[Esapi-user] setting up the Tutorial: can not create a user...

Lukas, Ray Ray.Lukas at supermedia.com
Fri Jun 10 05:50:04 EDT 2011

Thank you sir.. Humm.. This is exactly what I did, as the instruction in the read me file said... Do I have to do anything in addition to that?
Well let me look at this again when I get into work and see if I did something else wrong.. I don't think so. The instructions say Windows 7, we are still on Windows XP... You think that is the problem? It start up pointing to the correct location, but somehow as it runs, seems to point to the Exclipse directory... You know user.home... That might be the problem.. I don't know the code but.. That does seem kind of ... Humm..
Thanks boss for getting back to me. Maybe I can help us get this fixed up and become a contributor to the ESAPI framework. :)

Send from my iPad 2 64G Verizon
ray lukas

On Jun 10, 2011, at 3:01 AM, "Christopher Dickinson" <chris.dickinson at gmx.ch<mailto:chris.dickinson at gmx.ch>> wrote:

Dear Lukas

Since I see the use of FileBasedAuthenticator2, you are probably using the more recent version of Swingset Interactive that I worked on just a few weeks ago. The FileBasedAuthenticator is in deed the one big issue remaining to be worked on in the Swingset, which is not as finished as it may sound like at first. I have a report on my work on the Swingset if you are interested. But since you probably just want to get it working, I recommend following the instruction manual located in the <http://code.google.com/p/owasp-esapi-swingset-interactive/source/browse/trunk/README.txt> http://code.google.com/p/owasp-esapi-swingset-interactive/source/browse/trunk/README.txt file, i.e. put both the .esapi/ folder and the .keystore file in your home directory, and put the SwingSet/ and apache*/ folders in your Eclipse workspace and import from there. That's the way I tested it.

Sorry for what looks like a bug in FileBasedAuthenticator2.



on 06/09/2011 10:48 PM Lukas, Ray wrote :
Hi Guys..

I can not seem to create a user in the users.txt file.. I think that I have everything is setup correctly.. I had to change the port number but, no big deal.. the code seems to run great.. but no user account ever gets created inside of users.txt other than the user admin, which I think was always there.. …
I can create (at least it looks that way on the web page) an account ray_lukas with password Corvette!#2010
But trying to log into that account produces

- [SECURITY SUCCESS Anonymous:574475 at unknown -> /SwingSetInteractive/SwingSet] Invoked LoginLab.java -&gt; LoginLab.jsp (Encoded)
- [SECURITY FAILURE Anonymous:574475 at unknown -> /SwingSetInteractive/IntrusionDetector] Authentication failed because user ray_lukas doesn&#x27;t exist (Encoded)
org.owasp.esapi.errors.AuthenticationCredentialsException: Authentication failed
      at org.owasp.esapi.reference.FileBasedAuthenticator2.loginWithUsernameAndPassword(FileBasedAuthenticator2.java:633)
      at org.owasp.esapi.reference.FileBasedAuthenticator2.login(FileBasedAuthenticator2.java:787)
      at org.owasp.esapi.reference.FileBasedAuthenticator2.login(FileBasedAuthenticator2.java:765)
      at org.apache.jsp.WEB_002dINF.jsp.LoginLab_jsp._jspService(LoginLab_jsp.java:168)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
            so on and so on… … …

When I shut down TomCat I get..

Seeking ESAPI.properties
  Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\eclipse\ESAPI.properties
  Not found in SystemResource Directory/resourceDirectory: null/ESAPI.properties
  Not found in SystemResource Directory/.esapi: .esapi/ESAPI.properties
  Not found in SystemResource Directory: ESAPI.properties
  Not found in 'user.home' directory: C:\eclipse\ESAPI.properties
  Not found on classpath
  Not found anywhere

Notice that user.home now points to my eclipse directory.. that seems odd.. when I started the server the  directory was: C:\Documents and Settings\v9234s32\.esapi

could someone drop me a hint.. sorry for the long email..
thanks guys..

ray lukas
Software Engineer
SuperMedia LLC
 M: 508.314.4257


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110610/413171a7/attachment-0001.html 

More information about the Esapi-user mailing list