I am trying to use ESAPI.jar for providing security to my web application.Basically I have just started using ESAPI.jar.
But problem is I am not able to run even a simple program using ESAPI.
The small code snippet is:
String clean = ESAPI.encoder().canonicalize("someString");
Randomizer r=ESAPI.randomizer();
System.out.println(r);
System.out.println(clean);
I get this error:
Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Eclipse-Workspace\Test\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' (C:\Documents and Settings\user.user) directory: C:\Documents and Settings\user.user\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
Exception in thread "main" org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)
at org.rancore.testJasp.TestEsapi.main(TestEsapi.java:59)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 3 more
Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail.
at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
... 8 more
Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436)
... 10 more
I have tried copying the 3 ESAPI properties files in my source folder and also configuring them on build path but still I have not succeeded. I have tried many permutations and combinations to no avail.
Please guide me.
The content of property file is:
# User Messages
Error.creating.randomizer=Error creating randomizer
This.is.test.message=This {0} is {1} a test {2} message
# Validation Messages
# Log Messages
The ESAPI.properties file should have more than 3 lines in it. See for example:
https://web.archive.org/web/20150904064147/http://code.google.com:80/p/owasp-esapi-java/source/browse/trunk/configuration/esapi/ESAPI.properties
In my experience the ESAPI.properties file either needs to be in the same folder as the esapi.jar or needs to be compiled into the jar in a resources directory.
/resources/ESAPI.properties
I believe that either one should work. If ESAPI does not find the file it one location it looks in others.
The code for that is here around line 620:
https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
I just struggled through this one myself.
I created a folder called esapi in my C:/users/myname/ directory and loaded up the ESAPI.properties, validation.properties, and the ESAPI-AccessControlPolicy.xml which got me past all the not finding files errors. ESAPI looks in several places for the files. I'm running Windows 7 64 bit by the way.
Then I had to update some of the jars. I should have done this from the beginning, but I didn't know it. I was getting this error:
AccessController class (org.owasp.esapi.reference.DefaultAccessController) CTOR threw exception.
for every jar that needed to be a newer version, like commons collections or log4j. At the bottom of the stack trace it would reference the offending jar.
When I added the newer jars from the esapi lib directory everything just worked!
I got this message at the end in my console:
ESAPI.accessController found: org.owasp.esapi.reference.DefaultAccessController#1cb8deef
Note: There is an ESAPI_en_US.properties file, but it's the one with only a few lines in it. Just use the file in: \esapi-2.1.0-dist\src\test\resources\esapi\ESAPI.properties. That is the full complete file.
After having this problem and looking at the installation documentation (esapi-x.x.x-dist\documentation\esapi4java-core-x-x-install-guide.pdf) I found a very useful section which detailed that the properties file can be anywhere, provided a vm flag (-Dorg.owasp.esapi.resources=path") points to a particular directory.
For example, if I stick the file in a "resources" folder at the root of my project directory, then the flag would be:
-Dorg.owasp.esapi.resources="path\to\project\root\resources"
The reference SecurityConfiguration manages all the settings used by the ESAPI in a single place. In this reference implementation, resources can be put in several locations, which are searched in the following order:
1) Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ).
2) Inside the System.getProperty( "org.owasp.esapi.resources" ) directory. You can set this on the java command line as follows (for example):
java -Dorg.owasp.esapi.resources="C:\temp\resources"
You may have to add this to the start-up script that starts your web server. For example, for Tomcat, in the "catalina" script that starts Tomcat, you can set the JAVA_OPTS variable to the -D string above.
3) Inside the System.getProperty( "user.home" ) + "/.esapi" directory (supported for backward compatibility) or inside the System.getProperty( "user.home" ) + "/esapi" directory.
4) The first ".esapi" or "esapi" directory on the classpath. (The former for backward compatibility.)
Can you put your file (with this name) in:
D:\Eclipse-Workspace\Test\ESAPI.properties
And show us the contents and exception again.
Extract the esapi jar
create a folder named resources under org.owasp.esapi
copy ESAPI.properties to the org.owasp.esapi.resources
Build and deploy
extract the jar
add properties file under resources folder.
initially getting same error, after updating properties file it worked for me
Thanks for providing the information
-Dorg.owasp.esapi.resources="path\to\project\root\resources"
This is a good source of information and has resolved my issue
I had the same problem too. I resolved it using a little bit of James Drinkard solution. What I basically did is created a new folder with name ESAPI and added ESAPI.properties file, Validation.properties, and the ESAPI-AccessControlPolicy.xml. And archived it into a jar file and added to the lib folder under WebContet/WEB-INF and build it to the path and it worked.
*To archive it into a jar file I used windows command move ESAPI ESAPI.jar
Look at the various scripts under 'src/examples/scripts' and they will show you one easy way to control where the ESAPI.properties files is found. (This is for ESAPI 2.0 or later.)
You will find a copy of the ESAPI.properties file will be under 'configuration/esapi'.
Related
For context, I'm trying to configure my Spark session to use fair scheduling. For that reason I have a file, fairscheduler.xml, at the 'root' of my resources folder. This file is correctly packaging into my build folder in the location I'd expect.
To further prove that's working, I have this line:
val mypath = getClass.getResource("/fairscheduler.xml")
That is working and returns exactly the path I'd expect: /<some path>/<my jar>/fairscheduler.xml
The following is throwing a FileNotFound exception:
sessionBuilder
...
.config("spark.scheduler.mode", "FAIR")
.config("spark.scheduler.allocation.file", mypath.toString) <- THIS LINE
.config("spark.scheduler.pool", "fair_pool")
...
.getOrCreate
Just for sanity, I have logged out mypath.toString.
Why is it that the spark session builder can't recognize a resource file that otherwise seems valid? Does it expect "spark configuration" files to exist somewhere specific? Or am I completely missing some dumb little thing here?
This is not a Apache Spark limitation but an expected behaviour of how resource files are handled in Java JAR files. Question How to get a path to a resource in a Java JAR file provides more details and a workaround of persisting the content in a temp file.
I am trying to remove the OS-specific chromium binaries to shrink the size of a jar, and install them on first run. I tried to follow the docs, so I removed the -mac, -linux, and -win jxbrowser jars from the pom.xml file, extracted the jxbrowser-mac-6.17.jar into a directory, and set JXBrowser to load the binaries from there, via the following 3 functions (one at a time and combining them):
BrowserPreferences.setChromiumDir(path), System.setProperty("jxbrowser.chromium.dir", path), and System.setProperty(BrowserPreferences.CHROMIUM_DIR_PROPERTY, path)
The specified directory contains the jxbrowser-mac-6.17.jar and its extracted files (7zr-mac, chromium-mac.7z, com and META_INF directories). I am creating a lightweight browser with the following:
BrowserContextParams params = new BrowserContextParams(chromiumDir.getAbsolutePath());
BrowserContext context = new BrowserContext(params);
Browser browser = new Browser(BrowserType.LIGHTWEIGHT, context);
When this code runs, the 7zr-mac and chromium-mac.7z files disappear from the directory, and several errors are thrown, like these:
Caused by: com.teamdev.jxbrowser.chromium.internal.ChromiumExtractorException: Failed to extract Chromium binaries into /Users/bsettle/CytoscapeConfiguration/3/karaf_data/tmp/browsercore-60.0.3112.113.6.17/jxbrowser-mac-6.17
at com.teamdev.jxbrowser.chromium.internal.ChromiumExtractor.extractChromiumBinariesIfNecessary(SourceFile:88)
at com.teamdev.jxbrowser.chromium.internal.ipc.IPC.<init>(SourceFile:66)
at com.teamdev.jxbrowser.chromium.internal.ipc.IPC.create(SourceFile:96)
at com.teamdev.jxbrowser.chromium.internal.ipc.IPC$a.<clinit>(SourceFile:443)
... 7 more
Caused by: java.lang.IllegalArgumentException: The /chromium-mac.7z resource cannot be found in JAR files
at com.teamdev.jxbrowser.chromium.internal.XZExtractor.a(SourceFile:112)
at com.teamdev.jxbrowser.chromium.internal.XZExtractor.a(SourceFile:69)
at com.teamdev.jxbrowser.chromium.internal.XZExtractor.extract(SourceFile:37)
at com.teamdev.jxbrowser.chromium.internal.b.run(SourceFile:1066)
at java.security.AccessController.doPrivileged(Native Method)
at com.teamdev.jxbrowser.chromium.internal.ChromiumExtractor.extractChromiumBinariesIfNecessary(SourceFile:60)
... 10 more
All of the errors state that JxBrowser Failed to extract Chromium binaries because The ___ resource cannot be found in JAR files, but it shouldn't be trying to extract them if they already exist in the Chromium directory? (according to the docs).
If I try to open the browser again (pointing to the directory with the binary files now missing, I get a new error:
Exception in thread "Thread-150" java.lang.NoClassDefFoundError: Could not initialize class com.teamdev.jxbrowser.chromium.BrowserContext
at org.cytoscape.cyndex2.internal.util.BrowserManager.getJXBrowser(BrowserManager.java:72)
at org.cytoscape.cyndex2.internal.util.BrowserManager.getBrowserView(BrowserManager.java:49)
at org.cytoscape.cyndex2.internal.task.LoadBrowserTask$1.run(LoadBrowserTask.java:53)
at java.lang.Thread.run(Thread.java:748)
Even though the base jxbrowser-6.17.jar is still packaged with the app.
I'm not sure what else to try, but I would like to not have to package the OS-specific binaries with the jar because that raises the file size from 8MB to 160MB.
Thanks
Each platform-specific JAR file contains a 7z archive inside with binary files. JxBrowser expects to find the binary files from the corresponding archive in the directory specified by the jxbrowser.chromium.dir System Property and in case they do not exist, tries to extract them. To make it work please extract the binaries from the corresponding archive into the directory specified by the jxbrowser.chromium.dir System Property.
Both class.getResource(FILE_NAME) and class.getClass().getClassLoader().getResource(FILE_NAME) run perfectly inside my eclipse but the same code getting failed to locate the file which is inside the jar file, when run as an executable jar in windows machine.
I have gone through all related links available for this problem (well, not exactly the same issue but 90% in sync), asked for solution but no reply came from any of those posts, so I'm posting my issue as a separate question hoping for help on this.
In total, 4 cases I have ran to resolve but none worked so far and I'm out of ideas now.
class.getClass().getClassLoader().getResource("/resources/readme.txt");
class.getResource("/resources/readme.txt");
class.getClass().getClassLoader().getResource("resources/readme.txt");
class.getResource("resources/readme.txt");
Ouf of all the above 4 cases, only 2 cases ran successfully in eclipse which are as mentioned below.
class.getResource("/resources/readme.txt");
class.getClass().getClassLoader().getResource("resources/readme.txt");
The other 2 cases just throwing me Exception in thread "main" java.lang.NullPointerException
Coming to the executable jar, all 4 cases are throwing me the Exception in thread "main" java.lang.NullPointerException.
So I have created a folder named resources where my jar is residing and placed my files inside this folder and ran the jar. Now the jar is running without any issues referring to the files inside the resources folder I created. So wherever I run this jar (windows, linux etc.,) I need to create a resources folder and place my files under the folder. Now the question is, can it be possible to make my jar refer the resources folder which is inside the jar itself?
Any help on this is much appreciated!
To get your txt file:
File yourFileIsHere = new File("resources/readme.txt");
Where put your file?
In the same location of your jar, example:
myapp/yourjar.jar
myapp/resources/readme.txt
If you want read file inside of your "src" folder:
InputStream yourInputStream = new YourClass().getClass().getClassLoader().getResourceAsStream("readme.txt");
If you are using Spring:
org.springframework.util.ResourceUtils.getFile("classpath:readme.txt")
Otherwise:
import com.google.common.io.Resources
byte[] byteSource = Resources.asByteSource(Resources.getResource("readme.txt")).read()
method class.getClass().getClassLoader().getResource() may take 3 prefixes: url:, classpath: and file: each prefix tells what is your base of search. If you want to search inside your jar use classpath: prefix. That tells your classloader to search everywhere within your classpath. Here is one example how to deal with it with Spring tools. Look also at ResourceLoader class in Spring
i have created two different java projects on project is depend on other and
like A project and B project A project has logs folder and in log4j.xml i have given relative path of log files
now i am using A project as api in B project and i have created executable jar of B project when i am calling B it is giving me FileNotFoundException.
Please suggest me .............
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: ..\Framework\logs\log.log (The system cannot find the path specified)
at java.io.FileOutputStream.openAppend(Native Method)
at java.io.FileOutputStream.<init>(Unknown Source)
at java.io.FileOutputStream.<init>(Unknown Source)
at org.apache.log4j.FileAppender.setFile(FileAppender.java:273)
at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:152)
at org.apache.log4j.DailyRollingFileAppender.activateOptions(DailyRollingFileAppender.java:206)
at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:247)
at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:210)
at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:140)
at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:153)
at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:415)
at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:384)
at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:783)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:666)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:616)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:602)
at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:460)
at org.apache.log4j.LogManager.<clinit>(LogManager.java:113)
at com.netapp.ca.framework.logger.LogImpl.<init>(LogImpl.java:35)
log4j:ERROR Either File or DatePattern options are not set for appender [allLog].
log4j:ERROR setFile(null,true) call failed.
I think you are executing from a jar, and therefore (of course) the path is wrong because you can't save log files (normally) within a jar.
I've had the same problem and worked it out writing the following method to receive a path where my application can work:
String applicationPath = this.getClass().getProtectionDomain().getCodeSource().getLocation().getPath();
applicationPath = applicationPath.replace('\\', '/');
if (applicationPath.startsWith("file:")) applicationPath = applicationPath.substring(5);
if (applicationPath.contains(".jar")) {
String[] parts = applicationPath.split("/");
applicationPath = applicationPath.replaceAll(parts[parts.length - 1], "");
}
I don't know how your application is structured but I think this code could help you. Simply write the "applicationPath" to the console and you know what's wrong with the path. I bet it is something like the jar-problem.
It is unclear what you are trying to do, but in simple terms it appears that Log4J cannot find the logfile which you specified in the log4j.xml config.
It is best to use absolute paths when specifying the logging directory for Log4J, but if you insist in using relative paths then make sure you are absolutely sure which directory is the "working directory" for your application.
You can log the working directory for your application with the following code (put this in your Java executable, main method):
System.out.println(System.getProperty("user.dir"));
Once you know the working directory, you can update the logfile path in your log4j.xml config.
I´m currentl trying to get into JavaFX 2.0 but I can´t get .css Stylesheets to work within my application. I´ve followed the guide at http://docs.oracle.com/javafx/2/get_started/css.htm#BABBGJBI but whenever I try to import a .css file via
scene.getStylesheets().add(Login.class.getResource("loginform.css").toExternalForm());
I get the following Error:
Exception in Application start method
Exception in thread "main" java.lang.RuntimeException: Exception in Application start method
at com.sun.javafx.application.LauncherImpl.launchApplication1(LauncherImpl.java:399)
at com.sun.javafx.application.LauncherImpl.access$000(LauncherImpl.java:47)
at com.sun.javafx.application.LauncherImpl$1.run(LauncherImpl.java:115)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NullPointerException
at Login.start(Login.java:68)
at com.sun.javafx.application.LauncherImpl$5.run(LauncherImpl.java:315)
at com.sun.javafx.application.PlatformImpl$4.run(PlatformImpl.java:174)
at com.sun.javafx.application.PlatformImpl$3.run(PlatformImpl.java:141)
at com.sun.glass.ui.win.WinApplication._runLoop(Native Method)
at com.sun.glass.ui.win.WinApplication.access$100(WinApplication.java:29)
at com.sun.glass.ui.win.WinApplication$2$1.run(WinApplication.java:62)
... 1 more
The css path is located in my eclipse project path:
C:\Users\UserName\Dropbox\Documents\Eclipse\FirstExamples\loginform.css
I´d appreciate any help, I can´t get it working, not with absolute paths nor with relative ones like shown in the example.
Check the compiled output path of your eclipse project and ensure that loginform.css is in the same directory as Login.class
I´ve solved the problem by putting stylesheets into my src folder not
a very nice solution but going up by ../formm.css doesn´t seem to work
dunno why
You are requesting the css file via the class.getResource method, which will look for the resource in the same location the class is located. When you put the stylesheet in your src folder, then whatever build system you are using is copying the stylesheet to the same directory as Login.class during the build. When you don't place it in that src folder, then the copy is not occuring.
If you don't want to place the css file in the same directory as your Java source, then either set your build system up to copy it across from another directory OR don't use the classloader mechanism when you add a stylesheet, e.g. use an absolute file or http url or a file url based on the user.dir system property (current working directory) instead.
Really though, just placing leaving the stylesheet in the src folder and accessing it in the manner you are doing is fine and it also makes resource location easy when you deploy the app to different environments.
If you use anything as a resource, you have to prefix the name of it with "/" and that resource has to be on the classpath.
I have the setup with a directory e.g. resources, which contains the .css. Then I use this:
scene.getStylesheets().add(Login.class.getResource("/loginform.css").toExternalForm());
The directory 'resources' which contains the .css file is added to the classpath (in Eclipse, for example, just make it be a source folder).
It is however pity that the exception is totally useless; I've noticed that the .css was the problem when I added it for the first time.