public class EnterpriseSecurityException extends Exception
All EnterpriseSecurityExceptions have two messages, one for the user and one for the log file. This way, a message can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile, all the critical information can be included in the exception so that it gets logged.
Note that the "logMessage" for ALL EnterpriseSecurityExceptions is logged in the log file. This feature should be used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records. ALL EnterpriseSecurityExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of application usage.
Modifier and Type | Field and Description |
---|---|
protected Logger |
logger
The logger.
|
protected String |
logMessage |
protected static long |
serialVersionUID |
Modifier | Constructor and Description |
---|---|
protected |
EnterpriseSecurityException()
Instantiates a new enterprise security exception.
|
protected |
EnterpriseSecurityException(String userMessage)
Instantiates a new enterprise security exception with a user message.
|
|
EnterpriseSecurityException(String userMessage,
String logMessage)
Creates a new instance of EnterpriseSecurityException.
|
|
EnterpriseSecurityException(String userMessage,
String logMessage,
Throwable cause)
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
|
protected |
EnterpriseSecurityException(String userMessage,
Throwable cause)
Instantiates a new enterprise security exception with a user message
and cause.
|
Modifier and Type | Method and Description |
---|---|
String |
getLogMessage()
Returns a message that is safe to display in logs, but may contain
sensitive information and therefore probably should not be displayed to
users.
|
String |
getUserMessage()
Returns message meant for display to users
Note that if you are unsure of what set this message, it would probably
be a good idea to encode this message before displaying it to the end user.
|
addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
protected static final long serialVersionUID
protected final transient Logger logger
protected String logMessage
protected EnterpriseSecurityException()
protected EnterpriseSecurityException(String userMessage)
userMessage
- Message displayed to user.protected EnterpriseSecurityException(String userMessage, Throwable cause)
userMessage
- Message displayed to user.cause
- The cause (which is saved for later retrieval by the
getCause() method). (A null value is permitted, and indicates that the
cause is nonexistent or unknown.)public EnterpriseSecurityException(String userMessage, String logMessage)
userMessage
- the message displayed to the userlogMessage
- the message loggedpublic EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause)
userMessage
- the message displayed to the userlogMessage
- the message loggedcause
- the causepublic String getUserMessage()
public String getLogMessage()
Copyright © 2023 The Open Web Application Security Project (OWASP). All rights reserved.