ESAPI.securityConfiguration().setResourceDirectory(...) not considered anymore in loading of configuration via classloader
nettermensch opened this issue · 0 comments
nettermensch commented
We set the directory for locating the ESAPI.properties within our resources in the following way.
String` rd = findConfigurationDirectory(...); // <== result e.g. is "esapi/v25/" ESAPI.securityConfiguration().setResourceDirectory(rd);
Using ESAPI <= version 2.1 this perfectly worked fine. It does not work from ESAPI >= 2.2 on.
After scanning the code of "DefaultSecurityConfiguration" I see the following difference in method "loadConfigurationFromClasspath":
Version 2.1
in = currentLoader.getResourceAsStream(this.resourceDirectory + "/" + fileName);
Version >= 2.2
in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY.value() + fileName);
Please check details from discussion #745 . As mentioned in the discussion there is a workaround for flexibly loading the configuration.