[Esapi-user] Error in production server

John Melton jtmelton at gmail.com
Fri May 5 06:01:14 UTC 2017


Are you also using AppSensor? It looks like your configuration is setup to
use the AppSensor authenticator, but if you don't have that dependency on
the classpath, it'll fail. I'd check the ESAPI.properties file and look at
what is the configured authenticator, and we can probably go from there.

On Fri, May 5, 2017 at 1:57 AM, Uma Venkatakrishnan <uma at akhilainfo.co.in>
wrote:

> Hi All,
>
> We are getting the below error very often in the production environment.
> Please see the stack trace below. What is the cause of the error? We have
> included esapi-2.1.0.1.jar in the war file of our application.
>
> Could anyone please help.
>
> Thanks
> Uma
>
>
> Message: java.lang.ClassNotFoundException: org.owasp.appsensor.demoapp.AppSensorDummyESAPIAuthenticator
> Authenticator class (org.owasp.appsensor.demoapp.A
> ppSensorDummyESAPIAuthenticator) must be in class path.
>
> StackTrace: [org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108),
> org.owasp.esapi.ESAPI.authenticator(ESAPI.java:92),
> org.owasp.esapi.reference.Log4JLogger.getUserInfo(Log4JLogger.java:517),
> org.owasp.esapi.reference.Log4JLogger.log(Log4JLogger.java:452),
> org.owasp.esapi.reference.Log4JLogger.error(Log4JLogger.java:227),
> org.owasp.esapi.errors.IntrusionException.(IntrusionException.java:55),
> com.mns.sw.util.CsrfTokenUtil.verifyCSRFToken(CsrfTokenUtil.java:75),
> com.mns.sw.permit.controllers.MICPermitController.viewPermit
> (MICPermitController.java:151), sun.reflect.GeneratedMethodAccessor5542.invoke(Unknown
> Source), sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43),
> java.lang.reflect.Method.invoke(Method.java:606),
> org.springframework.web.method.support.InvocableHandlerMetho
> d.doInvoke(InvocableHandlerMethod.java:221),
> org.springframework.web.method.support.InvocableHandlerMetho
> d.invokeForRequest(InvocableHandlerMethod.java:136),
> org.springframework.web.servlet.mvc.method.annotation.Servle
> tInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:114),
> org.springframework.web.servlet.mvc.method.annotation.Reques
> tMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827),
> org.springframework.web.servlet.mvc.method.annotation.Reques
> tMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738),
> org.springframework.web.servlet.mvc.method.AbstractHandlerMe
> thodAdapter.handle(AbstractHandlerMethodAdapter.java:85),
> org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963),
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897),
> org.springframework.web.servlet.FrameworkServlet.processRequ
> est(FrameworkServlet.java:970), org.springframework.web.servle
> t.FrameworkServlet.doGet(FrameworkServlet.java:861),
> javax.servlet.http.HttpServlet.service(HttpServlet.java:687),
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846),
> javax.servlet.http.HttpServlet.service(HttpServlet.java:790),
> org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682),
> org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:344), org.apache.catalina.core.Appli
> cationFilterChain.doFilter(ApplicationFilterChain.java:214),
> org.springframework.web.filter.CharacterEncodingFilter.doFil
> terInternal(CharacterEncodingFilter.java:197),
> org.springframework.web.filter.OncePerRequestFilter.doFilter
> (OncePerRequestFilter.java:107), org.apache.catalina.core.Appli
> cationFilterChain.internalDoFilter(ApplicationFilterChain.java:256),
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:330),
> org.springframework.security.web.access.intercept.FilterSecu
> rityInterceptor.invoke(FilterSecurityInterceptor.java:118),
> org.springframework.security.web.access.intercept.FilterSecu
> rityInterceptor.doFilter(FilterSecurityInterceptor.java:84),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.access.ExceptionTranslation
> Filter.doFilter(ExceptionTranslationFilter.java:113),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.session.SessionManagementFi
> lter.doFilter(SessionManagementFilter.java:103),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.authentication.AnonymousAut
> henticationFilter.doFilter(AnonymousAuthenticationFilter.java:113),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.servletapi.SecurityContextH
> olderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.savedrequest.RequestCacheAw
> areFilter.doFilter(RequestCacheAwareFilter.java:45),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.authentication.www.BasicAut
> henticationFilter.doFilter(BasicAuthenticationFilter.java:150),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> com.mns.sw.filter.SessionFilter.doFilter(SessionFilter.java:43),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.authentication.AbstractAuth
> enticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.authentication.logout.Logou
> tFilter.doFilter(LogoutFilter.java:110), org.springframework.security.w
> eb.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.context.request.async.WebAs
> yncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50),
> org.springframework.web.filter.OncePerRequestFilter.doFilter
> (OncePerRequestFilter.java:107), org.springframework.security.w
> eb.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.context.SecurityContextPers
> istenceFilter.doFilter(SecurityContextPersistenceFilter.java:87),
> org.springframework.security.web.FilterChainProxy$VirtualFil
> terChain.doFilter(FilterChainProxy.java:342),
> org.springframework.security.web.FilterChainProxy.doFilterIn
> ternal(FilterChainProxy.java:192), org.springframework.security.w
> eb.FilterChainProxy.doFilter(FilterChainProxy.java:160),
> org.springframework.web.filter.DelegatingFilterProxy.invokeD
> elegate(DelegatingFilterProxy.java:346), org.springframework.web.filter
> .DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262),
> org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:256), org.apache.catalina.core.Appli
> cationFilterChain.doFilter(ApplicationFilterChain.java:214),
> org.springframework.web.multipart.support.MultipartFilter.do
> FilterInternal(MultipartFilter.java:122), org.springframework.web.filter
> .OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107),
> org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:256), org.apache.catalina.core.Appli
> cationFilterChain.doFilter(ApplicationFilterChain.java:214),
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316),
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160),
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734),
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673),
> com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99),
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174),
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734),
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673),
> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:412),
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282),
> com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHand
> lerCallable.call(ContainerMapper.java:459), com.sun.enterprise.v3.services
> .impl.ContainerMapper.service(ContainerMapper.java:167),
> org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201),
> org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175),
> org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235),
> org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute
> (ExecutorResolver.java:119), org.glassfish.grizzly.filterch
> ain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284),
> org.glassfish.grizzly.filterchain.DefaultFilterChain.execute
> ChainPart(DefaultFilterChain.java:201), org.glassfish.grizzly.filterch
> ain.DefaultFilterChain.execute(DefaultFilterChain.java:133),
> org.glassfish.grizzly.filterchain.DefaultFilterChain.process
> (DefaultFilterChain.java:112), org.glassfish.grizzly.Processo
> rExecutor.execute(ProcessorExecutor.java:77),
> org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561),
> org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEv
> ent(AbstractIOStrategy.java:112), org.glassfish.grizzly.strategi
> es.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117),
> org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(
> WorkerThreadIOStrategy.java:56), org.glassfish.grizzly.strategi
> es.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137),
> org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.d
> oWork(AbstractThreadPool.java:565), org.glassfish.grizzly.threadpo
> ol.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545),
> java.lang.Thread.run(Thread.java:745)]
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20170505/004160e3/attachment-0001.html>


More information about the Esapi-user mailing list