What steps will reproduce the problem?
1. System.out.println("ESAPI.accessController found: " +
ESAPI.accessController());
without setting the custom directory but putting it in WEB-INF/classes
What is the expected output?
Loading configuration files.
What do you see instead?
Caused by: org.owasp.esapi.errors.ConfigurationException:
java.lang.ClassNotFoundException:
org.owasp.esapi.reference.accesscontrol.DefaultAccessController
AccessController class
(org.owasp.esapi.reference.accesscontrol.DefaultAccessController) must be in
class path.
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:108)
at org.owasp.esapi.ESAPI.accessController(ESAPI.java:85)
What version of the product are you using? On what operating system?
esapi-2.0.1 checked out from tags\esapi-2.0.1
Does this issue affect only a specified browser or set of browsers?
Browser indipendent.
Please provide any additional information below.
In
org.owasp.esapi.reference.DefaultSecurityConfiguration
change from
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION =
"org.owasp.esapi.reference.accesscontrol.DefaultAccessController"
to
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION =
"org.owasp.esapi.reference.DefaultAccessController"
clearly because DefaultAccessController is in org.owasp.esapi.reference package
and not in the org.owasp.esapi.reference.accesscontrol one.
Best regards,
Tarin
--
Tarin Gamberini
Regione Emilia-Romagna.it
www.taringamberini.com
Original issue reported on code.google.com by taringamberini on 9 Jan 2013 at 4:22
Original issue reported on code.google.com by
taringamberinion 9 Jan 2013 at 4:22