[Owasp-csrfguard] First implementation of csrfguard getting errors.

Patrick Radtke pradtke at stanford.edu
Fri Aug 26 13:02:43 EDT 2011


It looks like it can't find your Owasp properties file.
Try specifying the full file path and see if it can find it then.
On 8/26/11 9:46 AM, Patrick Radtke wrote:
> What version are you using?
> If you are building from github let me know the commit.
>
> On 8/25/11 5:45 PM, Steve Dittmann wrote:
>> Hello,
>>
>> This is my first attempt to implement csrfguard.
>>
>> I've added the Owasp.CsrfGuard.jar to the WEB-INF\lib and 
>> the Owasp.CsrfGuard.properties to the WEB-INF folder.
>>
>> It also has been added to the classpath:
>>
>> CLASSPATH=;contrib.jar;;:\bea\WLSERV~1.0\common\eval\pointbase\lib\pbclient51.jar;C:\bea\WLSERV~1.0\server\lib\xqrl.jar;C:\apps\GTS\d_whsldm\deploy\d_whsldm\sdd_local\lib\com.ibm.mq.jar;C:\apps\GTS\d_whsldm\deploy\d_whsldm\sdd_local\prop\log4j.properties;C:\apps\GTS\d_whsldm\deploy\d_whsldm\sdd_local\lib\Owasp.CsrfGuard.jar;
>>
>> I'm receiving the below errors on my localhost when I attempt to 
>> access the login page.
>>
>>
>> Cutoff Date is Wed Aug 24 17:22:47 PDT 2011
>> <Aug 25, 2011 5:23:10 PM PDT> <Warning> <HTTP> <BEA-101162> <User 
>> defined listener org.owasp.csrfguard.CsrfGuardListener failed: 
>> java.lang.RuntimeException: java.lang.NullPointerException.
>> java.lang.RuntimeException: java.lang.NullPointerException
>>         at 
>> org.owasp.csrfguard.CsrfGuardListener.newInstance(CsrfGuardListener.java:49)
>>         at 
>> org.owasp.csrfguard.CsrfGuardListener.sessionCreated(CsrfGuardListener.java:24)
>>         at 
>> weblogic.servlet.internal.EventsManager.notifySessionLifetimeEvent(EventsManager.java:257)
>>         at 
>> weblogic.servlet.internal.session.MemorySessionData.<init>(MemorySessionData.java:10)
>>         at 
>> weblogic.servlet.internal.session.MemorySessionContext.getNewSession(MemorySessionContext.java:28)
>>         Truncated. see log file for complete stacktrace
>> java.lang.NullPointerException
>>         at java.io.File.<init>(File.java:194)
>>         at 
>> org.owasp.csrfguard.CsrfGuardListener.getResourceStream(CsrfGuardListener.java:72)
>>         at 
>> org.owasp.csrfguard.CsrfGuardListener.newInstance(CsrfGuardListener.java:46)
>>         at 
>> org.owasp.csrfguard.CsrfGuardListener.sessionCreated(CsrfGuardListener.java:24)
>>         at 
>> weblogic.servlet.internal.EventsManager.notifySessionLifetimeEvent(EventsManager.java:257)
>>         Truncated. see log file for complete stacktrace
>> >
>> <Aug 25, 2011 5:23:10 PM PDT> <Error> <HTTP> <BEA-101020> 
>> <[weblogic.servlet.internal.WebAppServletContext at 19de9c9 - Servlet 
>> failed with Exception
>> java.lang.NullPointerException
>>         at 
>> org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:53)
>>         at 
>> weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
>>         at 
>> weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3393)
>>         at 
>> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
>>         at weblogic.security.service.SecurityManager.runAs(Unknown 
>> Source)
>>         Truncated. see log file for complete stacktrace
>>
>>
>> Below is the Web.xml:
>>
>> <web-app>
>> <display-name>SDDWeb</display-name>
>> <context-param>
>> <param-name>Owasp.CsrfGuard.Config</param-name>
>> <param-value>WEB-INF/Owasp.CsrfGuard.properties</param-value>
>> </context-param>
>> <context-param>
>> <param-name>Owasp.CsrfGuard.Config.Print</param-name>
>> <param-value>true</param-value>
>> </context-param>
>> <listener>
>> <listener-class>org.owasp.csrfguard.CsrfGuardListener</listener-class>
>> </listener>
>>
>>
>> <filter>
>> <filter-name>CSRFGuard</filter-name>
>> <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>CSRFGuard</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>>
>> <filter>
>> <filter-name>SessionFilter</filter-name>
>> <filter-class>com.sig.sdd.ui.utils.SddSessionFilter</filter-class>
>> <init-param>
>> <param-name>findSessionAttribute</param-name>
>> <param-value>user</param-value>
>> </init-param>
>> <init-param>
>> <param-name>message</param-name>
>> <param-value>error.session.expired</param-value>
>> </init-param>
>> <init-param>
>> <param-name>notFoundFoward</param-name>
>> <param-value>/sdd.do</param-value>
>> </init-param>
>> </filter>
>> <filter-mapping>
>> <filter-name>SessionFilter</filter-name>
>> <url-pattern>*.jsp</url-pattern>
>> </filter-mapping>
>> <filter-mapping>
>> <filter-name>SessionFilter</filter-name>
>> <url-pattern>*.do</url-pattern>
>> </filter-mapping>
>> <listener>
>> <listener-class>
>>              com.sig.sdd.ui.utils.ReceiptListener
>> </listener-class>
>> </listener>
>> <listener>
>> <listener-class>com.sig.sdd.ui.utils.DynaContentInitListener</listener-class>
>> </listener>
>> <servlet>
>> <servlet-name>action</servlet-name>
>> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
>> <init-param>
>> <param-name>config</param-name>
>> <param-value>/WEB-INF/struts-config.xml</param-value>
>> </init-param>
>> <load-on-startup>1</load-on-startup>
>> </servlet>
>> <!-- Action Servlet Mapping -->
>> <servlet-mapping>
>> <servlet-name>action</servlet-name>
>> <url-pattern>*.do</url-pattern>
>> </servlet-mapping>
>> <servlet>
>> <servlet-name>AddressBook</servlet-name>
>> <servlet-class>com.eXtropia.app.servlet.ExtropiaServlet</servlet-class>
>> <init-param>
>> <param-name>ConfigFile</param-name>
>> <param-value>/WEB-INF/addressbook.xml</param-value>
>> </init-param>
>> <init-param>
>> <param-name>Reloadable</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> <display-name>AddressBook</display-name>
>> </servlet>
>> <servlet-mapping>
>> <servlet-name>AddressBook</servlet-name>
>> <url-pattern>AddressBook</url-pattern>
>> </servlet-mapping>
>> <servlet>
>> <servlet-name>JavaScriptServlet</servlet-name>
>> <servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
>> <init-param>
>> <param-name>source-file</param-name>
>> <param-value>WEB-INF/Owasp.CsrfGuard.js</param-value>
>> </init-param>
>> <init-param>
>> <param-name>inject-into-forms</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> <init-param>
>> <param-name>inject-into-attributes</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> <init-param>
>> <param-name>domain-strict</param-name>
>> <param-value>false</param-value>
>> </init-param>
>> <init-param>
>> <param-name>referer-pattern</param-name>
>> <param-value>.*localhost.*</param-value>
>> </init-param>
>> </servlet>
>>
>> <servlet-mapping>
>> <servlet-name>JavaScriptServlet</servlet-name>
>> <url-pattern>/JavaScriptServlet</url-pattern>
>> </servlet-mapping>
>> <!-- The Welcome File List -->
>> <welcome-file-list>
>> <welcome-file>index.jsp</welcome-file>
>> </welcome-file-list>
>> <!-- Application Tag Library Descriptor -->
>> <taglib>
>> <taglib-uri>/WEB-INF/app.tld</taglib-uri>
>> <taglib-location>/WEB-INF/app.tld</taglib-location>
>> </taglib>
>> <!-- Struts Tag Library Descriptors -->
>> <taglib>
>> <taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
>> <taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
>> </taglib>
>> <taglib>
>> <taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
>> <taglib-location>/WEB-INF/struts-html.tld</taglib-location>
>> </taglib>
>> <taglib>
>> <taglib-uri>/WEB-INF/struts-logic.tld</taglib-uri>
>> <taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
>> </taglib>
>>
>> <taglib>
>> <taglib-uri>/view-taglib</taglib-uri>
>> <taglib-location>/WEB-INF/view.tld</taglib-location>
>> </taglib>
>> <taglib>
>> <taglib-uri>/webdb-taglib</taglib-uri>
>> <taglib-location>/WEB-INF/webdb.tld</taglib-location>
>> </taglib>
>> <taglib>
>> <taglib-uri>/auth-taglib</taglib-uri>
>> <taglib-location>/WEB-INF/auth.tld</taglib-location>
>> </taglib>
>>
>> <session-config>
>> <session-timeout>30</session-timeout>
>> </session-config>
>> <error-page>
>> <error-code>404</error-code>
>> <location>error.jsp</location>
>> </error-page>
>> <error-page>
>> <error-code>500</error-code>
>> <location>error.jsp</location>
>> </error-page>
>> </web-app>
>>
>>
>> Any ideas?
>>
>> Thanks in advance.
>>
>> Steve
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-csrfguard mailing list
>> Owasp-csrfguard at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
>
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20110826/a9b8c7f3/attachment-0001.html 


More information about the Owasp-csrfguard mailing list