ESAPI - 使用 ESAPI 2.2.3.1 获取 ClassNotFoundException
ESAPI - Getting ClassNotFoundException with ESAPI 2.2.3.1
我的代码使用的是 org.owasp.esapi 2.2.0.0,但在升级到 2.2.3.1 后,我遇到了 ClassNotFoundException。
我的代码是这样的:
Properties esapiProps = new Properties();
try {
esapiProps.load( SecurityUtil.class.getResourceAsStream("/ESAPI.properties") );
} catch (IOException | NullPointerException e) {
logger.log(Level.SEVERE, "esapi Exception: ", e);
}
ESAPI.override( new DefaultSecurityConfiguration(esapiProps));
// ----- Then canonicalize an input -----
ESAPI.encoder().canonicalize(input);
我阅读了 release notes 并添加了一些属性和 esapi-java-logging
我的 ESAPI.properties(在 class 路径中)
ESAPI.printProperties=true
LogLevel=INFO
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
Logger.ApplicationName=My Test Application
Logger.LogEncodingRequired=false
Logger.LogApplicationName=true
Logger.LogServerIP=true
Logger.LogFileName=ESAPI_logging_file
Logger.MaxLogFileSize=10000000
Logger.UserInfo=true
Logger.ClientInfo=true
我的esapi-java-logging.properties(在class路径中)
handlers= java.util.logging.ConsoleHandler
.level= INFO
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
但我得到这个例外:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor521.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:569)
at [internal classes]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
... 15 more
如果我更改我的 ESAPI.properties 并复制 https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/configuration/esapi/ESAPI.properties 中的内容,ClassNotFoundException 消失并且我得到 NullPointerException 异常:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor523.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: java.lang.ExceptionInInitializerError
... 20 more
Caused by: java.lang.NullPointerException
... 22 more
您说您阅读了发行说明。你的问题的原因是你错过了那里记录的细节。查看那些发行说明,在标记为:
的部分中
*** IMPORTANT WORKAROUND for 2.2.1.0 ESAPI Logging ***
在那里,它指出:
Lastly, if you try to use the new ESAPI 2.2.1.0 logging, you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability, but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later), you MUST set the ESAPI.Logger property to one of:
org.owasp.esapi.logging.java.JavaLogFactory - To use the new default, java.util.logging (JUL)
org.owasp.esapi.logging.log4j.Log4JLogFactory - To use the end-of-life Log4J 1.x logger
org.owasp.esapi.logging.slf4j.Slf4JLogFactory - To use the new (to release 2.2.0.0) SLF4J logger
在此和仔细阅读您的异常堆栈跟踪之间:
... deleted...
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
...deleted...
我想应该能说明原因了。那些 类 被重组为不同的包以适应 SLF4J 日志记录。
ESAPI.properties 中的记录器工厂配置存在一些拼写错误。 类 在 org.owasp.esapi.logging.*.
#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
#ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
我的代码使用的是 org.owasp.esapi 2.2.0.0,但在升级到 2.2.3.1 后,我遇到了 ClassNotFoundException。
我的代码是这样的:
Properties esapiProps = new Properties();
try {
esapiProps.load( SecurityUtil.class.getResourceAsStream("/ESAPI.properties") );
} catch (IOException | NullPointerException e) {
logger.log(Level.SEVERE, "esapi Exception: ", e);
}
ESAPI.override( new DefaultSecurityConfiguration(esapiProps));
// ----- Then canonicalize an input -----
ESAPI.encoder().canonicalize(input);
我阅读了 release notes 并添加了一些属性和 esapi-java-logging
我的 ESAPI.properties(在 class 路径中)
ESAPI.printProperties=true
LogLevel=INFO
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
Logger.ApplicationName=My Test Application
Logger.LogEncodingRequired=false
Logger.LogApplicationName=true
Logger.LogServerIP=true
Logger.LogFileName=ESAPI_logging_file
Logger.MaxLogFileSize=10000000
Logger.UserInfo=true
Logger.ClientInfo=true
我的esapi-java-logging.properties(在class路径中)
handlers= java.util.logging.ConsoleHandler
.level= INFO
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
但我得到这个例外:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor521.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:569)
at [internal classes]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
... 15 more
如果我更改我的 ESAPI.properties 并复制 https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/configuration/esapi/ESAPI.properties 中的内容,ClassNotFoundException 消失并且我得到 NullPointerException 异常:
[ERROR ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
.
.
.
at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
... 1 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor523.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
... 8 more
Caused by: java.lang.ExceptionInInitializerError
... 20 more
Caused by: java.lang.NullPointerException
... 22 more
您说您阅读了发行说明。你的问题的原因是你错过了那里记录的细节。查看那些发行说明,在标记为:
的部分中*** IMPORTANT WORKAROUND for 2.2.1.0 ESAPI Logging ***
在那里,它指出:
Lastly, if you try to use the new ESAPI 2.2.1.0 logging, you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability, but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later), you MUST set the ESAPI.Logger property to one of:
org.owasp.esapi.logging.java.JavaLogFactory - To use the new default, java.util.logging (JUL)
org.owasp.esapi.logging.log4j.Log4JLogFactory - To use the end-of-life Log4J 1.x logger
org.owasp.esapi.logging.slf4j.Slf4JLogFactory - To use the new (to release 2.2.0.0) SLF4J logger
在此和仔细阅读您的异常堆栈跟踪之间:
... deleted...
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
...deleted...
我想应该能说明原因了。那些 类 被重组为不同的包以适应 SLF4J 日志记录。
ESAPI.properties 中的记录器工厂配置存在一些拼写错误。 类 在 org.owasp.esapi.logging.*.
#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
#ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory