Search code examples
javaresourcesdirectorycloudbeesesapi

cloudbees & ESAPI - how do I point to the ESAPI directory?

I'm using ESAPI for my project, and added the ESAPI configuration directory to src/main/resources so it is copied to my WAR file (I downloaded the WAR from cloudbees, I can see it was put in WEB-INF/classes/esapi/ directory)

Locally, I just point to where the directory is and all works fine, but on cloudbees it just doesn't work for me.

In order to access its properties, ESAPI project tries all kinds of stuff, including checking the org.owasp.esapi.resources system property, so I've added the following code to cloudbees-web.xml:

<sysprop name="org.owasp.esapi.resources" value="WEB-INF/classes/esapi/" />

and I can see that the system property value is found because of the following error in the logs:

Not found in 'org.owasp.esapi.resources' directory or file not readable: /var/genapp/apps/akld3873/WEB-INF/classes/esapi/ESAPI.properties

so it finds the system property (because the path is like I've specified), but when it looks for the actual directory and files in it, I guess the directory is either not there or not readable.

Do I need to move it somewhere else? Inside the WEB-INF directory maybe? Is the setting not right? I've read that others solved similar issues by building a JAR just for this directory, but this doesn't seem like a good solution, there must be a simple setup that will work for cloudbees.

Solution

  • Ok so after searching and testing, I finally figured it out. Cloudbees deploys your web app to the following directory:

    staxcat/install/webapp.war/

    notice that this is a relative path, with prefix of this path attached it looks something like this:

    /var/genapp/apps/xxxxxxxx/staxcat/install/webapp.war/WEB-INF/esapi/ESAPI.properties

    so, in order to get ESAPI to work, I had to set the following in cloudbees-web.xml:

    <sysprop name="org.owasp.esapi.resources" value="staxcat/install/webapp.war/WEB-INF/esapi" />

    this will enable ESAPI to find the directory if in your project it is located under:

    src/main/webapp/WEB-INF/esapi

    and you should get the following log line:

    Found in 'org.owasp.esapi.resources' directory: /var/genapp/apps/xxxxxxxxx/staxcat/install/webapp.war/WEB-INF/esapi/ESAPI.properties