如何解决ESAPI - 使用 ESAPI 2.2.3.1 获取 ClassNotFoundException
我的代码正在使用 org.owasp.esapi 2.2.0.0,但在升级到 2.2.3.1 后,我收到 ClassNotFoundException。
我的代码类似于:
Properties esapiProps = new Properties();
try {
esapiProps.load( SecurityUtil.class.getResourceAsstream("/ESAPI.properties") );
} catch (IOException | NullPointerException e) {
logger.log(Level.SEVERE,"esapi Exception: ",e);
}
ESAPI.override( new DefaultSecurityConfiguration(esapiProps));
// ----- Then canonicalize an input -----
ESAPI.encoder().canonicalize(input);
我阅读了 release notes 并添加了一些属性和 esapi-java-logging
我的 ESAPI.properties(在类路径中)
ESAPI.printProperties=true
LogLevel=INFO
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
Logger.ApplicationName=My Test Application
Logger.LogEncodingrequired=false
Logger.LogApplicationName=true
Logger.LogServerIP=true
Logger.LogFileName=ESAPI_logging_file
Logger.MaxLogFileSize=10000000
Logger.UserInfo=true
Logger.ClientInfo=true
我的 esapi-java-logging.properties(在类路径中)
handlers= java.util.logging.ConsoleHandler
.level= INFO
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
但我得到这个例外:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor521.invoke(UnkNown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor522.invoke(UnkNown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.classNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.classNotFoundException: org.owasp.esapi.reference.JavaLogFactory
at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:569)
at [internal classes]
at java.lang.classLoader.loadClass(ClassLoader.java:351)
at java.lang.class.forName0(Native Method)
at java.lang.class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
... 15 more
如果我更改了 ESAPI.properties 并复制了 https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/configuration/esapi/ESAPI.properties 中的内容,ClassNotFoundException 就会消失,并且出现 NullPointerException 异常:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor522.invoke(UnkNown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor523.invoke(UnkNown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: java.lang.ExceptionInInitializerError
... 20 more
Caused by: java.lang.NullPointerException
... 22 more
解决方法
你说你阅读了发行说明。您的问题的原因是您错过了那里记录的细节。查看这些发行说明,在标记为:
的部分中*** IMPORTANT WORKAROUND for 2.2.1.0 ESAPI Logging ***
在那里,它指出:
Lastly,if you try to use the new ESAPI 2.2.1.0 logging,you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability,but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later),you MUST set the ESAPI.Logger property to one of:
org.owasp.esapi.logging.java.JavaLogFactory - To use the new default,java.util.logging (JUL)
org.owasp.esapi.logging.log4j.Log4JLogFactory - To use the end-of-life Log4J 1.x logger
org.owasp.esapi.logging.slf4j.Slf4JLogFactory - To use the new (to release 2.2.0.0) SLF4J logger
在此与仔细阅读异常堆栈跟踪之间:
... deleted...
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
...deleted...
我认为这应该解释原因。这些类被重新组织为不同的包以适应 SLF4J 日志记录。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
