This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI-Building"
Kevin.Fealey (talk | contribs) (→What's the difference?) |
Kevin.Fealey (talk | contribs) (→Importing the ESAPI Source) |
||
| Line 8: | Line 8: | ||
To import the ESAPI source code into your workspace, you can either download the source files in a zip file from [https://www.owasp.org/index.php/ESAPI here] or download the latest trunk from the ESAPI SVN. | To import the ESAPI source code into your workspace, you can either download the source files in a zip file from [https://www.owasp.org/index.php/ESAPI here] or download the latest trunk from the ESAPI SVN. | ||
| − | '''The zip files containing the ESAPI source''' are official releases of the ESAPI. They will be updated whenever major changes are made to the ESAPI, whether features are added/removed, or if ESAPI undergoes a major organizational change. If you are planning on using the ESAPI's reference implementations and want to see ESAPI's source, but do not want to build your own JAR, you might download the ESAPI source zip file (available [https://www.owasp.org/index.php/ESAPI here]. | + | '''The zip files containing the ESAPI source''' are official releases of the ESAPI. They will be updated whenever major changes are made to the ESAPI, whether features are added/removed, or if ESAPI undergoes a major organizational change. If you are planning on using the ESAPI's reference implementations and want to see ESAPI's source, but do not want to build your own JAR, you might download the ESAPI source zip file (available [https://www.owasp.org/index.php/ESAPI here]). |
'''The ESAPI trunk SVN''' contains the most up-to-date development version of ESAPI. The trunk may contain different code from the pre-zipped source. It may contain new features or be organized differently. The trunk is a development version of the ESAPI, meaning that contributors to the ESAPI project are actively editing this code, so while all contributors are encouraged to run all test cases on the code before committing it, developers using this code should run their own tests to be sure the code is fully functional. In addition, because the trunk code is in development, documentation regarding the ESAPI, especially Javadocs, may not be entirely accurate. | '''The ESAPI trunk SVN''' contains the most up-to-date development version of ESAPI. The trunk may contain different code from the pre-zipped source. It may contain new features or be organized differently. The trunk is a development version of the ESAPI, meaning that contributors to the ESAPI project are actively editing this code, so while all contributors are encouraged to run all test cases on the code before committing it, developers using this code should run their own tests to be sure the code is fully functional. In addition, because the trunk code is in development, documentation regarding the ESAPI, especially Javadocs, may not be entirely accurate. | ||
Revision as of 16:57, 17 September 2008
Eclipse Setup
- Get Europa
- Get SVN plugin
- Get other plugins
Importing the ESAPI Source
To import the ESAPI source code into your workspace, you can either download the source files in a zip file from here or download the latest trunk from the ESAPI SVN.
The zip files containing the ESAPI source are official releases of the ESAPI. They will be updated whenever major changes are made to the ESAPI, whether features are added/removed, or if ESAPI undergoes a major organizational change. If you are planning on using the ESAPI's reference implementations and want to see ESAPI's source, but do not want to build your own JAR, you might download the ESAPI source zip file (available here).
The ESAPI trunk SVN contains the most up-to-date development version of ESAPI. The trunk may contain different code from the pre-zipped source. It may contain new features or be organized differently. The trunk is a development version of the ESAPI, meaning that contributors to the ESAPI project are actively editing this code, so while all contributors are encouraged to run all test cases on the code before committing it, developers using this code should run their own tests to be sure the code is fully functional. In addition, because the trunk code is in development, documentation regarding the ESAPI, especially Javadocs, may not be entirely accurate.
Subversion Setup
Follow the instructions here. Unless you have been added to the ESAPI project as a contributor, please use the bottom SVN checkout link on the Google Code page(non-SSL).
If you are using subclipse, as recommended, open Eclipse and:
- Click File -> New -> Other.....
- From the SVN Folder select '"Checkout Projects from SVN (this option will only be available if you have a SVN plugin installed) and hit Next >.
- Click the Create a new repository location radio button.
- If you are not listed as a project contributor, insert http://owasp-esapi-java.googlecode.com/svn/trunk/ as the URL. If you are listed as a project contributor, check the Google Code page for the URL to use.
- Once the directory structure appears in the window, click the URL at the top to download everything. Then hit Next >
- Select your desired project options. For most people, the default options should be fine. When finished, click Next >.
- Select your desired workspace options, then click Finish. The latest ESAPI source files will then be downloaded to your workspace. This may take a few minutes.
Project Setup
Some configuration may be necessary for ESAPI to compile and build on your system.
ESAPI requires the Java SDK 1.4. Please be sure this is downloaded and installed.
- Once Java 1.4 is installed, open the Navigator view in Eclipse. If this is currently hidden, from the toolbar click Window -> Show View -> Navigator.
- Right-click on the ESAPI project root folder in the Navigator view and select Properties.
- From the left column, select Java Build Path. Under the Libraries tab, be sure the JRE listed is version 1.4. If it is not, remove the current JRE and click Add Library and select an alternate JRE. If you are having trouble figuring out what version the current JRE is, select Installed JREs and look at the location to which each version is mapped.
- From the left column, select Java Compiler. Be sure Compiler compliance level, Generated .class files compatibility, and Source compatibility are all set to 1.4.
- Close the properties window.
- Right-click the ESAPI project root folder and select Refresh.
- From the toolbar, select Project -> Clean.. and select the ESAPI project. Click OK.
- ESAPI should now be compiled.
Building
Building ESAPI should be easy with the included Ant build scripts.
There are two build scripts included in the ESAPI trunk repository.
- Full build of ESAPI with all available reference implementations.
- Lite build of ESAPI without reference implementations.
While the reference implementations are generally good for independent developers, most businesses will want to create their own security implementations based around the companies standard practices and infrastructure. This is why the Lite version is provided.
To build either version, simple right-click the build script for the desired build, select Run As -> Ant Build. The script should run, with output directed to the Console. When complete, the dist directory should contain a new JAR, the build directory will contain all class files (even the reference implementation class files in the Lite build), and javadoc/api will contain the newly generated Javadocs.
Running Test Cases
- Select test/org/owasp/esapi/AllTests.java
- Right click and Run As... Open Run Dialog
- Choose JUnit
- Select Arguments and enter a VM argument
- -Dorg.owasp.esapi.resources="<path to your esapi project>/test/testresources"
- run tests and verify that they all pass
Running Test App
TODO
