[Esapi-user] Fwd: fail to load ESAPI.properties

ashish kumar gautam gautamashishkumar at gmail.com
Mon May 23 05:32:04 EDT 2011


Dear sir/madam

i am ashish kumar gautam.
i am tring to run a appliaction that use a esapi api but i get a exception
message relatied to loding a ESAPI.properties file.

what will be solution of this problem.

plz get me response as soon as posible
thanks


i am not tring to run a web appliaction
i am to try a simple application named Example.java

sir plz find attachment and give me solution to run this application

for example
.....................................................................
import org.owasp.esapi.*;
import java.io.*;
import java.util.*;



public class Example {

       /**
        * @param args
        */
       public static void main(String[] args) {
               // TODO Auto-generated method stub


               try
               {

                       String str1=ESAPI.encoder().canonicalize("amit
gautam").toString();
                       System.out.println(str1);
                       /*String
str2=ESAPI.encoder().encodeForHTML("<html> </html>").toString();
                       System.out.println(str2);*/

                       /*String str3=ESAPI.initialize("");
                       System.out.println("String is-- "+str3+"  yes");*/
               }catch( Exception e){System.out.println(" Exception
catch by me----"+e);}
       }

}
...........................................................................


ESAPI.properties file is
.......................................................................................
#
# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
#
# This file is part of the Open Web Application Security Project (OWASP)
# Enterprise Security API (ESAPI) project. For details, please see
# http://www.owasp.org/index.php/ESAPI.
#
# Copyright (c) 2008,2009 - The OWASP Foundation
#
# DISCUSS: This may cause a major backwards compatibility issue, etc. but
#                  from a name space perspective, we probably should
have prefaced
#                  all the property names with ESAPI or at least
OWASP. Otherwise
#                  there could be problems is someone loads this
properties file into
#                  the System properties.  We could also put this file into the
#                  esapi.jar file (perhaps as a ResourceBundle) and
then allow an external
#                  ESAPI properties be defined that would overwrite
these defaults.
#                  That keeps the application's properties relatively
simple as usually
#                  they will only want to override a few properties.
If looks like you
#                  already support multiple override levels of this in the
#                  DefaultSecurityConfiguration class, but I'm
suggesting placing the
#                  defaults in the esapi.jar itself. That way, if the
jar is signed,
#                  we could detect if those properties had been
tampered with. (The
#                  code to check the jar signatures is pretty
simple... maybe 70-90 LOC,
#                  but off course there is an execution penalty
(similar to the way
#                  that the separate sunjce.jar used to be when a
class from it was
#                  first loaded). Thoughts?
###############################################################################
#
# WARNING: Operating system protection should be used to lock down the .esapi
# resources directory and all the files inside and all the directories all the
# way up to the root directory of the file system.  Note that if you are using
# file-based implementations, that some files may need to be read-write as they
# get updated dynamically.
#
# Before using, be sure to update the MasterKey and MasterSalt as
described below.
# N.B.: If you are trying to use ESAPI 2.0 with the same MasterKey and
MasterSalt
#               as you did with some earlier version (e.g., 1.4),
these may not work unless
#           you set
'ESAPI.Encryptor=org.owasp.esapi.reference.LegacyJavaEncryptor'
#               (see below). The preferred approach is to simply regenerate the
#               ENcryptor.MasterKey and Encryptor.MasterSalt (left
unset by default
#               install in ESAPI 2.0) by running
#
#                       java -classpath ...:esapi.jar -jar
org.owasp.esapi.ESAPI [-print]
#
#           with the default ESAPI.properties file and use the new encrypt() /
#               decrypt() methods in the Encryptor interface. (The
older encrypt() /
#               decrypt() methods have been deprecated and likely will
be removed in
#               some future release.)
#
#===========================================================================
# ESAPI Configuration
#
# If true, then print all the ESAPI properties set here when they are loaded.
# If false, they are not printed. Useful to reduce output when running
JUnit tests.
# If you need to troubleshoot a properties related problem, turning
this on may help.
# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
# default for reasons of backward compatibility with earlier ESAPI versions.
ESAPI.printProperties=true

# ESAPI is designed to be easily extensible. You can use the reference
implementation
# or implement your own providers to take advantage of your
enterprise's security
# infrastructure. The functions in ESAPI are referenced using the
ESAPI locator, like:
#
#    String ciphertext =
#               ESAPI.encryptor().encrypt("Secret message");   //
Deprecated in 2.0
#    CipherText cipherText =
#               ESAPI.encryptor().encrypt("Secret
message".getBytes("UTF-8")); // Preferred
#
# Below you can specify the classname for the provider that you wish
to use in your
# application. The only requirement is that it implement the
appropriate ESAPI interface.
# This allows you to switch security implementations in the future
without rewriting the
# entire application.
#
# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml
in .esapi directory
ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
# FileBasedAuthenticator requires users.txt file in .esapi directory
ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
# Set ESAPI.Encryptor=org.owas.esapi.reference.LegacyJavaEncryptor for
# compatibility with OWASP ESAPI Java 1.4 and earlier, but first see warnings
# in ESAPI Java 2.0 Release Notes on "Why Is OWASP Changing ESAPI Encryption?".
ESAPI.Encryptor=org.owasp.esapi.reference.JavaEncryptor
ESAPI.CipherText=org.owasp.esapi.reference.DefaultCipherText
# CHECKME: Should we have a default JCE provider or provider class specified
#                  somewhere so one could (say) use Bouncy Castle
rather than the
#                  default SunJCE if they so desired? That would take only some
#                  relatively simple changes to JavaEncryptor.
#               E.g., I was thinking of something like this:
# (Not currently used, but was planning on doing Security.insertProviderAt()
# to insert it at the beginning. Will postpone that for later as one can
# always get the same behavior by doing it yourself, etc.)
ESAPI.PreferredJCEProvider=SunJCE

ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
# Log4JFactory Requires log4j.xml or log4j.properties in classpath -
http://www.laliluna.de/log4j-tutorial.html
ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator

#===========================================================================
# ESAPI Authenticator
#
Authenticator.AllowedLoginAttempts=3
Authenticator.MaxOldPasswordHashes=13
Authenticator.UsernameParameterName=hcl
Authenticator.PasswordParameterName=
# RememberTokenDuration (in days)
Authenticator.RememberTokenDuration=14
# Session Timeouts (in minutes)
Authenticator.IdleTimeoutDuration=20
Authenticator.AbsoluteTimeoutDuration=120

#===========================================================================
# ESAPI Encoder
#
# ESAPI canonicalizes input before validation to prevent bypassing
filters with encoded attacks.
# Failure to canonicalize input is a very common mistake when
implementing validation schemes.
# Canonicalization is automatic when using the ESAPI Validator, but
you can also use the
# following code to canonicalize data.
#
#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
#
# Multiple encoding is when a single encoding format is applied
multiple times, multiple
# different encoding formats are applied, or when multiple formats are
nested. Allowing
# multiple encoding is strongly discouraged.
Encoder.AllowMultipleEncoding=false
#
# The default list of codecs to apply when canonicalizing untrusted
data. The list should include the codecs
# for all downstream interpreters or decoders. For example, if the
data is likely to end up in a URL, HTML, or
# inside JavaScript, then the list of codecs below is appropriate. The
order of the list is not terribly important.
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec


#===========================================================================
# ESAPI Encryption
#
# The ESAPI Encryptor provides basic cryptographic functions with a
simplified API.
# To get started, generate a new key using java -classpath esapi.jar
org.owasp.esapi.reference.JavaEncryptor
# There is not currently any support for key rotation, so be careful
when changing your key and salt as it
# will invalidate all signed, encrypted, and hashed data.
#
# WARNING: Not all combinations of algorithms and key lengths are supported.
# If you choose to use a key length greater than 128, you MUST download the
# unlimited strength policy files and install in the lib directory of
your JRE/JDK.
# See http://java.sun.com/javase/downloads/index.jsp for more information.
#
# Backward compatibility with ESAPI Java 1.4 is supported by the two
deprecated API
# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String).
However, whenever
# possible, these methods should be avoided as they use ECB cipher
mode, which in almost
# all circumstances a poor choice because of it's weakness. CBC cipher
mode is the default
# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.
In general, you
# should only use this compatibility setting if you have persistent
data encrypted with
# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
# you have decrypted all of your old encrypted data and then
re-encrypted it with
# ESAPI 2.0 using CBC mode. If you have some reason to mix the
deprecated 1.4 mode
# with the new 2.0 methods, make sure that you use the same cipher
algorithm for both
# (256-bit AES was the default for 1.4; 128-bit is the default for
2.0; see below for
# more details.) Otherwise, you will have to use the new 2.0 encrypt /
decrypt methods
# where you can specify a SecretKey. (Note that if you are using the
256-bit AES,
# that requires downloading the special jurisdiction policy files
mentioned above.)
#
#               ***** IMPORTANT: Do NOT forget to replace these with
your own values! *****
# To calculate these values, you can run:
#               java -classpath ...:esapi.jar -jar org.owasp.esapi.ESAPI
Encryptor.MasterKey=
Encryptor.MasterSalt=

# AES is the most widely used and strongest encryption algorithm. This
# should agree with your Encryptor.CipherTransformation property.
# By default, ESAPI Java 1.4 uses "AES/ECB" and unspecified padding (it is
# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
#               For ESAPI Java 1.4 - Deprecated encrypt / decrypt
methods use this.
#               Used only if
'ESAPI.Encryptor=org.owasp.esapi.reference.LegacyJavaEncryptor'.
Encryptor.EncryptionAlgorithm=AES
#               For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
Encryptor.CipherTransformation=AES/CBC/PKCS5Padding

# 128-bit is almost always sufficient and appears to be more resistant to
# related key attacks than is 256-bit AES. Use '_' to use default key size
# for cipher algorithms (where it makes sense because the algorithm supports
# a variable key size). Key length must agree to what's provided as the
# cipher transformation, otherwise this will be ignored after logging a
# warning.
#
# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above
about mixing!
Encryptor.EncryptionKeyLength=128

# Because 2.0 uses CBC mode by default, it requires an initialization
vector (IV).
# (All cipher modes except ECB require an IV.) There are two choices:
we can either
# use a fixed IV known to both parties or allow ESAPI to choose a
random IV. While
# the IV does not need to be hidden from adversaries, it is important that the
# adversary not be allowed to choose it. Also, random IVs are
generally much more
# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
# such as CFB and OFB use a different IV for each encryption with a given key so
# in such cases, random IVs are much preferred. By default, ESAPI 2.0
uses random
# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
# uncomment the Encryptor.fixedIV.
#
# Valid values:         random|fixed|specified          'specified' not yet
implemented; planned for 2.1
Encryptor.ChooseIVMethod=random
# If you choose to use a fixed IV, then you must place a fixed IV here that
# is known to all others who are sharing your secret key. The format should
# be a hex string that is the same length as the cipher block size for the
# cipher algorithm that you are using. The following is an example for AES
# from an AES test vector for AES-128/CBC as described in:
# NIST Special Publication 800-38A (2001 Edition)
# "Recommendation for Block Cipher Modes of Operation".
# (Note that the block size for AES is 16 bytes == 128 bits.)
#
Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f

# Whether or not CipherText should use a message authentication code
(MAC) with it.
# This prevents an adversary from altering the IV as well as allowing a more
# fool-proof way of determining the decryption failed because of an incorrect
# key being supplied.
Encryptor.CipherText.useMAC=true

# Whether or not the PlainText object may be overwritten and then marked
# eligible for garbage collection. If not set, this is still treated as 'true'.
Encryptor.PlainText.overwrite=true

# Do not use DES except in a legacy situation. 56-bit is way too small key size.
#Encryptor.EncryptionKeyLength=56
#Encryptor.EncryptionAlgorithm=DES

# TripleDES is considered strong enough for most purposes.
#       Note:   There is also a 112-bit version of DESede. Using the
168-bit version
#                       requires downloading the special jurisdiction
policy from Sun.
#Encryptor.EncryptionKeyLength=168
#Encryptor.EncryptionAlgorithm=DESede

Encryptor.HashAlgorithm=SHA-512
Encryptor.HashIterations=1024
Encryptor.DigitalSignatureAlgorithm=DSA
Encryptor.DigitalSignatureKeyLength=1024
Encryptor.RandomAlgorithm=SHA1PRNG
Encryptor.CharacterEncoding=UTF-8


#===========================================================================
# ESAPI HttpUtilties
#
# The HttpUtilities provide basic protections to HTTP requests and
responses. Primarily these methods
# protect against malicious data from attackers, such as unprintable
characters, escaped characters,
# and other simple attacks. The HttpUtilities also provides utility
methods for dealing with cookies,
# headers, and CSRF tokens.
#
# Default file upload location (remember to escape backslashes with \\)
HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
HttpUtilities.UploadTempDir=C:\\temp
# Force flags on cookies, if you use HttpUtilities to set cookies
HttpUtilities.ForceHttpOnlySession=false
HttpUtilities.ForceSecureSession=false
HttpUtilities.ForceHttpOnlyCookies=true
HttpUtilities.ForceSecureCookies=true
# File upload configuration
HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
HttpUtilities.MaxUploadFileBytes=500000000
# Using UTF-8 throughout your stack is highly recommended. That
includes your database driver,
# container, and any other technologies you may be using. Failure to
do this may expose you
# to Unicode transcoding injection attacks. Use of UTF-8 does not
hinder internationalization.
HttpUtilities.ResponseContentType=text/html; charset=UTF-8



#===========================================================================
# ESAPI Executor
# CHECKME - Not sure what this is used for, but surely it should be
made OS independent.
Executor.WorkingDirectory=C:\\Windows\\Temp
Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe


#===========================================================================
# ESAPI Logging
# Set the application name if these logs are combined with other applications
Logger.ApplicationName=ExampleApplication
# If you use an HTML log viewer that does not properly HTML escape log
data, you can set LogEncodingRequired to true
Logger.LogEncodingRequired=false
# Determines whether ESAPI should log the application name. This might
be clutter in some single-server/single-app environments.
Logger.LogApplicationName=true
# Determines whether ESAPI should log the server IP and port. This
might be clutter in some single-server environments.
Logger.LogServerIP=true
# LogFileName, the name of the logging file. Provide a full directory
path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
# want to place it in a specific directory.
Logger.LogFileName=C:\\Workspaces\\Personal\\Development\\Finger\\logs\\ESAPI_logging_file
# MaxLogFileSize, the max size (in bytes) of a single log file before
it cuts over to a new one (default is 10,000,000)
Logger.MaxLogFileSize=10000000


#===========================================================================
# ESAPI Intrusion Detection
#
# Each event has a base to which .count, .interval, and .action are added
# The IntrusionException will fire if we receive "count" events within
"interval" seconds
# The IntrusionDetector is configurable to take the following actions:
log, logout, and disable
#  (multiple actions separated by commas are allowed e.g.
event.test.actions=log,disable
#
# Custom Events
# Names must start with "event." as the base
# Use IntrusionDetector.addEvent( "test" ) in your code to trigger
"event.test" here
#
IntrusionDetector.event.test.count=2
IntrusionDetector.event.test.interval=10
IntrusionDetector.event.test.actions=disable,log

# Exception Events
# All EnterpriseSecurityExceptions are registered automatically
# Call IntrusionDetector.getInstance().addException(e) for Exceptions
that do not extend EnterpriseSecurityException
# Use the fully qualified classname of the exception as the base

# any intrusion is an attack
IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout

# for test purposes
# CHECKME: Shouldn't there be something in the property name itself
that designates
#                  that these are for testing???
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout

# rapid validation errors indicate scans or attacks in progress
# org.owasp.esapi.errors.ValidationException.count=10
# org.owasp.esapi.errors.ValidationException.interval=10
# org.owasp.esapi.errors.ValidationException.actions=log,logout

# sessions jumping between hosts indicates session hijacking
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout


#===========================================================================
# ESAPI Validation
#
# The ESAPI Validator works on regular expressions with defined names.
You can define names
# either here, or you may define application specific patterns in a
separate file defined below.
# This allows enterprises to specify both organizational standards as
well as application specific
# validation rules.
#
Validator.ConfigurationFile=validation.properties

# Validators used by ESAPI
Validator.AccountName=^[a-zA-Z0-9]{3,20}$
Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
Validator.RoleName=^[a-z]{1,20}$

#the word TEST below should be changed to your application
#name - only relative URL's are supported
Validator.Redirect=^\\/test.*$

# Global HTTP Validation Rules
# Values with Base64 encoded data (e.g. encrypted state) will need at
least [a-zA-Z0-9\/+=]
Validator.HTTPScheme=^(http|https)$
Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=_ ]*$
Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
Validator.HTTPContextPath=^[a-zA-Z0-9.\\-_]*$
Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ](1,50)$
Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
Validator.HTTPURL=^.*$
Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$

# Validation of file related input
Validator.FileName=^[[email protected]#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
Validator.DirectoryName=^[a-zA-Z0-9:/\\\\[email protected]#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$


.............................................................................................................................................

On Mon, May 23, 2011 at 2:26 PM, Jim Manico <jim.manico at owasp.org> wrote:
> Are you sure this is a problem? I see both ESAPI.properties and the validation property loading properly. Does your web app simply not start?
>
> Jim Manico
>
> On May 23, 2011, at 9:51 AM, Saad Shakil <sshakil at rim.com> wrote:
>
>> Ashish,
>>
>> If it is on a web app server, try putting it in the root of the domain directory, restart the server, and observe logs.
>>
>> -saad
>>
>> ----- Original Message -----
>> From: ashish kumar gautam [mailto:gautamashishkumar at gmail.com]
>> Sent: Monday, May 23, 2011 03:12 AM
>> To: esapi-user at lists.owasp.org <esapi-user at lists.owasp.org>
>> Subject: [Esapi-user] fail to load ESAPI.properties
>>
>> Dear sir/madam
>>
>> i am ashish kumar gautam.
>> i am tring to run a project that use a esapi api but i get a exception
>> message relatied to loding a ESAPI.properties file.
>>
>> what will be solution of this problem.
>>
>> plz get me response as soon as posible
>> thanks
>> .
>> .
>> .
>>
>>
>> Error message like this -----
>>
>> Properties Loaded done
>> Attempting to load ESAPI.properties via file I/O.
>> Attempting to load ESAPI.properties as resource file via file I/O.
>> Not found in 'org.owasp.esapi.resources' directory or file not
>> readable: E:\Users\hcl\workspace\ESAPI_2.0\ESAPI.properties
>> Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
>> Not found in 'user.home' (C:\Users\hcl) directory:
>> C:\Users\hcl\esapi\ESAPI.properties
>> Loading ESAPI.properties via file I/O failed. Exception was:
>> java.io.FileNotFoundException
>> java.io.FileNotFoundException
>>    at org.owasp.esapi.reference.DefaultSecurityConfiguration.getResourceStream(DefaultSecurityConfiguration.java:518)
>>    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:429)
>>    at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)
>>    at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
>>    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>    at java.lang.reflect.Method.invoke(Method.java:597)
>>    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
>>    at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:183)
>>    at org.owasp.esapi.ESAPI.encoder(ESAPI.java:98)
>>    at Example.main(Example.java:25)
>> Attempting to load ESAPI.properties via the classpath.
>> SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)'
>> using current thread context class loader!
>> Attempting to load validation.properties via file I/O.
>> Attempting to load validation.properties as resource file via file I/O.
>> Not found in 'org.owasp.esapi.resources' directory or file not
>> readable: E:\Users\hcl\workspace\ESAPI_2.0\validation.properties
>> Not found in SystemResource Directory/resourceDirectory:
>> .esapi\validation.properties
>> Not found in 'user.home' (C:\Users\hcl) directory:
>> C:\Users\hcl\esapi\validation.properties
>> Loading validation.properties via file I/O failed.
>> Attempting to load validation.properties via the classpath.
>> SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/
>> (root)' using current thread context class loader!
>> Handeled Exception by
>> me----org.owasp.esapi.errors.ConfigurationException:
>> java.lang.reflect.InvocationTargetException Encoder class
>> (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.-- and
>> exception
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>> ---------------------------------------------------------------------
>> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ESAPI.properties
Type: application/octet-stream
Size: 20367 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20110523/7741f1f9/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Example.java
Type: application/octet-stream
Size: 630 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/esapi-user/attachments/20110523/7741f1f9/attachment-0001.obj 


More information about the Esapi-user mailing list