abrmh
commented
1 year ago This error is not blocking .
it just looking for extra security check which
esapi.properties file can provide validation for security input checks .
the file is not created
yvesgoupil
There are errors at the end of the start of Tomcat containing OpenAM and the SecurityService. Here is ~/apache-tomcat-9.0.33/logs/catalina.out :
...Starting up OpenAM at 03-Jan-2023 13:49:09 FAMClassLoader : found new Metro class in global classpath amSecurity:01/03/2023 01:49:17:716 PM GMT: Thread[main,5,main]: TransactionId[abd5d709-30ff-41b1-b706-1b1af16cb946-0] Debug file can't be written : Failed to create debug directory Current Debug File : DebugFileImpl{debugDirectorynulldebugName='CoreSystem', fileCreationTime=01/01/1970 12:00:00:000 AM GMT} amSecurity:01/03/2023 01:49:17:716 PM GMT: Thread[main,5,main]: TransactionId[abd5d709-30ff-41b1-b706-1b1af16cb946-0] ERROR: created internalAppSSOToken:RFlNNy9CTTZCZzB3YjBXRnJCajZLQT09MTY3Mjc1Mzc1NzcxNQ==, authInitialized: false, SystemProperties.isServerMode(): true, SystemProperties.get(AMADMIN_MODE): true 03-Jan-2023 13:49:21.804 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/data/openwis/apache-tomcat-9.0.33/webapps/openam] has finished in [27,041] ms 03-Jan-2023 13:49:21.808 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 03-Jan-2023 13:49:21.818 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [30,729] milliseconds DebugConfiguration:01/03/2023 01:49:37:196 PM GMT: Thread[http-nio-8080-exec-4,5,main] '/debugconfig.properties' isn't valid, the default configuration will be used instead: Can't find the configuration file '/debugconfig.properties'. DebugImpl:01/03/2023 01:49:37:198 PM GMT: Thread[http-nio-8080-exec-4,5,main] Can't read debug files map. '. Please check the configuration file '/debugfiles.properties'. java.lang.NullPointerException at java.util.Properties$LineReader.readLine(Properties.java:434) at java.util.Properties.load0(Properties.java:353) at java.util.Properties.load(Properties.java:341) at com.sun.identity.shared.debug.impl.DebugImpl.initProperties(DebugImpl.java:344) at com.sun.identity.shared.debug.impl.DebugImpl.<clinit>(DebugImpl.java:62) at com.sun.identity.shared.debug.impl.DebugProviderImpl.getInstance(DebugProviderImpl.java:76) at com.sun.identity.shared.debug.Debug.getInstance(Debug.java:204) at com.sun.identity.shared.locale.Locale.<clinit>(Locale.java:84) at com.sun.identity.saml2.idpdiscovery.CookieUtils.<clinit>(CookieUtils.java:75) at com.sun.identity.saml2.idpdiscovery.CookieWriterServlet.init(CookieWriterServlet.java:78) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1134) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1089) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:761) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:135) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1594) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set ESAPI: Attempting to load ESAPI.properties via file I/O. ESAPI: Attempting to load ESAPI.properties as resource file via file I/O. ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /data/openwis/apache-tomcat-9.0.33/bin/ESAPI.properties ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties ESAPI: Not found in 'user.home' (/data/openwis) directory: /data/openwis/esapi/ESAPI.properties ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException ESAPI: Attempting to load ESAPI.properties via the classpath. ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader! ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false ESAPI: Attempting to load validation.properties via file I/O. ESAPI: Attempting to load validation.properties as resource file via file I/O. ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /data/openwis/apache-tomcat-9.0.33/bin/validation.properties ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties ESAPI: Not found in 'user.home' (/data/openwis) directory: /data/openwis/esapi/validation.properties ESAPI: Loading validation.properties via file I/O failed. ESAPI: Attempting to load validation.properties via the classpath. ESAPI: validation.properties could not be loaded by any means. fail.. Caught java.lang.IllegalArgumentException; exception message was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource. log4j:WARN No appenders could be found for logger (IntrusionDetector). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.