[Owasp-csrfguard] NullPointerException after logging in when using OWASP CSRFGuard 3.0
Eric Sheridan
eric.sheridan at owasp.org
Mon Aug 12 16:16:17 UTC 2013
Have you tried pulling and building directly from GitHub? The 'dist'
bundle suffers from a couple NPE which have been addressed in git, but a
new 'dist' has not yet been rebuilt.
Sincerely,
Eric Sheridan
(twitter) @eric_sheridan
(blog) http://ericsheridan.blogspot.com
On 8/12/13 11:22 AM, Macomber, Zackary wrote:
> */*** I HAVE POSTED THE FOLLOWING AT STACK OVERFLOW AS WELL…NO RESPONSE
> YET… ***/*
>
>
>
> I am attempting to use the latest OWASP CSRFGuard (v3.0). After I log
> into my web application locally, I get the following error:
>
> [8/12/13 7:14:58:792 EDT] 00000023 servlet E
> com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0068E: An
> exception was thrown
>
> by one of the service methods of the servlet [action] in application
> [GuidingStars]. Exception created : [java.lang.NullPointerException
>
> at com.ibm.ws.session.SessionData.getSessionValue(SessionData.java:301)
>
> at com.ibm.ws.session.SessionData.getAttribute(SessionData.java:163)
>
> at org.owasp.csrfguard.CsrfGuard.updateToken(CsrfGuard.java:395)
>
> at
> org.owasp.csrfguard.CsrfGuardHttpSessionListener.sessionCreated(CsrfGuardHttpSessionListener.java:13)
>
>
>
> I have setup my csrfguard.properties file in a "barebones" fashion (see
> below) but still am getting this error.
>
>
>
> Any ideas on how to resolve this?
>
>
>
> Here's my properties file:
>
> org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
>
> org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
>
> org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
>
> org.owasp.csrfguard.TokenLength=32
>
> org.owasp.csrfguard.PRNG=SHA1PRNG
>
>
>
> Thanks,
>
>
>
> *Zack Macomber***
>
> Java EE Developer
>
> Delhaize America Shared Services Group, LLC
>
> t: 207.885.3963
>
> e: _zackary.macomber at delhaize.com <mailto:zackary.macomber at delhaize.com>_
>
>
>
>
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
More information about the Owasp-csrfguard
mailing list