eclipse Web 项目下 ESAPI.properties 的正确位置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29842208/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Correct location for ESAPI.properties under web project
提问by Petr Shypila
I added a OWASP ESAPI library to my project. And currently I'm stuck with a problem where to locate ESAPI.propertiesfile. This project later should be deployed on few servers to which I don't have an access. So in my opinion there is no way to customizeorg.owasp.esapi.resourcesvariable and I can't put it under user home directory. So the only place where I can put this file is SystemResource Directory/resourceDirectorybut where is it? I have already tried to put these files:
我在我的项目中添加了一个 OWASP ESAPI 库。目前我遇到了在哪里找到ESAPI.properties文件的问题。这个项目稍后应该部署在我无权访问的几台服务器上。所以在我看来没有办法自定义org.owasp.esapi.resources变量,我不能把它放在用户主目录下。所以我唯一可以放这个文件的地方是SystemResource Directory/resourceDirectory但它在哪里?我已经尝试放置这些文件:
.esapi/ESAPI.properties
esapi/ESAPI.properties
ESAPI.properties
Into these locations:
进入这些地点:
$CATALINA_HOME/webapps/<MY_PROJECT>/
$CATALINA_HOME/webapps/<MY_PROJECT>/WEB-INF
$CATALINA_HOME/webapps/<MY_PROJECT>/WEB-INF/classes
$CATALINA_HOME/webapps/<MY_PROJECT>/META-INF
But in all of these places I get an error:
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
但在所有这些地方我都收到错误消息:
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
So where I should locate this file? It's a legacy project(just Eclipse Projectwithout Maven) and it's structure is pretty ugly. There is no such directory like /src/main/resourceswhere in my opinion this ESAPI.propertiesfile should be located. I have created this directory, but where finally this file should be after deployment a WAR archive to Tomcat?
那么我应该在哪里找到这个文件呢?这是一个遗留项目(只是没有 Maven 的Eclipse 项目),它的结构非常丑陋。没有这样的目录,就像/src/main/resources我认为这个ESAPI.properties文件应该位于的位置。我已经创建了这个目录,但是在将 WAR 存档部署到 Tomcat 之后,这个文件最终应该在哪里?
回答by Genry
ESAPI.propertiesfile should reside in a CLASSPATHunder the esapidirectory.
ESAPI.properties文件应该驻留在一个CLASSPATH下esapi目录。
So let's say you have a module which is deployed into war in any of the 2 forms: as a jar, or exploded as classes. Just create a directory inside the source of a module where you use the OWASP ESAPI 3rd party.
因此,假设您有一个以两种形式部署到War中的模块:作为 jar,或分解为类。只需在使用 OWASP ESAPI 3rd 方的模块源内创建一个目录。
From eclipse perspective the file just need to be in the CLASSPATHregardless whether you use maven or not. When using maven, maven resourcesdirectory is converted as eclipse sourcesdirectory by m2eclipseplugin.
从 eclipse 的角度来看,CLASSPATH无论您是否使用 maven,该文件只需要在. 使用maven时,mavenresources目录被插件转换为eclipsesources目录m2eclipse。
Example (using eclipse standard source structure):
示例(使用 Eclipse 标准源结构):
src
|---com
| |---module
| | |---SomeClass.java
|---esapi
| |---ESAPI.properties
回答by Kevin W. Wall
Maybe this will help. It describes the search order implemented in ESAPI 2.x to find the ESAPI.properties file: http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/reference/DefaultSecurityConfiguration.html
也许这会有所帮助。它描述了在 ESAPI 2.x 中实现的用于查找 ESAPI.properties 文件的搜索顺序:http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/reference/DefaultSecurityConfiguration.html
I think that documentation is fairly up-to-date, but you can find details of how it is implemented in the loadConfiguration() method of DefaultSecurityConfiguration.java which you can find here:
我认为该文档是最新的,但您可以在 DefaultSecurityConfiguration.java 的 loadConfiguration() 方法中找到有关它如何实现的详细信息,您可以在此处找到:
Hope that helps. -kevin
希望有帮助。-凯文
回答by Kevin W. Wall
Just a minor update that may be relevant. Looks like the 2.1.0.1 release accidentally broke the previous 2.x search order (in order to support XML configuration properties for ESAPI). This will be fixed in the (as-yet-to-be-determined) ESAPI point release. See ESAPI GitHub issue 397for details.
只是一个可能相关的小更新。看起来 2.1.0.1 版本不小心打破了之前的 2.x 搜索顺序(为了支持 ESAPI 的 XML 配置属性)。这将在(尚未确定的)ESAPI 点版本中修复。有关详细信息,请参阅ESAPI GitHub 问题 397。
