jtmelton / appsensor Goto Github PK

A toolkit for building self-defending applications through real-time event detection and response

License: MIT License

Java 5.83% CSS 3.88% HTML 5.57% Thrift 0.01% JavaScript 84.34% Ruby 0.25% Python 0.02% Shell 0.06% Dockerfile 0.01% TSQL 0.03%

appsensor's People

Contributors

Stargazers

Watchers

Forkers

robocoder rtaban mebjas arberya fzipi ckarande 5142281503 jackjhy billthebest cckuok al1asan0th3r sims143 ksmaheshkumar tmyhres greatshang sanjaygouri mahmoodm2 ashishmgupta prozachj chnfow espenaf christianla crudbug gabrielsimas shreyasdn dscrobonia unccharlottehcilab timothy22000 anukat2015 dynamicdeploy rprzystasz owaspjocur mariannaschneider rtmorgan jjediny tonylturner pombredanne sagark-ezdi cdsalmons thamizarasu raybeorn skhorn hardlyhuman bsec metypes vidhan13j07 5up3rc pbehague azianyo rongqinglee yadox dbrils nonenotnull magnologan jllm williamkany ibrito jkutner rc-zhang joesnipes rsassi tghosth vashistha arcsr ajgappmark didato agilebelma fanershuai spi-fm abdirashidabdi agrdon10000 alvarozf sesas thaingo automationconsultant benhe119 ooooooooooooof averroes tenjohokwen c0d1007 vijayraavi shamsi12 ellerbrock unsecureio johnzenith ziqbalbh lightgaruda ericorahmad1 oliavd croaker1010 zorroroot pianomanx jlrodrigo felinemenace securitypirate syllogy jojaquix aeonincode tamalerhino latkes

appsensor's Issues

Dockerize?

I could help dockerize components or complete deployments of AppSensor. Which would be most helpful?

Explain the configuration difference between ws-rest-server-boot & ws-rest-server-boot-rules

Hey,

The ws-rest-server-boot-rules sample-app contains the following extra configuration data in appsensor-server-config.xml. I was wondering if I could get some extra context on this configuration type. Besides that I'm currently trying to configure one of the REST sample apps to log a user out on 3 events by the same user. How would I do that in the sample apps?

Best

<rules>
		<rule guid="00000000-0000-0000-0000-000000000000">
			<name>Rule 1</name>
			<window unit="minutes">2</window>
			<expressions>
				<expression>
					<window unit="minutes">1</window>
					<clauses>
						<clause>
							<monitor-points>
								<monitor-point guid="00000000-0000-0000-0000-000000000001">
									<category>Input Validation</category>
									<id>IE1</id>
									<threshold>
										<count>50</count>
										<interval unit="minutes">1</interval>
									</threshold>
								</monitor-point>
								
								<monitor-point guid="00000000-0000-0000-0000-000000000002">
									<category>Input Validation</category>
									<id>IE2</id>
									<threshold>
										<count>2</count>
										<interval unit="seconds">10</interval>
									</threshold>
								</monitor-point>
							</monitor-points>
						</clause>
						<clause>
							<monitor-points>
								<monitor-point guid="00000000-0000-0000-0000-000000000003">
									<category>Input Validation</category>
									<id>RE3</id>
									<threshold>
										<count>2</count>
										<interval unit="seconds">20</interval>
									</threshold>
								</monitor-point>
							</monitor-points>
						</clause>
					</clauses>
				</expression>
				
				<expression>
					<window unit="minutes">1</window>
					<clauses>
						<clause>
							<monitor-points>
								<monitor-point guid="00000000-0000-0000-0000-000000000004">
									<category>Input Validation</category>
									<id>IE1</id>
									<threshold>
										<count>3</count>
										<interval unit="minutes">1</interval>
									</threshold>
								</monitor-point>
							</monitor-points>
						</clause>
					</clauses>
				</expression>
			</expressions>
			
			<responses>
				<response>
					<action>log</action>
				</response>
				
				<response>
					<action>logout</action>
				</response>
				
				<response>
					<action>disableUser</action>
				</response>
				
				<response>
					<action>disableComponentForSpecificUser</action>
					<interval unit="minutes">30</interval>
				</response>
				
				<response>
					<action>disableComponentForAllUsers</action>
					<interval unit="minutes">30</interval>
				</response>
			</responses>
		</rule>
		
		<rule guid="00000000-0000-0000-0000-000000000005">
			<name>Rule 2</name>
			<window unit="seconds">10</window>
			<expressions>				
				<expression>
					<window unit="seconds">5</window>
					<clauses>
						<clause>
							<monitor-points>
								<monitor-point guid="00000000-0000-0000-0000-000000000006">
									<category>Input Validation</category>
									<id>IE1</id>
									<threshold>
										<count>1</count>
										<interval unit="seconds">5</interval>
									</threshold>
								</monitor-point>
							</monitor-points>
						</clause>
					</clauses>
				</expression>
			</expressions>
			
			<responses>
				<response>
					<action>log</action>
				</response>
			</responses>
		</rule>
	</rules>

Difficulties understanding the non-local AppSensor implementations

I have managed to get an idea of the overall concept of the AppSensor architecture while playing with the demo-appsensor-local sample. In that implementation the LocalResponseAnalysisEngine calls responseHandler.handle(response) so the responses will be handled by their specific methods of the userManager implementation.

I read somewhere that in a non-local AppSensor implementation this is managed via polling (or some push mechanism like websockets).
How would you implement that, for example, in the mentioned demo-appsensor-local sample? You would have to call getResponses in your client periodically, am I right? But how do you handle the resulting responses so the right userManager actions get executed?

Another uncertainty of mine is: How would you implement the AppSensor in a non java application on the client side? Would you have to reconstruct the AppSensor client components in the applied language due to not being able to add the appsensor-core dependency as you would in a java environment?

Thank you in advance!

REST Web Service integration with Embed Tomcat

Hi John,

I work on an AppSensor integration in my existing software architecture but unfortunately failed.

My app based on the jhipster stack(https://jhipster.github.io) and is running on a Embed Tomcat 8(Spring security, Spring MVC REST +Jackson).

I read the AppSensor getting started tutorial and extend my libs as described in your github examples.

    <properties>
	<appsensor.version>2.3.0</appsensor.version>
</properties>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-storage-in-memory</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-analysis-reference</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-reporting-simple-logging</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-access-control-reference</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-integration-cef-syslog</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-configuration-stax</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-geolocation-geoip2</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

	<dependency>
		<groupId>org.owasp.appsensor</groupId>
		<artifactId>appsensor-ws-rest-server</artifactId>
		<version>${appsensor.version}</version>
	</dependency>

In your examples you always use „spring-boot-starter-jersey“ but I use „spring-boot-starter-tomcat“.

Each HTTP Request throws following exception:
[INFO] org.glassfish.jersey.internal.ServiceFinder - Running in a non-OSGi environment [INFO] org.glassfish.jersey.server.ApplicationHandler - Initiating Jersey application, version Jersey: 2.8 2014-04-29 01:25:26... [ERROR] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - StandardWrapper.Throwable java.lang.NoSuchMethodError: org.glassfish.jersey.server.ResourceConfig$State.configureAutoDiscoverableProviders(Lorg/glassfish/hk2/api/ServiceLocator;Z)V

I locate that you use the JAX-RS-WS Jersey implementation in your appsensor-ws-rest-server-2.3.0.jar.

Does the AppSensor only work with jersey implementation for the „REST Web Service“ deployment model, or am I doing something wrong in my configuration? Do you have any ideas?

Any help would be greatly appreciated

Kindly regards
Hendrik

how to implement it in python?

https://gist.github.com/senaps/df18fe3cade2dd5557b1e990da29768c

this is how im trying to implement the appsensor in a python application!
anybody able to help me?

i want to send a ACE3 detect into the server, i have the ui, but it doesn't get the logs.

add support for repsheet emitter

Add support for repsheet emitter. This would basically involve writing to specific redis keys. We would write out "block" responses (blacklist in repsheet terminology) and possibly some other response(s) that would map to graylist/marking in repsheet terminology. Repsheet is a really well done and complementary project we should support.

Disabling a user fails with Spring Boot newer than 1.4.0

The demo-appsensor-local project fails to disable a malicious user as configured. The log contains the following entry:

WARN o.o.a.l.r.LocalResponseHandler - Response executed for user , Action: Disabling malicious account, delegating to configured user manager <org.owasp.appsensor.integration.springsecurity.response.SpringSecurityUserManager>
INFO o.o.a.i.s.r.SpringSecurityUserManager - Request received to disable user .
WARN o.o.a.i.s.r.SpringSecurityUserManager - Could not disable user [user] since the spring security UserDetailsManager is not properly configured.

Logging the user out as the first step works fine, disabling him doesn't. The sample is working with the given Spring Boot version but fails starting with Spring Boot 1.4.1 (1.4.0 is working) with the same error message.

Build elasticsearch storage provider

Per user request, adding placeholder for elasticsearch storage provider implementation.

appsensor-ui view by user and detection points fails

Dear appsensor team.
I guess there is an additional timezone bug in appsensor-ui application.
It looks like the same issue which was already discussed and partially fixed in #31
Commit:
c1b4270

I'm not able to view information by user or detection Point.
There is an example with log sections.

Views which doesn't work in the browser:
http://localhost:8084/users/bob
http://localhost:8084/detection-points/IE1 (any detection label)

Log section of appsensor-ws-rest-server-with-websocket-boot:

10:21:10.129 [http-nio-8085-exec-9] ERROR o.a.c.c.C.[.[.[.[jerseyServlet] - Servlet.service() for servlet [jerseyServlet] in context with path [] threw exception [java.lang.IllegalArgumentException: Invalid format: "2018-06-20T09:21:10 02:00" is malformed at " 02:00"] with root cause
java.lang.IllegalArgumentException: Invalid format: "2018-06-20T09:21:10 02:00" is malformed at " 02:00"

Log section of appsensor-ui:

2018-06-20 10:21:10.127  INFO 10663 --- [nio-8084-exec-1] o.o.a.ui.rest.RestReportingEngineFacade  : Making REST call to http://localhost:8085 ... with path of /api/v1.0/reports/events
2018-06-20 10:21:10.132 ERROR 10663 --- [nio-8084-exec-1] o.o.a.u.h.AssociatedApplicationsFilter   : Error setting associated applications.
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is javax.ws.rs.NotFoundException: HTTP 404 Not Found

Failed REST request of appsensor-ui, captured with tcpdump:

10:28:36.600893 IP localhost.33954 > localhost.8085: Flags [P.], seq 6350:6640, ack 3011, win 509, options [nop,nop,TS val 3003620344 ecr 3003620344], length 290
E..V.4@[email protected].....
........GET /api/v1.0/reports/events?earliest=2018-06-20T09:28:36+02:00 HTTP/1.1
X-Appsensor-Client-Application-Name2: myclientapp
User-Agent: Jersey/2.14 (HttpUrlConnection 1.8.0_162)
Host: localhost:8085
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive


10:28:36.605335 IP localhost.8085 > localhost.33954: Flags [P.], seq 3011:3120, ack 6640, win 518, options [nop,nop,TS val 3003620345 ecr 3003620344], length 109
E...^[@.@..................................
........HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Wed, 20 Jun 2018 08:28:36 GMT

Missing dependency

Need to add dependency to javax.annotation-api in the pom otherwise some of the tests don't run when doing mvn install and the install fails.

Caused by: java.lang.ClassNotFoundException: javax.annotation.security.RolesAllowed
	at org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy.loadClass(SelfFirstStrategy.java:50)
	at org.codehaus.plexus.classworlds.realm.ClassRealm.unsynchronizedLoadClass(ClassRealm.java:271)
	at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(ClassRealm.java:247)
	at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(ClassRealm.java:239)
	... 137 more

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
.......
[INFO] appsensor-local .................................... SUCCESS [ 14.070 s]
[INFO] appsensor-storage-file-based ....................... SUCCESS [  4.653 s]
[INFO] appsensor-ws-rest-server ........................... FAILURE [ 11.110 s]
.......

SOAP Service - sample app fails in .NET

The sample app for the SOAP service was failing as someone was trying to use it: see http://lists.owasp.org/pipermail/owasp-appsensor-project/2014-November/000800.html.

Error: while building appsensor ui

I am facing error while running 7 step.

Start AppSensorUI

go to this directory: https://github.com/jtmelton/appsensor/tree/master/appsensor-ui
run this command:
mvn spring-boot:run -DAPPSENSOR_REST_REPORTING_ENGINE_URL=http://localhost:8085 -DAPPSENSOR_CLIENT_APPLICATION_ID_HEADER_NAME=X-Appsensor-Client-Application-Name2 -DAPPSENSOR_CLIENT_APPLICATION_ID_HEADER_VALUE=myclientapp -DAPPSENSOR_WEB_SOCKET_HOST_URL=ws://localhost:8085/dashboard -Dspring.datasource.url=jdbc:mysql://localhost/appsensor -Dspring.datasource.username=appsensor_user -Dspring.datasource.password=appsensor_pass i.

I don't familiar with the error it might be some sort of exception being generated when i run this command.I have followed all step clearly and completely. Kindly, give solution, i am setting the screenshot of the error below.

org.owasp.appsensor.core.IPAddress does not work properly

When i am trying to login into demo-appsensor-local. I am receiving this exception. I think it is because of my "fe80:0:0:0:f5bd:afc3:4612:8335%eth3" IPv6-address. Do you have any idea how i can prevent this exception?

13:13:30.743 [http-nio-8080-exec-9] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalArgumentException: IP Address string is invalid: fe80:0:0:0:f5bd:afc3:4612:8335%eth3
        at org.owasp.appsensor.core.IPAddress.fromString(IPAddress.java:62)
        at org.owasp.appsensor.integration.springsecurity.event.SpringSecurityEventListener.getDetectionSystem(SpringSecurityEventListener.java:159)
        at org.owasp.appsensor.integration.springsecurity.event.SpringSecurityEventListener.onApplicationEvent(SpringSecurityEventListener.java:88)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:166)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:138)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:382)
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:336)
        at org.springframework.security.authentication.DefaultAuthenticationEventPublisher.publishAuthenticationSuccess(DefaultAuthenticationEventPublisher.java:99)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:220)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
        at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

Support per-client-application configurations

It would be nice to support per-client-application configurations on the server if desired. This would allow the backend to "lookup" the desired config for each client individually, supporting applications with varied policies.

Comments via email pasted below:

(shreyas) What i meant by multiple configuration is imagine there are 2 client applications connecting to single appsensor server. I would like each to have separate detection points(i.e IE1 for one client has a threshold of 10 seconds whereas the second client has 25 seconds).Is this already present or something that needs to be added?

(jtmelton) Oh ok, I think I understand now. No, that is not in place exactly. You could cheat by giving each its' own detection point name (ie1-client1, ie1-client2), but that would not be helpful when doing data analysis later. Currently, the policy is set across all client applications at once.
We could do something similar to localization in Java, where you have the default configuration, and then can provide a custom version for a given client if you wish. For instance if the client name is "MySpecialApp", you could have a file called "appsensor-server-MySpecialApp.xml that contains overrides for the configuration for that specific client. What do you think? Would that work for your needs or did you have another idea in mind?

(shreyas) That would work perfectly. OK is there code to support this?

(jtmelton) No, there's nothing there right now. You'll essentially want to look at the code here: https://github.com/jtmelton/appsensor/tree/master/configuration-modes/appsensor-configuration-stax/src/main/java/org/owasp/appsensor/configuration/stax/server. There are a couple ways I can think of doing it, but I think the simplest would be to update the ServerConfiguration class so that every get/find method takes a client application name as a parameter. Then, you'll have to update the code everywhere that uses those and supply that information. Then the StaxServerConfiguration object can read in all the configuration files that are available at startup and store them as a map keyed by the client application name. If a getter is called for a client application where a key exists (ie. a custom file exists), then lookup that configuration and use it. Otherwise, you'll lookup the default file (stored in key "DEFAULT" or something). What do you think? If this sounds like something you want to tackle, we can make up a ticket to track the work.

(shreyas) Yes that is something that i can tackle.

Code - Detection point implementations

We need sample detection point implementations in any language for people to work from. For example, a self-contained bit of code for detecting if a client IP address has changed and then firing off an event would be helpful.

MySQL setup script not working?

I am trying to follow the instructions here to setup a demo of AppSensor and I got to the stage where it tells me to run this script

MySQL does not appear to like the table name groups but when I replaced the table name groups with `groups` throughout the script then it works.

However, I presume that if there are queries or something later on that also try and use groups without the backticks, that will also cause problems.

Any ideas?

Documentation - Dev guide

We need to build a set of docs on how to extend appsensor, and where the system pluggability points reside. Logical extension points include:

adding new configuration mechanism (yaml, json, etc.)
adding new storage provider (cloud, nosql, custom, etc.)
adding new reporting mechanism (file, db, etc.)
adding new access controller (custom, integrate with standard identity system, spring security, etc.)

cef syslog integration not compatible with rules engine

There several minor changes that are needed in the appsensor-integration-cef-syslog project to be able to handle Attacks generated from Rules.

How to get started, AppSensor + php or GO web application

Hello, It's been some days that I'm studying all the material I found, starting from the youtube videos to the official pdf guide.

Most of the material talks about the philosophy of the project, and how you can use it to monitor a lot of events, but nothing on how to really deploy it!

I'd like to try it on a helloworld php (and also on a GO)application. These application may be deployed on the cloud on multiple instances, so I think that the best deployment model would be with RabbitMQ(correct me if I am wrong).

What I should do to deploy appsensor to listen on RabbitMQ for inputs?
And I assume there is a dashboard to monitor the situation.

How can I tell a php o GO app to write on RabbitMQ(not just write a message, but how the message should be, I only seen the java example of an event)

A step-by-step guide to deploy AppSensor on a dummy php app with a login form would be great and allow more people to start implementing this project!

Thank you!
Michael

Add API docs to appsensor.org

Need to add the API docs as part of the release process (under versioned subdirectories). Also need to add any generated WSDL / REST api docs. Consider tooling to help with REST docs (swagger, etc.)

appsensor-ui cannot connect to database.

I have followed the instructions here to setup the demo of AppSensor.

I have installed the following MySQL components.

The server is set up with legacy authentication (just in case the newer one would cause a problem). Otherwise it is standard configuration and I set it up using the V1_Initial_Schema_Creation.sql script as per the demo instructions. I disabled SSL in case this would cause a problem (I tried with and without and got the same error described later).

appsensor-ui runs (using the parameters specified in the demo instructions) and I can get to the login screen. (Note that I had to make the change described in PR #86 in order to get the appsensor-ui application to run.) However, both during load and when I try and login I see a long exception in the console described as:

2018-05-14 08:47:01.564 ERROR 2600 --- [nio-8084-exec-6] w.a.UsernamePasswordAuthenticationFilter : An internal error occurred while trying to authenticate the user.

org.springframework.security.authentication.InternalAuthenticationServiceException: Could not get JDBC Connection; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server.
        at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:110)
...
Caused by: org.springframework.jdbc.CannotGetJdbcConnectionException: Could not get JDBC Connection; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server.
        at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:80)
...
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server.
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
...
etc, etc.

I tried explicitly seting the port in the mysql connection string but that also did not help.

Do you have any ideas what the problem could be?

Consider WAF evaluation criteria

OWASP/WASC Web Application Firewall Evaluation Criteria
http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria

SANS IDS Evaluation
http://www.sans.org/security-resources/idfaq/eval_ids.php

(review these and decide if there's anything to address - suggestion by Juan C. Calderon)

Code - Reporting client UI

We need a reference front-end to visualize and manage the data (any language, but should be web-based).

This tool could also include an editor for the configuration file as well.

rules engine breaks appsensor-ui

Trying to get AppSensor Demo Setup running, following instructions at
https://github.com/jtmelton/appsensor/blob/master/sample-apps/DemoSetup.md

Everything goes fine until trying to start AppSensorUI which fails with:

Unable to build Hibernate SessionFactory: @OnetoOne or @manytoone on
org.owasp.appsensor.core.Attack.rule references an unknown entity:
org.owasp.appsensor.core.rule.Rule

This is part of a huge stack trace, but I believe that's the useful
part. I could post the entire thing but it's rather long.

I don't know Hibernate. Is there something wrong with my setup, or is
this an issue with the code?

Regards,
Geir H. Hansen

sample-appsensor-ws-rest-server won't run with tomcat

I'm not sure if it's a problem or if I'm not doing the right thing.

I'm trying to run sample-appsensor-ws-rest-server with tomcat in a Docker container.

When I access http://localhost:8080/sample-appsensor-ws-rest-server-2.1.0/ by clicking the link in the app manager, I get 404 - Not Found.

Tomcat is able to run a sample war.

Dockerfile

FROM tomcat:8.0.23-jre7

RUN apt-get update && \
    apt-get install -y \
    maven \
    git \
    openjdk-7-jdk \
    libtcnative-1 && \
    apt-get clean && \
    apt-get autoremove -y

RUN cd /tmp && \
    git clone https://github.com/jtmelton/appsensor.git && \
    cd appsensor/sample-apps/sample-appsensor-ws-rest-server && \
    mvn package && \
    cp target/sample-appsensor-ws-rest-server-2.1.0.war /usr/local/tomcat/webapps && \
    rm -rf /tmp/appsensor

ADD tomcat-users.xml /usr/local/tomcat/conf/tomcat-users.xml

tomcat-users.xml

<tomcat-users>
  <role rolename="admin-gui"/> 
  <role rolename="admin-script"/> 
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <role rolename="manager-jmx"/>
  <role rolename="manager-status"/>
  <user username="tomcat" password="secret" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-script,admin-gui"/> 
</tomcat-users>

log

Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
16-Jun-2015 20:27:56.775 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.0.23
16-Jun-2015 20:27:56.777 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          May 19 2015 14:58:38 UTC
16-Jun-2015 20:27:56.777 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.0.23.0
16-Jun-2015 20:27:56.777 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
16-Jun-2015 20:27:56.778 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.0.3-boot2docker
16-Jun-2015 20:27:56.778 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
16-Jun-2015 20:27:56.778 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/lib/jvm/java-7-openjdk-amd64/jre
16-Jun-2015 20:27:56.778 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.7.0_79-b14
16-Jun-2015 20:27:56.779 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
16-Jun-2015 20:27:56.779 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
16-Jun-2015 20:27:56.779 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
16-Jun-2015 20:27:56.781 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
16-Jun-2015 20:27:56.781 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
16-Jun-2015 20:27:56.781 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=/usr/local/tomcat/endorsed
16-Jun-2015 20:27:56.781 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
16-Jun-2015 20:27:56.781 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
16-Jun-2015 20:27:56.782 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
16-Jun-2015 20:27:56.782 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older version 1.1.32 of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of 1.1.33
16-Jun-2015 20:27:56.782 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library 1.1.32 using APR version 1.5.1.
16-Jun-2015 20:27:56.782 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
16-Jun-2015 20:27:56.822 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized (OpenSSL 1.0.1k 8 Jan 2015)
16-Jun-2015 20:27:57.027 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-apr-8080"]
16-Jun-2015 20:27:57.044 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-apr-8009"]
16-Jun-2015 20:27:57.048 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1038 ms
16-Jun-2015 20:27:57.100 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina
16-Jun-2015 20:27:57.100 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.23
16-Jun-2015 20:27:57.156 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive /usr/local/tomcat/webapps/sample-appsensor-ws-rest-server-2.1.0.war
16-Jun-2015 20:28:02.918 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
16-Jun-2015 20:28:03.023 INFO [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Root WebApplicationContext: initialization started
16-Jun-2015 20:28:03.141 INFO [localhost-startStop-1] org.springframework.web.context.support.XmlWebApplicationContext.prepareRefresh Refreshing Root WebApplicationContext: startup date [Tue Jun 16 20:28:03 UTC 2015]; root of context hierarchy
16-Jun-2015 20:28:03.193 INFO [localhost-startStop-1] org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions Loading XML bean definitions from class path resource [applicationContext.xml]
16-Jun-2015 20:28:03.612 INFO [localhost-startStop-1] org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.<init> JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
20:28:03,782 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
20:28:03,783 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
20:28:03,783 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/usr/local/tomcat/webapps/sample-appsensor-ws-rest-server-2.1.0/WEB-INF/classes/logback.xml]
20:28:03,784 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource [logback.xml] occurs multiple times on the classpath.
20:28:03,784 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource [logback.xml] occurs at [jar:file:/usr/local/tomcat/webapps/sample-appsensor-ws-rest-server-2.1.0/WEB-INF/lib/appsensor-core-2.1.0.jar!/logback.xml]
20:28:03,784 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource [logback.xml] occurs at [file:/usr/local/tomcat/webapps/sample-appsensor-ws-rest-server-2.1.0/WEB-INF/classes/logback.xml]
20:28:03,863 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - debug attribute not set
20:28:03,873 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.ConsoleAppender]
20:28:03,889 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [STDOUT]
20:28:03,913 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
20:28:03,987 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to DEBUG
20:28:03,987 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [STDOUT] to Logger[ROOT]
20:28:03,988 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
20:28:03,990 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@39e481c4 - Registering current configuration as safe fallback point

20:28:04.686 [localhost-startStop-1] WARN  o.o.a.c.s.c.StaxClientConfiguration - Could not load appsensor client configuration file. This error is fine if you are running a server.
16-Jun-2015 20:28:04.704 INFO [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Root WebApplicationContext: initialization completed in 1681 ms
16-Jun-2015 20:28:25.357 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [20,647] milliseconds.
16-Jun-2015 20:28:25.672 INFO [localhost-startStop-1] org.glassfish.jersey.server.ApplicationHandler.initialize Initiating Jersey application, version Jersey: 2.8 2014-04-29 01:25:26...
16-Jun-2015 20:28:27.321 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive /usr/local/tomcat/webapps/sample-appsensor-ws-rest-server-2.1.0.war has finished in 30,164 ms
16-Jun-2015 20:28:27.325 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /usr/local/tomcat/webapps/examples
16-Jun-2015 20:28:27.693 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /usr/local/tomcat/webapps/examples has finished in 368 ms
16-Jun-2015 20:28:27.693 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /usr/local/tomcat/webapps/host-manager
16-Jun-2015 20:28:27.731 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /usr/local/tomcat/webapps/host-manager has finished in 38 ms
16-Jun-2015 20:28:27.732 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /usr/local/tomcat/webapps/docs
16-Jun-2015 20:28:27.761 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /usr/local/tomcat/webapps/docs has finished in 29 ms
16-Jun-2015 20:28:27.761 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /usr/local/tomcat/webapps/manager
16-Jun-2015 20:28:27.805 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /usr/local/tomcat/webapps/manager has finished in 44 ms
16-Jun-2015 20:28:27.805 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /usr/local/tomcat/webapps/ROOT
16-Jun-2015 20:28:27.831 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /usr/local/tomcat/webapps/ROOT has finished in 26 ms
16-Jun-2015 20:28:27.853 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-apr-8080"]
16-Jun-2015 20:28:27.872 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-apr-8009"]
16-Jun-2015 20:28:27.878 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 30830 ms

Code - New analysis engines

Different versions of analysis engines could be built, ie stochastic vs. statistical vs. behavioral, etc. (written in java).

Error while running mvn install on appsensor directory

I am facing this error when running install command on the appsensor directory. Kindly let me know if there is a fix for this.

Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 1.579 sec <<< FA
ILURE! - in org.owasp.appsensor.integration.cef.syslog.CefSyslogEmitterEventTest

testAttackCreation(org.owasp.appsensor.integration.cef.syslog.CefSyslogEmitterEv
entTest) Time elapsed: 1.329 sec <<< FAILURE!
java.lang.AssertionError: expected:<2> but was:<1>
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.failNotEquals(Assert.java:743)
at org.junit.Assert.assertEquals(Assert.java:118)
at org.junit.Assert.assertEquals(Assert.java:555)
at org.junit.Assert.assertEquals(Assert.java:542)
at org.owasp.appsensor.local.analysis.ReferenceStatisticalEventAnalysisE
ngineTest.testAttackCreation(ReferenceStatisticalEventAnalysisEngineTest.java:12
0)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(Framework
Method.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCal
lable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMe
thod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMet
hod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestMetho
dCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:74)
at org.springframework.test.context.junit4.statements.RunAfterTestMethod
Callbacks.evaluate(RunAfterTestMethodCallbacks.java:83)
at org.springframework.test.context.junit4.statements.SpringRepeat.evalu
ate(SpringRepeat.java:72)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runCh
ild(SpringJUnit4ClassRunner.java:232)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runCh
ild(SpringJUnit4ClassRunner.java:89)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.
java:26)
at org.springframework.test.context.junit4.statements.RunBeforeTestClass
Callbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassC
allbacks.evaluate(RunAfterTestClassCallbacks.java:71)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(S
pringJUnit4ClassRunner.java:175)
at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provide
r.java:264)
at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4
Provider.java:153)
at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider
.java:124)
at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameCla
ssLoader(ForkedBooter.java:200)
at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(Fork
edBooter.java:153)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:
103)

UX - Design Visualization / Admin UI

It would be awesome to provide a default UI for event visualization and management. This could be a big, fun project.

Implement output to monitoring solution

Could be jmx, snmp, etc.

consider https://www.suse.com/communities/conversations/application-monitoring-made-easy-java-applications-using-nagios/

Setup CI for unit test execution

Likely doing this with http://www.cloudbees.com/

DemoSetup fails with javax.ws.rs.NotFoundException: HTTP 404 Not Found

In an attempt to try out Appsensor i followed the guide at https://github.com/jtmelton/appsensor/blob/master/sample-apps/DemoSetup.md

While starting and running the WebSocket Server, Generator and UI seem to work. The UI throws the following Exception after login.

19:26:31.063 [http-nio-8084-exec-5] INFO o.o.a.u.h.AssociatedClientApplicationsAuthenticationSuccessHandler - Successful authentication for user: User [username=analyst, userAuthorities=[], groups=[Group [id=1, name=ANALYST, authorities=[Authority [id=2, name=VIEW_CONFIGURATION], Authority [id=4, name=VIEW_DATA]]]], clientApplications=[myclientapp, myclientgeoapp1, myclientgeoapp2, myclientgeoapp3]]
19:26:31.063 [http-nio-8084-exec-5] DEBUG o.o.a.u.h.AssociatedClientApplicationsAuthenticationSuccessHandler - Redirecting to DefaultSavedRequest Url: http://localhost:8084/
19:26:32.110 [http-nio-8084-exec-3] ERROR o.o.a.u.h.AssociatedApplicationsFilter - Error setting associated applications.
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is javax.ws.rs.NotFoundException: HTTP 404 Not Found
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:979) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) ~[tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) ~[tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) ~[tomcat-embed-websocket-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.boot.actuate.autoconfigure.EndpointWebMvcAutoConfiguration$ApplicationContextHeaderFilter.doFilterInternal(EndpointWebMvcAutoConfiguration.java:295) ~[spring-boot-actuator-1.2.6.RELEASE.jar:1.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) ~[spring-security-web-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.owasp.appsensor.ui.handler.AssociatedApplicationsFilter.doFilter(AssociatedApplicationsFilter.java:31) ~[classes/:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:102) [spring-boot-actuator-1.2.6.RELEASE.jar:1.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:69) [spring-boot-actuator-1.2.6.RELEASE.jar:1.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) [tomcat-embed-core-8.0.26.jar:8.0.26]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.26.jar:8.0.26]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66]
Caused by: javax.ws.rs.NotFoundException: HTTP 404 Not Found
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:956) ~[jersey-client-2.14.jar:na]
at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:855) ~[jersey-client-2.14.jar:na]
at org.glassfish.jersey.client.JerseyInvocation.access$600(JerseyInvocation.java:91) ~[jersey-client-2.14.jar:na]
at org.glassfish.jersey.client.JerseyInvocation$3.call(JerseyInvocation.java:705) ~[jersey-client-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:228) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:424) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:701) ~[jersey-client-2.14.jar:na]
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417) ~[jersey-client-2.14.jar:na]
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313) ~[jersey-client-2.14.jar:na]
at org.owasp.appsensor.ui.rest.RestReportingEngineFacade.findResponses(RestReportingEngineFacade.java:103) ~[classes/:na]
at org.owasp.appsensor.ui.rest.RestReportingEngineFacade$$FastClassBySpringCGLIB$$5b83c141.invoke() ~[spring-core-4.1.7.RELEASE.jar:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.cache.interceptor.CacheInterceptor$1.invoke(CacheInterceptor.java:52) ~[spring-context-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.cache.interceptor.CacheAspectSupport.invokeOperation(CacheAspectSupport.java:317) ~[spring-context-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:350) ~[spring-context-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:299) ~[spring-context-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.cache.interceptor.CacheInterceptor.invoke(CacheInterceptor.java:61) ~[spring-context-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.owasp.appsensor.ui.rest.RestReportingEngineFacade$$EnhancerBySpringCGLIB$$5e38a2b6.findResponses() ~[spring-core-4.1.7.RELEASE.jar:na]
at org.owasp.appsensor.ui.controller.DashboardController.activeResponses(DashboardController.java:68) ~[classes/:na]
at org.owasp.appsensor.ui.controller.DashboardController.allContent(DashboardController.java:54) ~[classes/:na]
at org.owasp.appsensor.ui.controller.DashboardController$$FastClassBySpringCGLIB$$41fbf83.invoke() ~[spring-core-4.1.7.RELEASE.jar:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) ~[spring-core-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:717) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64) ~[spring-security-core-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:653) ~[spring-aop-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.owasp.appsensor.ui.controller.DashboardController$$EnhancerBySpringCGLIB$$77cdd5b1.allContent() ~[spring-core-4.1.7.RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_66]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_66]
at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_66]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221) ~[spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137) ~[spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967) ~[spring-webmvc-4.1.7.RELEASE.jar:4.1.7.RELEASE]
... 80 common frames omitted
19:27:00.109 [MessageBrokerSockJS-8] INFO o.s.w.s.c.WebSocketMessageBrokerStats - WebSocketSession[1 current WS(1)-HttpStream(0)-HttpPoll(0), 1 total, 0 closed abnormally (0 connect failure, 0 send limit, 0 transport error)], stompSubProtocol[processed CONNECT(1)-CONNECTED(1)-DISCONNECT(0)], stompBrokerRelay[null], inboundChannel[pool size = 12, active threads = 0, queued tasks = 0, completed tasks = 12], outboundChannelpool size = 1, active threads = 0, queued tasks = 0, completed tasks = 1], sockJsScheduler[pool size = 8, active threads = 1, queued tasks = 3, completed tasks = 19]

The UI never shows any data coming in. Dont know if it is related, but the Configuration shows the following:

Server Host Name Not Configured
Server Port Not Configured
Server Socket Timeout (ms) Not Configured

Testet on:

Apache Maven 3.3.3 (7994120775791599e205a5524ec3e0dfe41d4a06; 2015-04-22T13:57:37+02:00)
Java version: 1.8.0_66, vendor: Oracle Corporation
OS name: "linux", version: "4.2.0-16-generic", arch: "amd64", family: "unix"

simple-dashboard earliest

The simple-dashboard is very helpful to understand the rest API. But to make it run i had to remove the ?earliest=" + latest_time which is being send every request.
Is the param earliest in version 2.3.3 not supported anymore?

I was using appsensor-2.3.3 and the appsensor-ws-rest-server-with-websocket-boot REST-Server from the Demo.

Is there a documentation about the REST-API? I was using http://appsensor.org/docs/v2.3.0/api/ui/index.html#/ but it is not that good generated.

Documentation / Scripting - Authentication configuration setup

configuration scripts / tutorials for different web / application servers. We need to show how to setup the authentication for client applications since that will be done by the web/app servers and not the analysis engine itself. Essentially, this is setup and documentation of reverse proxy configuration. We can lean heavily on web server documentation here. (documentation / scripting)

Support multiple detection point configurations per detection point label

While we do no explicit limiting of configurations per detection point label (IE1), we do only use 1. You could configure 3, but we use that last one we found. In this way, multiple responses per detection point are not currently possible.

The request is to support multiple configurations per label, so that one could for instance, configure a response(s) for every event (like additional logging) and a different response(s) every 5 events. This would give a lot of flexibility in how things could be configured without making configuration complex.

Requested by Juan C. Calderon

Upgrade kafka to 0.9 or higher

Need to bump Kafka to 0.9 to take advantage of the new security features (new to 0.9).

Consider logging with OWASP Security Logging

It could be useful for AppSensor to log via the OWASP Security Logging framework : https://github.com/javabeanz/owasp-security-logging.

Issue due to logback.xml in appsensor-core jar

appsensor-core has logback.xml with log level DEBUG directed to STDOUT in src/main/resources. The appsensor-core jar also gets bundled with logback.xml. It is conflicting with our logback.xml in classpath. We tried to exclude logback in pom.xml using following but has no impact.
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
</exclusion>

Error when using REST API (page requires sending configured client header)

When I run the sample spring boot REST server with the provided command in the readme mvn spring-boot:run -D APPSENSOR_WEB_SOCKET_HOST_URL=ws://localhost:8085/dashboard, the server starts. Then when I try to use PostMan to execute a GET request on responses I get an error message, then the second time I send the same request an exception is thrown.

The first time the error message is: "Page requires sending configured client application identification header." just like in issue 30 #30

So the second time I send the same request, I don't get any error messages just an exception. See code below.

. ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _ | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=///_/
:: Spring Boot :: (v1.2.6.RELEASE)

14:16:00.144 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - Starting AppsensorWsRestServerWithWebsocketBootApplication on Studentwks1916 with PID 12864 (C:\Users\stenk\Workspace\appsensor\sample-apps\appsensor-ws-rest-server-with-websocket-boot\target\classes started by StenK in C:\Users\stenk\Workspace\appsensor\sample-apps\appsensor-ws-rest-server-with-websocket-boot)
14:16:00.151 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] DEBUG o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - Running with Spring Boot v1.2.6.RELEASE, Spring v4.1.7.RELEASE
14:16:00.176 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.b.c.e.AnnotationConfigEmbeddedWebApplicationContext - Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5b41adde: startup date [Thu Apr 04 14:16:00 CEST 2019]; root of context hierarchy
14:16:00.628 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.b.f.s.DefaultListableBeanFactory - Overriding bean definition for bean 'beanNameViewResolver': replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/ErrorMvcAutoConfiguration$WhitelabelErrorViewConfiguration.class]] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.boot.autoconfigure.web.WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter; factoryMethodName=beanNameViewResolver; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [org/springframework/boot/autoconfigure/web/WebMvcAutoConfiguration$WebMvcAutoConfigurationAdapter.class]]
14:16:00.746 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
14:16:00.780 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] DEBUG o.j.logging - Logging Provider: org.jboss.logging.Slf4jLoggerProvider
14:16:00.781 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.h.v.i.u.Version - HV000001: Hibernate Validator 5.1.2.Final
14:16:01.259 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat initialized with port(s): 8085 (http)
14:16:01.351 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.a.c.c.StandardService - Starting service Tomcat
14:16:01.353 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.a.c.c.StandardEngine - Starting Servlet Engine: Apache Tomcat/8.0.26
14:16:01.418 [localhost-startStop-1] INFO o.a.c.c.C.[.[.[/] - Initializing Spring embedded WebApplicationContext
14:16:01.418 [localhost-startStop-1] INFO o.s.w.c.ContextLoader - Root WebApplicationContext: initialization completed in 1244 ms
14:16:01.892 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'characterEncodingFilter' to: [/]
14:16:01.894 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'hiddenHttpMethodFilter' to: [/]
14:16:01.897 [localhost-startStop-1] INFO o.s.b.c.e.FilterRegistrationBean - Mapping filter: 'requestContextFilter' to: [/]
14:16:01.898 [localhost-startStop-1] INFO o.s.b.c.e.ServletRegistrationBean - Mapping servlet: 'jerseyServlet' to [/]
14:16:01.900 [localhost-startStop-1] INFO o.s.b.c.e.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/]
14:16:02.148 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] WARN o.o.a.c.s.c.StaxClientConfiguration - Could not load appsensor client configuration file. This error is fine if you are running a server.
14:16:02.279 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.m.m.a.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5b41adde: startup date [Thu Apr 04 14:16:00 CEST 2019]; root of context hierarchy
14:16:02.322 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
14:16:02.327 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest)
14:16:02.344 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/webjars/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
14:16:02.353 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
14:16:02.382 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
14:16:02.440 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.w.s.s.s.ServerEndpointExporter - Registering @serverendpoint class: class org.owasp.appsensor.websocket.WebSocketDashboard
14:16:02.453 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.j.e.a.AnnotationMBeanExporter - Registering beans for JMX exposure on startup
14:16:02.475 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.a.c.h.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8085"]
14:16:02.484 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.a.c.h.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8085"]
14:16:02.496 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.a.t.u.n.NioSelectorPool - Using a shared selector for servlet write/read
14:16:02.518 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8085 (http)
14:16:02.520 [org.owasp.appsensor.AppsensorWsRestServerWithWebsocketBootApplication.main()] INFO o.o.a.AppsensorWsRestServerWithWebsocketBootApplication - Started AppsensorWsRestServerWithWebsocketBootApplication in 2.534 seconds (JVM running for 5.274)
14:16:09.002 [http-nio-8085-exec-3] ERROR o.g.j.s.ServerRuntime$Responder - An I/O error has occurred while writing a response message entity to the container output stream.
java.lang.IllegalStateException: The output stream has already been closed.
at org.glassfish.jersey.message.internal.CommittingOutputStream.setStreamProvider(CommittingOutputStream.java:146) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.message.internal.OutboundMessageContext.setStreamProvider(OutboundMessageContext.java:798) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.server.ContainerResponse.setStreamProvider(ContainerResponse.java:372) ~[jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$Responder.writeResponse(ServerRuntime.java:606) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$Responder.processResponse(ServerRuntime.java:377) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$Responder.process(ServerRuntime.java:420) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:297) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:254) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1030) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:377) [jersey-container-servlet-core-2.14.jar:na]
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:381) [jersey-container-servlet-core-2.14.jar:na]
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:344) [jersey-container-servlet-core-2.14.jar:na]
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:221) [jersey-container-servlet-core-2.14.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) [tomcat-embed-core-8.0.26.jar:8.0.26]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_201]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_201]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.26.jar:8.0.26]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_201]`

Using AppSensor with my C# ASP.NET Web application

I was following the AppSensor developer guide which listed a variety of dependencies required. I downloaded these and added these to my project but I wasn't sure how to actually use AppSensor with the project. I have a lot of confusion over which API to access and how to do so, as I'm very unfamiliar with maven and jar files as well as accessing the AppSensor API/REST API's from my Application.

Building the AppSensor with maven seemed to work and running the demo apps seemed fine too, I'm just not sure where to go from here in terms of using it in my project.

Code - Sample client applications / demos using appsensor

Any sample applications or demos would be beneficial. These could be in any language, and most would likely use the REST api. We already have a starter for NodeJS.

Code - NoSQL Storage Provider

implementations of core storage component in NoSQL - current implementations are in-memory, file-backed, database-backed (jpa2). It would be good to have a NoSQL implementation or set of implementations as well. Mongo would be good to start with, but it would be beneficial to have others as well.

Code - Reporting services apis

The reporting apis are pretty thin right now. Someone could flesh them out and build more to make a richer reporting capability.

Move project to OWASP organization?

I'm wondering if this project should be moved to the GitHub OWASP organization. Besides making it easier for people to find, that provides some security in case you're hit by a falling piano or something. I guess I don't feel strongly about it, but thought I'd mention it.

am getting this error when i try to access the appsensor rest api. I am using the spring boot version

05:04:00.216 [http-nio-8085-exec-4] ERROR o.g.j.s.ServerRuntime$Responder - An I
/O error has occurred while writing a response message entity to the container o
utput stream.
java.lang.IllegalStateException: The output stream has already been closed.
at org.glassfish.jersey.message.internal.CommittingOutputStream.setStrea
mProvider(CommittingOutputStream.java:146) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.message.internal.OutboundMessageContext.setStrea
mProvider(OutboundMessageContext.java:798) ~[jersey-common-2.14.jar:na]
at org.glassfish.jersey.server.ContainerResponse.setStreamProvider(Conta
inerResponse.java:372) ~[jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$Responder.writeResponse(Ser
verRuntime.java:606) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$Responder.processResponse(S
erverRuntime.java:377) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$Responder.process(ServerRun
time.java:420) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:27
7) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [jersey-
common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [jersey-
common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [jersey
-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [jersey
-common-2.14.jar:na]
at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [jersey
-common-2.14.jar:na]
at org.glassfish.jersey.process.internal.RequestScope.runInScope(Request
Scope.java:297) [jersey-common-2.14.jar:na]
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:
254) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHand
ler.java:1030) [jersey-server-2.14.jar:na]
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:3
77) [jersey-container-servlet-core-2.14.jar:na]
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContaine
r.java:381) [jersey-container-servlet-core-2.14.jar:na]
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContaine
r.java:344) [jersey-container-servlet-core-2.14.jar:na]
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContaine
r.java:221) [jersey-container-servlet-core-2.14.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:291) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
) [tomcat-embed-websocket-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(
RequestContextFilter.java:99) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
equestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterIntern
al(CharacterEncodingFilter.java:85) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR

equestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:239) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:219) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:106) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:502) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:142) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:79) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:88) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:518) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
11Processor.java:1091) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
AbstractProtocol.java:673) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo
int.java:1526) [tomcat-embed-core-8.0.26.jar:8.0.26]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoin
t.java:1482) [tomcat-embed-core-8.0.26.jar:8.0.26]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1142) [na:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:617) [na:1.8.0_60]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
read.java:61) [tomcat-embed-core-8.0.26.jar:8.0.26]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]

Is there anyone who can help me solve this problem.

Q: Production ready?

First off, excellent project. I loved the ui when I got the docker-compose example up and running and using appsensor-ws-rest-client-boot-data-generator for generating data. Haven't got around to doing responses yet.

We are in the process of implementing an Appsensor, and I'm wondering if the projects intention is to be a reference project, or could it be used in a production environment also?

Documentation - End user guidance

We need to build a comprehensive suite of guidance for end-users on how to use the system. This could be in github documentation and/or used on a custom appsensor site to-be-built.

How to edit the login page

Hi,
We want to make a demo of Appsensor, but we didn't understand how to edit the login page and to make the events appears in the dashboard.

Thanks for the help

Warok

Error: While performing step 6 Start REST Client Data Generator

When i execute this command mvn spring-boot:run after reached into the recommended directory, The execution starts but never ends (means commands on cmd are running continuously). I have
tried many times but same error has been occurred. Kindly give possible solutions.

EventManager getResponses doesn't take timestamp

Reported by a user - copying bug report from email:

"The EventManager doesn't take a timestamp - how do I say which responses I need based on time, like if a server fails and I need to get responses from when it was down?"

Update mongo storage provider

Need to update the mongo storage provider to have better querying performance.

jtmelton / appsensor Goto Github PK

appsensor's People

Contributors

Stargazers

Watchers

Forkers

appsensor's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs