尝试使用ESAPI但出现错误

我正在尝试使用ESAPI.jar为我的Web应用程序提供安全性。基本上我刚刚开始使用ESAPI.jar。但是问题是我什至无法使用ESAPI运行简单的程序。小代码段是:

String clean = ESAPI.encoder().canonicalize("someString");

Randomizer r=ESAPI.randomizer();

System.out.println(r);

System.out.println(clean);

我收到此错误:

Attempting to load ESAPI.properties via file I/O.

Attempting to load ESAPI.properties as resource file via file I/O.

Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Eclipse-Workspace\Test\ESAPI.properties

Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties

Not found in 'user.home' (C:\Documents and Settings\user.user) directory: C:\Documents and Settings\user.user\esapi\ESAPI.properties

Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException

Attempting to load ESAPI.properties via the classpath.

ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.

Exception in thread "main" org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.

at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)

at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184)

at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)

at org.rancore.testJasp.TestEsapi.main(TestEsapi.java:59)

Caused by: java.lang.reflect.InvocationTargetException

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)

... 3 more

Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail.

at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)

at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)

at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)

... 8 more

Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.

at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667)

at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436)

... 10 more

我尝试将3个ESAPI属性文件复制到我的源文件夹中,并在构建路径上进行配置,但是仍然没有成功。我尝试了许多排列和组合都无济于事。

请指导我。

属性文件的内容为:

# User Messages

Error.creating.randomizer=Error creating randomizer

This.is.test.message=This {0} is {1} a test {2} message

# Validation Messages

# Log Messages

回答:

ESAPI.properties文件中应包含3行以上。参见例如:

https://web.archive.org/web/20150904064147/http://code.google.com:80/p/owasp-

esapi-

java/source/browse/trunk/configuration/esapi/ESAPI.properties

以我的经验,ESAPI.properties文件要么需要与esapi.jar放在同一文件夹中,要么需要编译到资源目录中的jar中。

/resources/ESAPI.properties

我相信任何一个都应该起作用。如果ESAPI找不到该文件,则它将在其他位置查找。

此处的代码在620行附近:

https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-

esapi-

java/source/browse/trunk/src/main/java/org/owasp/esapi/参考/DefaultSecurityConfiguration.java

以上是 尝试使用ESAPI但出现错误 的全部内容, 来源链接: utcz.com/qa/435371.html

回到顶部