-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Esapi 2.3.0.0 does not supported in opensaml 2.6.6 #695
Comments
Please refer to issue #567 As noted in both that issue and in your description above, this is not an issue with ESAPI. In this comment @kwwall offers options for remediation to the opensaml implementation. |
Any updates on this. Were you able to get a workaround? @Nikhilkarande33 |
@jeremiahjstacey is correct in closing this. If you want to report this issue, it should be reported as an opensaml GitHub issue, not as an ESAPI issue. We have no control over what version they are using, nor how they configure their ESAPI.properties file. |
@kwwall Thanks so much Kevin. I created a custom opensaml jar, but now get an NullpointerException. I will create a new stackoverflow question. Thanks for being so active and responsive. Hope to resolve this soon. Thanks again |
@harish-dhina-sghealthit - If you have a public fork of opensaml and can point me specifically to the commit(s) that you made along with the unit tests that you are running (and details about your JDK), I might be able to take a look at it next week. (I am swamped the rest of this week). Drop me an email (easy to find at the OWASP ESAPI wiki page) and provide me some links and I'll see if I can help you out. No promises I will be able to figure it out, but if you have a simple unit test that shows can reproduce the problem, I ought to be able to solve it. |
Esapi 2.3.0.0 does not supported in opensaml 2.6.6.
we are getting below error when using opensaml 2.6.6 with 2.3.0.0 as a forceful dependency.
org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet [default] in context with path [/santaba] threw exception [org.opensaml.ws.message.encoder.MessageEncodingException: Error creating output document] with root cause java.lang.ClassNotFoundException: org.owasp.esapi.reference.JavaLogFactory at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1415) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1223) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:315) at org.owasp.esapi.util.ObjFactory.loadClassByStringName(ObjFactory.java:158) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:81) at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:139) at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:155)
Its seems that opensaml refers to older package "org.owasp.esapi.reference.JavaLogFactory" and this package not present in esapi 2.3.0.0.
Is esapi not backward compatible or do you have any alternatives to resolve this issue.
The text was updated successfully, but these errors were encountered: