>
>>>     <appender name="file" class="org.apache.log4j.FileAppender">
>>>         <param name="File" value="target/unit-tests.log"/>
>>>         <layout class="org.apache.log4j.PatternLayout">
>>>           <param name="ConversionPattern" value="%-5p %m%n"/>
>>>         </layout>
>>>     </appender>
>>>   <logger name="org.owasp.esapi.reference.TestTrace">
>>>     <level value="trace"/>
>>>   </logger>
>>>   <logger name="org.owasp.esapi.reference.TestDebug">
>>>     <level value="debug"/>
>>>   </logger>
>>>   <logger name="org.owasp.esapi.reference.TestInfo">
>>>     <level value="info"/>
>>>  </logger>
>>>   <logger name="org.owasp.esapi.reference.TestWarning">
>>>     <level value="warn"/>
>>>   </logger>
>>>   <logger name="org.owasp.esapi.reference.TestError">
>>>     <level value="error"/>
>>>   </logger>
>>>   <logger name="org.owasp.esapi.reference.TestFatal">
>>>     <level value="fatal"/>
>>>   </logger>
>>>   <logger name="org.owasp.esapi.reference">
>>>     <level value="info"/>
>>>   </logger>
>>>   <root>
>>>     <priority value="debug" />
>>>     <appender-ref ref="file" />
>>>   </root>
>>>   <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
>>> </log4j:configuration>
>>> 
>>> --
>>> Best regards,
>>> Ashish K. Gautam
>>> 
>> 
>> 
>> 
>> --
>> Blog: http://off-the-wall-security.blogspot.com/
>> "The most likely way for the world to be destroyed, most experts agree,
>> is by accident. That's where we come in; we're computer professionals.
>> We *cause* accidents."        -- Nathaniel Borenstein
> 
> 
> 
> --
> Best regards,
> Ashish K. Gautam
> 
> 
> 
> -- 
> Blog: http://off-the-wall-security.blogspot.com/
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We *cause* accidents."        -- Nathaniel Borenstein
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user


More information about the Esapi-user mailing list