My Oracle Support Banner

How to ensure that antisamy-esapi.xml is loaded (Doc ID 1937953.1)

Last updated on NOVEMBER 06, 2023

Applies to:

Oracle WebCenter Sites - Version and later
Information in this document applies to any platform.


How to prevent these errors

a) at startup time, Sites tries to read antisamy-esapi.xml for the first time and fails, logging:

Not found in 'org.owasp.esapi.resources' directory or file not readable: {sites_installdir}/bin/antisamy-esapi.xml
Not found in SystemResource Directory/resourceDirectory: .esapi/antisamy-esapi.xml
Not found in 'user.home' (/home/webadm) directory: {sites_home_dir}/esapi/antisamy-esapi.xml

b) then on subsequent attempts to read it, the following exception is thrown:

java.lang.NoClassDefFoundError: Could not initialize class
at org.owasp.esapi.reference.DefaultValidator.getValidSafeHTML(
at COM.FutureTense.Util.ftUtil.readByteURL(

This can cause certain tags and code that perform data validation to fail, such as Utilties.ReadURL (bug 18731750)

Note: The presence of these errors means that the ESAPI resources in WebCenter Sites will not load correctly. They will not prevent successful initialization and running of the WebCenter Sites application. As previously noted regarding Bug 18731750, there may be some issues that could occur that are dependent on ESAPI to perform data validation.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.