How to ensure that antisamy-esapi.xml is loaded (Doc ID 1937953.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle WebCenter Sites - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

How to prevent these errors

a) at startup time, Sites tries to read antisamy-esapi.xml for the first time and fails, logging:

Not found in 'org.owasp.esapi.resources' directory or file not readable: {sites_installdir}/bin/antisamy-esapi.xml
Not found in SystemResource Directory/resourceDirectory: .esapi/antisamy-esapi.xml
Not found in 'user.home' (/home/webadm) directory: {sites_home_dir}/esapi/antisamy-esapi.xml

b) then on subsequent attempts to read it, the following exception is thrown:

java.lang.NoClassDefFoundError: Could not initialize class
org.owasp.esapi.reference.validation.HTMLValidationRule
at org.owasp.esapi.reference.DefaultValidator.getValidSafeHTML(DefaultValidator.java:337)
at COM.FutureTense.Util.ftUtil.readByteURL(ftUtil.java:755)

This can cause certain tags and code that perform data validation to fail, such as Utilties.ReadURL (bug 18731750)

Note: The presence of these errors means that the ESAPI resources in WebCenter Sites will not load correctly. They will not prevent successful initialization and running of the WebCenter Sites application. As previously noted regarding Bug 18731750, there may be some issues that could occur that are dependent on ESAPI to perform data validation.

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms