Working with OWASP's ESAPI, I found myself stuck at this particular line of code.
private static String customDirectory = System.getProperty("org.owasp.esapi.resources");
The code returns null as there is no such system property "org.owasp.esapi.resources" set on my computer. Is there any way to set this property on my computer permanently?
You need to pass it into your JVM as a command line property. Most application containers use the environment variable JAVA_OPTS as a "permanent" store of options that should be passed to the JVM. You can try to do something like this:
In *nix:
export JAVA_OPTS="-Dorg.owasp.esapi.resources=/path/to/esapi/configuration"
In windows:
set JAVA_OPTS="-Dorg.owasp.esapi.resources=C:\path\to\esapi\configuration"
You can add this to windows or linux as a startup command and it will always be set if you desire, or add it to your application's startup script for a more localized solution.
If you put the ESAPI.properties and Validation.properties inside the resources folder it will recognize automatically.
In case you need to specify s specific folder or sub-folders, one possibility is adding this property in your standalone.
<system-properties>
<property name="org.owasp.esapi.resources" value="C:/.../resources/esapi"/>
<system-properties>
However, in unit tests, you have to specify before the tests.
#BeforeClass
public static void before() {
if(System.getProperty("org.owasp.esapi.resources") != null) {
System.out.println(System.getProperty("org.owasp.esapi.resources"));
} else {
System.setProperty("org.owasp.esapi.resources", "src/main/resources");
}
}
Related
Developed the integration tests using Test container. Have few fields as environment variables(Eg: passing it as quarkus.datasource.username=${SER_DB_USERNAME:postgres}) in application.properties file.
When setting environment field through test container
GenericContainer<?> someService = new GenericContainer<>(img)
.withEnv("SER_DB_USERNAME", DataLayer.DB_USERNAME)
This value is being successfully taken with test containers but
For the below environment variable,
app.security.enabled=${SER_SEC_ENABLE:true} defined in application.properties file
#IfBuildProperty(name = "app.security.enabled", stringValue = "true")
the environment variable is setting through cmd prompt using -DSER_SEC_ENABLED=true, but when trying to pass the same value in test containers, it's always null.
GenericContainer<?> someService = new GenericContainer<>(img)
.withEnv("SER_SEC_ENABLE", "true")
Without having more context of the project, I can at least observe, that app.security.enabled is a build property rather than a runtime property, so it might be evaluated at build time already. If you start the container with an already built image/application, it is very likely, that the environment variable has no effect.
Furthermore, setting a property on the JVM using the -D flag does not result in an environment variable, this is explicitly a system property on the JVM.
I am trying to run a project on a UAT (Linux) server, but there is a problem, I need the logs to be written on the test server in a different path.
The project resources contain logback.xml, which specifies where to write logs:
<property name = "logging.path" value = "/logs"/>
<property name = "logging.file" value = "app-logger"/>
I cannot change this file, because in this case everything is correct, but for UAT I created another logback.xml and put it not in the resources but in another directory, and when I run the jar file I want to specify that I need to take this one logback.xml
On UAT I execute this command
java -Xmx512M -jar /home/user/app/program/program-0.1.jar --logging.config = app/program/config/logback.xml
I got this error:
ERROR in ch.qos.logback.core.rolling.RollingFileAppender [RollingFile] - openFile (/logs/app-logger.log,true) call failed. java.io.FileNotFoundException: /logs/app-logger.log (No such file or directory)
at org.springframework.boot.logging.logback.LogbackLoggingSystem.loadConfiguration (LogbackLoggingSystem.java:169)
So the second file logback.xml which I created is ignored and the one that lies in the resources is used. What am I doing wrong? How to put another logback.xml into Spring?
You can add in your required log directory to your environment specific properties file,
should be something like application.uat.properties. So you would add in something like LOG_DIR=path/to/directory
Once that is done add in '<property resource="application.${env}.properties"/>' to your logback.xml
And finally in your file appender , add '<file>${LOG_DIR}/serive.log</file>'
I have a dropwizard question. I use Dropwizard with SBT (which works pretty fine).
If I run my application i package it with:
$ sbt clean assembly
And than run the application with:
$ java -jar APPLICATION.jar server
The problem is with this command Dropwizard doesnt load my config file (config.yaml), which is in the resources located.
Regarding the Dropwizard Docs I always have to give the config file as parameter like:
$ java -jar APPLICATION.jar server config.yaml
This works fine and it loads the application but is there any possibility to tell Dropwizard to load directly the config.yaml file, because my configuration in the config.yaml file is static and it is always the same. Settings like Database etc which are changing from Server Stage to Server Stage are made as Enviroment Variable which I load with EnvironmentVariableSubstitutor.
Thanks
Use class ResourceConfigurationSourceProvider:
#Override
public void initialize(final Bootstrap<ExampleConfiguration> bootstrap) {
bootstrap.setConfigurationSourceProvider(new ResourceConfigurationSourceProvider());
// The rest of initialize...
}
And then invoke the application like:
java -jar APPLICATION.jar server /resource-config.yaml
(note the initial /)
While this answer is very late, just thought I'd put this here. There is a dirty little hack to make it work so that you don't have to provide config.yaml in your application arguments.
Basically, you can submit a new String[] args to the run() method in the dropwizard application.
public class ApplicationServer extends Application<Config> {
public static void main(String[] args) {
String[] appArgs = new String[2];
appArgs[0] = args[0]; // This will be the usual server argument
appArgs[1] = "config.yaml";
new ApplicationServer().run(appArgs);
}
#Override
public void run(Config configuration, Environment environment) {
// Configure your resources and other application related things
}
}
I used this little trick to specify which config file I wanted to run with. So instead of specifying config.yaml, I would give my second argument as DEV/UAT/STAGE/PROD and pass on the appropriate config file to the run method.
Also interesting to have a look at:
earlye/dropwizard-multi-config
<dependency>
<groupId>com.thenewentity</groupId>
<artifactId>dropwizard-multi-config</artifactId>
<version>{version}</version>
</dependency>
It allows overriding and merging multiple config-files passed on the java command-line like:
java -jar sample.jar server -- sample.yaml override.yaml
Here you pass (1) sample.yaml as the primary configuration (e.g. having default values) and (2) override.yaml as the override. The effective config is a result from merging both in order of appearance: (1) defaults will be overwritten and merged with (2).
I have downloaded commom-daemon tool and used with a java application. I have created a bat file as shown below
set SERVICE_NAME=sample
set PR_INSTALL=D:\commons-daemon-1.0.15-bin-windows-signed\prunsrv.exe
REM Service log configuration
set PR_LOGPREFIX=%SERVICE_NAME%
set PR_LOGPATH=D:\logs
set PR_STDOUTPUT=D:\logs\stdout.txt
set PR_STDERROR=D:\logs\stderr.txt
set PR_LOGLEVEL=Error
REM Path to java installation
set PR_JVM=C:\Java\jre7\bin\client\jvm.dll
set PR_CLASSPATH=D:\commons-daemon-1.0.15-bin-windows-signed\Daemon.jar
REM Startup configuration
set PR_STARTUP=auto
set PR_STARTMODE=jvm
set PR_STARTCLASS=com.SomeService
set PR_STARTMETHOD=start
REM Shutdown configuration
set PR_STOPMODE=jvm
set PR_STOPCLASS=com.SomeService
set PR_STOPMETHOD=stop
REM JVM configuration
set PR_JVMMS=256
set PR_JVMMX=1024
set PR_JVMSS=4000
set PR_JVMOPTIONS=-Duser.language=DE;-Duser.region=de
In cmd , I install the service using the command
prunsrv.exe //IS//sample
After this, a service named sample become available in the list of services and when I tried to start it it shows:
Windows could not start the sample on Local Computer. For more information review the System event log. If this is a non-Microsoft service, contact the service vendor and refer to the server specific
error code 1
UPDATED
When I run
prunsrv.exe //ES//sample
it shows
The data area passed to a system call is too small.
Failed to start service
Can any one help me in this?
I had the same problem. In my case (not yours exactly), the problem was the jvm.dll path, because the variable %JAVA_HOME% has spaces. So to solve this, I modify the assignment
set CG_PATH_TO_JVM=%JAVA_HOME%\jre\bin\server\jvm.dll
to
set CG_PATH_TO_JVM="%JAVA_HOME%\jre\bin\server\jvm.dll"
and that's all.
Also, you could check the variables assignment with this command:
prunmgr//ES//yourservicename_as_in_windows
To help others troubleshooting.
If you look at:
https://commons.apache.org/proper/commons-daemon/procrun.html
There is a parameter:
--LogPath
which defaults to:
%SystemRoot%\System32\LogFiles\Apache
A log file is generated there which contains some additional error messages and possibly useful information.
The original questioner changed the log path to:
set PR_LOGPATH=D:\logs
So looking there would be the appropriate thing to do in their case.
I also had this cryptic error message 'The data area passed to a system call is too small.' with no further information in either the startup log or the Windows/System32/LogFiles/Apache/ logs on Win 8/Server 2008.
I had renamed my packages and the --StartClass and --StopClass parameters were wrong.
I agreed with OscarSan that a space in %JAVA_HOME% could cause the "error code 1" problem. I solve this problem by re-installing JDK 1.8 to change the installation path from C:\Program Files Java\jdk1.8.0_144 to C:\Java\jdk1.8.0_144. Problem solved.
I have imported an existing Java EE application into my Eclipse IDE.
I found this piece of code under it
public static String decideEnv() {
String env = null;
env = (String) System.getProperties().get("TB_ENVIRONEMNT");
return env;
}
could anybody please let me know from where exactly it gets the value with this line
System.getProperties().get("TB_ENVIRONEMNT")
Do we need to set this value anywhere ??
Go to Run/Run Configurations, locate your run configuration (I guess you are using applicaiton server), choose it and add -DTB_ENVIRONEMNT=your value here to Arguments tab, text area "VM arguments"
There can be multiple ways to set the system properties, following ways are common
search in your code if it sets programatically (do file search )
When it loads the app to server, we can pass the system properties there too
Also see in your native OS's system properties
You can pass it from command line using -Dname=value switch:
java my-app -DTB_ENVIRONEMNT=dev