Skip to content

Using ESAPI with SLF4J

Jump to bottom Edit New page
Kevin W. Wall edited this page Sep 9, 2020 · 9 revisions

As of ESAPI 2.2.0.0, ESAPI has supported, although some minor bugs may have kept it from being trivially usable.

This wiki page describes 2 configurations:

  • SLF4J using Logback
  • SLF4J using Log4J 2.x

The remainder of this page assumes you will be using ESAPI 2.2.1.1 and that you already know how to use and configure ESAPI.

Configuring ESAPI to use SLF4J

Download the esapi-2.2.1.1-configuration.jar and unjar the file to extract the ESAPI.properties file.

Place the ESAPI.properties file in a place where it will be picked up by ESAPI. Set the ESAPI property as follows to use SLF4J for logging:

ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory

This ESAPI property setting is needed regardless of what logger you wish to use with SLF4J. Also review the section denoted as "ESAPI Logging" (properties all which start with "Logger.") so configure the logger to your liking as to what information gets logged besides the log message itself.

SLF4J using Logback

This section is under development; until then see GitHub issue #569 for details.

SLF4J using Log4J 2.x

The standard SLF4J configuration as used with Log4J 2.x should work with ESAPI as well. See for example https://www.logicbig.com/tutorials/misc/java-logging/slf4j-with-log4j2.html

Add a custom footer
Add a custom sidebar
Clone this wiki locally