[OWASP-ESAPI] List of ESAPI's dependencies

[Kevin W. Wall]

Ed Schaller wrote:
>> So if I'm average Joe developer, is there documentation that tells me what 3rd party libraries I'll need to get the basic ESAPI jar working satisfied? 
>>  
>> I just added ESAPI to a demo application I'm using and realized I have no idea what to do next, except go through the pom manually and download every jar manually. I used to run this demo inside of Eclipse where I could magically add a "project" to a J2EE project's dependencies.
>>  
> 
> mvn dependency:analyze
> and
> mvn dependency:tree
> 
> are your friends here. I've meant to comment on this but haven't gotten
> too it. The following dependencies we have in the pom don't appear to
> be needed:
> 
> commons-logging
> xerces
> nekohtml
> 
> dependency:analyze claims that common-io is not needed but it is. It is
> needed by commons-httpclient as an optional dependency. Without it the
> unit tests will fail worse than they do;)
> 
> Additionally, commons-collections seems to be used directly and should
> probably be in the pom as well. It is pulled in by other dependencies
> so it's absence isn't noticeable
> 
> I have pom mods for these I could commit if someone wants them.

The dependencies are also in the Maven "site" report that is generated by
running

	mvn site

Also, even if we do the dependencies in the install guide (probably a good
idea), it would be good to indicate to use Maven in one of the ways cited
here to make sure that you have an up-to-date list of dependencies.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME