Reputation: 21
OWASP ESAPI can't find my ESAPI.properties file although it exists in directory
I have problems configuring ESAPI to let it work with my Spring Boot Web Application (maven project).
I'm using this URL for help : https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
And from this URL I have chosen this part to put ESAPI.properties in a specific directory :
The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference * implementation, resources can be put in several locations, which are searched in the following order: *
* 1) Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ). *
So for that here is my code :
1 - In application.properties :
esapi.path=/data/folder/testApp/Apps/MyApp/ESAPIConf
2 - In StartupApplication.java (class that will be executed only once at the startup of my application) :
@Component
public class StartupApplication implements InitializingBean {
@Autowired
private Environment env;
@Override
@Transactional
public void afterPropertiesSet() throws Exception {
new GlobalVars();
GlobalVars.esapiPropertyFilePath = env.getProperty("esapi.path");
// this setResourceDirectory to be executed once
ESAPI.securityConfiguration().setResourceDirectory(GlobalVars.esapiPropertyFilePath);
...etc
}
3 - In my jsp page :
<form action="#" method="POST" onsubmit="linkVariabletoDBFields()">
<input type="hidden" name = "nameconf" id="nameconf" value="<%=ESAPI.encoder().encodeForHTMLAttribute(request.getParameter("confname")) %>" />
The Problem :
When the application server (JBOSS EAP 7.2) is starting and more specifically when StartupApplication class is executed the setResourceDirectory is returning :
ESAPI: Reset resource directory to: /data/folder/testApp/Apps/MyApp/ESAPIConf
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/linuxuser/ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: /data/folder/testApp/Apps/MyApp/ESAPIConf/ESAPI.properties
ESAPI: Not found in 'user.home' (/home/linuxuser) directory: /home/linuxuser/esapi/ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/linuxuser/validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: /data/folder/testApp/Apps/MyApp/ESAPIConf/validation.properties
ESAPI: Not found in 'user.home' (/home/linuxuser) directory: /home/linuxuser/esapi/validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from 'esapi/' using current thread context class loader!
It cannot find the properties file although the file exists in /data/folder/testApp/Apps/MyApp/ESAPIConf
And when I access my jsp page I'm getting :
Error : org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
I guess because the ESAPI.properties was not found.
Kindly help.
Upvotes: 1
Views: 9472
Answers (1)
Reputation: 69
Add this dependency in your pom.xml
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
</dependency>
Then Maven>Update Project This solved it for me. Weird thing is I never added this dependency before this problem cropped up and yet the ESAPI worked well.
Upvotes: 0
Related Questions
- ESAPI - Getting ClassNotFoundException with ESAPI 2.2.3.1
- Failed To Load ESAPI.properties Error In Java Spring Boot 2.6.7 After Updating The ESAPI Dependancy
- Cannot make the OWASP.ESAPI library to start up. Configuration issue?
- ESAPI 2.2.3.1 throwing org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException when using httpUtilities
- Setting resource directory for ESAPI
- Where can I find ESAPI.properties?
- OWASP ESAPI SecurityWrapper filter not loading on webapp deployed in Tomcat - Throws ClassNotFound Exception
- antisamy-esapi.xml not found when trying to use OWASP ESAPI
- Getting antisamy-esapi.xml not found exception while trying to use OWASP ESAPI library
- OWASP ESAPI - JavaEncryptor can't be found / not in classpath - but ESAPI is working in other functions