Bad HTML input and Redirect to authentication failed errors

(Doc ID 1591160.1)

Last updated on OCTOBER 06, 2016

Applies to:

Oracle WebCenter Sites - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Symptoms

After upgrading from 11.1.1.6.x to 11.1.1.8.0 successfully, the Sites web application is not able to find these files which are normally found in the [sites folder where all the ini files are]\bin folder :

ESAPI.properties
customBeans.xml

This results in "Bad HTML input and Redirect to authentication failed" errors in the Sites log.

In futuretense.txt, see repeated errors such as:

[2013-10-01 16:32:33,292 CDT] [WARN ] [temBasedClusteredEventExecutor] [fatwire.logging.cs.file] Bad HTML input: [

] Exception: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
[2013-10-01 16:32:33,807 CDT] [ERROR] [http-apr-8080-exec-4] [sso.cas.filter.CASFilter] Redirect to authentication failed: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.

In Tomcat logs see:

1) Oct 1, 2013 4:32:30 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter casxssfilter
org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [customBeans.xml]; nested exception is java.io.FileNotFoundException: class path resource [customBeans.xml] cannot be opened because it does not exist
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:349)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
...
Caused by: java.io.FileNotFoundException: class path resource [customBeans.xml] cannot be opened because it does not exist
at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:143)
...

2) Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: E:\Apache\Tomcat\bin\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' (C:\) directory: C:\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms