本文介绍了尝试使用 ESAPI 但出现错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用 ESAPI.jar 为我的 Web 应用程序提供安全性.基本上我刚刚开始使用 ESAPI.jar.但问题是我什至无法使用 ESAPI 运行一个简单的程序.小代码片段是:

I am trying to use ESAPI.jar for providing security to my web application.Basically I have just started using ESAPI.jar.But problem is I am not able to run even a simple program using ESAPI.The small code snippet is:

String clean = ESAPI.encoder().canonicalize("someString");
Randomizer r=ESAPI.randomizer();
System.out.println(r);
System.out.println(clean);

我收到此错误:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: D:Eclipse-WorkspaceTestESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapiESAPI.properties
Not found in 'user.home' (C:Documents and Settingsuser.user) directory: C:Documents and Settingsuser.useresapiESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
Exception in thread "main" org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
    at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184)
    at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)
    at org.rancore.testJasp.TestEsapi.main(TestEsapi.java:59)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
    ... 3 more
Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail.
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
    ... 8 more
Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667)
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436)
    ... 10 more

我已尝试复制源文件夹中的 3 个 ESAPI 属性文件,并在构建路径上配置它们,但仍然没有成功.我尝试了很多排列组合都无济于事.

I have tried copying the 3 ESAPI properties files in my source folder and also configuring them on build path but still I have not succeeded. I have tried many permutations and combinations to no avail.

请指导我.

属性文件内容为:

# User Messages
Error.creating.randomizer=Error creating randomizer

This.is.test.message=This {0} is {1} a test {2} message

# Validation Messages

# Log Messages

推荐答案

ESAPI.properties 文件中应该有 3 行以上.参见示例:

The ESAPI.properties file should have more than 3 lines in it. See for example:

https://web.archive.org/web/20150904064147/http://code.google.com:80/p/owasp-esapi-java/source/browse/trunk/configuration/esapi/ESAPI.properties

根据我的经验,ESAPI.properties 文件要么需要与 esapi.jar 位于同一文件夹中,要么需要编译到资源目录中的 jar 中.

In my experience the ESAPI.properties file either needs to be in the same folder as the esapi.jar or needs to be compiled into the jar in a resources directory.

/resources/ESAPI.properties

我相信任何一个都应该有效.如果 ESAPI 没有在一个位置找到该文件,它会在其他位置查找.

I believe that either one should work. If ESAPI does not find the file it one location it looks in others.

代码在第 620 行附近:

The code for that is here around line 620:

https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java

这篇关于尝试使用 ESAPI 但出现错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 00:45