Hi
ESAPI Validation is dependent on HttpServletRequest. This might be fine when
running in a servlet container, but not for unit tests.
Our application is split into three different projects, a thin web layer,
business logic and finally database/ldap access. All of the managers live in
the business layer, that have no knowledge of the web layer. This is where I
would like the validation to occur.
When the business layer makes a call to ESAPI.validation() while running as
unit tests, I get the following exception:
java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletRequest
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
at java.lang.Class.getMethod0(Class.java:2670)
at java.lang.Class.getMethod(Class.java:1603)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:77)
at org.owasp.esapi.ESAPI.validator(ESAPI.java:191)
The servlet-api jar is already a part of my web project. I am not going to add
it to the business layer project. Also, because of legacy issues, validation
has to happen in the business layer.
I can bypass this exception by calling DefaultValidator.getInstance() directly.
However, once it tries to log an XSS string in the unit test, I am back to the
NoClassDefFoundError.
It would be nice if there was a way to turn off any dependency on the servlet
container classes for unit testing.
Thanks,
Alana
Original issue reported on code.google.com by alanaca...@gmail.com on 22 Jul 2011 at 7:43
Original issue reported on code.google.com by
alanaca...@gmail.comon 22 Jul 2011 at 7:43