|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.owasp.esapi.ESAPI
public final class ESAPI
ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use. Use the set methods to override the reference implementations with instances of any custom ESAPI implementations.
Method Summary | |
---|---|
static AccessController |
accessController()
|
static Authenticator |
authenticator()
|
static void |
clearCurrent()
Clears the current User, HttpRequest, and HttpResponse associated with the current thread. |
static javax.servlet.http.HttpServletRequest |
currentRequest()
Get the current HTTP Servlet Request being processed. |
static javax.servlet.http.HttpServletResponse |
currentResponse()
Get the current HTTP Servlet Response being generated. |
static Encoder |
encoder()
|
static Encryptor |
encryptor()
|
static Executor |
executor()
|
static Logger |
getLogger(java.lang.Class clazz)
|
static Logger |
getLogger(java.lang.String moduleName)
|
static HTTPUtilities |
httpUtilities()
|
static java.lang.String |
initialize(java.lang.String impl)
|
static IntrusionDetector |
intrusionDetector()
|
static Logger |
log()
|
static void |
override(SecurityConfiguration config)
Overrides the current security configuration with a new implementation. |
static Randomizer |
randomizer()
|
static SecurityConfiguration |
securityConfiguration()
|
static Validator |
validator()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static void clearCurrent()
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException { try { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; ESAPI.httpUtilities().setCurrentHTTP(request, response); ESAPI.authenticator().login(); chain.doFilter(request, response); } catch (Exception e) { logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e ); } finally { // VERY IMPORTANT // clear out ThreadLocal variables ESAPI.clearCurrent(); } }The advantages of having identity everywhere are worth the risk here.
public static javax.servlet.http.HttpServletRequest currentRequest()
public static javax.servlet.http.HttpServletResponse currentResponse()
public static AccessController accessController()
public static Authenticator authenticator()
public static Encoder encoder()
public static Encryptor encryptor()
public static Executor executor()
public static HTTPUtilities httpUtilities()
public static IntrusionDetector intrusionDetector()
public static Logger getLogger(java.lang.Class clazz)
clazz
- The class to associate the logger with.
public static Logger getLogger(java.lang.String moduleName)
moduleName
- The module to associate the logger with.
public static Logger log()
public static Randomizer randomizer()
public static SecurityConfiguration securityConfiguration()
public static Validator validator()
public static java.lang.String initialize(java.lang.String impl)
public static void override(SecurityConfiguration config)
config
-
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |