This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI Getting Started Guide"
| Line 31: | Line 31: | ||
* Clean Tomcat 5.5/6.0 install | * Clean Tomcat 5.5/6.0 install | ||
* Create a new folder named “test” in the webapps folder | * Create a new folder named “test” in the webapps folder | ||
| − | ** | + | ** Add test.jsp to that folder |
| − | ** | + | ** Add a “WEB-INF/lib” folder and put esapi-1.1.1.jar in it |
| − | * | + | * Edit catalina.bat |
| − | ** | + | ** Add the following line right under the line that contains “set JPDA=” |
| − | ** | + | ** Set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\resources" |
| − | * | + | * Run startup.bat |
| − | |||
| + | ==Step 5: Run | ||
| − | + | Just browse to http://localhost:8080/test/test.jsp and login with the credentials you have chosen. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | [[Category:OWASP Enterprise Security API]] | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | [[Category:OWASP | ||
__NOTOC__ | __NOTOC__ | ||
Revision as of 19:12, 16 April 2008
Getting Started with OWASP ESAPI
ESAPI is very easy to use. This tutorial shows how to get a simple application working with the reference implementation of ESAPI. Please remember that the reference implementation is a simple example. The Authenticator uses a text-based password file. This is to make it easy to test ESAPI without installing a database or directory. Enterprises will want to create their own implementation of the API that works with their identity management solution.
Step 1: Setting up a resources directory
Create a directory to hold ESAPI resources. This should be a secure location as it will contain a significant amount of security information. For example, you might create a directory called "C:\resources" and use the operating system access control mechanisms to restrict access.
Step 2: Setting ESAPI configuration properties
Download the default ESAPI.properties file. Edit the MasterPassword property and choose a long, difficult-to-guess string as the security of your application depends on it.
- MasterPassword=xxxxx
Step 3: Configuring user accounts
The simplest way to get started is to create an "admin" account to work with. ESAPI has a command line tool that will create your users.txt file and
java -D org.owasp.esapi.resources="C:\resources" -classpath owasp-esapi-java-1.1.1.jar org.owasp.esapi.Authenticator Alice test admin
Step 4: Hello, ESAPI!
You should be able to use any application container. The instructions below are for Tomcat.
- Clean Tomcat 5.5/6.0 install
- Create a new folder named “test” in the webapps folder
- Add test.jsp to that folder
- Add a “WEB-INF/lib” folder and put esapi-1.1.1.jar in it
- Edit catalina.bat
- Add the following line right under the line that contains “set JPDA=”
- Set JAVA_OPTS=-Dorg.owasp.esapi.resources="C:\resources"
- Run startup.bat
==Step 5: Run
Just browse to http://localhost:8080/test/test.jsp and login with the credentials you have chosen.
