Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi
Interface SecurityConfiguration

All Known Implementing Classes:
DefaultSecurityConfiguration
public interface SecurityConfiguration

The SecurityConfiguration interface stores all configuration information that directs the behavior of the ESAPI implementation.

Protection of this configuration information is critical to the secure operation of the application using the ESAPI. You should use operating system access controls to limit access to wherever the configuration information is stored.

Please note that adding another layer of encryption does not make the attackers job much more difficult. Somewhere there must be a master "secret" that is stored unencrypted on the application platform (unless you are willing to prompt for some passphrase when you application starts or insert a USB thumb drive or an HSM card, etc., in which case this master "secret" it would only be in memory). Creating another layer of indirection provides additional obfuscation, but doesn't provide any real additional security. It's up to the reference implementation to decide whether this file should be encrypted or not.

The ESAPI reference implementation (DefaultSecurityConfiguration.java) does not encrypt its properties file.

Since:
June 1, 2007
Author:
Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security

Nested Class Summary
static class SecurityConfiguration.Threshold
          Models a simple threshold as a count and an interval, along with a set of actions to take if the threshold is exceeded.
 
Method Summary
 java.lang.String getAccessControlImplementation()
          Returns the fully qualified classname of the ESAPI Access Control implementation.
 java.util.List<java.lang.String> getAdditionalAllowedCipherModes()
          Return List of strings of additional cipher modes that are permitted (i.e., in addition to those returned by #getPreferredCipherModes()) to be used for encryption and decryption operations.
 java.util.List<java.lang.String> getAllowedExecutables()
          Gets the allowed executables to run with the Executor.
 java.util.List<java.lang.String> getAllowedFileExtensions()
          Gets the allowed file extensions for files that are uploaded to this application.
 int getAllowedFileUploadSize()
          Gets the maximum allowed file upload size.
 int getAllowedLoginAttempts()
          Gets the number of login attempts allowed before the user's account is locked.
 boolean getAllowMixedEncoding()
          Return true if mixed encoding is allowed
 boolean getAllowMultipleEncoding()
          Return true if multiple encoding is allowed
 java.lang.String getApplicationName()
          Gets the application name, used for logging
 java.lang.String getAuthenticationImplementation()
          Returns the fully qualified classname of the ESAPI Authentication implementation.
 java.lang.String getCharacterEncoding()
          Gets the character encoding scheme supported by this application.
 java.lang.String getCipherTransformation()
          Retrieve the cipher transformation.
 java.util.List<java.lang.String> getCombinedCipherModes()
          Return a List of strings of combined cipher modes that support both confidentiality and authenticity.
 java.util.List<java.lang.String> getDefaultCanonicalizationCodecs()
          Returns the List of Codecs to use when canonicalizing data
 java.lang.String getDigitalSignatureAlgorithm()
          Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
 int getDigitalSignatureKeyLength()
          Gets the digital signature key length used by ESAPI to generate and verify signatures.
 boolean getDisableIntrusionDetection()
          Allows for complete disabling of all intrusion detection mechanisms
 java.lang.String getEncoderImplementation()
          Returns the fully qualified classname of the ESAPI Encoder implementation.
 java.lang.String getEncryptionAlgorithm()
          Gets the encryption algorithm used by ESAPI to protect data.
 java.lang.String getEncryptionImplementation()
          Returns the fully qualified classname of the ESAPI Encryption implementation.
 int getEncryptionKeyLength()
          Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
 java.lang.String getExecutorImplementation()
          Returns the fully qualified classname of the ESAPI OS Execution implementation.
 java.lang.String getFixedIV()
          If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.
 boolean getForceHttpOnlyCookies()
          Forces new cookies to have HttpOnly flag set.
 boolean getForceHttpOnlySession()
          Forces new cookies to have HttpOnly flag set.
 boolean getForceSecureCookies()
          Forces new cookies to have Secure flag set.
 boolean getForceSecureSession()
          Forces session cookies to have Secure flag set.
 java.lang.String getHashAlgorithm()
          Gets the hashing algorithm used by ESAPI to hash data.
 int getHashIterations()
          Gets the hash iterations used by ESAPI to hash data.
 java.lang.String getHttpSessionIdName()
          This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.
 java.lang.String getHTTPUtilitiesImplementation()
          Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
 java.lang.String getIntrusionDetectionImplementation()
          Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
 java.lang.String getIVType()
          Get a string indicating how to compute an Initialization Vector (IV).
 java.lang.String getKDFPseudoRandomFunction()
          Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).
 boolean getLenientDatesAccepted()
          Determines whether ESAPI will accept "lenient" dates when attempt to parse dates.
 boolean getLogApplicationName()
          Returns whether ESAPI should log the application name.
 boolean getLogEncodingRequired()
          Returns whether HTML entity encoding should be applied to log entries.
 java.lang.String getLogFileName()
          Get the name of the log file specified in the ESAPI configuration properties file.
 java.lang.String getLogImplementation()
          Returns the fully qualified classname of the ESAPI Logging implementation.
 int getLogLevel()
          Returns the current log level.
 boolean getLogServerIP()
          Returns whether ESAPI should log the server IP.
 byte[] getMasterKey()
          Gets the master key.
 byte[] getMasterSalt()
          Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.
 int getMaxHttpHeaderSize()
          Returns the maximum allowable HTTP header size.
 int getMaxLogFileSize()
          Get the maximum size of a single log file from the ESAPI configuration properties file.
 int getMaxOldPasswordHashes()
          Gets the maximum number of old password hashes that should be retained.
 java.lang.String getPasswordParameterName()
          Gets the name of the password parameter used during user authentication.
 java.lang.String getPreferredJCEProvider()
          Retrieve the preferred JCE provider for ESAPI and your application.
 SecurityConfiguration.Threshold getQuota(java.lang.String eventName)
          Gets the intrusion detection quota for the specified event.
 java.lang.String getRandomAlgorithm()
          Gets the random number generation algorithm used to generate random numbers where needed.
 java.lang.String getRandomizerImplementation()
          Returns the fully qualified classname of the ESAPI Randomizer implementation.
 long getRememberTokenDuration()
          Gets the length of the time to live window for remember me tokens (in milliseconds).
 java.io.File getResourceFile(java.lang.String filename)
          Gets a file from the resource directory
 java.io.InputStream getResourceStream(java.lang.String filename)
          Gets an InputStream to a file in the resource directory
 java.lang.String getResponseContentType()
          Gets the content type for responses used when setSafeContentType() is called.
 int getSessionAbsoluteTimeoutLength()
          Gets the absolute timeout length for sessions (in milliseconds).
 int getSessionIdleTimeoutLength()
          Gets the idle timeout length for sessions (in milliseconds).
 java.io.File getUploadDirectory()
          Retrieves the upload directory as specified in the ESAPI.properties file.
 java.io.File getUploadTempDirectory()
          Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
 java.lang.String getUsernameParameterName()
          Gets the name of the username parameter used during user authentication.
 java.lang.String getValidationImplementation()
          Returns the fully qualified classname of the ESAPI Validation implementation.
 java.util.regex.Pattern getValidationPattern(java.lang.String typeName)
          Returns the validation pattern for a particular type
 java.io.File getWorkingDirectory()
          Returns the default working directory for executing native processes with Runtime.exec().
 boolean overwritePlainText()
          Indicates whether the PlainText objects may be overwritten after they have been encrypted.
 java.lang.String setCipherTransformation(java.lang.String cipherXform)
          Deprecated. To be replaced by new class in ESAPI 2.1, but here if you need it until then. Details of replacement forthcoming to ESAPI-Dev list.
 void setResourceDirectory(java.lang.String dir)
          Sets the ESAPI resource directory.
 boolean useMACforCipherText()
          Determines whether the CipherText should be used with a Message Authentication Code (MAC).
 

Method Detail

getApplicationName

java.lang.String getApplicationName()
Gets the application name, used for logging

Returns:
the name of the current application

getLogImplementation

java.lang.String getLogImplementation()
Returns the fully qualified classname of the ESAPI Logging implementation.

getAuthenticationImplementation

java.lang.String getAuthenticationImplementation()
Returns the fully qualified classname of the ESAPI Authentication implementation.

getEncoderImplementation

java.lang.String getEncoderImplementation()
Returns the fully qualified classname of the ESAPI Encoder implementation.

getAccessControlImplementation

java.lang.String getAccessControlImplementation()
Returns the fully qualified classname of the ESAPI Access Control implementation.

getIntrusionDetectionImplementation

java.lang.String getIntrusionDetectionImplementation()
Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.

getRandomizerImplementation

java.lang.String getRandomizerImplementation()
Returns the fully qualified classname of the ESAPI Randomizer implementation.

getEncryptionImplementation

java.lang.String getEncryptionImplementation()
Returns the fully qualified classname of the ESAPI Encryption implementation.

getValidationImplementation

java.lang.String getValidationImplementation()
Returns the fully qualified classname of the ESAPI Validation implementation.

getValidationPattern

java.util.regex.Pattern getValidationPattern(java.lang.String typeName)
Returns the validation pattern for a particular type

Parameters:
typeName -
Returns:
the validation pattern

getLenientDatesAccepted

boolean getLenientDatesAccepted()
Determines whether ESAPI will accept "lenient" dates when attempt to parse dates. Controlled by ESAPI property Validator.AcceptLenientDates, which defaults to false if unset.

Returns:
True if lenient dates are accepted; false otherwise.
See Also:
DateFormat.setLenient(boolean)

getExecutorImplementation

java.lang.String getExecutorImplementation()
Returns the fully qualified classname of the ESAPI OS Execution implementation.

getHTTPUtilitiesImplementation

java.lang.String getHTTPUtilitiesImplementation()
Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.

getMasterKey

byte[] getMasterKey()
Gets the master key. This password is used to encrypt/decrypt other files or types of data that need to be protected by your application.

Returns:
the current master key

getUploadDirectory

java.io.File getUploadDirectory()
Retrieves the upload directory as specified in the ESAPI.properties file.

Returns:
the upload directory

getUploadTempDirectory

java.io.File getUploadTempDirectory()
Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.

Returns:
the temp directory

getEncryptionKeyLength

int getEncryptionKeyLength()
Gets the key length to use in cryptographic operations declared in the ESAPI properties file.

Returns:
the key length.

getMasterSalt

byte[] getMasterSalt()
Gets the master salt that is used to salt stored password hashes and any other location where a salt is needed.

Returns:
the current master salt

getAllowedExecutables

java.util.List<java.lang.String> getAllowedExecutables()
Gets the allowed executables to run with the Executor.

Returns:
a list of the current allowed file extensions

getAllowedFileExtensions

java.util.List<java.lang.String> getAllowedFileExtensions()
Gets the allowed file extensions for files that are uploaded to this application.

Returns:
a list of the current allowed file extensions

getAllowedFileUploadSize

int getAllowedFileUploadSize()
Gets the maximum allowed file upload size.

Returns:
the current allowed file upload size

getPasswordParameterName

java.lang.String getPasswordParameterName()
Gets the name of the password parameter used during user authentication.

Returns:
the name of the password parameter

getUsernameParameterName

java.lang.String getUsernameParameterName()
Gets the name of the username parameter used during user authentication.

Returns:
the name of the username parameter

getEncryptionAlgorithm

java.lang.String getEncryptionAlgorithm()
Gets the encryption algorithm used by ESAPI to protect data. This is mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to use "cipher transformation" since it supports multiple cipher modes and padding schemes.

Returns:
the current encryption algorithm

getCipherTransformation

java.lang.String getCipherTransformation()
Retrieve the cipher transformation. In general, the cipher transformation is a specification of cipher algorithm, cipher mode, and padding scheme and in general, is a String that takes the following form: 
                cipher_alg/cipher_mode[bits]/padding_scheme
where cipher_alg is the JCE cipher algorithm (e.g., "DESede"), cipher_mode is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.), and padding_scheme is the cipher padding scheme (e.g., "NONE" for no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where [bits] is an optional bit size that applies to certain cipher modes such as CFB and OFB. Using modes such as CFB and OFB, block ciphers can encrypt data in units smaller than the cipher's actual block size. When requesting such a mode, you may optionally specify the number of bits to be processed at a time. This generally must be an integral multiple of 8-bits so that it can specify a whole number of octets.

Examples are: 

                "AES/ECB/NoPadding"             // Default for ESAPI Java 1.4 (insecure)
                "AES/CBC/PKCS5Padding"  // Default for ESAPI Java 2.0
                "DESede/OFB32/PKCS5Padding"
NOTE: Occasionally, in cryptographic literature, you may also see the key size (in bits) specified after the cipher algorithm in the cipher transformation. Generally, this is done to account for cipher algorithms that have variable key sizes. The Blowfish cipher for example supports key sizes from 32 to 448 bits. So for Blowfish, you might see a cipher transformation something like this: 
                "Blowfish-192/CFB8/PKCS5Padding"
in the cryptographic literature. It should be noted that the Java Cryptography Extensions (JCE) do not generally support this (at least not the reference JCE implementation of "SunJCE"), and therefore it should be avoided.

Returns:
The cipher transformation.

setCipherTransformation

@Deprecated
java.lang.String setCipherTransformation(java.lang.String cipherXform)
Deprecated. To be replaced by new class in ESAPI 2.1, but here if you need it until then. Details of replacement forthcoming to ESAPI-Dev list.

Set the cipher transformation. This allows a different cipher transformation to be used without changing the ESAPI.properties file. For instance you may normally want to use AES/CBC/PKCS5Padding, but have some legacy encryption where you have ciphertext that was encrypted using 3DES.

Parameters:
cipherXform - The new cipher transformation. See getCipherTransformation() for format. If null is passed as the parameter, the cipher transformation will be set to the the default taken from the property Encryptor.CipherTransformation in the ESAPI.properties file. BEWARE: there is NO sanity checking here (other than the empty string, and then, only if Java assertions are enabled), so if you set this wrong, you will not get any errors until you later try to use it to encrypt or decrypt data.
Returns:
The previous cipher transformation is returned for convenience, with the assumption that you may wish to restore it once you have completed the encryption / decryption with the new cipher transformation.

getPreferredJCEProvider

java.lang.String getPreferredJCEProvider()
Retrieve the preferred JCE provider for ESAPI and your application. ESAPI 2.0 now allows setting the property Encryptor.PreferredJCEProvider in the ESAPI.properties file, which will cause the specified JCE provider to be automatically and dynamically loaded (assuming that SecurityManager permissions allow) as the Ii>preferred JCE provider. (Note this only happens if the JCE provider is not already loaded.) This method returns the property Encryptor.PreferredJCEProvider. By default, this Encryptor.PreferredJCEProvider property is set to an empty string, which means that the preferred JCE provider is not changed.

Returns:
The property Encryptor.PreferredJCEProvider is returned.
See Also:
org.owasp.esapi.crypto.SecurityProvider

useMACforCipherText

boolean useMACforCipherText()
Determines whether the CipherText should be used with a Message Authentication Code (MAC). Generally this makes for a more robust cryptographic scheme, but there are some minor performance implications. Controlled by the ESAPI property Encryptor.CipherText.useMAC.

For further details, see the "Advanced Usage" section of "Why Is OWASP Changing ESAPI Encryption?".

Returns:
true if a you want a MAC to be used, otherwise false.

overwritePlainText

boolean overwritePlainText()
Indicates whether the PlainText objects may be overwritten after they have been encrypted. Generally this is a good idea, especially if your VM is shared by multiple applications (e.g., multiple applications running in the same J2EE container) or if there is a possibility that your VM may leave a core dump (say because it is running non-native Java code.

Controlled by the property Encryptor.PlainText.overwrite in the ESAPI.properties file.

Returns:
True if it is OK to overwrite the PlainText objects after encrypting, false otherwise.

getIVType

java.lang.String getIVType()
Get a string indicating how to compute an Initialization Vector (IV). Currently supported modes are "random" to generate a random IV or "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the the value of this fixed IV must be specified as the property Encryptor.fixedIV and be of the appropriate length.

Returns:
A string specifying the IV type. Should be "random" or "fixed".
See Also:
getFixedIV()

getFixedIV

java.lang.String getFixedIV()
If a "fixed" (i.e., static) Initialization Vector (IV) is to be used, this will return the IV value as a hex-encoded string.

Returns:
The fixed IV as a hex-encoded string.

getCombinedCipherModes

java.util.List<java.lang.String> getCombinedCipherModes()
Return a List of strings of combined cipher modes that support both confidentiality and authenticity. These would be preferred cipher modes to use if your JCE provider supports them. If such a cipher mode is used, no explicit separate MAC is calculated as part of the CipherText object upon encryption nor is any attempt made to verify the same on decryption.

The list is taken from the comma-separated list of cipher modes specified by the ESAPI property Encryptor.cipher_modes.combined_modes.

Returns:
The parsed list of comma-separated cipher modes if the property was specified in ESAPI.properties; otherwise the empty list is returned.

getAdditionalAllowedCipherModes

java.util.List<java.lang.String> getAdditionalAllowedCipherModes()
Return List of strings of additional cipher modes that are permitted (i.e., in addition to those returned by #getPreferredCipherModes()) to be used for encryption and decryption operations.

The list is taken from the comma-separated list of cipher modes specified by the ESAPI property Encryptor.cipher_modes.additional_allowed.

Returns:
The parsed list of comma-separated cipher modes if the property was specified in ESAPI.properties; otherwise the empty list is returned.
See Also:
#getPreferredCipherModes()

getHashAlgorithm

java.lang.String getHashAlgorithm()
Gets the hashing algorithm used by ESAPI to hash data.

Returns:
the current hashing algorithm

getHashIterations

int getHashIterations()
Gets the hash iterations used by ESAPI to hash data.

Returns:
the current hashing algorithm

getKDFPseudoRandomFunction

java.lang.String getKDFPseudoRandomFunction()
Retrieve the Pseudo Random Function (PRF) used by the ESAPI Key Derivation Function (KDF).

Returns:
The KDF PRF algorithm name.

getCharacterEncoding

java.lang.String getCharacterEncoding()
Gets the character encoding scheme supported by this application. This is used to set the character encoding scheme on requests and responses when setCharacterEncoding() is called on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs and any other place where the current encoding scheme needs to be known.

Note: This does not get the configured response content type. That is accessed by calling getResponseContentType().

Returns:
the current character encoding scheme

getAllowMultipleEncoding

boolean getAllowMultipleEncoding()
Return true if multiple encoding is allowed

Returns:
whether multiple encoding is allowed when canonicalizing data

getAllowMixedEncoding

boolean getAllowMixedEncoding()
Return true if mixed encoding is allowed

Returns:
whether mixed encoding is allowed when canonicalizing data

getDefaultCanonicalizationCodecs

java.util.List<java.lang.String> getDefaultCanonicalizationCodecs()
Returns the List of Codecs to use when canonicalizing data

Returns:
the codec list

getDigitalSignatureAlgorithm

java.lang.String getDigitalSignatureAlgorithm()
Gets the digital signature algorithm used by ESAPI to generate and verify signatures.

Returns:
the current digital signature algorithm

getDigitalSignatureKeyLength

int getDigitalSignatureKeyLength()
Gets the digital signature key length used by ESAPI to generate and verify signatures.

Returns:
the current digital signature key length

getRandomAlgorithm

java.lang.String getRandomAlgorithm()
Gets the random number generation algorithm used to generate random numbers where needed.

Returns:
the current random number generation algorithm

getAllowedLoginAttempts

int getAllowedLoginAttempts()
Gets the number of login attempts allowed before the user's account is locked. If this many failures are detected within the alloted time period, the user's account will be locked.

Returns:
the number of failed login attempts that cause an account to be locked

getMaxOldPasswordHashes

int getMaxOldPasswordHashes()
Gets the maximum number of old password hashes that should be retained. These hashes can be used to ensure that the user doesn't reuse the specified number of previous passwords when they change their password.

Returns:
the number of old hashed passwords to retain

getDisableIntrusionDetection

boolean getDisableIntrusionDetection()
Allows for complete disabling of all intrusion detection mechanisms

Returns:
true if intrusion detection should be disabled

getQuota

SecurityConfiguration.Threshold getQuota(java.lang.String eventName)
Gets the intrusion detection quota for the specified event.

Parameters:
eventName - the name of the event whose quota is desired
Returns:
the Quota that has been configured for the specified type of event

getResourceFile

java.io.File getResourceFile(java.lang.String filename)
Gets a file from the resource directory

Parameters:
filename - The file name resource.
Returns:
A File object representing the specified file name or null if not found.

getForceHttpOnlySession

boolean getForceHttpOnlySession()
Forces new cookies to have HttpOnly flag set.

getForceSecureSession

boolean getForceSecureSession()
Forces session cookies to have Secure flag set.

getForceHttpOnlyCookies

boolean getForceHttpOnlyCookies()
Forces new cookies to have HttpOnly flag set.

getForceSecureCookies

boolean getForceSecureCookies()
Forces new cookies to have Secure flag set.

getMaxHttpHeaderSize

int getMaxHttpHeaderSize()
Returns the maximum allowable HTTP header size.

getResourceStream

java.io.InputStream getResourceStream(java.lang.String filename)
                                      throws java.io.IOException
Gets an InputStream to a file in the resource directory

Parameters:
filename - A file name in the resource directory.
Returns:
An InputStream to the specified file name in the resource directory.
Throws:
java.io.IOException - If the specified file name cannot be found or opened for reading.

setResourceDirectory

void setResourceDirectory(java.lang.String dir)
Sets the ESAPI resource directory.

Parameters:
dir - The location of the resource directory.

getResponseContentType

java.lang.String getResponseContentType()
Gets the content type for responses used when setSafeContentType() is called.

Note: This does not get the configured character encoding scheme. That is accessed by calling getCharacterEncoding().

Returns:
The current content-type set for responses.

getHttpSessionIdName

java.lang.String getHttpSessionIdName()
This method returns the configured name of the session identifier, likely "JSESSIONID" though this can be overridden.

Returns:
The name of the session identifier, like "JSESSIONID"

getRememberTokenDuration

long getRememberTokenDuration()
Gets the length of the time to live window for remember me tokens (in milliseconds).

Returns:
The time to live length for generated remember me tokens.

getSessionIdleTimeoutLength

int getSessionIdleTimeoutLength()
Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate function that enables a session to continue after reauthentication.

Returns:
The session idle timeout length.

getSessionAbsoluteTimeoutLength

int getSessionAbsoluteTimeoutLength()
Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session can live before it expires regardless of the amount of user activity. Applications or frameworks could provide a reauthenticate function that enables a session to continue after reauthentication.

Returns:
The session absolute timeout length.

getLogEncodingRequired

boolean getLogEncodingRequired()
Returns whether HTML entity encoding should be applied to log entries.

Returns:
True if log entries are to be HTML Entity encoded. False otherwise.

getLogApplicationName

boolean getLogApplicationName()
Returns whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.

Returns:
True if ESAPI should log the application name, False otherwise

getLogServerIP

boolean getLogServerIP()
Returns whether ESAPI should log the server IP. This might be clutter in some single-server environments.

Returns:
True if ESAPI should log the server IP and port, False otherwise

getLogLevel

int getLogLevel()
Returns the current log level.

Returns:
An integer representing the current log level.

getLogFileName

java.lang.String getLogFileName()
Get the name of the log file specified in the ESAPI configuration properties file. Return a default value if it is not specified.

Returns:
the log file name defined in the properties file.

getMaxLogFileSize

int getMaxLogFileSize()
Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value if it is not specified. Once the log hits this file size, it will roll over into a new log.

Returns:
the maximum size of a single log file (in bytes).

getWorkingDirectory

java.io.File getWorkingDirectory()
Returns the default working directory for executing native processes with Runtime.exec().

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.