[OWASP-ESAPI] ESAPI Swingset Demo

Jim Manico jim.manico at owasp.org
Fri Dec 4 19:36:38 EST 2009


I provided a separate resources directory in the 2.0 rc4 release zip
file. The property files will no longer be deployed inside the ESAPI 2.0
jar.

- Jim
> One question seen here is: Where do we get a resources directory from?
> We can either use the default one from the ESAPI jar, or include a
> custom one with the swingset. I think my preference is to include a
> separate resources directory (and in properties, a list of differences
> from the original), but I wanted to get comments from other people.
> What do you think?
>
> --
>
> Craig Younkins
> Mobile: (301) 520-0463
> Website/Blog <http://cyounkins.blogspot.com/>
>
>
> On Thu, Nov 26, 2009 at 2:07 AM, Ken Sipe <kensipe at gmail.com
> <mailto:kensipe at gmail.com>> wrote:
>
>     I'm fairly new to the group... so I don't know if this is the
>     right place to communicate this.  Please provided me with a proper
>     301 error if necessary :)
>
>     I downloaded the Swingset application and needed to do some
>     tweaking... you see... I'm a Mac :)...  "Hello PC!"   
>
>     I've created a startup script which is attached for running this
>     on a mac... it will probably work on ubuntu as well.  Here are the
>     setup instructions if someone would like to update the web page.
>      ** it would be nice, if the xml configs were not platform
>     specific... they don't have to be.
>
>
>           Setup Swingset for Mac OSX
>
>     1. Extract ESAPI_Swingset.zip to a directory of your choice.
>     2. Under the uncompressed directory, find and open up the
>     server.xml in an editor
>     *  replace the text "c:\.keystore" with ".keystore"
>     * <Connector 
>     keystoreFile=".keystore" SSLEnabled="true" 
>     keystorePass="swingset" clientAuth="false" maxThreads="150" 
>     3. Under the uncompressed directory, find and open up the web.xml
>     for the ROOT webapp in an editor
>     *  replace the text "c:\.resources" with some directory you would
>     like to protect
>     * <init-param>
>     <param-name>resourceDirectory</param-name>
>     <param-value>c:\resources</param-value>
>      </init-param>
>
>     4. Move .keystore from Swingset_with_tomcat_05b2/.keystore to
>     Swingset_with_tomcat_05b2/apache-tomcat-6.0.18/.keystore
>     5. Create the ESAPI_Swingset dir in the webapps directory
>     6. The tomcat_6.0.18_start.sh <http://tomcat_6.0.18_start.sh>
>     script expects that Java is in the path and that JAVA_HOME is exported
>
>     instructions for Running Swingset on Mac OSX are the same...
>     exception you have to run the tomcat_6.0.18_start.sh
>     <http://tomcat_6.0.18_start.sh>
>
>
>
>     also... technically the windows instructions are wrong... it
>     specifies a Tomcat_6.0.18_start.bat and it is a Tomcat
>     6.0.18_start.bat... a file with a space in the name (which is evil
>     :).  I would propose that the docs remain the same and someone
>     change the file name to match the docs.
>
>     It would take very little work to make this work on in a platform
>     independent way, which would also reduce the Mac OSX instructions
>     to 1. extract and 2. run script.  All the changes listed are
>     necessary to run the application without an exception in stdio.
>
>
>     Ken Sipe | kensipe at gmail.com <mailto:kensipe at gmail.com> | blog:
>     http://kensipe.blogspot.com
>
>
>
>
>     _______________________________________________
>     OWASP-ESAPI mailing list
>     OWASP-ESAPI at lists.owasp.org <mailto:OWASP-ESAPI at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-esapi
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091204/80d78dee/attachment.html 


More information about the OWASP-ESAPI mailing list