[Owasp-csrfguard] Owasp-csrfguard Digest, Vol 14, Issue 8

Steve Dittmann sdittm1 at gmail.com
Fri Aug 26 12:55:55 EDT 2011


Hi Patrick,

I used the download from
https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project

Downloads

OWASP CSRFGuard 3.0.0.503
(ALPHA)<https://github.com/downloads/esheri3/OWASP-CSRFGuard/Owasp-CsrfGuard-3.0.0.503.tar.gz>
-
download the latest development release with binary and associated
configuration files *(recommended)*.

Steve


On Fri, Aug 26, 2011 at 9:46 AM, <owasp-csrfguard-request at lists.owasp.org>wrote:

> Send Owasp-csrfguard mailing list submissions to
>        owasp-csrfguard at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
> or, via email, send a message with subject or body 'help' to
>        owasp-csrfguard-request at lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-csrfguard-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-csrfguard digest..."
>
>
> Today's Topics:
>
>   1. Re: First implementation of csrfguard getting     errors.
>      (Patrick Radtke)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 26 Aug 2011 09:46:01 -0700
> From: Patrick Radtke <pradtke at stanford.edu>
> Subject: Re: [Owasp-csrfguard] First implementation of csrfguard
>        getting errors.
> To: owasp-csrfguard at lists.owasp.org
> Message-ID: <4E57CDC9.9080203 at stanford.edu>
> Content-Type: text/plain; charset="iso-8859-1"
>
> What version are you using?
> If you are building from github let me know the commit.
>
> On 8/25/11 5:45 PM, Steve Dittmann wrote:
> > Hello,
> >
> > This is my first attempt to implement csrfguard.
> >
> > I've added the Owasp.CsrfGuard.jar to the WEB-INF\lib and
> > the Owasp.CsrfGuard.properties to the WEB-INF folder.
> >
> > It also has been added to the classpath:
> >
> >
> CLASSPATH=;contrib.jar;;:\bea\WLSERV~1.0\common\eval\pointbase\lib\pbclient51.jar;C:\bea\WLSERV~1.0\server\lib\xqrl.jar;C:\apps\GTS\d_whsldm\deploy\d_whsldm\sdd_local\lib\com.ibm.mq.jar;C:\apps\GTS\d_whsldm\deploy\d_whsldm\sdd_local\prop\log4j.properties;C:\apps\GTS\d_whsldm\deploy\d_whsldm\sdd_local\lib\Owasp.CsrfGuard.jar;
> >
> > I'm receiving the below errors on my localhost when I attempt to
> > access the login page.
> >
> >
> > Cutoff Date is Wed Aug 24 17:22:47 PDT 2011
> > <Aug 25, 2011 5:23:10 PM PDT> <Warning> <HTTP> <BEA-101162> <User
> > defined listener org.owasp.csrfguard.CsrfGuardListener failed:
> > java.lang.RuntimeException: java.lang.NullPointerException.
> > java.lang.RuntimeException: java.lang.NullPointerException
> >         at
> >
> org.owasp.csrfguard.CsrfGuardListener.newInstance(CsrfGuardListener.java:49)
> >         at
> >
> org.owasp.csrfguard.CsrfGuardListener.sessionCreated(CsrfGuardListener.java:24)
> >         at
> >
> weblogic.servlet.internal.EventsManager.notifySessionLifetimeEvent(EventsManager.java:257)
> >         at
> >
> weblogic.servlet.internal.session.MemorySessionData.<init>(MemorySessionData.java:10)
> >         at
> >
> weblogic.servlet.internal.session.MemorySessionContext.getNewSession(MemorySessionContext.java:28)
> >         Truncated. see log file for complete stacktrace
> > java.lang.NullPointerException
> >         at java.io.File.<init>(File.java:194)
> >         at
> >
> org.owasp.csrfguard.CsrfGuardListener.getResourceStream(CsrfGuardListener.java:72)
> >         at
> >
> org.owasp.csrfguard.CsrfGuardListener.newInstance(CsrfGuardListener.java:46)
> >         at
> >
> org.owasp.csrfguard.CsrfGuardListener.sessionCreated(CsrfGuardListener.java:24)
> >         at
> >
> weblogic.servlet.internal.EventsManager.notifySessionLifetimeEvent(EventsManager.java:257)
> >         Truncated. see log file for complete stacktrace
> > >
> > <Aug 25, 2011 5:23:10 PM PDT> <Error> <HTTP> <BEA-101020>
> > <[weblogic.servlet.internal.WebAppServletContext at 19de9c9 - Servlet
> > failed with Exception
> > java.lang.NullPointerException
> >         at
> > org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:53)
> >         at
> >
> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
> >         at
> >
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
> >         at
> >
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
> >         at weblogic.security.service.SecurityManager.runAs(Unknown
> Source)
> >         Truncated. see log file for complete stacktrace
> >
> >
> > Below is the Web.xml:
> >
> > <web-app>
> > <display-name>SDDWeb</display-name>
> > <context-param>
> > <param-name>Owasp.CsrfGuard.Config</param-name>
> > <param-value>WEB-INF/Owasp.CsrfGuard.properties</param-value>
> > </context-param>
> > <context-param>
> > <param-name>Owasp.CsrfGuard.Config.Print</param-name>
> > <param-value>true</param-value>
> > </context-param>
> > <listener>
> > <listener-class>org.owasp.csrfguard.CsrfGuardListener</listener-class>
> > </listener>
> >
> >
> > <filter>
> > <filter-name>CSRFGuard</filter-name>
> > <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
> > </filter>
> > <filter-mapping>
> > <filter-name>CSRFGuard</filter-name>
> > <url-pattern>/*</url-pattern>
> > </filter-mapping>
> >
> >
> > <filter>
> > <filter-name>SessionFilter</filter-name>
> > <filter-class>com.sig.sdd.ui.utils.SddSessionFilter</filter-class>
> > <init-param>
> > <param-name>findSessionAttribute</param-name>
> > <param-value>user</param-value>
> > </init-param>
> > <init-param>
> > <param-name>message</param-name>
> > <param-value>error.session.expired</param-value>
> > </init-param>
> > <init-param>
> > <param-name>notFoundFoward</param-name>
> > <param-value>/sdd.do</param-value>
> > </init-param>
> > </filter>
> > <filter-mapping>
> > <filter-name>SessionFilter</filter-name>
> > <url-pattern>*.jsp</url-pattern>
> > </filter-mapping>
> > <filter-mapping>
> > <filter-name>SessionFilter</filter-name>
> > <url-pattern>*.do</url-pattern>
> > </filter-mapping>
> > <listener>
> > <listener-class>
> >              com.sig.sdd.ui.utils.ReceiptListener
> > </listener-class>
> > </listener>
> > <listener>
> >
> <listener-class>com.sig.sdd.ui.utils.DynaContentInitListener</listener-class>
> > </listener>
> > <servlet>
> > <servlet-name>action</servlet-name>
> > <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
> > <init-param>
> > <param-name>config</param-name>
> > <param-value>/WEB-INF/struts-config.xml</param-value>
> > </init-param>
> > <load-on-startup>1</load-on-startup>
> > </servlet>
> > <!-- Action Servlet Mapping -->
> > <servlet-mapping>
> > <servlet-name>action</servlet-name>
> > <url-pattern>*.do</url-pattern>
> > </servlet-mapping>
> > <servlet>
> > <servlet-name>AddressBook</servlet-name>
> > <servlet-class>com.eXtropia.app.servlet.ExtropiaServlet</servlet-class>
> > <init-param>
> > <param-name>ConfigFile</param-name>
> > <param-value>/WEB-INF/addressbook.xml</param-value>
> > </init-param>
> > <init-param>
> > <param-name>Reloadable</param-name>
> > <param-value>true</param-value>
> > </init-param>
> > <display-name>AddressBook</display-name>
> > </servlet>
> > <servlet-mapping>
> > <servlet-name>AddressBook</servlet-name>
> > <url-pattern>AddressBook</url-pattern>
> > </servlet-mapping>
> > <servlet>
> > <servlet-name>JavaScriptServlet</servlet-name>
> >
> <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
> > <init-param>
> > <param-name>source-file</param-name>
> > <param-value>WEB-INF/Owasp.CsrfGuard.js</param-value>
> > </init-param>
> > <init-param>
> > <param-name>inject-into-forms</param-name>
> > <param-value>true</param-value>
> > </init-param>
> > <init-param>
> > <param-name>inject-into-attributes</param-name>
> > <param-value>true</param-value>
> > </init-param>
> > <init-param>
> > <param-name>domain-strict</param-name>
> > <param-value>false</param-value>
> > </init-param>
> > <init-param>
> > <param-name>referer-pattern</param-name>
> > <param-value>.*localhost.*</param-value>
> > </init-param>
> > </servlet>
> >
> > <servlet-mapping>
> > <servlet-name>JavaScriptServlet</servlet-name>
> > <url-pattern>/JavaScriptServlet</url-pattern>
> > </servlet-mapping>
> > <!-- The Welcome File List -->
> > <welcome-file-list>
> > <welcome-file>index.jsp</welcome-file>
> > </welcome-file-list>
> > <!-- Application Tag Library Descriptor -->
> > <taglib>
> > <taglib-uri>/WEB-INF/app.tld</taglib-uri>
> > <taglib-location>/WEB-INF/app.tld</taglib-location>
> > </taglib>
> > <!-- Struts Tag Library Descriptors -->
> > <taglib>
> > <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
> > <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
> > </taglib>
> > <taglib>
> > <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
> > <taglib-location>/WEB-INF/struts-html.tld</taglib-location>
> > </taglib>
> > <taglib>
> > <taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
> > <taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
> > </taglib>
> >
> > <taglib>
> > <taglib-uri>/view-taglib</taglib-uri>
> > <taglib-location>/WEB-INF/view.tld</taglib-location>
> > </taglib>
> > <taglib>
> > <taglib-uri>/webdb-taglib</taglib-uri>
> > <taglib-location>/WEB-INF/webdb.tld</taglib-location>
> > </taglib>
> > <taglib>
> > <taglib-uri>/auth-taglib</taglib-uri>
> > <taglib-location>/WEB-INF/auth.tld</taglib-location>
> > </taglib>
> >
> > <session-config>
> > <session-timeout>30</session-timeout>
> > </session-config>
> > <error-page>
> > <error-code>404</error-code>
> > <location>error.jsp</location>
> > </error-page>
> > <error-page>
> > <error-code>500</error-code>
> > <location>error.jsp</location>
> > </error-page>
> > </web-app>
> >
> >
> > Any ideas?
> >
> > Thanks in advance.
> >
> > Steve
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Owasp-csrfguard mailing list
> > Owasp-csrfguard at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110826/3f1aadb7/attachment.html
>
> ------------------------------
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
>
> End of Owasp-csrfguard Digest, Vol 14, Issue 8
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110826/349ce599/attachment.html 


More information about the Owasp-csrfguard mailing list