[Esapi-user] setting up the Tutorial: can not create a user...

Chris chris.dickinson at web.de
Fri Jun 10 03:11:49 EDT 2011


Dear Lukas

Since I see the use of FileBasedAuthenticator2, you are probably using
the more recent version of Swingset Interactive that I worked on just a
few weeks ago. The FileBasedAuthenticator is in deed the one big issue
remaining to be worked on in the Swingset, which is not as finished as
it may sound like at first. I have a report on my work on the Swingset
if you are interested. But since you probably just want to get it
working, I recommend following the instruction manual located in the
http://code.google.com/p/owasp-esapi-swingset-interactive/source/browse/trunk/README.txt
file, i.e. put both the .esapi/ folder and the .keystore file in your
home directory, and put the SwingSet/ and apache*/ folders in your
Eclipse workspace and import from there. That's the way I tested it.

Sorry for what looks like a bug in FileBasedAuthenticator2.

Cheers

Chris

on 06/09/2011 10:48 PM Lukas, Ray wrote :
>
> Hi Guys..
>
>  
>
> I can not seem to create a user in the users.txt file.. I think that I
> have everything is setup correctly.. I had to change the port number
> but, no big deal.. the code seems to run great.. but no user account
> ever gets created inside of users.txt other than the user admin, which
> I think was always there.. …
>
> I can create (at least it looks that way on the web page) an account
> ray_lukas with password Corvette!#2010
>
> But trying to log into that account produces
>
>  
>
> - [SECURITY SUCCESS Anonymous:574475 at unknown ->
> /SwingSetInteractive/SwingSet] Invoked LoginLab.java ->
> LoginLab.jsp (Encoded)
>
> - [SECURITY FAILURE Anonymous:574475 at unknown ->
> /SwingSetInteractive/IntrusionDetector] Authentication failed because
> user ray_lukas doesn't exist (Encoded)
>
> _org.owasp.esapi.errors.AuthenticationCredentialsException_:
> Authentication failed
>
>       at
> org.owasp.esapi.reference.FileBasedAuthenticator2.loginWithUsernameAndPassword(_FileBasedAuthenticator2.java:633_)
>
>       at
> org.owasp.esapi.reference.FileBasedAuthenticator2.login(_FileBasedAuthenticator2.java:787_)
>
>       at
> org.owasp.esapi.reference.FileBasedAuthenticator2.login(_FileBasedAuthenticator2.java:765_)
>
>       at
> org.apache.jsp.WEB_002dINF.jsp.LoginLab_jsp._jspService(_LoginLab_jsp.java:168_)
>
>       at
> org.apache.jasper.runtime.HttpJspBase.service(_HttpJspBase.java:70_)
>
>       at javax.servlet.http.HttpServlet.service(_HttpServlet.java:717_)
>
>       at
> org.apache.jasper.servlet.JspServletWrapper.service(_JspServletWrapper.java:377_)
>
>       at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(_JspServlet.java:313_)
>
>       at
> org.apache.jasper.servlet.JspServlet.service(_JspServlet.java:260_)
>
>             so on and so on… … …
>
>  
>
> When I shut down TomCat I get..
>
>  
>
> Seeking ESAPI.properties
>
>   Not found in 'org.owasp.esapi.resources' directory or file not
> readable: C:\eclipse\ESAPI.properties
>
>   Not found in SystemResource Directory/resourceDirectory:
> null/ESAPI.properties
>
>   Not found in SystemResource Directory/.esapi: .esapi/ESAPI.properties
>
>   Not found in SystemResource Directory: ESAPI.properties
>
>   Not found in *'user.home'* directory: *C:\eclipse\ESAPI.properties*
>
>   Not found on classpath
>
>   Not found anywhere
>
>  
>
>  
>
> Notice that user.home now points to my eclipse directory.. that seems
> odd.. when I started the server the  directory was: C:\Documents and
> Settings\v9234s32\.esapi
>
>  
>
> could someone drop me a hint.. sorry for the long email..
>
> thanks guys..
>
>  
>
> **ray lukas**
>
> Software Engineer 
> SuperMedia LLC
>
>  **M:** 508.314.4257  **   **
>
> **www.supermedia.com <http://www.supermedia.com>**
>
>  
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110610/be9eda20/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 73 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20110610/be9eda20/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5912 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20110610/be9eda20/attachment-0001.gif 


More information about the Esapi-user mailing list