owasp esapi - javaEncryptor는 ClassPath에서 찾을 수 없습니다 -하지만 eSAPI는 다른 함수에서 작동합니다
-
14-12-2019 - |
문제
이미 eSAPI와 함께 문제점 그러나 끝에서 그것은 일했습니다 ...
i Per pom.xml
에 OWASP eSAPI 가이
<!-- ESAPI Version 2.0.1 -->
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.0.1</version>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
.
이 기능을 실행하면
:
String clean = ESAPI.encoder().canonicalize("someString");
.
eSAPI 인코더가 완벽하게 작동합니다 ...
그러나 해시 함수를 사용하려고 노력하면
ESAPI.encryptor().hash(password, salt);
.
이 결과가 있습니다
javax.servlet.ServletException: javax.ejb.EJBException: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaEncryptor from [Module "deployment.demoapp_demo.war:main" from Service Module Loader] Encryptor class (org.owasp.esapi.reference.JavaEncryptor) must be in class path.
javax.faces.webapp.FacesServlet.service(FacesServlet.java:606)
org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)
.
그러나 볼 수 있듯이, eSAPI는 제 dependencys이지만 JavaEncryptor를 찾을 수 없습니다 ....
joergi@nerdbook:~/dev/demoapp/trunk/demoapp_demo$ mvn dependency:tree
[INFO] Scanning for projects...
[INFO] Searching repository for plugin with prefix: 'dependency'.
[INFO] ------------------------------------------------------------------------
[INFO] Building Java EE 6 webapp project
[INFO] task-segment: [dependency:tree]
[INFO] ------------------------------------------------------------------------
[INFO] [dependency:tree {execution: default-cli}]
[INFO] de.demoapp:demoapp_demo:war:1.0-SNAPSHOT
[INFO] +- javax.enterprise:cdi-api:jar:1.0-SP4:provided
[INFO] | +- org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.1_spec:jar:1.0.0.Final:provided (version managed from 1.0.0.Beta1)
[INFO] | \- javax.inject:javax.inject:jar:1:provided
[INFO] +- org.jboss.spec.javax.annotation:jboss-annotations-api_1.1_spec:jar:1.0.0.Final:provided
[INFO] +- org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_1.1_spec:jar:1.0.0.Final:provided
[INFO] +- org.hibernate.javax.persistence:hibernate-jpa-2.0-api:jar:1.0.1.Final:provided
[INFO] +- org.jboss.spec.javax.ejb:jboss-ejb-api_3.1_spec:jar:1.0.1.Final:provided
[INFO] +- org.hibernate:hibernate-validator:jar:4.2.0.Final:provided
[INFO] | \- javax.validation:validation-api:jar:1.0.0.GA:provided
[INFO] +- org.hibernate:hibernate-jpamodelgen:jar:1.1.1.Final:provided
[INFO] +- junit:junit:jar:4.10:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.1:test
[INFO] +- org.jboss.arquillian.junit:arquillian-junit-container:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.junit:arquillian-junit-core:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.test:arquillian-test-api:jar:1.0.0.CR4:test
[INFO] | | \- org.jboss.arquillian.core:arquillian-core-api:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.test:arquillian-test-spi:jar:1.0.0.CR4:test
[INFO] | | +- org.jboss.arquillian.core:arquillian-core-spi:jar:1.0.0.CR4:test
[INFO] | | \- org.jboss.shrinkwrap:shrinkwrap-api:jar:1.0.0-beta-5:test
[INFO] | +- org.jboss.arquillian.container:arquillian-container-test-api:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.container:arquillian-container-test-spi:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.core:arquillian-core-impl-base:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.test:arquillian-test-impl-base:jar:1.0.0.CR4:test
[INFO] | +- org.jboss.arquillian.container:arquillian-container-impl-base:jar:1.0.0.CR4:test
[INFO] | | +- org.jboss.arquillian.config:arquillian-config-api:jar:1.0.0.CR4:test
[INFO] | | \- org.jboss.arquillian.config:arquillian-config-impl-base:jar:1.0.0.CR4:test
[INFO] | | \- org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-spi:jar:1.1.0-alpha-2:test
[INFO] | +- org.jboss.arquillian.container:arquillian-container-test-impl-base:jar:1.0.0.CR4:test
[INFO] | \- org.jboss.shrinkwrap:shrinkwrap-impl-base:jar:1.0.0-beta-5:test
[INFO] | \- org.jboss.shrinkwrap:shrinkwrap-spi:jar:1.0.0-beta-5:test
[INFO] +- org.jboss.arquillian.protocol:arquillian-protocol-servlet:jar:1.0.0.CR4:test
[INFO] | \- org.jboss.arquillian.container:arquillian-container-spi:jar:1.0.0.CR4:test
[INFO] | \- org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api:jar:1.1.0-alpha-2:test
[INFO] +- org.owasp.esapi:esapi:jar:2.0.1:compile
[INFO] | +- commons-configuration:commons-configuration:jar:1.5:compile
[INFO] | | +- commons-lang:commons-lang:jar:2.3:compile
[INFO] | | +- commons-logging:commons-logging:jar:1.1:compile
[INFO] | | | +- logkit:logkit:jar:1.0.1:compile
[INFO] | | | +- avalon-framework:avalon-framework:jar:4.1.3:compile
[INFO] | | | \- javax.servlet:servlet-api:jar:2.3:compile
[INFO] | | \- commons-digester:commons-digester:jar:1.8:compile
[INFO] | | \- commons-beanutils:commons-beanutils:jar:1.7.0:compile
[INFO] | +- commons-beanutils:commons-beanutils-core:jar:1.7.0:compile
[INFO] | +- commons-fileupload:commons-fileupload:jar:1.2:compile
[INFO] | +- commons-collections:commons-collections:jar:3.2:compile
[INFO] | +- xom:xom:jar:1.1:compile
[INFO] | | +- xerces:xmlParserAPIs:jar:2.6.2:compile
[INFO] | | +- xerces:xercesImpl:jar:2.6.2:compile
[INFO] | | +- xalan:xalan:jar:2.7.0:compile
[INFO] | | | \- xml-apis:xml-apis:jar:1.0.b2:compile
[INFO] | | \- jaxen:jaxen:jar:1.1-beta-8:compile
[INFO] | | +- dom4j:dom4j:jar:1.6.1:compile
[INFO] | | \- jdom:jdom:jar:1.0:compile
[INFO] | +- org.beanshell:bsh-core:jar:2.0b4:compile
[INFO] | \- org.owasp.antisamy:antisamy:jar:1.4.3:compile
[INFO] | +- org.apache.xmlgraphics:batik-css:jar:1.7:compile
[INFO] | | +- org.apache.xmlgraphics:batik-ext:jar:1.7:compile
[INFO] | | +- org.apache.xmlgraphics:batik-util:jar:1.7:compile
[INFO] | | \- xml-apis:xml-apis-ext:jar:1.3.04:compile
[INFO] | +- net.sourceforge.nekohtml:nekohtml:jar:1.9.12:compile
[INFO] | \- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] | \- commons-codec:commons-codec:jar:1.2:compile
[INFO] +- com.sun.faces:jsf-api:jar:2.1.7:compile
[INFO] \- joda-time:joda-time:jar:1.6:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8 seconds
[INFO] Finished at: Wed Mar 14 23:17:07 CET 2012
[INFO] Final Memory: 29M/342M
[INFO] ------------------------------------------------------------------------
.
검색 결과는 실제로 도움이되지 않습니다 ...
누구나이 문제를 알고 있습니까?(또는 어쨌든 도울 수 있습니까?) 고맙습니다!
해결책
변경
org.owasp.esapi.reference.JavaEncryptor
.
~
org.owasp.esapi.reference.crypto.JavaEncryptor
. 다른 팁
이것은 일반적인 실수이지만 CodePitbull은 답을 못 박았습니다.
문제는 일반적으로 eSapi.properties 파일의 이전 버전을 사용하여 발생합니다.일부 시점 (나중에 2.0 릴리스 후보 IIRC 중 하나)에서는 ESAPI Crypto 클래스 중 일부를 재구성하고 org.owasp.esapi.reference.crypto 패키지를 생성하고 JavaEncryptor 클래스를이 옮겼습니다.방식으로, ESAPI 1.4.x에서 esapi.properties 파일을 사용하려고하면 일반적으로 분명한 방법으로 ESAPI 2.0.x 암호화를 사용하여 eSAPI 2.0.x 암호화를 사용하는 것이 좋습니다.클래스 이름이 ESAPI 2.0.x 및 1.4.x 사이에 여전히 동일한 경우 암호화 / 해독 시도가 계속 실패하지만 훨씬 더 미묘한 방식으로 실패합니다.
제휴하지 않습니다 StackOverflow