[Esapi-user] Error in production server

Uma Venkatakrishnan uma at akhilainfo.co.in
Fri May 5 05:57:01 UTC 2017


Hi All,

We are getting the below error very often in the production environment.
Please see the stack trace below. What is the cause of the error? We have
included esapi-2.1.0.1.jar in the war file of our application.

Could anyone please help.

Thanks
Uma


Message: java.lang.ClassNotFoundException:
org.owasp.appsensor.demoapp.AppSensorDummyESAPIAuthenticator
Authenticator class (org.owasp.appsensor.demoapp.A
ppSensorDummyESAPIAuthenticator) must be in class path.

StackTrace: [org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108),
org.owasp.esapi.ESAPI.authenticator(ESAPI.java:92),
org.owasp.esapi.reference.Log4JLogger.getUserInfo(Log4JLogger.java:517),
org.owasp.esapi.reference.Log4JLogger.log(Log4JLogger.java:452),
org.owasp.esapi.reference.Log4JLogger.error(Log4JLogger.java:227),
org.owasp.esapi.errors.IntrusionException.(IntrusionException.java:55),
com.mns.sw.util.CsrfTokenUtil.verifyCSRFToken(CsrfTokenUtil.java:75),
com.mns.sw.permit.controllers.MICPermitController.viewPermit
(MICPermitController.java:151),
sun.reflect.GeneratedMethodAccessor5542.invoke(Unknown
Source), sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43),
java.lang.reflect.Method.invoke(Method.java:606),
org.springframework.web.method.support.InvocableHandlerMetho
d.doInvoke(InvocableHandlerMethod.java:221), org.springframework.web.method
.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136),
org.springframework.web.servlet.mvc.method.annotation.Servle
tInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114),
org.springframework.web.servlet.mvc.method.annotation.Reques
tMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827),
org.springframework.web.servlet.mvc.method.annotation.Reques
tMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738),
org.springframework.web.servlet.mvc.method.AbstractHandlerMe
thodAdapter.handle(AbstractHandlerMethodAdapter.java:85),
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963),
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897),
org.springframework.web.servlet.FrameworkServlet.processRequ
est(FrameworkServlet.java:970), org.springframework.web.servle
t.FrameworkServlet.doGet(FrameworkServlet.java:861),
javax.servlet.http.HttpServlet.service(HttpServlet.java:687),
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846),
javax.servlet.http.HttpServlet.service(HttpServlet.java:790),
org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682),
org.apache.catalina.core.ApplicationFilterChain.internalDoFi
lter(ApplicationFilterChain.java:344), org.apache.catalina.core.Appli
cationFilterChain.doFilter(ApplicationFilterChain.java:214),
org.springframework.web.filter.CharacterEncodingFilter.doFil
terInternal(CharacterEncodingFilter.java:197),
org.springframework.web.filter.OncePerRequestFilter.doFilter
(OncePerRequestFilter.java:107), org.apache.catalina.core.Appli
cationFilterChain.internalDoFilter(ApplicationFilterChain.java:256),
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:330), org.springframework.security.w
eb.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118),
org.springframework.security.web.access.intercept.FilterSecu
rityInterceptor.doFilter(FilterSecurityInterceptor.java:84),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.authentication.AnonymousAuthenticationFilter.doFilter(Ano
nymousAuthenticationFilter.java:113), org.springframework.security.w
eb.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342),
org.springframework.security.web.servletapi.SecurityContextH
olderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.authentication.www.BasicAuthenticationFilter.doFilter(Bas
icAuthenticationFilter.java:150), org.springframework.security.w
eb.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342),
com.mns.sw.filter.SessionFilter.doFilter(SessionFilter.java:43),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.authentication.AbstractAuthenticationProcessingFilter.
doFilter(AbstractAuthenticationProcessingFilter.java:199),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.context.request.async.WebAsyncManagerIntegrationFilter.
doFilterInternal(WebAsyncManagerIntegrationFilter.java:50),
org.springframework.web.filter.OncePerRequestFilter.doFilter
(OncePerRequestFilter.java:107), org.springframework.security.w
eb.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342),
org.springframework.security.web.context.SecurityContextPers
istenceFilter.doFilter(SecurityContextPersistenceFilter.java:87),
org.springframework.security.web.FilterChainProxy$VirtualFil
terChain.doFilter(FilterChainProxy.java:342), org.springframework.security.w
eb.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192),
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160),
org.springframework.web.filter.DelegatingFilterProxy.invokeD
elegate(DelegatingFilterProxy.java:346), org.springframework.web.filter
.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262),
org.apache.catalina.core.ApplicationFilterChain.internalDoFi
lter(ApplicationFilterChain.java:256), org.apache.catalina.core.Appli
cationFilterChain.doFilter(ApplicationFilterChain.java:214),
org.springframework.web.multipart.support.MultipartFilter.do
FilterInternal(MultipartFilter.java:122), org.springframework.web.filter
.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107),
org.apache.catalina.core.ApplicationFilterChain.internalDoFi
lter(ApplicationFilterChain.java:256), org.apache.catalina.core.Appli
cationFilterChain.doFilter(ApplicationFilterChain.java:214),
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316),
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160),
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734),
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673),
com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99),
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174),
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734),
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673),
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:412),
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282),
com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHand
lerCallable.call(ContainerMapper.java:459), com.sun.enterprise.v3.services
.impl.ContainerMapper.service(ContainerMapper.java:167),
org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201),
org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175),
org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235),
org.glassfish.grizzly.filterchain.ExecutorResolver$9.
execute(ExecutorResolver.java:119), org.glassfish.grizzly.filterch
ain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284),
org.glassfish.grizzly.filterchain.DefaultFilterChain.execute
ChainPart(DefaultFilterChain.java:201), org.glassfish.grizzly.filterch
ain.DefaultFilterChain.execute(DefaultFilterChain.java:133),
org.glassfish.grizzly.filterchain.DefaultFilterChain.
process(DefaultFilterChain.java:112), org.glassfish.grizzly.Processo
rExecutor.execute(ProcessorExecutor.java:77), org.glassfish.grizzly.nio.tran
sport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561),
org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEv
ent(AbstractIOStrategy.java:112), org.glassfish.grizzly.strategi
es.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117),
org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(
WorkerThreadIOStrategy.java:56), org.glassfish.grizzly.strategi
es.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137),
org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.
doWork(AbstractThreadPool.java:565), org.glassfish.grizzly.threadpo
ol.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545),
java.lang.Thread.run(Thread.java:745)]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20170505/608858d1/attachment.html>


More information about the Esapi-user mailing list