[Esapi-user] Problems with esapi

Jörg Liedl joerg.liedl at student.htw-berlin.de
Sun Mar 4 17:47:41 UTC 2012


Hi,
I have a small Blog project programmed, and i want to improve all inputs 
and actions with the ESAPI.

The project is JAVA EE6 on a JBoss-AS 7.1 using JSF

I integrated esapi into my project with maven:

<!-- ESAPI Version 2.0.1 -->
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.0.1</version>
</dependency>

i also included the .esapi folder in the server start (thats where i 
copied it)
  -Dorg.owasp.esapi.resources=/home/joergi/.esapi/

I looked at the ESAPI install guide ( 
http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-install-guide.pdf 
) and copied the example into my TestController.java..

|@ManagedBean(name="testController")
@RequestScoped
public class TestController  {

     public String esapiTest(){

     System.out.println("ESAPI.accessController found: "
                                + ESAPI.accessController());

     return "ESAPI.accessController found: " + ESAPI.accessController();
     }
}|


test.xhtml looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html">
<ui:define name="content">
<h2>esapi test</h2>
<h:outputText value="#{testController.esapiTest()}" />
</ui:define>
</ui:composition>

and i got this error message: http://pastebin.com/6an0awMc

so i'm not really sure, if the integration is workig as it should work.

because when i start the original swingset project, i got something like:

|Seeking ESAPI.properties
   Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI.properties
   Found in 'user.home' directory: /home/joergi/.esapi/ESAPI.properties
Loaded 'ESAPI.properties' properties file
Seeking validation.properties
   Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/validation.properties
   Found in 'user.home' directory: /home/joergi/.esapi/validation.properties
Loaded 'validation.properties' properties file
Seeking ESAPI_logging_file
   Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI_logging_file
   Found in 'user.home' directory: /home/joergi/.esapi/ESAPI_logging_file|


But in my project i don't see the "seeking esapi.properties" lines when 
the server starts...

I briefly described my problem on stack overflow

http://stackoverflow.com/questions/9543218/owasp-esapi-simpletest-in-a-maven-java-ee-project

I don't know what i missed to integrate it...

Thanks for your help

Jörg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120304/294a8cfb/attachment.html>


More information about the Esapi-user mailing list