尝试使用ESAPI但是获取错误 [英] Trying to Use ESAPI But getting Error

问题描述

我正在尝试使用ESAPI.jar为我的Web应用程序提供安全性。基本上我刚开始使用ESAPI.jar。
但问题是我无法使用ESAPI运行一个简单的程序。
小代码片段是：

I am trying to use ESAPI.jar for providing security to my web application.Basically I have just started using ESAPI.jar. But problem is I am not able to run even a simple program using ESAPI. The small code snippet is:

String clean = ESAPI.encoder().canonicalize("someString");
Randomizer r=ESAPI.randomizer();    
System.out.println(r);
System.out.println(clean);

我收到此错误：

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Eclipse-Workspace\Test\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' (C:\Documents and Settings\user.user) directory: C:\Documents and Settings\user.user\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
Exception in thread "main" org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
    at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184)
    at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)
    at org.rancore.testJasp.TestEsapi.main(TestEsapi.java:59)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
    ... 3 more
Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail.
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
    ... 8 more
Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667)
    at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436)
    ... 10 more

我尝试复制源文件夹中的3个ESAPI属性文件并配置他们在构建路径上，但我还没有成功。我尝试了许多排列和组合无济于事。

I have tried copying the 3 ESAPI properties files in my source folder and also configuring them on build path but still I have not succeeded. I have tried many permutations and combinations to no avail.

请指导我。

属性文件的内容是：

# User Messages
Error.creating.randomizer=Error creating randomizer

This.is.test.message=This {0} is {1} a test {2} message

# Validation Messages

# Log Messages

推荐答案

ESAPI.properties文件中应包含3行以上的行。

The ESAPI.properties file should have more than 3 lines in it.

http://code.google.com/p/owasp-esapi-java/source/browse/trunk/configuration/esapi/ESAPI.properties

根据我的经验，ESAPI.properties文件需要与esapi.jar位于同一文件夹中，或者需要编译到资源目录中的jar中。

In my experience the ESAPI.properties file either needs to be in the same folder as the esapi.jar or needs to be compiled into the jar in a resources directory.

/resources/ESAPI.properties

我相信任何一个都应该有用。如果ESAPI找不到该文件，则在其他位置查找该文件。

I believe that either one should work. If ESAPI does not find the file it one location it looks in others.

该代码在第612行附近： http://code.google.com/p/owasp-esapi-java/source/browse/ trunk / src / main / java / org / owasp / esapi / reference / DefaultSecurityConfiguration.java

The code for that is here around line 612 : http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java

这篇关于尝试使用ESAPI但是获取错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！