Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

ESAPI Configuration in AEM

Avatar

Level 1

Hi,

We have requirement to use org.owsap.esapi pacakge in aem. So we added in related dependency in pom.xml and later we manually we made an bundle from esapi.jar and uploaded in system console. Still we are facing some issues. Below are the error in console when we ran java code:

Attempting to load ESAPI.properties via file I/O.

Attempting to load ESAPI.properties as resource file via file I/O.

Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Marketing Hub Latest Code\core\ESAPI.properties

System property [org.owasp.esapi.opsteam] is not set

System property [org.owasp.esapi.devteam] is not set

Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties

Found in 'user.home' directory: C:\Users\617044\esapi\ESAPI.properties

Loaded 'ESAPI.properties' properties file

SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false

Attempting to load validation.properties via file I/O.

Attempting to load validation.properties as resource file via file I/O.

Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Marketing Hub Latest Code\core\validation.properties

Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties

Not found in 'user.home' (C:\Users\617044) directory: C:\Users\617044\esapi\validation.properties

Loading validation.properties via file I/O failed.

Attempting to load validation.properties via the classpath.

  • validation.properties could not be loaded by any means. fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.

log4j:WARN No appenders could be found for logger (com.metlife.marketinghub.core.utils.Test).

log4j:WARN Please initialize the log4j system properly.

log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Expecting an example, how to configure esapi in AEM.

Thanks in advance.

Puneeth K.

1 Accepted Solution

Avatar

Correct answer by
Level 10

You could explore "servicemix" bundles and install the related OSGI dependencies

https://search.maven.org/search?q=esapi

  1. org.apache.servicemix.bundles:org.apache.servicemix.bundles.esapi:2.1.0.1_1
  2. Central Repository: commons-configuration/commons-configuration/1.10
  3. Central Repository: org/apache/servicemix/bundles/org.apache.servicemix.bundles.antisamy/1.5.7_1

1729562_pastedImage_7.png

View solution in original post

6 Replies

Avatar

Correct answer by
Level 10

You could explore "servicemix" bundles and install the related OSGI dependencies

https://search.maven.org/search?q=esapi

  1. org.apache.servicemix.bundles:org.apache.servicemix.bundles.esapi:2.1.0.1_1
  2. Central Repository: commons-configuration/commons-configuration/1.10
  3. Central Repository: org/apache/servicemix/bundles/org.apache.servicemix.bundles.antisamy/1.5.7_1

1729562_pastedImage_7.png

Avatar

Level 2

After installing above mentioned jars also, I'm getting error as org.owasp.validator .html, version=[1.4,2) -- cannot be resolved. please help me to fix this.

Avatar

Level 2

gauravb10066713​ Truly the servicemix from Apache wraps those jars into bundles. But the esapi bundle is not starting. Even after I fixed all the required dependencies to commons-beanutils, commons-configurations, and few more I recall, including the antisamy, the bundle is not starting.

I haven't found any relevant message in logs.

I even tried to create a "resource" folder, put the ESAPI.properties in there (I haven't found a antisamy.xml example file to pun there too) and I started AEM jar with a -Dorg.owasp.esapi.resources="c:\resources" argument. Still not working. Esapi bundle does not start.

Please note that I have MacOs, and I uses system paths accordingly. So this might be an additional issue. I dunno if esapi works for MacOs.

If someone has an end to end solution on how to integrate esapi in AEM I would also appreciate.

Avatar

Level 10

The version of esapi, servicemix and its dependencies could vary based on your AEM version. What version of AEM do you use?

There must be logs related to bundle not starting up due to some dependencies either in error.log or stderr.log Could you share that?

When you click on the "installed" bundle you'd see the unsatisfied dependencies along with versions. Could you share that? 

Avatar

Level 1

Hi Rockstars,

Installed mentioned bundles but no luck then added below dependency in pom but now we are getting below error. We are on AEM 6.3.3:

Dependency -:

<dependency>

            <groupId>org.owasp.esapi</groupId>

            <artifactId>esapi</artifactId>

            <version>2.2.0.0-RC2</version>

        </dependency>

Core bundle shows below error :

Screen Shot 2019-09-20 at 10.28.11 AM.png

In case image does not load : org.owasp.esapi -- Cannot be resolved

Thanks , I appreciate your help.

Thanks - Akash Shindhe

Avatar

Level 2

hi,

I have similar issue and as requested here is the log when I try to click the "installed" bundle. (I am on aem 6.4 sp6)

02.10.2019 11:25:15.714 *ERROR* [qtp1516075529-13394] org.apache.felix.http.jetty %bundles.pluginTitle: Cannot start (org.osgi.framework.BundleException: Unable to resolve org.xxx.www.xxx-deprecated [551](R 551.149): missing requirement [org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi) Unresolved requirements: [[org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi)])

org.osgi.framework.BundleException: Unable to resolve org.xxx.www.xxx-deprecated [551](R 551.149): missing requirement [org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi) Unresolved requirements: [[org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi)]

    at org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:4149)

    at org.apache.felix.framework.Felix.startBundle(Felix.java:2119)

    at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:998)

    at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:984)

    at org.apache.felix.webconsole.internal.core.BundlesServlet.doPost(BundlesServlet.java:359)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

    at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:563)

    at org.apache.felix.webconsole.internal.servlet.OsgiManager$3.run(OsgiManager.java:465)

    at java.security.AccessController.doPrivileged(Native Method)

    at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:461)

    at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:120 )

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:86)

    at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:328)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:308)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:96)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

    at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1000)

    at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

    at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)

    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:535)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)

    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)

    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

    at org.eclipse.jetty.server.Server.handle(Server.java:503)

    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)

    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)

    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

    at java.lang.Thread.run(Thread.java:745)