You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem? 1. System.out.println("ESAPI.accessController found: " + ESAPI.accessController());
without setting the custom directory but putting it in WEB-INF/classes
What is the expected output?
Loading configuration files.
What do you see instead?
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.accesscontrol.DefaultAccessController AccessController class (org.owasp.esapi.reference.accesscontrol.DefaultAccessController) must be in class path.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108)
at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85) What version of the product are you using? On what operating system? esapi-2.0.1 checked out from tags\esapi-2.0.1 Does this issue affect only a specified browser or set of browsers? Browser indipendent. Please provide any additional information below. In
org.owasp.esapi.reference.DefaultSecurityConfiguration
change from
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.accesscontrol.DefaultAccessController"
to
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultAccessController"
clearly because DefaultAccessController is in org.owasp.esapi.reference package and not in the org.owasp.esapi.reference.accesscontrol one.
I intended on testing this change by using a classloader in test, but the fields are not part of the interface, and making them part of the interface would be silly. @kwwall if you think this one's worth the effort, I can write that test, but from what I've read the AccesController is an experimental feature in the first place.
Sometimes manual inspection is the right verification approach. This is one
of those times. So I agree with you. Cases like this should be fixed and we
just move on.
Although coding this to use
DefaultAccessController.class.getName()
would have prevented this in the first place and stylistically, is better
because it should still work if the class is moved to a different package.
Not sure why they hard-coded it in the first place unless
DefaulAccessController was in a different package and they were trying to
avoid an "import" for some reason.
On Jul 29, 2017 13:01, "Matt Seil" ***@***.***> wrote:
I intended on testing this change by using a classloader in test, but the
fields are not part of the interface, and making them part of the interface
would be silly. @kwwall <https://github.com/kwwall> if you think this
one's worth the effort, I can write that test, but from what I've read the
AccesController is an experimental feature in the first place.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#297 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AB3nm_M0xX1hurU8rQcqLsogovVPJcdMks5sS2VNgaJpZM4C6zDc>
.
From taringamberini on January 09, 2013 11:22:09
What steps will reproduce the problem? 1. System.out.println("ESAPI.accessController found: " + ESAPI.accessController());
without setting the custom directory but putting it in WEB-INF/classes
What is the expected output?
Loading configuration files.
What do you see instead?
Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.accesscontrol.DefaultAccessController AccessController class (org.owasp.esapi.reference.accesscontrol.DefaultAccessController) must be in class path.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108)
at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85) What version of the product are you using? On what operating system? esapi-2.0.1 checked out from tags\esapi-2.0.1 Does this issue affect only a specified browser or set of browsers? Browser indipendent. Please provide any additional information below. In
org.owasp.esapi.reference.DefaultSecurityConfiguration
change from
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.accesscontrol.DefaultAccessController"
to
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultAccessController"
clearly because DefaultAccessController is in org.owasp.esapi.reference package and not in the org.owasp.esapi.reference.accesscontrol one.
Best regards,
Tarin
Tarin Gamberini
Regione Emilia-Romagna.it
www.taringamberini.com
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=291
The text was updated successfully, but these errors were encountered: