Bad HTML input and Redirect to authentication failed errors (Doc ID 1591160.1)

Last updated on APRIL 05, 2024

Applies to:

Symptoms

After upgrading from 11.1.1.6.x to 11.1.1.8.0 successfully, the Sites web application is not able to find these files which are normally found in the [sites folder where all the ini files are]\bin folder :

ESAPI.properties
customBeans.xml

This results in "Bad HTML input and Redirect to authentication failed" errors in the Sites log.

In futuretense.txt, see repeated errors such as:

[2013-10-01 16:32:33,292 CDT] [WARN ] [temBasedClusteredEventExecutor] [fatwire.logging.cs.file] Bad HTML input: [

] Exception: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
[2013-10-01 16:32:33,807 CDT] [ERROR] [http-apr-8080-exec-4] [sso.cas.filter.CASFilter] Redirect to authentication failed: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.

In Tomcat logs see:

1) Oct 1, 2013 4:32:30 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter casxssfilter
org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [customBeans.xml]; nested exception is java.io.FileNotFoundException: class path resource [customBeans.xml] cannot be opened because it does not exist
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:349)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
...
Caused by: java.io.FileNotFoundException: class path resource [customBeans.xml] cannot be opened because it does not exist
at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:143)
...

2) Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in 'org.owasp.esapi.resources' directory or file not readable: E:\Apache\Tomcat\bin\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in 'user.home' (C:\) directory: C:\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.