OWASP ESAPI文件在Maven Project（Web）中的位置

Question

I am trying to use OWASP ESAPI library in my Maven Web Project.The problem i am facing is that the controllers are not able to find the ESAPI properties file.

I tried putting them in the resources folder ,but it does not work.I can't seem to get it working.

Can someone help me with the correct location of ESAPI resources in a Maven Project.

Answer 1

The class Javadoc for the implementation class, [DefaultSecurityConfiguration] ( http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/reference/DefaultSecurityConfiguration.html ), describes how the ESAPI.property class is found. It is rather complicated and has been discussed several times on the ESAPI User mailing list so it is not surprising you are confused. (This is the first questions that I feel should be in an ESAPI FAQ if someone ever takes the time to create one.)

There also some bugs that we found in Maven such that if the full path to your ESAPI.properties file contains any spaces in it (eg, "C:\\Documents and Settings\\kww\\code\\ESAPI\\configuration\\esapi\\ESAPI.properties"), Maven seems to choke on it and is unable to find it. (Note, if this were your path, you could tell Maven to look under "C:\\Docume~1\\kww\\code\\ESAPI\\configuration\\esapi\\ESAPI.properties" instead, and that seems to work.)

What I normally suggest to people is to set the system property "org.owasp.esapi.resources" from the java command line to some folder that has no spaces and copy your ESAPI.properties under there. (This is also discussed in the aforementioned Javadoc.)

Lastly, should you get confused, take a look at some of the Bash scripts under "src/examples/scripts", such as "runclass.sh" and hopefully (if you can read Bash), that should show you how this works.

Hope that helps. -kevin