如何解决Spring Boot:Owasp ESAPI 版本 2.2.3.1 的 Logback 问题
我最近开始研究如何清理我的测试 api 的任何用户输入,我遇到了这个 tutorial
在尝试本教程之前,我使用 GCP 云登录到控制台,因为那是我想要运行 API 的地方。
现在添加 owasp esapi 后,我的应用程序在使用 esapi 2.2.3.1 版本时将无法启动。我只是幸运地尝试使用以前的版本,它可以在应用程序中启动。
以下是我在应用程序启动时从 logback 得到的错误
SLF4J: Actual binding is of type [org.slf4j.impl.SimpleLoggerFactory]
Exception in thread "main" java.lang.IllegalArgumentException: LoggerFactory is not a Logback LoggerContext but Logback is on the classpath. Either remove Logback or the competing implementation (class org.slf4j.impl.SimpleLoggerFactory loaded from file:/Users/xxx/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-simple/1.7.30/e606eac955f55ecf1d8edcccba04eb8ac98088dd/slf4j-simple-1.7.30.jar). If you are using WebLogic you will need to add 'org.slf4j' to prefer-application-packages in WEB-INF/weblogic.xml: org.slf4j.impl.SimpleLoggerFactory
同样,如果我使用 2.2.2.0 版本,我在启动时完全没有问题。任何有经验的人都可以在这里解释一下。 (请参阅编辑)
下面是我的 gradle 构建文件(注意我也在使用 GCP 日志记录)
plugins {
id "org.springframework.boot" version "2.5.0"
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java'
id "idea"
id 'com.google.cloud.tools.jib' version '3.0.0'
}
group 'network.thefullstack.search-service'
version '1.0'
java {
sourceCompatibility = JavaVersion.VERSION_14
targetCompatibility = JavaVersion.VERSION_14
}
jib.from.image = 'openjdk:15-jdk-buster'
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation group: 'org.springframework.boot',name: 'spring-boot-starter-security'
testImplementation group: 'org.springframework.security',name: 'spring-security-test'
implementation group: 'org.springframework.security',name: 'spring-security-oauth2-client'
implementation group: 'org.springframework.boot',name: 'spring-boot-starter-webflux'
implementation('org.springframework.boot:spring-boot-starter-data-elasticsearch')
implementation group: 'org.springframework.data',name: 'spring-data-elasticsearch'
implementation group: 'org.springframework.boot',name: 'spring-boot-starter-validation'
compile group: 'org.springframework.cloud',name: 'spring-cloud-gcp-starter-logging'
implementation group: 'org.springframework.cloud',name: 'spring-cloud-gcp-starter-logging',version: '1.2.8.RELEASE'
implementation group: 'io.springfox',name: 'springfox-swagger-ui',version: '3.0.0'
implementation group: 'io.springfox',name: 'springfox-boot-starter',version: '3.0.0'
implementation group: 'javax.validation',name: 'validation-api',version: '2.0.1.Final'
implementation group: 'com.fasterxml.jackson.datatype',name: 'jackson-datatype-jsr310',version: '2.11.2'
implementation group: 'org.openapitools',name: 'jackson-databind-nullable',version: '0.2.1'
implementation group: 'commons-io',name: 'commons-io',version: '2.6'
implementation group: 'org.json',name: 'json',version: '20210307'
implementation group: 'org.apache.commons',name: 'commons-collections4',version: '4.4'
implementation group: 'org.apache.commons',name: 'commons-lang3',version: '3.11'
implementation 'org.jsoup:jsoup:1.13.1'
implementation 'org.apache.commons:commons-lang3:3.12.0'
implementation 'org.owasp:dependency-check-gradle:6.1.6'
compile (group: 'org.owasp.esapi',name: 'esapi',version: '2.2.2.0')
compileOnly 'org.projectlombok:lombok:1.18.12'
annotationProcessor 'org.projectlombok:lombok:1.18.12'
testCompile group: 'junit',name: 'junit',version: '4.12'
testCompileOnly 'org.projectlombok:lombok:1.18.12'
testAnnotationProcessor 'org.projectlombok:lombok:1.18.12'
testImplementation('org.springframework.boot:spring-boot-starter-test') {
exclude group: 'org.junit.vintage',module: 'junit-vintage-engine'
}
jar {
manifest {
attributes(
'Main-Class': 'org.test.SearchServiceApplication'
)
}
from {
configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
}
}
}
这是我的 ESAPI.properties 文件:
ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
这是我记录的示例:
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import java.util.Arrays;
public class StringToEnumConverter implements Converter<String,Filters> {
private static Logger logger = LoggerFactory.getLogger(StringToEnumConverter.class);
@Override
public Filters convert(String source) {
try {
logger.info("Attempting to convert ENUM param to uppercase {}",source);
return Filters.valueOf(source.toupperCase());
} catch (IllegalArgumentException e) {
logger.error("Failed to convert ENUM param to uppercase {}",source);
throw new BadFilterRequestException("Error: Filter provide must be one of: " + Arrays.asList(Filters.values()),"Search");
}
}
}
编辑:使用旧版本虽然它允许 API 启动,但它会在调用时触发此错误消息:
Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.owasp.esapi.logging.slf4j.Slf4JLogFactory
at java.base/java.lang.class.forName0(Native Method)
at java.base/java.lang.class.forName(Class.java:340)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:139)
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:155)
at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:83)
at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:67)
... 46 common frames omitted
感谢您的时间
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。