[英]Cannot make the OWASP.ESAPI library to start up. Configuration issue?
I need to set up this lib to encode the SQL queries.我需要设置这个库来编码 SQL 查询。 In my Spring Boot app (11th Java) I added to POM.xml the following dependency:在我的 Spring 引导应用程序(第 11 个 Java)中,我向 POM.xml 添加了以下依赖项:
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
</dependency>
Added to the resources the ESAPI.properties file w/ the following content:向资源中添加了 ESAPI.properties 文件,其中包含以下内容:
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
And during the unit test execution i catch this exception:在单元测试执行期间,我发现了这个异常:
java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
BTW as a logging subsystem I use logback.顺便说一句,我使用 logback 作为日志记录子系统。
Adding stacktrace添加堆栈跟踪
"2021-12-07T14:18:54.298+03:00","level":"ERROR","logger_name":"bankclient.controller.GlobalControllerExceptionHandler","application":"BANKCLIENT","app_version":"undefined","thread_name":"main","message":"Undefined request processing error",
"stackTrace":"org.owasp.esapi.errors.ConfigurationException: SecurityConfiguration for Logger.LogEncodingRequired not found in ESAPI.properties
\org.owasp.esapi.reference.DefaultSecurityConfiguration.getBooleanProp(DefaultSecurityConfiguration.java:1354)
at
org.owasp.esapi.logging.slf4j.Slf4JLogFactory.<clinit>(Slf4JLogFactory.java:53)
... 147 common frames omitted
Wrapped by: java.lang.ExceptionInInitializerError: null
at
java.lang.Class.forName0(Class.java)
at
java.lang.Class.forName(Class.java:315)
at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158)
at
org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81)
at
org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137)
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:153)
at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:83)
at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:67)
...
139 common frames omitted
Wrapped by: java.lang.reflect.InvocationTargetException: null
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:566)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
...
134 common frames omitted
Wrapped by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException Encoder class (org.owasp.esapi.reference.DefaultEncoder) CTOR threw exception.
at
org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
at org.owasp.esapi.ESAPI.encoder(ESAPI.java:99)
at bankclient.repository.currency.JdbcCurrencyOperationRepository.findOperationsWithDateAndDocType(JdbcCurrencyOperationRepository.java:220)
at bankclient.interactors.documents.currency.operations.CurrencyDocumentViewer.execute(CurrencyDocumentViewer.java:25)
at
Why this exception is thrown?为什么会抛出这个异常? Did I missed some steps in configuration?我错过了配置中的一些步骤吗? Are there smth.有没有。 like a Spring Boot starter for esapi library?像 esapi 库的 Spring 启动器?
What is wrong is actually in plain sight.问题实际上是显而易见的。
stackTrace":"org.owasp.esapi.errors.ConfigurationException: SecurityConfiguration for Logger.LogEncodingRequired not found in ESAPI.properties
You are missing a property in your ESAPI.properties
file, the Logger.LogEncodingRequired
property is missing.您的ESAPI.properties
文件中缺少一个属性,即缺少Logger.LogEncodingRequired
属性。 Which is this message telling you (quite explicitly if I might add).这是这条消息告诉你的(如果我可以补充的话,非常明确)。
Add添加
Logger.LogEncodingRequired=false # Or true if you need this
to your properties and this error should be gone.到你的属性,这个错误应该消失了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.