Menu
I am trying to use ESAPI.jar for providing security to my web application.Basically I have just started using ESAPI.jar. But problem is I am not able to run even a simple program using ESAPI. The small code snippet is:
String clean = ESAPI.encoder().canonicalize("someString"); Randomizer r=ESAPI.randomizer(); System.out.println(r); System.out.println(clean); I get this error:
Attempting to load ESAPI.properties via file I/O. Attempting to load ESAPI.properties as resource file via file I/O. Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Eclipse-Workspace\Test\ESAPI.properties Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties Not found in 'user.home' (C:\Documents and Settings\user.user) directory: C:\Documents and Settings\user.user\esapi\ESAPI.properties Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException Attempting to load ESAPI.properties via the classpath. ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource. Exception in thread "main" org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception. at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184) at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99) at org.rancore.testJasp.TestEsapi.main(TestEsapi.java:59) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) ... 3 more Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail. at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439) at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227) at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75) ... 8 more Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource. at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667) at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436) ... 10 more I have tried copying the 3 ESAPI properties files in my source folder and also configuring them on build path but still I have not succeeded. I have tried many permutations and combinations to no avail.
Please guide me.
The content of property file is:
# User Messages Error.creating.randomizer=Error creating randomizer This.is.test.message=This {0} is {1} a test {2} message # Validation Messages # Log Messages 
600
If you put the ESAPI. properties and Validation. properties inside the resources folder it will recognize automatically. In case you need to specify s specific folder or sub-folders, one possibility is adding this property in your standalone.
properties. Add the ESAPI Jar to the classpath: right-click the project, choose Properties, then under Categories choose Libraries. Installation Tips: If you use a shared Libraries Folder, simply copy the ESAPI jar into the directory specified by Libraries Folder.
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications.
You can use the ESAPI. properties file to configure properties for the OWASP Enterprise Security API. This file contains validation patterns that have Validator.
The ESAPI.properties file should have more than 3 lines in it. See for example:
https://web.archive.org/web/20150904064147/http://code.google.com:80/p/owasp-esapi-java/source/browse/trunk/configuration/esapi/ESAPI.properties
In my experience the ESAPI.properties file either needs to be in the same folder as the esapi.jar or needs to be compiled into the jar in a resources directory.
/resources/ESAPI.properties I believe that either one should work. If ESAPI does not find the file it one location it looks in others.
The code for that is here around line 620:
https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
