[Owasp-csrfguard] NullPointerException after logging in when using OWASP CSRFGuard 3.0

Eric Sheridan eric.sheridan at owasp.org
Mon Aug 12 16:16:17 UTC 2013


Have you tried pulling and building directly from GitHub? The 'dist'
bundle suffers from a couple NPE which have been addressed in git, but a
new 'dist' has not yet been rebuilt.

Sincerely,
Eric Sheridan
(twitter) @eric_sheridan
(blog) http://ericsheridan.blogspot.com

On 8/12/13 11:22 AM, Macomber, Zackary wrote:
> */*** I HAVE POSTED THE FOLLOWING AT STACK OVERFLOW AS WELL…NO RESPONSE
> YET… ***/*
> 
>  
> 
> I am attempting to use the latest OWASP CSRFGuard (v3.0). After I log
> into my web application locally, I get the following error:
> 
> [8/12/13 7:14:58:792 EDT] 00000023 servlet       E
> com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: An
> exception was thrown
> 
> by one of the service methods of the servlet [action] in application
> [GuidingStars]. Exception created : [java.lang.NullPointerException
> 
>     at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:301)
> 
>     at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
> 
>     at org.owasp.csrfguard.CsrfGuard.updateToken(CsrfGuard.java:395)
> 
>     at
> org.owasp.csrfguard.CsrfGuardHttpSessionListener.sessionCreated(CsrfGuardHttpSessionListener.java:13)
> 
>  
> 
> I have setup my csrfguard.properties file in a "barebones" fashion (see
> below) but still am getting this error.
> 
>  
> 
> Any ideas on how to resolve this?
> 
>  
> 
> Here's my properties file:
> 
> org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
> 
> org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
> 
> org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
> 
> org.owasp.csrfguard.TokenLength=32
> 
> org.owasp.csrfguard.PRNG=SHA1PRNG
> 
>  
> 
> Thanks,
> 
>  
> 
> *Zack Macomber***
> 
> Java EE Developer
> 
> Delhaize America Shared Services Group, LLC
> 
> t: 207.885.3963
> 
> e: _zackary.macomber at delhaize.com <mailto:zackary.macomber at delhaize.com>_
> 
>  
> 
> 
> 
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
> 


More information about the Owasp-csrfguard mailing list