英文:
OWASP ESAPI can't find my ESAPI.properties file although it exists in directory
问题
以下是翻译好的内容:
我在配置ESAPI以使其与我的Spring Boot Web应用程序(Maven项目)一起工作时遇到了问题。
我正在使用以下URL进行帮助:https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
并且从这个URL中,我选择了以下部分将ESAPI.properties放在特定目录中:
>参考{@code SecurityConfiguration}在单个位置管理ESAPI使用的所有设置。在这个参考实现中,资源可以放在几个位置,按以下顺序进行搜索:
><p>
>1)在使用SecurityConfiguration.setResourceDirectory( "C:\temp\resources" )调用设置的目录内。
><p>
所以为此,这是我的代码:
1 - 在 application.properties 中:
esapi.path=/data/folder/testApp/Apps/MyApp/ESAPIConf
2 - 在 StartupApplication.java 中(只在应用程序启动时执行一次的类):
@Component
public class StartupApplication implements InitializingBean {
@Autowired
private Environment env;
@Override
@Transactional
public void afterPropertiesSet() throws Exception {
new GlobalVars();
GlobalVars.esapiPropertyFilePath = env.getProperty("esapi.path");
// 这将被执行一次,将setResourceDirectory设置为指定目录
ESAPI.securityConfiguration().setResourceDirectory(GlobalVars.esapiPropertyFilePath);
// ...等等
}
}
3 - 在我的 jsp页面 中:
<form action="#" method="POST" onsubmit="linkVariabletoDBFields()">
<input type="hidden" name="nameconf" id="nameconf" value="<%=ESAPI.encoder().encodeForHTMLAttribute(request.getParameter("confname")) %>" />
问题:
当应用程序服务器(JBOSS EAP 7.2)启动时,更具体地说是在执行StartupApplication类时,setResourceDirectory 返回:
ESAPI: 重置资源目录为:/data/folder/testApp/Apps/MyApp/ESAPIConf
ESAPI: 尝试通过文件I/O加载ESAPI.properties。
ESAPI: 尝试通过文件I/O将ESAPI.properties加载为资源文件。
ESAPI: 在'org.owasp.esapi.resources'目录中未找到,或文件不可读:/home/linuxuser/ESAPI.properties
ESAPI: 在SystemResource目录/resourceDirectory中未找到:/data/folder/testApp/Apps/MyApp/ESAPIConf/ESAPI.properties
ESAPI: 在'user.home'(/home/linuxuser)目录中未找到:/home/linuxuser/esapi/ESAPI.properties
ESAPI: 通过文件I/O加载ESAPI.properties失败。异常是:java.io.FileNotFoundException
ESAPI: 尝试通过类路径加载ESAPI.properties。
ESAPI: 成功通过类路径从'/'(根)加载ESAPI.properties,使用当前线程上下文类加载器!
ESAPI: 在ESAPI.properties中未找到Validator.ConfigurationFile.MultiValued的SecurityConfiguration。使用默认值:false
ESAPI: 尝试通过文件I/O加载validation.properties。
ESAPI: 尝试通过文件I/O将validation.properties加载为资源文件。
ESAPI: 在'org.owasp.esapi.resources'目录中未找到,或文件不可读:/home/linuxuser/validation.properties
ESAPI: 在SystemResource目录/resourceDirectory中未找到:/data/folder/testApp/Apps/MyApp/ESAPIConf/validation.properties
ESAPI: 在'user.home'(/home/linuxuser)目录中未找到:/home/linuxuser/esapi/validation.properties
ESAPI: 通过文件I/O加载validation.properties失败。
ESAPI: 尝试通过类路径加载validation.properties。
ESAPI: 成功通过类路径从'esapi/'加载validation.properties,使用当前线程上下文类加载器!
尽管文件实际上存在于**/data/folder/testApp/Apps/MyApp/ESAPIConf**中,但它无法找到属性文件。
当我访问我的jsp页面时,我收到以下错误:
错误:org.owasp.esapi.errors.ConfigurationException:java.lang.reflect.InvocationTargetException Encoder类(org.owasp.esapi.reference.DefaultEncoder)的构造函数抛出异常。
我猜是因为找不到ESAPI.properties文件。
请帮忙解决。
英文:
I have problems configuring ESAPI to let it work with my Spring Boot Web Application (maven project).
I'm using this URL for help : https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
And from this URL I have chosen this part to put ESAPI.properties in a specific directory :
>The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference
- implementation, resources can be put in several locations, which are searched in the following order:
- <p>
-
- Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ).
- <p>
So for that here is my code :
1 - In application.properties :
esapi.path=/data/folder/testApp/Apps/MyApp/ESAPIConf
2 - In StartupApplication.java (class that will be executed only once at the startup of my application) :
@Component
public class StartupApplication implements InitializingBean {
@Autowired
private Environment env;
@Override
@Transactional
public void afterPropertiesSet() throws Exception {
new GlobalVars();
GlobalVars.esapiPropertyFilePath = env.getProperty("esapi.path");
// this setResourceDirectory to be executed once
ESAPI.securityConfiguration().setResourceDirectory(GlobalVars.esapiPropertyFilePath);
...etc
}
3 - In my jsp page :
<form action="#" method="POST" onsubmit="linkVariabletoDBFields()">
<input type="hidden" name = "nameconf" id="nameconf" value="<%=ESAPI.encoder().encodeForHTMLAttribute(request.getParameter("confname")) %>" />
The Problem :
When the application server (JBOSS EAP 7.2) is starting and more specifically when StartupApplication class is executed the setResourceDirectory is returning :
ESAPI: Reset resource directory to: /data/folder/testApp/Apps/MyApp/ESAPIConf
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/linuxuser/ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: /data/folder/testApp/Apps/MyApp/ESAPIConf/ESAPI.properties
ESAPI: Not found in 'user.home' (/home/linuxuser) directory: /home/linuxuser/esapi/ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/linuxuser/validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: /data/folder/testApp/Apps/MyApp/ESAPIConf/validation.properties
ESAPI: Not found in 'user.home' (/home/linuxuser) directory: /home/linuxuser/esapi/validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from 'esapi/' using current thread context class loader!
It cannot find the properties file although the file exists in /data/folder/testApp/Apps/MyApp/ESAPIConf
And when I access my jsp page I'm getting :
Error : org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
I guess because the ESAPI.properties was not found.
Kindly help.
答案1
得分: 0
将以下内容添加到您的 pom.xml 文件中:
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
</dependency>
然后执行 Maven > 更新项目。
这对我来说解决了问题。
奇怪的是,在这个问题出现之前,我从未添加过这个依赖,但 ESAPI 却正常工作。
英文:
Add this dependency in your pom.xml
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
</dependency>
Then Maven>Update Project
This solved it for me.
Weird thing is I never added this dependency before this problem cropped up and yet the ESAPI worked well.
专注分享java语言的经验与见解,让所有开发者获益!
评论