[Owasp-csrfguard] NullPointerException after logging in when using OWASP CSRFGuard 3.0

Macomber, Zackary Zackary.Macomber at delhaize.com
Mon Aug 12 15:22:58 UTC 2013


*** I HAVE POSTED THE FOLLOWING AT STACK OVERFLOW AS WELL...NO RESPONSE YET... ***

I am attempting to use the latest OWASP CSRFGuard (v3.0). After I log into my web application locally, I get the following error:
[8/12/13 7:14:58:792 EDT] 00000023 servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: An exception was thrown
by one of the service methods of the servlet [action] in application [GuidingStars]. Exception created : [java.lang.NullPointerException
    at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:301)
    at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
    at org.owasp.csrfguard.CsrfGuard.updateToken(CsrfGuard.java:395)
    at org.owasp.csrfguard.CsrfGuardHttpSessionListener.sessionCreated(CsrfGuardHttpSessionListener.java:13)

I have setup my csrfguard.properties file in a "barebones" fashion (see below) but still am getting this error.

Any ideas on how to resolve this?

Here's my properties file:
org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
org.owasp.csrfguard.TokenLength=32
org.owasp.csrfguard.PRNG=SHA1PRNG

Thanks,

Zack Macomber
Java EE Developer
Delhaize America Shared Services Group, LLC
t: 207.885.3963
e: zackary.macomber at delhaize.com<mailto:zackary.macomber at delhaize.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20130812/464b7052/attachment.html>


More information about the Owasp-csrfguard mailing list