[Esapi-user] Fwd: ESAPI.httpUtilities().sendForward() Help

John Melton jtmelton at gmail.com
Thu Aug 25 08:49:30 EDT 2011


Sorry, but am I missing something? The stack trace shows the same exact
issue that was answered yesterday. The jsp being forwarded to doesn't start
w/ "WEB-INF/". That's why the AccessControlException is being thrown. Move
the JSP to the WEB-INF directory and you should be good.
Thanks,
John

On Thu, Aug 25, 2011 at 8:07 AM, Jeff Williams <
jeff.williams at aspectsecurity.com> wrote:

> What happens?  Do you get an error?  Sounds like a classpath or import
> problem, but you can't devug problems without information.
>
> --Jeff
>
>
>
> On Aug 25, 2011, at 7:47 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com>
> wrote:
>
> > Anyone have any ideas?
> > Asish, please post these to the ESAPI users list and do not send
> > to indivuals. Thanks.
> >
> > -kevin
> >
> > ---------- Forwarded message ----------
> > From: ashish kumar gautam <gautamashishkumar at gmail.com>
> > Date: Thu, Aug 25, 2011 at 3:36 AM
> > Subject: Re: ESAPI.httpUtilities().sendForward() Help
> > To: "Kevin W. Wall" <kevin.w.wall at gmail.com>
> >
> >
> > Dear Sir,
> >
> > I am able to call ESAPI.httpUtilities().sendForward(); from jsp file
> > But sir
> > I am not able to call ESAPI.httpUtilities().sendForward(); from Servlet
> file
> >
> > thanks for Reply
> >
> >
> > On Wed, Aug 24, 2011 at 7:27 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
> wrote:
> >>
> >> I meant your log4j *output* file, not the config file. In your case, you
> are
> >> using ConsoleAppender, so the output should be going to stdout or stderr
> >> and will probably end up in catalina.out or wherever Tomcat dumps it.
> >> Also, set the log level for all ESAPI classes to 'debug'.
> >>
> >> -kevin
> >>
> >> On Wed, Aug 24, 2011 at 8:54 AM, ashish kumar gautam
> >> <gautamashishkumar at gmail.com> wrote:
> >>>
> >>> Hi.......
> >>> i am using ESAPI.httpUtilities().sendForward();
> >>> but i have got exception :
> >>> Exception massage :
> >>> org.owasp.esapi.errors.AccessControlException: Forward failed
> >>> at
> >>>
> org.owasp.esapi.reference.DefaultHTTPUtilities.sendForward(DefaultHTTPUtilities.java:791)
> >>> at DataBaseConnection.doPost(DataBaseConnection.java:107)
> >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> >>> at
> >>>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> >>> at
> >>>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >>> at
> >>>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> >>> at
> >>>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> >>> at
> >>>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >>> at
> >>>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> >>> at
> >>>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >>> at
> >>>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
> >>> at
> >>>
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
> >>> at
> >>>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
> >>> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> >>> at java.lang.Thread.run(Unknown Source)
> >>>
> >>> My Code Like This:
> >>> if(role==1)
> >>> {
> >>>          session.setAttribute("SERVERToken",str);
> >>>
> >>>  ESAPI.httpUtilities().sendForward(request,response,"useraccount.jsp");
> >>>
> >>> }
> >>> else if(role==2)
> >>> {
> >>> session.setAttribute("SERVERToken",str);
> >>> ESAPI.httpUtilities().sendForward(request,response,"adminaccount.jsp");
> >>> }
> >>> }
> >>> else
> >>> {
> >>> ESAPI.httpUtilities().sendForward(request,response,"loginfail.jsp");
> >>> }
> >>>
> >>>
> >>> web.xml file content:
> >>> <?xml version="1.0" encoding="UTF-8"?>
> >>> <web-app id="WebApp_ID" version="2.4"
> >>> xmlns="http://java.sun.com/xml/ns/j2ee"
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> >>> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
> >>> <display-name>
> >>> infosystem</display-name>
> >>> <welcome-file-list>
> >>> <welcome-file>index.html</welcome-file>
> >>> <welcome-file>index.htm</welcome-file>
> >>> <welcome-file>index.jsp</welcome-file>
> >>> <welcome-file>default.html</welcome-file>
> >>> <welcome-file>default.htm</welcome-file>
> >>> <welcome-file>default.jsp</welcome-file>
> >>> </welcome-file-list>
> >>> <!-- Database Configration Seeting -->
> >>> <context-param>
> >>>         <param-name>datasource</param-name>
> >>>         <param-value>csgcirt</param-value>
> >>>     </context-param>
> >>>     <context-param>
> >>>         <param-name>dbuser</param-name>
> >>>         <param-value>sa</param-value>
> >>>     </context-param>
> >>>     <context-param>
> >>>         <param-name>dbpassword</param-name>
> >>>         <param-value>sa123</param-value>
> >>> </context-param>
> >>> <context-param>
> >>>         <param-name>dbip</param-name>
> >>>         <param-value>10.1.10.129:1433</param-value>
> >>>     </context-param>
> >>> <context-param>
> >>>         <param-name>dbname</param-name>
> >>>         <param-value>INFORMATIONSYSTEM</param-value>
> >>>     </context-param>
> >>>
> >>>     <!-- Mapping for DataBaseConnection.java Servlet -->
> >>> <servlet>
> >>> <servlet-name>DataBaseConnection</servlet-name>
> >>> <servlet-class>DataBaseConnection</servlet-class>
> >>> </servlet>
> >>> <servlet-mapping>
> >>>     <servlet-name>DataBaseConnection</servlet-name>
> >>>       <url-pattern>/servlet/DataBaseConnection</url-pattern>
> >>> </servlet-mapping>
> >>>
> >>>
> >>>     <!-- Mapping for DataBaseConnection.java Servlet -->
> >>> <servlet>
> >>> <servlet-name>DataBaseConnection2</servlet-name>
> >>> <servlet-class>DataBaseConnection2</servlet-class>
> >>> </servlet>
> >>> <servlet-mapping>
> >>>     <servlet-name>DataBaseConnection2</servlet-name>
> >>>       <url-pattern>/servlet/DataBaseConnection2</url-pattern>
> >>> </servlet-mapping>
> >>> <!-- Mapping for DataBaseConnection.java Servlet -->
> >>> <servlet>
> >>> <servlet-name>Logout</servlet-name>
> >>> <servlet-class>Logout</servlet-class>
> >>> </servlet>
> >>> <servlet-mapping>
> >>>     <servlet-name>Logout</servlet-name>
> >>>       <url-pattern>/servlet/Logout</url-pattern>
> >>> </servlet-mapping>
> >>>
> >>>
> >>>     <servlet>
> >>> <servlet-name>ActiveDeactiveNews</servlet-name>
> >>> <servlet-class>ActiveDeactiveNews</servlet-class>
> >>> </servlet>
> >>> <servlet-mapping>
> >>>     <servlet-name>ActiveDeactiveNews</servlet-name>
> >>>       <url-pattern>/servlet/ActiveDeactiveNews</url-pattern>
> >>> </servlet-mapping>
> >>> </web-app>
> >>>
> >>>
> >>> log4j.xml
> >>> <?xml version="1.0" encoding="UTF-8" ?>
> >>> <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
> >>> <!-- main resources -->
> >>> <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
> >>>   <appender name="console" class="org.apache.log4j.ConsoleAppender">
> >>>     <param name="Target" value="System.out"/>
> >>>     <layout class="org.apache.log4j.PatternLayout">
> >>>       <param name="ConversionPattern" value="%-5p %m%n"/>
> >>>     </layout>
> >>>   </appender>
> >>>     <appender name="file" class="org.apache.log4j.FileAppender">
> >>>         <param name="File" value="target/unit-tests.log"/>
> >>>         <layout class="org.apache.log4j.PatternLayout">
> >>>           <param name="ConversionPattern" value="%-5p %m%n"/>
> >>>         </layout>
> >>>     </appender>
> >>>   <logger name="org.owasp.esapi.reference.TestTrace">
> >>>     <level value="trace"/>
> >>>   </logger>
> >>>   <logger name="org.owasp.esapi.reference.TestDebug">
> >>>     <level value="debug"/>
> >>>   </logger>
> >>>   <logger name="org.owasp.esapi.reference.TestInfo">
> >>>     <level value="info"/>
> >>>  </logger>
> >>>   <logger name="org.owasp.esapi.reference.TestWarning">
> >>>     <level value="warn"/>
> >>>   </logger>
> >>>   <logger name="org.owasp.esapi.reference.TestError">
> >>>     <level value="error"/>
> >>>   </logger>
> >>>   <logger name="org.owasp.esapi.reference.TestFatal">
> >>>     <level value="fatal"/>
> >>>   </logger>
> >>>   <logger name="org.owasp.esapi.reference">
> >>>     <level value="info"/>
> >>>   </logger>
> >>>   <root>
> >>>     <priority value="debug" />
> >>>     <appender-ref ref="file" />
> >>>   </root>
> >>>   <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
> >>> </log4j:configuration>
> >>>
> >>> --
> >>> Best regards,
> >>> Ashish K. Gautam
> >>>
> >>
> >>
> >>
> >> --
> >> Blog: http://off-the-wall-security.blogspot.com/
> >> "The most likely way for the world to be destroyed, most experts agree,
> >> is by accident. That's where we come in; we're computer professionals.
> >> We *cause* accidents."        -- Nathaniel Borenstein
> >
> >
> >
> > --
> > Best regards,
> > Ashish K. Gautam
> >
> >
> >
> > --
> > Blog: http://off-the-wall-security.blogspot.com/
> > "The most likely way for the world to be destroyed, most experts agree,
> > is by accident. That's where we come in; we're computer professionals.
> > We *cause* accidents."        -- Nathaniel Borenstein
> > _______________________________________________
> > Esapi-user mailing list
> > Esapi-user at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/esapi-user
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110825/7b71a642/attachment.html 


More information about the Esapi-user mailing list