search

ibnemahdi / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

AccessControlPolicy.xml configuration #173

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Having an AccessControlRule (EchoRuntimeParameter and EchoPolicyParameter) 
configured in the AccessControlPolicy.xml file with a non-existent class.
2. Then a call which results in PolicyDTO.addAccessControlRule(String, String, 
Object) being executed
3.

What is the expected output? What do you see instead?
Expected to have the rules loaded.
Instead received:
org.owasp.esapi.errors.AccessControlException: Unable to create Access Control 
Rule for key: "EchoRuntimeParameter" with policyParameters: "null"
......................
Caused by: java.lang.ClassNotFoundException: 
org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR
 at java.lang.Class.forNameImpl(Native Method)
 at java.lang.Class.forName(Class.java:169)
 at org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO.addAccessControlRule(PolicyDTO.java:36)

What version of the product are you using? On what operating system?
2.0rc6, Win7

Does this issue affect only a specified browser or set of browsers?
N/A

Please provide any additional information below.
Suggest removing or commenting out the configuration until such time as the 
rule classes can be implemented. This was an out of the box attempt to utilize 
the AccessControl APIs. Was able to work around it by commenting out the 
offending configuration.

Original issue reported on code.google.com by e.scott....@gmail.com on 4 Nov 2010 at 8:55

GoogleCodeExporter commented 9 years ago 
this is fixed per checking 1646 - I just moved the 2 files in question from 
test to main. Any other feedback on our access control mechanism is greatly 
appreciated.

Aloha!

Original comment by manico.james@gmail.com on 5 Nov 2010 at 4:23