Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.errors |
A set of exception classes designed to model the error conditions that
frequently arise in enterprise web applications and web services.
|
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
Modifier and Type | Method and Description |
---|---|
void |
User.addRole(String role)
Adds a role to this user's account.
|
void |
User.addRoles(Set<String> newRoles)
Adds a set of roles to this user's account.
|
void |
User.changePassword(String oldPassword,
String newPassword1,
String newPassword2)
Sets the user's password, performing a verification of the user's old password, the equality of the two new
passwords, and the strength of the new password.
|
void |
Authenticator.changePassword(User user,
String currentPassword,
String newPassword,
String newPassword2)
Changes the password for the specified user.
|
javax.servlet.http.HttpSession |
HTTPUtilities.changeSessionIdentifier()
Calls changeSessionIdentifier with the *current* request.
|
javax.servlet.http.HttpSession |
HTTPUtilities.changeSessionIdentifier(javax.servlet.http.HttpServletRequest request)
Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
|
User |
Authenticator.createUser(String accountName,
String password1,
String password2)
Creates a new User with the information provided.
|
Date |
User.getLastFailedLoginTime()
Returns the date of the last failed login time for a user.
|
User |
Authenticator.login()
Calls login with the *current* request and response.
|
User |
Authenticator.login(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method should be called for every HTTP request, to login the current user either from the session of HTTP
request.
|
void |
User.loginWithPassword(String password)
Login with password.
|
void |
User.removeRole(String role)
Removes a role from this user's account.
|
void |
Authenticator.removeUser(String accountName)
Removes the account of the specified accountName.
|
String |
User.resetCSRFToken()
Returns a token to be used as a prevention against CSRF attacks.
|
void |
User.setRoles(Set<String> roles)
Sets the roles for this account.
|
void |
Authenticator.verifyAccountNameStrength(String accountName)
Ensures that the account name passes site-specific complexity requirements, like minimum length.
|
void |
Authenticator.verifyPasswordStrength(String oldPassword,
String newPassword,
User user)
Ensures that the password meets site-specific complexity requirements, like length or number
of character sets.
|
Modifier and Type | Class and Description |
---|---|
class |
AuthenticationAccountsException
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
class |
AuthenticationCredentialsException
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
class |
AuthenticationHostException
An AuthenticationHostException should be thrown when there is a problem with
the host involved with authentication, particularly if the host changes unexpectedly.
|
class |
AuthenticationLoginException
An AuthenticationException should be thrown when anything goes wrong during
login or logout.
|
Modifier and Type | Method and Description |
---|---|
void |
DefaultUser.addRole(String role)
Adds a role to this user's account.
|
void |
DefaultUser.addRoles(Set<String> newRoles)
Adds a set of roles to this user's account.
|
void |
DefaultUser.changePassword(String oldPassword,
String newPassword1,
String newPassword2)
Sets the user's password, performing a verification of the user's old password, the equality of the two new
passwords, and the strength of the new password.
|
void |
FileBasedAuthenticator.changePassword(User user,
String currentPassword,
String newPassword,
String newPassword2)
Changes the password for the specified user.
|
javax.servlet.http.HttpSession |
DefaultHTTPUtilities.changeSessionIdentifier()
Calls changeSessionIdentifier with the *current* request.
|
javax.servlet.http.HttpSession |
DefaultHTTPUtilities.changeSessionIdentifier(javax.servlet.http.HttpServletRequest request)
Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
|
User |
FileBasedAuthenticator.createUser(String accountName,
String password1,
String password2)
Creates a new User with the information provided.
|
User |
AbstractAuthenticator.login()
Calls login with the *current* request and response.
|
User |
AbstractAuthenticator.login(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method should be called for every HTTP request, to login the current user either from the session of HTTP
request.
|
void |
DefaultUser.loginWithPassword(String password)
Login with password.
|
void |
FileBasedAuthenticator.removeUser(String accountName)
Removes the account of the specified accountName.
|
void |
FileBasedAuthenticator.saveUsers()
Saves the user database to the file system.
|
void |
DefaultUser.setRoles(Set<String> roles)
Sets the roles for this account.
|
void |
FileBasedAuthenticator.verifyAccountNameStrength(String newAccountName)
Ensures that the account name passes site-specific complexity requirements, like minimum length.
|
void |
FileBasedAuthenticator.verifyPasswordStrength(String oldPassword,
String newPassword,
User user)
Ensures that the password meets site-specific complexity requirements, like length or number
of character sets.
|
Copyright © 2016 The Open Web Application Security Project (OWASP). All rights reserved.