esapi-java-legacy icon indicating copy to clipboard operation
esapi-java-legacy copied to clipboard

Published 20 hours ago verified publisher icon ESAPI

ESAPI.securityConfiguration().setResourceDirectory(...) not considered anymore in loading of configuration via classloader

Open nettermensch opened this issue 3 years ago • 0 comments

#745

We set the directory for locating the ESAPI.properties within our resources in the following way.

String` rd = findConfigurationDirectory(...); // <== result e.g. is "esapi/v25/" ESAPI.securityConfiguration().setResourceDirectory(rd);

Using ESAPI <= version 2.1 this perfectly worked fine. It does not work from ESAPI >= 2.2 on. After scanning the code of "DefaultSecurityConfiguration" I see the following difference in method "loadConfigurationFromClasspath":

Version 2.1
in = currentLoader.getResourceAsStream(this.resourceDirectory + "/" + fileName);

Version >= 2.2
in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY.value() + fileName);

Please check details from discussion #745 . As mentioned in the discussion there is a workaround for flexibly loading the configuration.

nettermensch avatar Oct 10 '22 09:10 nettermensch