harini-nagarajan-5578 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
3 stars 0 forks source link

ClassCastException on SecurityWrapperResponse #320

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

Incorporated filter, request and response code and ESAPI.properties file from 
the location below into a J2EE application with small modifications. 

http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/
owasp/esapi/filters/ESAPIFilter.java?r=565

A few facts about the J2EE app:

JDK 150_15
esapi-2.0.1.jar
weblogic server 10.2 
netui for web tier 

Exception: 

<Feb 24, 2014 11:51:47 AM> ERROR (MySecureFilter.java:133) - My Security 
Filter, Error in SecurityWrapper: 
com.somecompany.ahp.servlet.filter.MySecurityWrapperResponse
java.lang.ClassCastException: 
com.somecompany.ahp.servlet.filter.MySecurityWrapperResponse
        at com.bea.netuix.servlets.services.LightNetUIxServices.fixupControlTree
WalkerResponse(LightNetUIxServices.java:76)
        at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:229)
        at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
        at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
        at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
        at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
        at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java
:388)
        at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
        at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)

        at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileS
ervlet.java:257)
        at com.bea.netuix.servlets.manager.PortalServlet.service(PortalServlet.j
ava:689)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
(StubSecurityHelper.java:226)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
tyHelper.java:124)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:283)
        at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
        at com.somecompany.ahp.servlet.filter.MySecureFilter.doFilter(MySecureFi
lter.java:130)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
        at com.rsa.cleartrust.webfilter.CTLoginFilter.doFilter(Unknown Source)
        at com.rsa.cleartrust.weblogic.security.webfilter.CTLoginFilter.doFilter
(Unknown Source)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
        at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpCont
extFilter.java:60)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
        at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilte
r.java:336)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:3402)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(Unknown Source)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2140)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2046)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1398)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)

Original issue reported on code.google.com by purplebr...@gmail.com on 26 Feb 2014 at 8:28