我在配置 ESAPI 以使其与我的 Spring Boot Web 应用程序(maven 项目)一起使用时遇到问题。
从这个 URL 中,我选择了这部分来将 ESAPI.properties 放入特定目录中:
参考 {@code SecurityConfiguration} 在一个位置管理 ESAPI 使用的所有设置。在这篇参考文献中 * 实现时,资源可以放在几个位置,按以下顺序搜索: *
* 1) 在通过调用 SecurityConfiguration.setResourceDirectory( "C: emp 资源”)。 *
因此,这是我的代码:
1 - 在 application.properties 中:
esapi.path=/data/folder/testApp/Apps/MyApp/ESAPIConf
2 - 在 StartupApplication.java 中(在我的应用程序启动时仅执行一次的类):
@Component
public class StartupApplication implements InitializingBean {
@Autowired
private Environment env;
@Override
@Transactional
public void afterPropertiesSet() throws Exception {
new GlobalVars();
GlobalVars.esapiPropertyFilePath = env.getProperty("esapi.path");
// this setResourceDirectory to be executed once
ESAPI.securityConfiguration().setResourceDirectory(GlobalVars.esapiPropertyFilePath);
...etc
}
3 - 在我的 jsp 页面 :
<form action="#" method="POST" onsubmit="linkVariabletoDBFields()">
<input type="hidden" name = "nameconf" id="nameconf" value="<%=ESAPI.encoder().encodeForHTMLAttribute(request.getParameter("confname")) %>" />
问题:
当应用程序服务器 (JBOSS EAP 7.2) 启动时,更具体地说,当执行 StartupApplication 类时,setResourceDirectory 返回:
ESAPI: Reset resource directory to: /data/folder/testApp/Apps/MyApp/ESAPIConf
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/linuxuser/ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: /data/folder/testApp/Apps/MyApp/ESAPIConf/ESAPI.properties
ESAPI: Not found in 'user.home' (/home/linuxuser) directory: /home/linuxuser/esapi/ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/linuxuser/validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: /data/folder/testApp/Apps/MyApp/ESAPIConf/validation.properties
ESAPI: Not found in 'user.home' (/home/linuxuser) directory: /home/linuxuser/esapi/validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED validation.properties via the CLASSPATH from 'esapi/' using current thread context class loader!
虽然文件存在于 /data/folder/testApp/Apps/MyApp/ESAPIConf
中却找不到属性文件当我访问我的 jsp 页面时,我得到:
Error : org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
我猜是因为没有找到 ESAPI.properties。
请帮忙。
在 pom.xml 中添加此依赖项
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
</dependency>
然后Maven>更新项目 这为我解决了这个问题。 奇怪的是,在这个问题出现之前我从未添加过这个依赖项,但 ESAPI 运行良好。