OK, so I tried that and found one library needs to be excluded (from the
exclusion list) - i.e. scanned
# ls jstl*; grep ".tld" jstl-*
jstl-api-1.2.jar jstl-impl-1.2.jar
Binary file jstl-impl-1.2.jar matches
So if your rule works, I need jstl-impl to be scanned, but jstl-api could be
excluded.
Nice! Thanks.
Ray
On Monday, November 6, 2017 10:54 AM, Mark H. Wood <mw...@iupui.edu> wrote:
On Mon, Nov 06, 2017 at 10:13:42AM -0500, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ray,
>
> On 11/6/17 9:48 AM, Ray Holme wrote:
> > I am not the primary developer. I do Java and DB development. I
> > leave the JSP for someone else (I am mostly retired but I have
> > been doing this a LONG time).> But I deal with distributions and
> > builds so I was the one who modified the "not to SCAN"
> > libraries.2.5 minutes down to less than 1 second.
> Fast and broken is worse than slow and working. :)
>
> > But I blew it with the jstl jars so I just wanted to know if there
> > is any way to find out if the jar is a taglib.
> So... generally speaking I would say "you should know your own
> libraries" but it shouldn't be hard to determine which libraries are
> taglibs. Simply look in each JAR file to see if there are any ".tld"
> files.
That's what I thought, too. I looked, and the jstl-api JAR doesn't
contain any TLDs. The corresponding jstl-impl JAR does, though.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
