文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
MCP广场
返回腾讯云官网
社区首页 >问答首页 >使用ESAPI 2.2.3.1获取ClassNotFoundException

使用ESAPI 2.2.3.1获取ClassNotFoundException
EN

Stack Overflow用户
提问于 2021-07-08 16:47:05
回答 2查看 7.8K关注 0票数 2

我的代码正在使用org.owasp.esapi 2.2.0.0,但是升级到2.2.3.1之后,我得到了ClassNotFoundException。

我的密码是:

代码语言:javascript
运行
复制
  Properties esapiProps = new Properties();
  try {
     esapiProps.load( SecurityUtil.class.getResourceAsStream("/ESAPI.properties") );
     
  } catch (IOException | NullPointerException e) {
     logger.log(Level.SEVERE, "esapi Exception: ", e);
  }
  ESAPI.override( new DefaultSecurityConfiguration(esapiProps));
  // ----- Then canonicalize an input -----
  ESAPI.encoder().canonicalize(input);

我阅读了发布说明并添加了一些属性和esapi-java-日志记录。

我的ESAPI.properties (在课堂路径中)

代码语言:javascript
运行
复制
ESAPI.printProperties=true
LogLevel=INFO
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec

ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
Logger.ApplicationName=My Test Application
Logger.LogEncodingRequired=false
Logger.LogApplicationName=true
Logger.LogServerIP=true
Logger.LogFileName=ESAPI_logging_file
Logger.MaxLogFileSize=10000000
Logger.UserInfo=true
Logger.ClientInfo=true

我的esapi-java-logging.properties (在类路径中)

代码语言:javascript
运行
复制
handlers= java.util.logging.ConsoleHandler
.level= INFO
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n

但我有个例外:

代码语言:javascript
运行
复制
[ERROR   ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
    at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
    at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
    .
    .
    .
    at sun.reflect.GeneratedMethodAccessor521.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
    ... 1 more
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
    ... 8 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
    ... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
    at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:569)
    at [internal classes]
    at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
    ... 15 more

如果我更改了我的ESAPI.properties并复制了https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/configuration/esapi/ESAPI.properties中的内容,ClassNotFoundException就会消失,并得到NullPointerException异常:

代码语言:javascript
运行
复制
[ERROR   ] SRVE0315E: An exception occurred: java.lang.Throwable: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:5095)
    at [internal classes]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
    at org.owasp.esapi.ESAPI.encoder(ESAPI.java:101)
    .
    .
    .
    at sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
    ... 1 more
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.GeneratedMethodAccessor523.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
    ... 8 more
Caused by: java.lang.ExceptionInInitializerError
    ... 20 more
Caused by: java.lang.NullPointerException
    ... 22 more
java
esapi
EN

回答 2

Stack Overflow用户

回答已采纳

发布于 2021-07-11 02:15:26

你说过你看了发布说明。造成您的问题的原因是您遗漏了一个详细的细节,这些细节已经在这里被记录下来了。查看那些发布说明,在标有以下标签的部分:

* 2.2.1.0 ESAPI日志记录的重要解决办法*

在这方面,它指出:

代码语言:javascript
运行
复制
Lastly, if you try to use the new ESAPI 2.2.1.0 logging, you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability, but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later), you MUST set the ESAPI.Logger property to one of:

   org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
   org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
   org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger

在这两者之间仔细阅读异常堆栈跟踪:

代码语言:javascript
运行
复制
    ... deleted...
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.
    ... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory
    ...deleted...

我觉得这应该能解释原因。这些类被重新组织成不同的包,以适应SLF4J日志记录。

票数 2
EN

Stack Overflow用户

发布于 2021-12-16 10:38:27

ESAPI.properties中有一些带有记录器工厂配置的错误。这些类在org.owasp.esapi.logging.*中。

代码语言:javascript
运行
复制
#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
#ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/68305702

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档