ClassCastException on SecurityWrapperResponse

Description

From purplebr...@gmail.com on February 26, 2014 15:28:20

What steps will reproduce the problem? Incorporated filter, request and response code and ESAPI.properties file from the location below into a J2EE application with small modifications. https://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java?r=565 A few facts about the J2EE app:

JDK 150_15
esapi-2.0.1.jar
weblogic server 10.2
netui for web tier

Exception:

<Feb 24, 2014 11:51:47 AM> ERROR (MySecureFilter.java:133) - My Security Filter, Error in SecurityWrapper: com.somecompany.ahp.servlet.filter.MySecurityWrapperResponse
java.lang.ClassCastException: com.somecompany.ahp.servlet.filter.MySecurityWrapperResponse
at com.bea.netuix.servlets.services.LightNetUIxServices.fixupControlTree
WalkerResponse(LightNetUIxServices.java:76)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:229)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java
:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:199)

at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileS
ervlet.java:257)
at com.bea.netuix.servlets.manager.PortalServlet.service(PortalServlet.j
ava:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
tyHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
a:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
at com.somecompany.ahp.servlet.filter.MySecureFilter.doFilter(MySecureFi
lter.java:130)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
at com.rsa.cleartrust.webfilter.CTLoginFilter.doFilter(Unknown Source)
at com.rsa.cleartrust.weblogic.security.webfilter.CTLoginFilter.doFilter
(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpCont
extFilter.java:60)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilte
r.java:336)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.ja
va:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
n.run(WebAppServletContext.java:3402)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
dSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
ervletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
ontext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
ava:1398)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=320

Environment

None

Status

Assignee

Unassigned

Reporter

Max Gelman

Priority

Configure