ESAPI Configuration in AEM

K_PuneetH

09-04-2019

Hi,

We have requirement to use org.owsap.esapi pacakge in aem. So we added in related dependency in pom.xml and later we manually we made an bundle from esapi.jar and uploaded in system console. Still we are facing some issues. Below are the error in console when we ran java code:

Attempting to load ESAPI.properties via file I/O.

Attempting to load ESAPI.properties as resource file via file I/O.

Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Marketing Hub Latest Code\core\ESAPI.properties

System property [org.owasp.esapi.opsteam] is not set

System property [org.owasp.esapi.devteam] is not set

Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties

Found in 'user.home' directory: C:\Users\617044\esapi\ESAPI.properties

Loaded 'ESAPI.properties' properties file

SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false

Attempting to load validation.properties via file I/O.

Attempting to load validation.properties as resource file via file I/O.

Not found in 'org.owasp.esapi.resources' directory or file not readable: D:\Marketing Hub Latest Code\core\validation.properties

Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties

Not found in 'user.home' (C:\Users\617044) directory: C:\Users\617044\esapi\validation.properties

Loading validation.properties via file I/O failed.

Attempting to load validation.properties via the classpath.

  • validation.properties could not be loaded by any means. fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.

log4j:WARN No appenders could be found for logger (com.metlife.marketinghub.core.utils.Test).

log4j:WARN Please initialize the log4j system properly.

log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Expecting an example, how to configure esapi in AEM.

Thanks in advance.

Puneeth K.

Answers (4)

Answers (4)

suniln13212398

02-10-2019

hi,

I have similar issue and as requested here is the log when I try to click the "installed" bundle. (I am on aem 6.4 sp6)

02.10.2019 11:25:15.714 *ERROR* [qtp1516075529-13394] org.apache.felix.http.jetty %bundles.pluginTitle: Cannot start (org.osgi.framework.BundleException: Unable to resolve org.xxx.www.xxx-deprecated [551](R 551.149): missing requirement [org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi) Unresolved requirements: [[org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi)])

org.osgi.framework.BundleException: Unable to resolve org.xxx.www.xxx-deprecated [551](R 551.149): missing requirement [org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi) Unresolved requirements: [[org.xxx.www.xxx-deprecated [551](R 551.149)] osgi.wiring.package; (osgi.wiring.package=org.owasp.esapi)]

    at org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:4149)

    at org.apache.felix.framework.Felix.startBundle(Felix.java:2119)

    at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:998)

    at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:984)

    at org.apache.felix.webconsole.internal.core.BundlesServlet.doPost(BundlesServlet.java:359)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

    at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:563)

    at org.apache.felix.webconsole.internal.servlet.OsgiManager$3.run(OsgiManager.java:465)

    at java.security.AccessController.doPrivileged(Native Method)

    at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:461)

    at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:120 )

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:86)

    at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:328)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at com.adobe.granite.license.impl.LicenseCheckFilter.doFilter(LicenseCheckFilter.java:308)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:96)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)

    at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)

    at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.jav a:81)

    at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)

    at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(Whit eboardManager.java:1000)

    at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)

    at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet. java:49)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)

    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)

    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:535)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)

    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)

    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)

    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)

    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)

    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)

    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)

    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection .java:220)

    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)

    at org.eclipse.jetty.server.Server.handle(Server.java:503)

    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)

    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)

    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:30 5)

    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)

    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)

    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExe cutor.java:366)

    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)

    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)

    at java.lang.Thread.run(Thread.java:745)

akashs71073883

20-09-2019

Hi Rockstars,

Installed mentioned bundles but no luck then added below dependency in pom but now we are getting below error. We are on AEM 6.3.3:

Dependency -:

<dependency>

            <groupId>org.owasp.esapi</groupId>

            <artifactId>esapi</artifactId>

            <version>2.2.0.0-RC2</version>

        </dependency>

Core bundle shows below error :

Screen Shot 2019-09-20 at 10.28.11 AM.png

In case image does not load : org.owasp.esapi -- Cannot be resolved

Thanks , I appreciate your help.

Thanks - Akash Shindhe

Gaurav-Behl

MVP

27-08-2019

The version of esapi, servicemix and its dependencies could vary based on your AEM version. What version of AEM do you use?

There must be logs related to bundle not starting up due to some dependencies either in error.log or stderr.log Could you share that?

When you click on the "installed" bundle you'd see the unsatisfied dependencies along with versions. Could you share that? 

Sorin_Diaconesc

26-08-2019

gauravb10066713​ Truly the servicemix from Apache wraps those jars into bundles. But the esapi bundle is not starting. Even after I fixed all the required dependencies to commons-beanutils, commons-configurations, and few more I recall, including the antisamy, the bundle is not starting.

I haven't found any relevant message in logs.

I even tried to create a "resource" folder, put the ESAPI.properties in there (I haven't found a antisamy.xml example file to pun there too) and I started AEM jar with a -Dorg.owasp.esapi.resources="c:\resources" argument. Still not working. Esapi bundle does not start.

Please note that I have MacOs, and I uses system paths accordingly. So this might be an additional issue. I dunno if esapi works for MacOs.

If someone has an end to end solution on how to integrate esapi in AEM I would also appreciate.