Issue with Scanning primefaces application.

talari.madhusudhan's Avatar

talari.madhusudhan

17 Oct, 2013 03:25 PM

Hi All,

We have developed the application by using PrimeFaces. We are trying to scan the application by using Arachni v0.4.5.2 web UI v0.4.2.1 interface. But we are getting the below exception in the Jboss as 7.1 server log and server stopped automatically.

Could you please help me out to resolve this issue.

16:36:20,966 ERROR org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/].[default] Servlet.service() for servlet default threw exception: org.jboss.weld.exceptions.IllegalProductException: WELD-000052 Cannot return null from a non-dependent producer method: [method] @Produces @RequestScoped protected org.apache.myfaces.extensions.cdi.jsf.impl.util.FacesInformationProducer.currentFacesContext()
at org.jboss.weld.bean.AbstractProducerBean.checkReturnValue(AbstractProducerBean.java:217) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:300) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:107) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:90) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:79) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weldx.faces.context.FacesContext$Proxy$_$$_WeldClientProxy.toString(FacesContext$Proxy$_$$_WeldClientProxy.java) [jboss-jsf-api_2.1_spec-2.0.1.Final.jar:] at java.lang.String.valueOf(String.java:2854) [rt.jar:1.7.0_13] at java.lang.StringBuilder.append(StringBuilder.java:128) [rt.jar:1.7.0_13] at org.jboss.solder.reflection.Reflections.buildInvokeMethodErrorMessage(Reflections.java:347) [solder-api-3.1.1.Final.jar:3.1.1.Final] at org.jboss.solder.reflection.Reflections.invokeMethod(Reflections.java:480) [solder-api-3.1.1.Final.jar:3.1.1.Final] at org.jboss.solder.reflection.Reflections.invokeMethod(Reflections.java:403) [solder-api-3.1.1.Final.jar:3.1.1.Final] at org.jboss.solder.reflection.annotated.InjectableMethod.invoke(InjectableMethod.java:175) [solder-impl-3.1.1.Final.jar:3.1.1.Final] at org.jboss.solder.exception.control.HandlerMethodImpl.notify(HandlerMethodImpl.java:182) [solder-impl-3.1.1.Final.jar:3.1.1.Final] at org.jboss.solder.exception.control.ExceptionHandlerDispatch.executeHandlers(ExceptionHandlerDispatch.java:135) [solder-impl-3.1.1.Final.jar:3.1.1.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_13] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_13] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_13] at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_13] at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:264) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:52) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:137) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:260) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:170) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:51) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:154) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:241) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:229) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:207) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.manager.BeanManagerImpl.notifyObservers(BeanManagerImpl.java:569) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:559) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:554) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.jboss.solder.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:74) [solder-impl-3.1.1.Final.jar:3.1.1.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.jboss.solder.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:74) [solder-impl-3.1.1.Final.jar:3.1.1.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_13]

Thanks in Advance.
Madhusudhan T

  1. Support Staff 1 Posted by Tasos Laskos on 17 Oct, 2013 03:42 PM

    Tasos Laskos's Avatar

    Hi Madhusudhan,

    I'm afraid I'll disappoint you.

    It's generally hard enough to figure out how Arachni went wrong without having access to the target website, it's pretty much impossible to know how the targeted website went wrong while Arachni was scanning it.

    I suggest you ask the PrimeFaces folk for help as the issue occurred at the server-side.

    Cheers

  2. Tasos Laskos closed this discussion on 17 Oct, 2013 04:52 PM.

  3. talari.madhusudhan re-opened this discussion on 18 Oct, 2013 06:05 AM

  4. 2 Posted by talari.madhusud... on 18 Oct, 2013 06:05 AM

    talari.madhusudhan's Avatar

    Hi,

    First Thanks for your replay,
    We used PrimeFaces for the View layer.
    Actually in my web application we are using Ldap for authentication process.
    In login page we have two text fields to enter user name and password.
    After entering the values we are clicking on login button. So when the user clicks on login button the appropriate configured java method will execute on server side and perfumes the authentication and return to welcome page.
    Now my question is how to achieve / login in to my website through Arachni Tool.

    My intention is when I gave the website URL to Arachni Tool. Arachni Tool needs to login automatically and needs to scan all the pages.

    Note: I tried with auto login Plug-in but it does not work.

    Could you please help me out to over come this.

    Thanks & Regards,
    Madhusudhan T.

  5. Support Staff 3 Posted by Tasos Laskos on 18 Oct, 2013 08:29 PM

    Tasos Laskos's Avatar

    Could you show me how you configured the autologin plugin and the HTML code of the login form please?

  6. 4 Posted by talari.madhusud... on 23 Oct, 2013 02:44 PM

    talari.madhusudhan's Avatar

    Hi Tasos Laskos,

    I have configure the auto login as follows and also you can see in the attached screen shot.
    URl: http://:8080/Webapp/login.html (Like this url)
    Parameters : frmLogin:txtLoginUser=CVDMTEST34&frmLogin:txtPassword=welcome123
    Check : Seleccionar Sistema (My welcome page contains this string)

    Here is the my login form html code snippet

    <h:form id="frmLogin">
            <div id="general-login-content">
                <div id="center-login">
                    <table id="tblLogin" style="margin-right: auto;">
                        <tr>
                            <td ><h:outputText value="#{msgs['login.lbl.user']}" id="idOtxtLoginUser"/></td>
                            <td >
                                <p:inputText id="txtLoginUser" value="#{loginBean.loginUser}" maxlength="20"  autocomplete="off">
                                    <pe:keyFilter regEx="#{cons['exp.regular.alphanumeric.not.space']}"/>
                                </p:inputText>
                            </td>
                            <td >
                                <p:message for="txtLoginUser" display="icon" id="idMsgLoginUser"/>
                            </td>
                        </tr>
                        <tr>
                            <td >
                                <h:outputText  value="#{msgs['login.lbl.password']}" id="idOtxtLoginPwd"/>
                            </td>
                            <td >
                                <p:password id="txtPassword" value="#{loginBean.password}" maxlength="20" />                        
                            </td>
                            <td >
                                <p:message for="txtPassword" display="icon" id="idMsgLoginPwd"/>
                            </td>
                        </tr>
                        <tr>
                            <td colspan="3" align="left">
                                <p:commandButton id="cmdLogin" value="#{msgs['btn.accept']}" update="@form :opnlDialogosGenerales"
                                        action="#{loginBean.loginAction}" ajax="false"/> 
                            </td>
                        </tr>
                        <tr>
                            <td colspan="3" align="left">
                                <p:message for="cmdLogin" display="text" id="idMsgCmdLogin"/>
                            </td>
                        </tr>
                    </table>
                </div>
                <table id="tblFooter" width="100%">
                    <tr>
                        <td width="20%" align="center">#{msgs['lbl.devlope.version']}</td>
                        <td width="25%" lign="center">#{msgs['lbl.devlope.version.date']}</td>
                        <td width="20%" align="center"> #{msgs['lbl.devlope.env']}</td>
                        <td width="15%" align="left"><h:selectOneMenu id="language1"
                                    style="font-family:''Lucida Sans Unicode','Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:11px;"
                                     value="#{sessionScope.locale}" immediate="true">
                                    <f:selectItem itemLabel="#{msgs['lbl.footer.Espanol']}" itemValue="es"  id="idCboItemEsponol"/>
                                    <f:selectItem itemLabel="#{msgs['lbl.footer.Ingles']}" itemValue="en"  id="idCboItemIngles"/>
                                <!-- <f:selectItem itemLabel="Francés " itemValue="fr" />  -->
                                    <p:ajax event="change"  listener="#{loginBean.localeCodeChanged}" update="@form"/>
                                </h:selectOneMenu></td>
                        <td width="15%" align="right"> 
                        <ui:include src="/template/includes/logo.xhtml" width="200" height="60"/>
                        </td>
                    </tr>
                </table>
            </div>
        </h:form>
    

    Thanks in Advance
    Madhusudhan T

  7. Support Staff 5 Posted by Tasos Laskos on 23 Oct, 2013 02:50 PM

    Tasos Laskos's Avatar

    Thanks for the info Talari, but could you show me the form code as it appears in the "View source" option of your browser? Because that's the HTML code Arachni will be seeing.

    Cheers

  8. Support Staff 6 Posted by Tasos Laskos on 24 Oct, 2013 02:09 PM

    Tasos Laskos's Avatar

    Your options seem correct. I noticed that the form action points to a real URL, are the credentials you pasted in your earlier reply supposed to work?

    Because I just get an error when I submit the form.

    As a second to last resort, could you try using the CLI to login with the autologin plugin? The CLI interface is more verbose and can help debugging.

    If that fails, the last resort would be to give me temporary access to the web application so that I can debug it myself.

    Cheers

  9. 7 Posted by talari.madhusud... on 24 Oct, 2013 03:47 PM

    talari.madhusudhan's Avatar

    Thanks for replay , Here I attached the login page html code ( login.html).
    Could you please find it.

    Please let me know, if you have any additional information.

    Thanks in Advance
    Madhusudhan T

  10. Support Staff 8 Posted by Tasos Laskos on 24 Oct, 2013 04:06 PM

    Tasos Laskos's Avatar

    I'm afraid I can't debug this without access to the web application.

  11. Tasos Laskos closed this discussion on 11 Nov, 2013 09:21 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac