I am trying to evaluate the OWASP ESAPI library, but I am having trouble getting it to initialize properly. I set the resources folder for ESAPI.properties and validation.properties, and they load from the class path without problems. However, the antisamy-esapi.xml file does not load from the class path, and I have found an error since 2010 that mentions this. I get the following errors:
Attempted to load antisamy-esapi.xml as a resource file through an I / O file. Not found in org.owasp.esapi.resources directory or file that cannot be read: C: \ Users \ mydir \ resin-pro-4.0.27 \ antisamy-esapi.xml Not found in SystemResource Directory / resourceDirectory: .esapi \ antisamy -esapi.xml Not found in the 'user.home' directory (C: \ Users \ mydir): C: \ Users \ mydir \ esapi \ antisamy-esapi.xml
I use this library to create the resin. I tried to manually place the xml file in all of the above places, and the only one that finally worked was my home directory, which does not work very well for production deployment.
I also followed the recommendation found elsewhere which says to set the -Dorg.owasp.esapi.resources property. This did not work either, but it is more interesting that the error has not changed, which makes me think that the setting was not raised for some reason.
Any pointers to where this file should be placed in my project so that it is loaded correctly after it is deployed to the container?
Thanks in advance.
Update:
, ESAPI.properties, ( src dir), , antisamy-esapi.xml user.home, ClassLoader.getSystemResource(). , . DefaultSecurityConfiguration.java getResourceFile() , loadConfigurationFromClasspath(). ESAPI.override() , .