can we use owasp-ESAPI for logging android application, as I have tried to search on google and then as per my understanding I found OWASP-ESAPI can be used with JAVA-EE. can someone help me to integrate secure logger with OWASP-ESAPI on android application?
For better understanding my problem please go though following :
"esapi-2.1.0.jar" allow us to write Following code that I am trying:
private final Logger logger = ESAPI.getLogger(MyActivity.class.getName());
logger.error(Logger.SECURITY_FAILURE, "session has expired, log out user");
when I run my project it gives following on logcat:
05-01 13:02:52.455: D/ResourcesManager(9936): creating new AssetManager and set to /data/app/com.example.loggerlatestjar-1/base.apk
05-01 13:02:52.555: I/System.out(9936): Attempting to load ESAPI.properties via file I/O.
05-01 13:02:52.555: I/System.out(9936): Attempting to load ESAPI.properties as resource file via file I/O.
05-01 13:02:52.555: I/System.out(9936): Not found in 'org.owasp.esapi.resources' directory or file not readable: /ESAPI.properties
05-01 13:02:52.565: I/System.out(9936): Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
05-01 13:02:52.565: I/System.out(9936): Not found in 'user.home' () directory: /esapi/ESAPI.properties
05-01 13:02:52.565: I/System.out(9936): Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
05-01 13:02:52.565: I/System.out(9936): Attempting to load ESAPI.properties via the classpath.
05-01 13:02:52.615: I/System.out(9936): ESAPI.properties could not be loaded by any means. Fail. Exception was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
05-01 13:02:52.615: D/AndroidRuntime(9936): Shutting down VM
05-01 13:02:52.620: E/AndroidRuntime(9936): FATAL EXCEPTION: main
05-01 13:02:52.620: E/AndroidRuntime(9936): Process: com.example.loggerlatestjar, PID: 9936
05-01 13:02:52.620: E/AndroidRuntime(9936): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example.loggerlatestjar/com.example.loggerlatestjar.MainActivity}: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2702)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2767)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.ActivityThread.access$900(ActivityThread.java:177)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1449)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.os.Handler.dispatchMessage(Handler.java:102)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.os.Looper.loop(Looper.java:145)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.ActivityThread.main(ActivityThread.java:5951)
05-01 13:02:52.620: E/AndroidRuntime(9936): at java.lang.reflect.Method.invoke(Native Method)
05-01 13:02:52.620: E/AndroidRuntime(9936): at java.lang.reflect.Method.invoke(Method.java:372)
05-01 13:02:52.620: E/AndroidRuntime(9936): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1388)
05-01 13:02:52.620: E/AndroidRuntime(9936): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1183)
05-01 13:02:52.620: E/AndroidRuntime(9936): Caused by: org.owasp.esapi.errors.ConfigurationException: java.lang.reflect.InvocationTargetException SecurityConfiguration class (org.owasp.esapi.reference.DefaultSecurityConfiguration) CTOR threw exception.
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:129)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.ESAPI.securityConfiguration(ESAPI.java:184)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.ESAPI.logFactory(ESAPI.java:137)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154)
05-01 13:02:52.620: E/AndroidRuntime(9936): at com.example.loggerlatestjar.MainActivity.onCreate(MainActivity.java:23)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.Activity.performCreate(Activity.java:6289)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1119)
05-01 13:02:52.620: E/AndroidRuntime(9936): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2655)
05-01 13:02:52.620: E/AndroidRuntime(9936): ... 10 more
05-01 13:02:52.620: E/AndroidRuntime(9936): Caused by: java.lang.reflect.InvocationTargetException
05-01 13:02:52.620: E/AndroidRuntime(9936): at java.lang.reflect.Method.invoke(Native Method)
05-01 13:02:52.620: E/AndroidRuntime(9936): at java.lang.reflect.Method.invoke(Method.java:372)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:86)
05-01 13:02:52.620: E/AndroidRuntime(9936): ... 17 more
05-01 13:02:52.620: E/AndroidRuntime(9936): Caused by: org.owasp.esapi.errors.ConfigurationException: ESAPI.properties could not be loaded by any means. Fail.
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:439)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.reference.DefaultSecurityConfiguration.<init>(DefaultSecurityConfiguration.java:227)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.reference.DefaultSecurityConfiguration.getInstance(DefaultSecurityConfiguration.java:75)
05-01 13:02:52.620: E/AndroidRuntime(9936): ... 20 more
05-01 13:02:52.620: E/AndroidRuntime(9936): Caused by: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfigurationFromClasspath(DefaultSecurityConfiguration.java:667)
05-01 13:02:52.620: E/AndroidRuntime(9936): at org.owasp.esapi.reference.DefaultSecurityConfiguration.loadConfiguration(DefaultSecurityConfiguration.java:436)
05-01 13:02:52.620: E/AndroidRuntime(9936): ... 22 more
Note : I am not using ESAPI.property file. because i do not know how to use it in android app.