我的代码使用org.owasp.esapi 2.2.0.0,但升级到2.2.3.1后,我得到了classnotfoundexception。
我的代码类似于:
Properties esapiProps = new Properties();
try {
esapiProps.load( SecurityUtil.class.getResourceAsStream("/ESAPI.properties") );
} catch (IOException | NullPointerException e) {
logger.log(Level.SEVERE, "esapi Exception: ", e);
}
ESAPI.override( new DefaultSecurityConfiguration(esapiProps));
// ----- Then canonicalize an input -----
ESAPI.encoder().canonicalize(input);
我阅读了发行说明并添加了一些属性和esapi java日志
my esapi.properties(类内路径)
ESAPI.printProperties=true
LogLevel=INFO
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
Logger.ApplicationName=My Test Application
Logger.LogEncodingRequired=false
Logger.LogApplicationName=true
Logger.LogServerIP=true
Logger.LogFileName=ESAPI_logging_file
Logger.MaxLogFileSize=10000000
Logger.UserInfo=true
Logger.ClientInfo=true
我的esapi-java-logging.properties(类路径中)
handlers= java.util.logging.ConsoleHandler
.level= INFO
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
但我有一个例外:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor521.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:569)
at [internal classes]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
... 15 more
如果我更改esapi.properties并复制https://raw.githubusercontent.com/esapi/esapi-java-legacy/develop/configuration/esapi/esapi.properties,classnotfoundexception消失,我得到nullpointerexception异常:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor523.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: java.lang.ExceptionInInitializerError
... 20 more
Caused by: java.lang.NullPointerException
... 22 more
暂无答案!
目前还没有任何答案,快来回答吧!