我在部署到 WildFly.8.2.0.Final 的 WAR 文件中使用 ESAPI 时遇到了一个奇怪的类加载问题。这是我收到的错误:
09:35:47,383 ERROR [stderr] (default task-12) Caused by: java.lang.reflect.InvocationTargetException
09:35:47,383 ERROR [stderr] (default task-12) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
09:35:47,383 ERROR [stderr] (default task-12) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
09:35:47,383 ERROR [stderr] (default task-12) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
09:35:47,383 ERROR [stderr] (default task-12) at java.lang.reflect.Method.invoke(Method.java:606)
09:35:47,383 ERROR [stderr] (default task-12) at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
09:35:47,383 ERROR [stderr] (default task-12) ... 111 more
09:35:47,383 ERROR [stderr] (default task-12) Caused by: java.lang.ClassCastException: org.owasp.esapi.reference.Log4JLogger cannot be cast to org.owasp.esapi.Logger
09:35:47,383 ERROR [stderr] (default task-12) at org.owasp.esapi.reference.Log4JLogFactory.getLogger(Log4JLogFactory.java:88)
09:35:47,383 ERROR [stderr] (default task-12) at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154)
09:35:47,383 ERROR [stderr] (default task-12) at org.owasp.esapi.reference.DefaultEncoder.<init>(DefaultEncoder.java:75)
09:35:47,383 ERROR [stderr] (default task-12) at org.owasp.esapi.reference.DefaultEncoder.getInstance(DefaultEncoder.java:59)
09:35:47,383 ERROR [stderr] (default task-12) ... 116 more
启动/重新启动 WildFly 时不会出现此错误,但如果我启动/停止或重新部署应用程序,则会生成此错误。
现在我正在测试一个 WAR 文件,其中包括一个调用 ESAPI 库的 JAR(在其 WEB-INF/lib 中)目录。下面是从 JAR 中执行的代码:
public String html(String html) {
String sEncodedText = null;
if (input != null) {
sEncodedText = ESAPI.encoder().encodeForHTML(html);
}
return sEncodedText;
}
我的项目是使用 maven 构建的,我已经尝试过不使用 log4j 并通过范围标记包含 log4j 依赖项。 Netiher 解决了这个问题。 ESAPI 库正在作为支持 JAR 文件的传递依赖项加载。
我找到了所描述的确切问题 here ,但链上并没有解析。我已经检查了类加载,似乎没有加载任何其他 log4j 实例。现在我的测试台上只有这个应用程序。
包括 JAR 和 WAR 的 pom 片段...
JAR:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>foo.bar</groupId>
<artifactId>esapi-utils</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.0.1</version>
</dependency>
</dependencies>
</project>
war :
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>foo.bar</groupId>
<artifactId>esapi-webapp</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>war</packaging>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
</plugin>
</plugins>
</build>
<dependencies>
<!-- Could this be causing Class-Loading issues? -->
<dependency>
<groupId>org.owasp</groupId>
<artifactId>csrfguard</artifactId>
<version>3.0.0</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
<scope>provided</scope>
</dependency>
<!-- Other libraries omitted -->
<dependency>
<groupId>foo.bar</groupId>
<artifactId>esapi-utils</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
</dependencies>
</project>
这是完整的 mvn dependentecy:tree 输出
[INFO] foo.bar:esapi-webapp:war:1.0.0-SNAPSHOT
[INFO] +- org.owasp:csrfguard:jar:3.0.0:runtime
[INFO] +- javax.servlet:servlet-api:jar:2.5:provided
[INFO] +- junit:junit:jar:4.12:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.mockito:mockito-core:jar:1.10.19:test
[INFO] | \- org.objenesis:objenesis:jar:2.1:test
[INFO] +- org.hamcrest:hamcrest-library:jar:1.3:test
[INFO] +- commons-io:commons-io:jar:1.4:compile
[INFO] +- javax.mail:mail:jar:1.4.3:compile
[INFO] | \- javax.activation:activation:jar:1.1:compile
[INFO] +- log4j:log4j:jar:1.2.17:provided
[INFO] +- org.apache.velocity:velocity:jar:1.6:compile
[INFO] | +- commons-collections:commons-collections:jar:3.2.1:compile
[INFO] | +- commons-lang:commons-lang:jar:2.4:compile
[INFO] | \- oro:oro:jar:2.0.8:compile
[INFO] +- org.apache.velocity:velocity-tools:jar:2.0:compile
[INFO] | +- commons-beanutils:commons-beanutils:jar:1.7.0:compile
[INFO] | +- commons-digester:commons-digester:jar:1.8:compile
[INFO] | +- commons-chain:commons-chain:jar:1.1:compile
[INFO] | +- commons-logging:commons-logging:jar:1.1:compile
[INFO] | +- commons-validator:commons-validator:jar:1.3.1:compile
[INFO] | +- dom4j:dom4j:jar:1.1:compile
[INFO] | +- sslext:sslext:jar:1.2-0:compile
[INFO] | +- org.apache.struts:struts-core:jar:1.3.8:compile
[INFO] | | \- antlr:antlr:jar:2.7.2:compile
[INFO] | +- org.apache.struts:struts-taglib:jar:1.3.8:compile
[INFO] | \- org.apache.struts:struts-tiles:jar:1.3.8:compile
[INFO] +- org.mybatis:mybatis-spring:jar:1.1.1:compile
[INFO] | +- org.mybatis:mybatis:jar:3.1.1:compile
[INFO] | +- org.springframework:spring-tx:jar:3.1.1.RELEASE:compile
[INFO] | \- org.springframework:spring-jdbc:jar:3.1.1.RELEASE:compile
[INFO] +- org.springframework:spring-context:jar:3.2.13.RELEASE:compile
[INFO] | +- org.springframework:spring-aop:jar:3.2.13.RELEASE:compile
[INFO] | +- org.springframework:spring-beans:jar:3.2.13.RELEASE:compile
[INFO] | +- org.springframework:spring-core:jar:3.2.13.RELEASE:compile
[INFO] | \- org.springframework:spring-expression:jar:3.2.13.RELEASE:compile
[INFO] +- org.springframework:spring-test:jar:3.2.13.RELEASE:test
[INFO] +- org.springframework:spring-web:jar:3.2.13.RELEASE:compile
[INFO] +- org.springframework:spring-webmvc:jar:3.2.13.RELEASE:compile
[INFO] +- org.springframework:spring-context-support:jar:3.2.13.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-web:jar:3.2.6.RELEASE:compile
[INFO] | +- aopalliance:aopalliance:jar:1.0:compile
[INFO] | \- org.springframework.security:spring-security-core:jar:3.2.6.RELEASE:compile
[INFO] +- org.springframework.security:spring-security-config:jar:3.2.6.RELEASE:compile
[INFO] +- foo.bar:esapi-util:jar:1.0-SNAPSHOT:compile
[INFO] | +- jboss:jboss-common-jdbc-wrapper:jar:3.2.3:compile
[INFO] | +- commons-codec:commons-codec:jar:1.4:compile
[INFO] | \- org.owasp.esapi:esapi:jar:2.0.1:compile
[INFO] | +- commons-configuration:commons-configuration:jar:1.5:compile
[INFO] | +- commons-beanutils:commons-beanutils-core:jar:1.7.0:compile
[INFO] | +- commons-fileupload:commons-fileupload:jar:1.2:compile
[INFO] | +- xom:xom:jar:1.1:compile
[INFO] | | +- xerces:xmlParserAPIs:jar:2.6.2:compile
[INFO] | | +- xerces:xercesImpl:jar:2.6.2:compile
[INFO] | | +- xalan:xalan:jar:2.7.0:compile
[INFO] | | \- jaxen:jaxen:jar:1.1-beta-8:compile
[INFO] | | \- jdom:jdom:jar:1.0:compile
[INFO] | +- org.beanshell:bsh-core:jar:2.0b4:compile
[INFO] | \- org.owasp.antisamy:antisamy:jar:1.4.3:compile
[INFO] | +- org.apache.xmlgraphics:batik-css:jar:1.7:compile
[INFO] | +- net.sourceforge.nekohtml:nekohtml:jar:1.9.12:compile
[INFO] | \- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.046 s
[INFO] Finished at: 2015-04-22T12:54:26-04:00
[INFO] Final Memory: 10M/25M
[INFO] ------------------------------------------------------------------------
最佳答案
经过两天的努力,我想我终于找到了答案。快速感谢所有提供建议的人,最终让我们找到了正确的地方。我 100% 希望为将来可能遇到这个非常奇怪且难以追踪的问题的任何人发布这个答案。
TL;DR 是,如果 WildFly 可以在应用程序的类路径上找到 log4j.properties 或 log4j.xml,则它只会创建新的 log4j 模块。这个过程是在从jboss 4迁移到WildFly期间,服务器配置错误,找不到配置(但是没有报告错误,因为WildFly只使用standalone.xml中自己的默认配置)。
基本上,必须确保 log4j.xml 位于应用程序的类路径上,以便 WildFly 能够创建一个新的 log4j 模块来使用。完成此操作后,ESAPI 将在应用程序中按预期工作。
编辑:进一步搞乱这个找到了另一个解决方案(对于那些想要在 Wildfly 中使用日志记录子系统而不必提供单独的 log4j.properties 的人。将以下行添加到日志记录子系统:
<subsystem xmlns="urn:jboss:domain:logging:2.0">
<use-deployment-logging-config value="false"/>
<!-- Logging Configuration Here -->
</subsystem>
还将强制类加载正常运行,而无需显式为 log4j 提供日志记录配置文件。
关于java - 在 WildFly 中重新部署 ESAPI 应用程序时,ClassCastException Log4JLogger 无法转换为 Logger,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29800160/