i have a litte JavaEE project, and i have to secure it with the OWASP ESAPI
i integrated the ESAPI like this in Maven:
<!-- ESAPI Version 2.0.1 -->
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.0.1</version>
</dependency>
So after this i can use the ESAPI classes for programming.
i also included the .esapi
folder in the server start:
-Dorg.owasp.esapi.resources=/home/joergi/.esapi/
I also copied the ESAPI.properties
and the validation.properties
into
src/main/resources
(I'm not sure if it works, but i get no error while starting the server)
I looked at the ESAPI install guide (pdf) (really bad documented) and copied the example
"To test if ESAPI has been successfully integrated and configured, create a file called EsapiIntegrationTest.java and paste in:"
import org.owasp.esapi.ESAPI;
public class EsapiTest {
public static void main(String[] args){
System.out.println("ESAPI.accessController found: "
+ ESAPI.accessController());
}
}
"If you can run this file and see the println output, then ESAPI has been successfully installed and configured! You can now begin using ESAPI functionality to secure your web applications!"
I "translated" it for my example:
@ManagedBean(name="testController")
@RequestScoped
public class TestController {
public String esapiTest(){
System.out.println("ESAPI.accessController found: "
+ ESAPI.accessController());
return "ESAPI.accessController found: " + ESAPI.accessController();
}
}
and i have a file test.xhtml
:
<?xml version="1.0" encoding="UTF-8"?>
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
template="/WEB-INF/templates/default.xhtml">
<ui:define name="content">
<h2>esapi test</h2>
<h:outputText value="#{testController.esapiTest()}" />
</ui:define>
</ui:composition>
when entering the test.xhtml
i get this really long error (for a nicer few you can see it also in pastebin)
03:32:00,521 Schwerwiegend [javax.enterprise.resource.webcontainer.jsf.application] (http--127.0.0.1-8080-2) Error Rendering View[/pages/test/test.xhtml]: javax.el.ELException: /pages/test/test.xhtml @10,58 value="#{testController.esapiTest()}": org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException AccessController class (org.owasp.esapi.reference.DefaultAccessController) CTOR threw exception.
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:114) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:182) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIOutput.getValue(UIOutput.java:169) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:205) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:355) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:164) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:875) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1764) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:402) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:161) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [jbossweb-7.0.10.Final.jar:]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.0.Final.jar:7.1.0.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.10.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException AccessController class (org.owasp.esapi.reference.DefaultAccessController) CTOR threw exception.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85) [esapi-2.0.1.jar:2.0.1]
at de.liedl.bachelor.controller.TestController.esapiTest(TestController.java:45) [classe:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:735) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
at javax.el.BeanELResolver.invoke(BeanELResolver.java:467) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:246) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
at org.apache.el.parser.AstValue.getValue(AstValue.java:159) [jbossweb-7.0.10.Final.jar:]
at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189) [jbossweb-7.0.10.Final.jar:]
at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
... 35 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) [esapi-2.0.1.jar:2.0.1]
... 48 more
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader] LogFactory class (org.owasp.esapi.reference.Log4JLogFactory2) must be in class path.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.reference.DefaultAccessController.<init>(DefaultAccessController.java:29) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.reference.DefaultAccessController.getInstance(DefaultAccessController.java:22) [esapi-2.0.1.jar:2.0.1]
... 53 more
Caused by: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_03]
at java.lang.Class.forName(Class.java:186) [rt.jar:1.7.0_03]
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) [esapi-2.0.1.jar:2.0.1]
... 57 more
03:32:00,574 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/bachelor_demo].[FacesServlet]] (http--127.0.0.1-8080-2) Servlet.service() for servlet FacesServlet threw exception: java.lang.ClassNotFoundException: org.owasp.esapi.reference.Log4JLogFactory2 from [Module "deployment.bachelor_demo.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:468)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:456)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:120)
at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_03]
at java.lang.Class.forName(Class.java:186) [rt.jar:1.7.0_03]
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.reference.DefaultAccessController.<init>(DefaultAccessController.java:29) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.reference.DefaultAccessController.getInstance(DefaultAccessController.java:22) [esapi-2.0.1.jar:2.0.1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86) [esapi-2.0.1.jar:2.0.1]
at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85) [esapi-2.0.1.jar:2.0.1]
at de.liedl.bachelor.controller.TestController.esapiTest(TestController.java:45) [classe:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_03]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_03]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_03]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_03]
at javax.el.BeanELResolver.invokeMethod(BeanELResolver.java:735) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
at javax.el.BeanELResolver.invoke(BeanELResolver.java:467) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:246) [jboss-el-api_2.2_spec-1.0.0.Final.jar:1.0.0.Final]
at org.apache.el.parser.AstValue.getValue(AstValue.java:159) [jbossweb-7.0.10.Final.jar:]
at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:189) [jbossweb-7.0.10.Final.jar:]
at org.jboss.weld.el.WeldValueExpression.getValue(WeldValueExpression.java:50) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:182) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIOutput.getValue(UIOutput.java:169) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:205) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:355) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:164) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:875) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1764) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1760) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:402) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:131) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:288) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:121) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) [jsf-impl-2.1.5-jbossorg-1.jar:2.1.5-SNAPSHOT]
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594) [jboss-jsf-api_2.1_spec-2.0.0.Final.jar:2.0.0.Final]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:161) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [jbossweb-7.0.10.Final.jar:]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.0.Final.jar:7.1.0.Final]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:154) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.10.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.10.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]
i know the ESAPI Swingset Demo - and this is running in my configuration
I have 2 questions:
is my maven and my server start configuration right?
because the error looks like the ESAPI can't find the ESAPI Logger functions....
And
Is it even possible to use the simple test code-snippet in my setup at all?
(p.s. also tried to it without maven and just with including the downloaded jar - but its not working)
I miss something like:
(this is from the swingset demo example, NOT from my own project)
Seeking ESAPI.properties
Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
Not found in SystemResource Directory/.esapi: .esapi/ESAPI.properties
Not found in SystemResource Directory: ESAPI.properties
Found in 'user.home' directory: /home/joergi/.esapi/ESAPI.properties
Loaded 'ESAPI.properties' properties file
Seeking validation.properties
Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/validation.properties
Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
Not found in SystemResource Directory/.esapi: .esapi/validation.properties
Not found in SystemResource Directory: validation.properties
Found in 'user.home' directory: /home/joergi/.esapi/validation.properties
Loaded 'validation.properties' properties file
Seeking ESAPI_logging_file
Not found in 'org.owasp.esapi.resources' directory or file not readable: /home/joergi/dev/projects/esapi_demo_1punkt0/ESAPI_logging_file
Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI_logging_file
Not found in SystemResource Directory/.esapi: .esapi/ESAPI_logging_file
Not found in SystemResource Directory: ESAPI_logging_file
Found in 'user.home' directory: /home/joergi/.esapi/ESAPI_logging_file
Hopefully somebody can help!
You have multiple versions of the Log4J library in your classpath, likely as a result of a downstream dependency from another library being used by your application. Examine your dependency tree to figure out where the duplicate library is being loaded and exclude it in your pom.xml
mvn dependency:tree
This will show you the dependency tree for your application.
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
Add this exclusion to the culprit dependency in your pom.xml and all should be right with the world.