OWASP ESAPI - JavaEncryptor不能/不会在类路径中找到 - 但ESAPI工作在其他功能

我已经有problems with the esapi，但最终它的工作...OWASP ESAPI - JavaEncryptor不能/不会在类路径中找到 - 但ESAPI工作在其他功能

我包含在OWASP ESAPI在我pom.xml这样

<!-- ESAPI Version 2.0.1 --> 
<dependency> 
    <groupId>org.owasp.esapi</groupId> 
    <artifactId>esapi</artifactId> 
    <version>2.0.1</version> 
    <exclusions> 
     <exclusion> 
      <groupId>log4j</groupId> 
      <artifactId>log4j</artifactId> 
     </exclusion> 
    </exclusions>

如果我运行这个功能：

String clean = ESAPI.encoder().canonicalize("someString");

的ESAPI编码器完美的作品...

但是，如果我尝试使用HASH函数，

ESAPI.encryptor().hash(password, salt);

我得到这个结果

javax.servlet.ServletException: javax.ejb.EJBException: org.owasp.esapi.errors.ConfigurationException: java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaEncryptor from [Module "deployment.demoapp_demo.war:main" from Service Module Loader] Encryptor class (org.owasp.esapi.reference.JavaEncryptor) must be in class path. 
    javax.faces.webapp.FacesServlet.service(FacesServlet.java:606) 
    org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62)

但你可以看到，ESAPI是我的依赖，但JavaEncryptor无法找到....

[email protected]:~/dev/demoapp/trunk/demoapp_demo$ mvn dependency:tree 
[INFO] Scanning for projects... 
[INFO] Searching repository for plugin with prefix: 'dependency'. 
[INFO] ------------------------------------------------------------------------ 
[INFO] Building Java EE 6 webapp project 
[INFO] task-segment: [dependency:tree] 
[INFO] ------------------------------------------------------------------------ 
[INFO] [dependency:tree {execution: default-cli}] 
[INFO] de.demoapp:demoapp_demo:war:1.0-SNAPSHOT 
[INFO] +- javax.enterprise:cdi-api:jar:1.0-SP4:provided 
[INFO] | +- org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.1_spec:jar:1.0.0.Final:provided (version managed from 1.0.0.Beta1) 
[INFO] | \- javax.inject:javax.inject:jar:1:provided 
[INFO] +- org.jboss.spec.javax.annotation:jboss-annotations-api_1.1_spec:jar:1.0.0.Final:provided 
[INFO] +- org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_1.1_spec:jar:1.0.0.Final:provided 
[INFO] +- org.hibernate.javax.persistence:hibernate-jpa-2.0-api:jar:1.0.1.Final:provided 
[INFO] +- org.jboss.spec.javax.ejb:jboss-ejb-api_3.1_spec:jar:1.0.1.Final:provided 
[INFO] +- org.hibernate:hibernate-validator:jar:4.2.0.Final:provided 
[INFO] | \- javax.validation:validation-api:jar:1.0.0.GA:provided 
[INFO] +- org.hibernate:hibernate-jpamodelgen:jar:1.1.1.Final:provided 
[INFO] +- junit:junit:jar:4.10:test 
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.1:test 
[INFO] +- org.jboss.arquillian.junit:arquillian-junit-container:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.junit:arquillian-junit-core:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.test:arquillian-test-api:jar:1.0.0.CR4:test 
[INFO] | | \- org.jboss.arquillian.core:arquillian-core-api:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.test:arquillian-test-spi:jar:1.0.0.CR4:test 
[INFO] | | +- org.jboss.arquillian.core:arquillian-core-spi:jar:1.0.0.CR4:test 
[INFO] | | \- org.jboss.shrinkwrap:shrinkwrap-api:jar:1.0.0-beta-5:test 
[INFO] | +- org.jboss.arquillian.container:arquillian-container-test-api:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.container:arquillian-container-test-spi:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.core:arquillian-core-impl-base:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.test:arquillian-test-impl-base:jar:1.0.0.CR4:test 
[INFO] | +- org.jboss.arquillian.container:arquillian-container-impl-base:jar:1.0.0.CR4:test 
[INFO] | | +- org.jboss.arquillian.config:arquillian-config-api:jar:1.0.0.CR4:test 
[INFO] | | \- org.jboss.arquillian.config:arquillian-config-impl-base:jar:1.0.0.CR4:test 
[INFO] | |  \- org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-spi:jar:1.1.0-alpha-2:test 
[INFO] | +- org.jboss.arquillian.container:arquillian-container-test-impl-base:jar:1.0.0.CR4:test 
[INFO] | \- org.jboss.shrinkwrap:shrinkwrap-impl-base:jar:1.0.0-beta-5:test 
[INFO] |  \- org.jboss.shrinkwrap:shrinkwrap-spi:jar:1.0.0-beta-5:test 
[INFO] +- org.jboss.arquillian.protocol:arquillian-protocol-servlet:jar:1.0.0.CR4:test 
[INFO] | \- org.jboss.arquillian.container:arquillian-container-spi:jar:1.0.0.CR4:test 
[INFO] |  \- org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api:jar:1.1.0-alpha-2:test 
[INFO] +- org.owasp.esapi:esapi:jar:2.0.1:compile 
[INFO] | +- commons-configuration:commons-configuration:jar:1.5:compile 
[INFO] | | +- commons-lang:commons-lang:jar:2.3:compile 
[INFO] | | +- commons-logging:commons-logging:jar:1.1:compile 
[INFO] | | | +- logkit:logkit:jar:1.0.1:compile 
[INFO] | | | +- avalon-framework:avalon-framework:jar:4.1.3:compile 
[INFO] | | | \- javax.servlet:servlet-api:jar:2.3:compile 
[INFO] | | \- commons-digester:commons-digester:jar:1.8:compile 
[INFO] | |  \- commons-beanutils:commons-beanutils:jar:1.7.0:compile 
[INFO] | +- commons-beanutils:commons-beanutils-core:jar:1.7.0:compile 
[INFO] | +- commons-fileupload:commons-fileupload:jar:1.2:compile 
[INFO] | +- commons-collections:commons-collections:jar:3.2:compile 
[INFO] | +- xom:xom:jar:1.1:compile 
[INFO] | | +- xerces:xmlParserAPIs:jar:2.6.2:compile 
[INFO] | | +- xerces:xercesImpl:jar:2.6.2:compile 
[INFO] | | +- xalan:xalan:jar:2.7.0:compile 
[INFO] | | | \- xml-apis:xml-apis:jar:1.0.b2:compile 
[INFO] | | \- jaxen:jaxen:jar:1.1-beta-8:compile 
[INFO] | |  +- dom4j:dom4j:jar:1.6.1:compile 
[INFO] | |  \- jdom:jdom:jar:1.0:compile 
[INFO] | +- org.beanshell:bsh-core:jar:2.0b4:compile 
[INFO] | \- org.owasp.antisamy:antisamy:jar:1.4.3:compile 
[INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.7:compile 
[INFO] |  | +- org.apache.xmlgraphics:batik-ext:jar:1.7:compile 
[INFO] |  | +- org.apache.xmlgraphics:batik-util:jar:1.7:compile 
[INFO] |  | \- xml-apis:xml-apis-ext:jar:1.3.04:compile 
[INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.12:compile 
[INFO] |  \- commons-httpclient:commons-httpclient:jar:3.1:compile 
[INFO] |  \- commons-codec:commons-codec:jar:1.2:compile 
[INFO] +- com.sun.faces:jsf-api:jar:2.1.7:compile 
[INFO] \- joda-time:joda-time:jar:1.6:compile 
[INFO] ------------------------------------------------------------------------ 
[INFO] BUILD SUCCESSFUL 
[INFO] ------------------------------------------------------------------------ 
[INFO] Total time: 8 seconds 
[INFO] Finished at: Wed Mar 14 23:17:07 CET 2012 
[INFO] Final Memory: 29M/342M 
[INFO] ------------------------------------------------------------------------

The搜索结果不是真的有用...

任何人都知道这个问题？（或者可以帮忙吗？）谢谢！

来源

2012-03-14 Joerg

变化

org.owasp.esapi.reference.JavaEncryptor

到

org.owasp.esapi.reference.crypto.JavaEncryptor

来源

2012-03-15 12:22:20 codepitbull

ah好吧...很酷谢谢...我明白了，我可以在ESAPI.properties中设置文件的位置... – Joerg 2012-03-15 12:31:26

这是一个常见的错误，但codepitbull钉答案。

问题通常是由于使用早期版本的ESAPI.properties文件引起的。在某个时候（在其后的2.0版本候选版本IIRC期间），我重新组织了一些ESAPI加密类并创建了org.owasp.esapi.reference.crypto包并将JavaEncryptor类移到了它。从某种意义上说，这是一件好事，因为如果试图使用ESAPI 1.4.x中的ESAPI.properties文件，它会使ESAPI 2.0.x加密失败。如果ESAPI 2.0.x和1.4.x之间的类名仍然相同，那么加密/解密的尝试仍然会失败，但会以更微妙的方式失败。

来源

2013-02-09 03:55:47

OWASP ESAPI - JavaEncryptor不能/不会在类路径中找到 - 但ESAPI工作在其他功能

回答

相关问题