I am currently learning how to boot a web application with a java agent for monitoring.
The Web Application I chose was WebGoat, and running WebGoat with java -jar webgoat-server-8.0.0.M17.jar as stated in WebGoat's README works perfectly fine.
However, when I try to add my agent, I get the following mess of an error log:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.12.RELEASE)
2018-06-06 22:36:08.528 INFO 3741 --- [ main] org.owasp.webgoat.StartWebGoat : Starting StartWebGoat v8.0.0.M17 on MacBook-Pro.local with PID 3741 (/Users/andrewfan/Desktop/Lang Agent Dev Proj help info/webgoat-server-8.0.0.M17.jar started by andrewfan in /Users/andrewfan/Desktop/Lang Agent Dev Proj help info)
2018-06-06 22:36:08.531 INFO 3741 --- [ main] org.owasp.webgoat.StartWebGoat : No active profile set, falling back to default profiles: default
2018-06-06 22:36:08.844 INFO 3741 --- [ main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@1376c05c: startup date [Wed Jun 06 22:36:08 EDT 2018]; root of context hierarchy
2018-06-06 22:36:11.354 INFO 3741 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$8e12590a] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2018-06-06 22:36:11.442 WARN 3741 --- [ main] ationConfigEmbeddedWebApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mvcConfiguration': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'webgoat.user.directory' in value "${webgoat.user.directory}"
2018-06-06 22:36:11.455 INFO 3741 --- [ main] utoConfigurationReportLoggingInitializer :
Error starting ApplicationContext. To display the auto-configuration report re-run your application with 'debug' enabled.
2018-06-06 22:36:11.464 ERROR 3741 --- [ main] o.s.boot.SpringApplication : Application startup failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mvcConfiguration': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'webgoat.user.directory' in value "${webgoat.user.directory}"
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:372) ~[spring-beans-4.3.16.RELEASE.jar!/:4.3.16.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1268) ~[spring-beans-4.3.16.RELEASE.jar!/:4.3.16.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553) ~[spring-beans-4.3.16.RELEASE.jar!/:4.3.16.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483) ~[spring-beans-4.3.16.RELEASE.jar!/:4.3.16.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312) ~[spring-beans-4.3.16.RELEASE.jar!/:4.3.16.RELEASE]
at
...
I cut the error messages short since the trace is a few pages long, but the main error seems to be org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mvcConfiguration': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'webgoat.user.directory' in value "${webgoat.user.directory}"
I am running my agent as follows:
java -javaagent:/Users/path/to/jar/Spn-LangAgent-0.0.jar -jar webgoat-server-8.0.0.M17.jar --server.port=8080 --server.address=localhost
My agent is as follows:
package com.spnlangagent.langagent;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLClassLoader;
import java.lang.reflect.Field;
import java.lang.instrument.Instrumentation;
import java.lang.instrument.UnmodifiableClassException;
import com.google.monitoring.runtime.instrumentation.AllocationRecorder;
public class LangAgent {
public static void premain(String agentArgs, Instrumentation inst) throws Exception {
System.out.println("LangAgent: premain now running");
setupInstrumentation(agentArgs, inst);
startRuntime(agentArgs);
}
private static void setupInstrumentation(String agentArgs, Instrumentation inst) throws Exception {
System.out.println("setupInstrumentation: now running with agentArgs: " + agentArgs);
}
private static void startRuntime(String agentArgs) throws Exception {
System.out.println("startRuntime: now running with agentArgs: " + agentArgs);
}
}
The original contents of the agent were commented out except for a few print statements, and yet even with this, WebGoat is crashing on startup.
I tried another agent with WebGoat and it worked fine, so the only thing I can think of is that something is wrong with either my agent, or the way it is being packaged.
I am using Maven, and my MANIFEST.MF is as follows:
Manifest-Version: 1.0
Premain-Class: com.spnlangagent.langagent.LangAgent
Can-Redefine-Classes: true
Can-Retransform-Classes: true
After running mvn package, the MANIFEST packaged in the .jar is as follows:
Manifest-Version: 1.0
Premain-Class: com.spnlangagent.langagent.LangAgent
Built-By: andrewfan
Can-Redefine-Classes: true
Can-Retransform-Classes: true
Created-By: Apache Maven 3.5.3
Build-Jdk: 1.8.0_172
In my pom.xml, I am doing the following to reach the manifest:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<archive>
<manifestFile>src/main/resources/META-INF/MANIFEST.MF</manifestFile>
</archive>
</configuration>
</plugin>
If someone could point me in the right direction in regards to figuring out why WebGoat is crashing, or if someone could provide more insight into why what I am currently doing is wrong, that would be greatly appreciated.
Thank you.
Note: If the rest of my pom.xml is necessary for debugging, I will gladly provide it; it's just that the question is already very long as-is.
Webgoat (and also in most Spring-based application) relies on properties file (in properties or yaml format usually) to perform placeholder lookup.
The symptom in your failure indicate that Spring failed to lookup properties for placeholder processing.
Given that placeholder lookup works well without presence of your agent JAR, and with information you mentioned in comment, the problem is caused by
application.properties "shadowed" the one in Webgoat main JAR. Which means, when Webgoat starts, Spring picked up your empty application.properties for its placeholder processing, hence failed.