POM文件内容: |
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.1.0.1</version>
<packaging>jar</packaging>
<prerequisites>
<maven>3.0</maven>
</prerequisites>
<parent>
<groupId>org.sonatype.oss</groupId>
<artifactId>oss-parent</artifactId>
<version>5</version>
</parent>
<licenses>
<license>
<name>BSD</name>
<url>http://www.opensource.org/licenses/bsd-license.php</url>
<comments>Code License - New BSD License</comments>
</license>
<license>
<name>Creative Commons 3.0 BY-SA</name>
<url>http://creativecommons.org/licenses/by-sa/3.0/</url>
<comments>Content License - Create Commons 3.0 BY-SA</comments>
</license>
</licenses>
<name>ESAPI</name>
<url>https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</url>
<description>The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP web site. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
</description>
<organization>
<name>The Open Web Application Security Project (OWASP)</name>
<url>http://www.owasp.org/index.php</url>
</organization>
<mailingLists>
<mailingList>
<name>ESAPI-Users</name>
<subscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</subscribe>
<unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</unsubscribe>
<post>mailto:esapi-users@lists.owasp.org</post>
<archive>https://lists.owasp.org/pipermail/esapi-users/</archive>
<!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.-->
</mailingList>
<mailingList>
<name>ESAPI-Developers</name>
<subscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</subscribe>
<unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</unsubscribe>
<post>mailto:esapi-dev@lists.owasp.org</post>
<archive>https://lists.owasp.org/pipermail/esapi-dev/</archive>
<!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.-->
</mailingList>
<mailingList>
<name>OWASP-ESAPI (Inactive! Archive only!)</name>
<archive>https://lists.owasp.org/pipermail/owasp-esapi/</archive>
<!--The name of the obsolete mailing list that previously was a combination of an ESAPI users lists and ESAP development list. While obsolete, it is still sometimes useful for searching through old historical posts. NOTE: NEW POSTS SHOULD NO LONGER BE MADE TO THIS LIST!-->
</mailingList>
</mailingLists>
<scm>
<connection>scm:git:git://github.com/ESAPI/esapi-java-legacy.git</connection>
<developerConnection>scm:git:git@github.com:ESAPI/esapi-java-legacy.git</developerConnection>
<url>https://github.com/ESAPI/esapi-java-legacy</url>
</scm>
<issueManagement>
<system>GitHub Issue Tracking</system>
<url>https://github.com/ESAPI/esapi-java-legacy/issues</url>
</issueManagement>
<developers>
<developer>
<name>Jeff Williams</name>
<organization>Aspect Security</organization>
<roles>
<role>Project Inventor</role>
</roles>
</developer>
<developer>
<name>Chris Schmidt</name>
<organization>Aspect Security</organization>
<roles>
<role>Project Co-owner</role>
</roles>
</developer>
<developer>
<name>Kevin W. Wall</name>
<organization>Wells Fargo</organization>
<roles>
<role>Project Co-owner</role>
</roles>
</developer>
</developers>
<contributors>
<contributor>
<name>Dave Wichers</name>
<organization>Aspect Security</organization>
</contributor>
<contributor>
<name>Jim Manico</name>
</contributor>
</contributors>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>commons-configuration</groupId>
<artifactId>commons-configuration</artifactId>
<version>1.10</version>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils-core</artifactId>
<version>1.8.3</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
<scope>compile</scope>
<type>jar</type>
</dependency>
<dependency>
<groupId>xom</groupId>
<artifactId>xom</artifactId>
<version>1.2.5</version>
</dependency>
<dependency>
<groupId>org.beanshell</groupId>
<artifactId>bsh-core</artifactId>
<version>2.0b4</version>
</dependency>
<dependency>
<groupId>org.owasp.antisamy</groupId>
<artifactId>antisamy</artifactId>
<version>1.5.3</version>
</dependency>
<dependency>
<groupId>org.apache.xmlgraphics</groupId>
<artifactId>batik-css</artifactId>
<version>1.8</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
<debug>true</debug>
<showWarnings>true</showWarnings>
<showDeprecation>false</showDeprecation>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-eclipse-plugin</artifactId>
<version>2.9</version>
<configuration>
<downloadSources>true</downloadSources>
</configuration>
</plugin>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<configuration>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
</plugin>
<!-- Check for updates to dependencies and report on them. -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.1</version>
<executions>
<execution>
<id>check-for-dependency-updates</id>
<phase>compile</phase> <!-- Eclipse q4e plugin needs this -->
<goals>
<goal>display-dependency-updates</goal>
<goal>display-plugin-updates</goal>
<!--<goal>display-property-updates</goal>-->
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.3</version>
<configuration>
<findbugsXmlOutput>true</findbugsXmlOutput>
<findbugsXmlWithMessages>true</findbugsXmlWithMessages>
<xmlOutput>true</xmlOutput>
<threshold>Low</threshold>
<effort>Max</effort>
<relaxed>false</relaxed>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.6</version>
<configuration>
<formats>
<format>html</format>
<format>xml</format>
</formats>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jdepend-maven-plugin</artifactId>
<version>2.0</version>
</plugin>
<plugin>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.1</version>
<configuration>
<targetJdk>1.5</targetJdk>
<sourceEncoding>utf-8</sourceEncoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<configuration>
<detectJavaApiLink>false</detectJavaApiLink>
<detectLinks>false</detectLinks>
</configuration>
</plugin>
<plugin>
<groupId>net.sourceforge.maven-taglib</groupId>
<artifactId>maven-taglib-plugin</artifactId>
<version>2.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-changelog-plugin</artifactId>
<version>2.2</version>
<configuration>
<issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
<issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
<type>date</type>
<dates>
<date>2013-09-02 00:00:00</date>
</dates>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.1</version>
<reportSets>
<reportSet>
<reports>
<report>dependency-updates-report</report>
<report>plugin-updates-report</report>
<report>property-updates-report</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>1.2.11</version>
<configuration>
<externalReport>false</externalReport>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.17</version>
</plugin>
</plugins>
</reporting>
<profiles>
<profile>
<!-- Activate to sign jars and build distributable download. -->
<id>dist</id>
<!-- This profile is activated when mvn release:perform is called from the command line
to actually do a release. If you need this profile active for some reason outside
of performing a release, use mvn <command> -Pdist
-->
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<distributionManagement>
<snapshotRepository>
<id>sonatype-nexus-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>sonatype-nexus-staging</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
</distributionManagement>
<build>
<plugins>
<!-- Signs all artifacts prior to deploying to maven central -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<keyname>5B1AD8C5</keyname>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<!--
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
-->
<configuration>
<!--
<keystore>codesign.keystore</keystore>
<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
<verify>true</verify>
-->
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
<manifestEntries>
<Sealed>true</Sealed>
</manifestEntries>
</archive>
</configuration>
</plugin>
<!-- Baseline for ESAPI 2.1 is JDK1.6 - Enforces that a JDK1.6 compiler is being
used to build this release -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.3.1</version>
<executions>
<execution>
<id>enforce-jdk-version</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireJavaVersion>
<version>1.6</version>
<message>
ESAPI 2.1 uses the JDK1.6 for it's baseline. Please make sure that your
JAVA_HOME environment variable is pointed to a JDK1.6 distribution.
</message>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- For building the distribution zip file. -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.4</version>
<configuration>
<descriptors>
<descriptor>src/main/assembly/dist.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>make-dist</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- Performs a full release. See release documentation for information on how to
perform an ESAPI release using Maven -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5</version>
<configuration>
<tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
</configuration>
</plugin>
<!-- <plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.3</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin> -->
</plugins>
</build>
</profile>
</profiles>
</project>
|