Having configurationException issue moving to 2.5.0.0
1,665 views
Skip to first unread message
Stephen Johns
Aug 18, 2022, 6:26:25 PM8/18/22
to ESAPI Project Users
I am upgrading a project from
esapi-2.1.0.1.jar
to
esapi-2.5.0.0.jar
I am now getting the following ConfigurationException from
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Validator;
...
VALIDATOR = ESAPI.validator();
-----------------------
Most important line in stack trace, full stack trace below. (BTW: Anyone know how to get JUnit to spit out the whole stack trace and not do the "... 55 more" thing?)
Caused by: org.owasp.esapi.errors.ConfigurationException: Configuration storage type [/opt/git/this/that/src/test/java/com/foo/common/security/resources] is not supported
Full stack trace:
java.lang.ExceptionInInitializerError
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:69)
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:257)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:70)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:124)
at com.foo.common.security.SecurePasswordTest.test(SecurePasswordTest.java:18)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecutor.runTestClass(JUnitTestClassExecutor.java:110)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecutor.execute(JUnitTestClassExecutor.java:58)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecutor.execute(JUnitTestClassExecutor.java:38)
at org.gradle.api.internal.tasks.testing.junit.AbstractJUnitTestClassProcessor.processTestClass(AbstractJUnitTestClassProcessor.java:62)
at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:51)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:33)
at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:94)
at com.sun.proxy.$Proxy2.processTestClass(Unknown Source)
at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:182)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:164)
at org.gradle.internal.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:412)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:185)
at org.owasp.esapi.ESAPI.validator(ESAPI.java:192)
at com.foo.common.security.SecurityUtils.<clinit>(SecurityUtils.java:36)
... 52 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 55 more
Caused by: org.owasp.esapi.errors.ConfigurationException: Configuration storage type [/opt/git/this/that/src/test/java/com/foo/common/security/resources] is not supported
at org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.createPropertyLoader(EsapiPropertyLoaderFactory.java:54)
at org.owasp.esapi.configuration.EsapiPropertyManager.initLoaders(EsapiPropertyManager.java:97)
at org.owasp.esapi.configuration.EsapiPropertyManager.<init>(EsapiPropertyManager.java:31)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:386)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:420)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:88)
... 60 more
esapi-2.1.0.1.jar
to
esapi-2.5.0.0.jar
I am now getting the following ConfigurationException from
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Validator;
...
VALIDATOR = ESAPI.validator();
-----------------------
Most important line in stack trace, full stack trace below. (BTW: Anyone know how to get JUnit to spit out the whole stack trace and not do the "... 55 more" thing?)
Caused by: org.owasp.esapi.errors.ConfigurationException: Configuration storage type [/opt/git/this/that/src/test/java/com/foo/common/security/resources] is not supported
Full stack trace:
java.lang.ExceptionInInitializerError
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:69)
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:257)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:70)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:124)
at com.foo.common.security.SecurePasswordTest.test(SecurePasswordTest.java:18)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecutor.runTestClass(JUnitTestClassExecutor.java:110)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecutor.execute(JUnitTestClassExecutor.java:58)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecutor.execute(JUnitTestClassExecutor.java:38)
at org.gradle.api.internal.tasks.testing.junit.AbstractJUnitTestClassProcessor.processTestClass(AbstractJUnitTestClassProcessor.java:62)
at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:51)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:33)
at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:94)
at com.sun.proxy.$Proxy2.processTestClass(Unknown Source)
at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:182)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:164)
at org.gradle.internal.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:412)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:185)
at org.owasp.esapi.ESAPI.validator(ESAPI.java:192)
at com.foo.common.security.SecurityUtils.<clinit>(SecurityUtils.java:36)
... 52 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 55 more
Caused by: org.owasp.esapi.errors.ConfigurationException: Configuration storage type [/opt/git/this/that/src/test/java/com/foo/common/security/resources] is not supported
at org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.createPropertyLoader(EsapiPropertyLoaderFactory.java:54)
at org.owasp.esapi.configuration.EsapiPropertyManager.initLoaders(EsapiPropertyManager.java:97)
at org.owasp.esapi.configuration.EsapiPropertyManager.<init>(EsapiPropertyManager.java:31)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:386)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:420)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:88)
... 60 more
Kevin W. Wall
Aug 18, 2022, 11:51:12 PM8/18/22
to Stephen Johns, ESAPI Project Users
What do you have the property 'ESAPI.Logger' set to in your ESAPI.properties file?
Did you remember to update it? It changed in version 2.2.1.0.
You may find the discussion https://github.com/ESAPI/esapi-java-legacy/discussions/696 helpful.
-kevin
--
You received this message because you are subscribed to the Google Groups "ESAPI Project Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to esapi-project-u...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/esapi-project-users/7817d35d-fa35-4371-a368-ef072354573an%40owasp.org.
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall | OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
NSA: All your crypto bit are belong to us.
Kevin W. Wall
Aug 20, 2022, 4:54:07 PM8/20/22
to Stephen Johns, ESAPI Project Users
On Thu, Aug 18, 2022 at 11:50 PM Kevin W. Wall <kevin....@gmail.com> wrote:
What do you have the property 'ESAPI.Logger' set to in your ESAPI.properties file?Did you remember to update it? It changed in version 2.2.1.0.You may find the discussion https://github.com/ESAPI/esapi-java-legacy/discussions/696 helpful.
Okay, Stephen. I'm hoping I have this figured out. After you sent me a private email with your ESAPI.properties file, I confirmed that your setting for ESAPI.Logger appears to be set correctly:. That is, it was set to:
ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
(It's correct assuming that you wanted to use JUL for logging, that is). Regardless, that is not what is causing your problem.
So, after I saw you had a correct setting for ESAPI.Logger and ruled that out as the root cause, I went back and looked at your exception stack trace in more detail and started crawling through our ESAPI 2.5.0.0 code base. Here are my conclusions.
Let's start the explanation with a trimmed version of your stack trace:
Caused by: org.owasp.esapi.errors.ConfigurationException: Configuration storage type [/opt/git/this/that/src/test/java/com/foo/common/security/resources] is not supported
Full stack trace:
java.lang.ExceptionInInitializerError
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:69)
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:257)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:70)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:124)
at com.foo.common.security.SecurePasswordTest.test(SecurePasswordTest.java:18)
Full stack trace:
java.lang.ExceptionInInitializerError
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:69)
at com.foo.common.util.SLCPropertiesLoader.loadProperties(SLCPropertiesLoader.java:257)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:70)
at com.foo.common.security.SecurePassword.<init>(SecurePassword.java:124)
at com.foo.common.security.SecurePasswordTest.test(SecurePasswordTest.java:18)
<...deleted...>
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:185)
at org.owasp.esapi.ESAPI.validator(ESAPI.java:192)
==> at com.foo.common.security.SecurityUtils.<clinit>(SecurityUtils.java:36)
... 52 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 55 more
Caused by: org.owasp.esapi.errors.ConfigurationException: Configuration storage type [/opt/git/this/that/src/test/java/com/foo/common/security/resources] is not supported
at org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.createPropertyLoader(EsapiPropertyLoaderFactory.java:54)
at org.owasp.esapi.configuration.EsapiPropertyManager.initLoaders(EsapiPropertyManager.java:97)
at org.owasp.esapi.configuration.EsapiPropertyManager.<init>(EsapiPropertyManager.java:31)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:386)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:420)
at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:88)
... 60 more
First off, the first highlighted line marked '==>' is right before ESAPI.validator() is called. Note that it is <clinit>, which is class initialization, so I'm guessing line 36 of your SecurityUtils.java file, it has something like
private Validator validator = ESAPI.validator();
(or maybe it was in a static initializer) and that's the reason why it popped up as an ExceptionInInitializerError instead of just a ConfigurationException.
From there, the last 'Caused by:' chunk in the second highlighted line tells us everything we need to know. I'm not going to describe this line by line, but based on the error message and what's on the call stack for the exception stack trace, I will just try to summarize the root cause. You can use the filenames and line #s in the stack trace to crawl through the code if you want more detail.
So, here's the TL;DR scoop:
As near as I can tell, it looks as though you have the system property
org.owasp.esapi.opsteam
set to/opt/git/this/that/src/test/java/com/foo/common/security/resources
That system property (org.owasp.esapi.opsteam) is intended to be a file name containing only the ESAPI properties that you want controlled by your Operations Team. There's another property (org.owasp.esapi.devteam) for ESAPI properties (generally, all the rest of the ESAPI properties) that are intended to be under the control of your Development teams. This is to allow the Operations teams to set properties which take precedence so you can prevent your Dev teams from overriding them. An example might be something like:
Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
Encryptor.EncryptionKeyLength=256
that would be set in the file corresponding to the property 'org.owasp.esapi.opstream' because that is your corporate security policy requires and you don't want Devs to be able to change it to something like:Encryptor.EncryptionKeyLength=256
Encryptor.CipherTransformation=DESede/CBC/PKCS5Padding
Encryptor.EncryptionKeyLength=112
Then you'd specify the rest of the ESAPI properties in the file corresponding to 'org.owasp.esapi.devteam'.Encryptor.EncryptionKeyLength=112
For more details, see
Note that most ESAPI users just leave both of those system properties unset because they don't use this ESAPI feature, which is why this particular error didn't jump out at me. It's not a commonly used feature.
Anyhow, when either the org.owasp.esapi.opsteam or org.owasp.esapi.devteam system properties are set, they should be set to the full path name of a .properties or .xml file, and not just a directory name. That is you have to specify the file name along with a '.properties' or '.xml' suffix. E.g., it would be expecting something like:
But that's why I think you are getting a ConfigurationException thrown. Admittedly, the exception message could be a lot better. Ideally the exception message should say something like:
/opt/git/this/that/src/test/java/com/foo/common/security/resources/ESAPI-OperationsTeam.properties
or/opt/git/this/that/src/test/java/com/foo/common/security/resources/ESAPI-OperationsTeam.xml
But that's why I think you are getting a ConfigurationException thrown. Admittedly, the exception message could be a lot better. Ideally the exception message should say something like:
System property 'org.owasp.esapi.opsteam' set to '<value-of-System-property>', but has an unsupported file suffix. Expecting either '.properties' or '.xml' file suffix for the specified path name.
I plan on creating a GitHub issue for a better exception message and clean up the code a bit in a future release so it's more intuitive as to what went wrong.
Lastly, as long as you do NOT have the system property 'org.owasp.esapi.logSpecial.discard' set to "true", you will get some (hopefully) useful messages logged to stdout while ESAPI is searching for your ESAPI.properties and other ESAPI configuration files. (It's a bootstrap thing, since until we find ESAPI.properties, we aren't sure what logger to use until we find your ESAPI.properties file and parse the ESAPI.Logger property.) You didn't mention anything about its log output to stdout so perhaps you had it disabled, but it might have been helpful in this case. Just thought I would mention that.
Lastly, as long as you do NOT have the system property 'org.owasp.esapi.logSpecial.discard' set to "true", you will get some (hopefully) useful messages logged to stdout while ESAPI is searching for your ESAPI.properties and other ESAPI configuration files. (It's a bootstrap thing, since until we find ESAPI.properties, we aren't sure what logger to use until we find your ESAPI.properties file and parse the ESAPI.Logger property.) You didn't mention anything about its log output to stdout so perhaps you had it disabled, but it might have been helpful in this case. Just thought I would mention that.
Anyway, if this answer describes what your problem was caused by, please do let us know on this mailing list and I'll provide an answer to your question on Stack Overflow so others looking there can benefit. (I will probably just provide a link back to this email thread.) And if I've misdiagnosed it, perhaps you can provide a small JUnit test case to help use we duplicate the issue.
Hope that helps,
-kevin
Stephen Johns
Aug 22, 2022, 4:53:51 PM8/22/22
to Kevin W. Wall, ESAPI Project Users
You are exactly right.
I have fixed 2 out of my 3 projects!
Thank you so much for your fast and thorough response!!
☮
Kevin W. Wall
Aug 22, 2022, 5:16:38 PM8/22/22
to Stephen Johns, ESAPI Project Users
You are welcome. We had a volunteer step up and make the requested change to clarify the exception particular message (PR #736), so I hope that will save those who do something similar in the future from having to ask about it in the future. We will make that available in the next release, whenever that may be.
-kevin
Reply all
Reply to author
Forward
0 new messages