尝试使用ESAPI但出现错误
我正在尝试使用ESAPI.jar为我的Web应用程序提供安全性。基本上我刚刚开始使用ESAPI.jar。但是问题是我什至无法使用ESAPI运行简单的程序。小代码段是:
String clean = ESAPI.encoder().canonicalize("someString");Randomizer r=ESAPI.randomizer();
System.out.println(r);
System.out.println(clean);
我收到此错误:
Attempting to load ESAPI.properties via file I/O.Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Eclipse-Workspace\Test\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' (C:\Documents and Settings\user.user) directory: C:\Documents and Settings\user.user\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
Exception in thread "main" org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)
at org.rancore.testJasp.TestEsapi.main(TestEsapi.java:59)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 3 more
Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail.
at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
... 8 more
Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436)
... 10 more
我尝试将3个ESAPI属性文件复制到我的源文件夹中,并在构建路径上进行配置,但是仍然没有成功。我尝试了许多排列和组合都无济于事。
请指导我。
属性文件的内容为:
# User MessagesError.creating.randomizer=Error creating randomizer
This.is.test.message=This {0} is {1} a test {2} message
# Validation Messages
# Log Messages
回答:
ESAPI.properties文件中应包含3行以上。参见例如:
https://web.archive.org/web/20150904064147/http://code.google.com:80/p/owasp-
esapi-
java/source/browse/trunk/configuration/esapi/ESAPI.properties
以我的经验,ESAPI.properties文件要么需要与esapi.jar放在同一文件夹中,要么需要编译到资源目录中的jar中。
/resources/ESAPI.properties我相信任何一个都应该起作用。如果ESAPI找不到该文件,则它将在其他位置查找。
此处的代码在620行附近:
https://web.archive.org/web/20161005210258/http://code.google.com/p/owasp-
esapi-
java/source/browse/trunk/src/main/java/org/owasp/esapi/参考/DefaultSecurityConfiguration.java
以上是 尝试使用ESAPI但出现错误 的全部内容, 来源链接: utcz.com/qa/435371.html
