java.io.FileNotFoundException Error in Logs When ESAPI.properties and validation.properties are in resources. and the application is up ,features are not working. about esapi-java-legacy HOT 9 CLOSED

We need more information to help you with this. What version of ESAPI are you using? What does your ESAPI.Logger property file say? It needs to be org.owasp.esapi.logging.java.JavaLogFactory. If it says that, you are picking up a different ESAPI.properties file then the one you are intending to use (e.g., there may be one bundled as a resource in another direct or transitive jar that Maven pulls in) or some other dependency has made a direct reference to org.owasp.esapi.reference.JavaLogFactory. Maybe run '`mvn -B dependency:tree` and check the output. If are you using any some dependency (e.g., OpenSAML, Shibboleth, etc.) that might be using a old version of ESAPI, that could be causing the problem.

from esapi-java-legacy.

thanks a lot @kwwall got it worked at last ,we need to add Easpi.properties file based on the same version what you have released

from esapi-java-legacy.

in a project how can we run this java -Dorg.owasp.esapi.logSpecial.discard=true

from esapi-java-legacy.

@kwwall can you please help with this, i will be waiting for your reply.

from esapi-java-legacy.

so -D has to be added however your application runs on your machine.

If you run in command line:

java -Dorg.owasp.esapi.logSpecial.discard=true myApp.jar

Otherwise if its running tomcat or Jetty locally you need to check your webserver's documentation as to how to pass in "-D" properties.

Tomcat is here, if using something else this should help your google-fu: https://stackoverflow.com/questions/372686/how-can-i-specify-system-properties-in-tomcat-configuration-on-startup

from esapi-java-legacy.

ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!

So this issue isn't that the file isn't being found, it's that you have features not working. The only time I've ever encountered this is if there's another copy of ESAPI loaded into the application context.

Coldfusion for example uses ESAPI, so if your app is running coldfusion, because ESAPI is a singleton, your app's version will have all sorts of problems.

I would investigate if your app deployment environment has a dependency on ESAPI. IF that is the case, the only solution I'm aware of would be to get access to the app environment's instance of ESAPI.

from esapi-java-legacy.

Otherwise, without a project duplicating your behavior that Kevin or I can just clone and run locally, there isn't much to go on here.

from esapi-java-legacy.

One important observation: Looks as though you perhaps promoted a previous version of ESAPI.properties without carefully reading the release notes when you upgraded your ESAPI version. Why do I think that? Because of this in your exception stack trace:

 Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory LogFactory class (org.owasp.esapi.reference.JavaLogFactory) must be in class path.

Note that it is referring to org.owasp.esapi.reference.JavaLogFactory, but that class name was moved to a different package long ago. Find your ESAPI.properties file, look for your ESAPI.Logger property, and change the value from org.owasp.esapi.reference.JavaLogFactory to org.owasp.esapi.logging.java.JavaLogFactory and that will likely fix your problem.

Note more details are given at https://github.com/ESAPI/esapi-java-legacy/wiki/Configuration-Reference:-JavaLogFactory

from esapi-java-legacy.

@kwwall i used maven dependency added in project , and easpi.properties that all i downloaded from github EASPI legacy and added in resource folder , after using that sanitize parameter it is giving error, please give me the proper solution

from esapi-java-legacy.