FilesExpand file tree

 trunk

/

ESAPI.java

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

313 lines (269 loc) · 9.66 KB

 trunk

/

ESAPI.java

Top

File metadata and controls

• Code
• Blame

313 lines (269 loc) · 9.66 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

/**

* OWASP Enterprise Security API (ESAPI)

*

* This file is part of the Open Web Application Security Project (OWASP)

* Enterprise Security API (ESAPI) project. For details, please see

* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.

*

* Copyright (c) 2008 - The OWASP Foundation

*

* The ESAPI is published by OWASP under the BSD license. You should read and accept the

* LICENSE before you use, modify, and/or redistribute this software.

*

* @author Rogan Dawes <a href="http://www.aspectsecurity.com">Aspect Security</a>

* @created 2008

*/

package org.owasp.esapi;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.owasp.esapi.reference.DefaultEncoder;

import org.owasp.esapi.reference.DefaultExecutor;

import org.owasp.esapi.reference.DefaultHTTPUtilities;

import org.owasp.esapi.reference.DefaultIntrusionDetector;

import org.owasp.esapi.reference.DefaultRandomizer;

import org.owasp.esapi.reference.DefaultSecurityConfiguration;

import org.owasp.esapi.reference.DefaultValidator;

import org.owasp.esapi.reference.FileBasedAccessController;

import org.owasp.esapi.reference.FileBasedAuthenticator;

import org.owasp.esapi.reference.JavaEncryptor;

import org.owasp.esapi.reference.JavaLogFactory;

/**

* ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.

* Use the set methods to override the reference implementations with instances of any custom ESAPI implementations.

*/

public class ESAPI {

private static AccessController accessController = null;

private static Authenticator authenticator = null;

private static Encoder encoder = null;

private static Encryptor encryptor = null;

private static Executor executor = null;

private static HTTPUtilities httpUtilities = null;

private static IntrusionDetector intrusionDetector = null;

private static LogFactory logFactory = null;

private static Logger defaultLogger = null;

private static Randomizer randomizer = null;

private static SecurityConfiguration securityConfiguration = new DefaultSecurityConfiguration();

private static Validator validator = null;

/**

* prevent instantiation of this class

*/

private ESAPI() {

}

/**

* Get the current HTTP Servlet Request being processed.

* @return the current HTTP Servlet Request.

*/

public static HttpServletRequest currentRequest() {

return httpUtilities().getCurrentRequest();

}

/**

* Get the current HTTP Servlet Response being generated.

* @return the current HTTP Servlet Response.

*/

public static HttpServletResponse currentResponse() {

return httpUtilities().getCurrentResponse();

}

/**

* @return the current ESAPI AccessController object being used to maintain the access control rules for this application.

*/

public static AccessController accessController() {

if (ESAPI.accessController == null)

ESAPI.accessController = new FileBasedAccessController();

return ESAPI.accessController;

}

/**

* Change the current ESAPI AccessController to the AccessController provided.

* @param accessController

* the AccessController to set to be the current ESAPI AccessController.

*/

public static void setAccessController(AccessController accessController) {

ESAPI.accessController = accessController;

}

/**

* @return the current ESAPI Authenticator object being used to authenticate users for this application.

*/

public static Authenticator authenticator() {

if (ESAPI.authenticator == null)

ESAPI.authenticator = new FileBasedAuthenticator();

return ESAPI.authenticator;

}

/**

* Change the current ESAPI Authenticator to the Authenticator provided.

* @param authenticator

* the Authenticator to set to be the current ESAPI Authenticator.

*/

public static void setAuthenticator(Authenticator authenticator) {

ESAPI.authenticator = authenticator;

}

/**

* @return the current ESAPI Encoder object being used to encode and decode data for this application.

*/

public static Encoder encoder() {

if (ESAPI.encoder == null)

ESAPI.encoder = new DefaultEncoder();

return ESAPI.encoder;

}

/**

* Change the current ESAPI Encoder to the Encoder provided.

* @param encoder

* the Encoder to set to be the current ESAPI Encoder.

*/

public static void setEncoder(Encoder encoder) {

ESAPI.encoder = encoder;

}

/**

* @return the current ESAPI Encryptor object being used to encrypt and decrypt data for this application.

*/

public static Encryptor encryptor() {

if (ESAPI.encryptor == null)

ESAPI.encryptor = new JavaEncryptor();

return ESAPI.encryptor;

}

/**

* Change the current ESAPI Encryptor to the Encryptor provided.

* @param encryptor

* the Encryptor to set to be the current ESAPI Encryptor.

*/

public static void setEncryptor(Encryptor encryptor) {

ESAPI.encryptor = encryptor;

}

/**

* @return the current ESAPI Executor object being used to safely execute OS commands for this application.

*/

public static Executor executor() {

if (ESAPI.executor == null)

ESAPI.executor = new DefaultExecutor();

return ESAPI.executor;

}

/**

* Change the current ESAPI Executor to the Executor provided.

* @param executor

* the Executor to set to be the current ESAPI Executor.

*/

public static void setExecutor(Executor executor) {

ESAPI.executor = executor;

}

/**

* @return the current ESAPI HTTPUtilities object being used to safely access HTTP requests and responses

* for this application.

*/

public static HTTPUtilities httpUtilities() {

if (ESAPI.httpUtilities == null)

ESAPI.httpUtilities = new DefaultHTTPUtilities();

return ESAPI.httpUtilities;

}

/**

* Change the current ESAPI HTTPUtilities object to the HTTPUtilities object provided.

* @param httpUtilities

* the HTTPUtilities object to set to be the current ESAPI HTTPUtilities object.

*/

public static void setHttpUtilities(HTTPUtilities httpUtilities) {

ESAPI.httpUtilities = httpUtilities;

}

/**

* @return the current ESAPI IntrusionDetector being used to monitor for intrusions in this application.

*/

public static IntrusionDetector intrusionDetector() {

if (ESAPI.intrusionDetector == null)

ESAPI.intrusionDetector = new DefaultIntrusionDetector();

return ESAPI.intrusionDetector;

}

/**

* Change the current ESAPI IntrusionDetector to the IntrusionDetector provided.

* @param intrusionDetector

* the IntrusionDetector to set to be the current ESAPI IntrusionDetector.

*/

public static void setIntrusionDetector(IntrusionDetector intrusionDetector) {

ESAPI.intrusionDetector = intrusionDetector;

}

/**

* Get the current LogFactory being used by ESAPI. If there isn't one yet, it will create one, and then

* return this same LogFactory from then on.

* @return The current LogFactory being used by ESAPI.

*/

private static LogFactory logFactory() {

if (logFactory == null)

logFactory = new JavaLogFactory(securityConfiguration().getApplicationName());

return logFactory;

}

/**

* @param clazz The class to associate the logger with.

* @return The current Logger associated with the specified class.

*/

public static Logger getLogger(Class clazz) {

return logFactory().getLogger(clazz);

}

/**

* @param moduleName The module to associate the logger with.

* @return The current Logger associated with the specified module.

*/

public static Logger getLogger(String moduleName) {

return logFactory().getLogger(moduleName);

}

/**

* @return The default Logger.

*/

public static Logger log() {

if (defaultLogger == null)

defaultLogger = logFactory().getLogger("DefaultLogger");

return defaultLogger;

}

/**

* Change the current ESAPI LogFactory to the LogFactory provided.

* @param factory

* the LogFactory to set to be the current ESAPI LogFactory.

*/

public static void setLogFactory(LogFactory factory) {

ESAPI.logFactory = factory;

}

/**

* @return the current ESAPI Randomizer being used to generate random numbers in this application.

*/

public static Randomizer randomizer() {

if (ESAPI.randomizer == null)

ESAPI.randomizer = new DefaultRandomizer();

return ESAPI.randomizer;

}

/**

* Change the current ESAPI Randomizer to the Randomizer provided.

* @param randomizer

* the Randomizer to set to be the current ESAPI Randomizer.

*/

public static void setRandomizer(Randomizer randomizer) {

ESAPI.randomizer = randomizer;

}

/**

* @return the current ESAPI SecurityConfiguration being used to manage the security configuration for

* ESAPI for this application.

*/

public static SecurityConfiguration securityConfiguration() {

if (ESAPI.securityConfiguration == null)

ESAPI.securityConfiguration = new DefaultSecurityConfiguration();

return ESAPI.securityConfiguration;

}

/**

* Change the current ESAPI SecurityConfiguration to the SecurityConfiguration provided.

* @param securityConfiguration

* the SecurityConfiguration to set to be the current ESAPI SecurityConfiguration.

*/

public static void setSecurityConfiguration(

SecurityConfiguration securityConfiguration) {

ESAPI.securityConfiguration = securityConfiguration;

}

/**

* @return the current ESAPI Validator being used to validate data in this application.

*/

public static Validator validator() {

if (ESAPI.validator == null)

ESAPI.validator = new DefaultValidator();

return ESAPI.validator;

}

/**

* Change the current ESAPI Validator to the Validator provided.

* @param validator

* the Validator to set to be the current ESAPI Validator.

*/

public static void setValidator(Validator validator) {

ESAPI.validator = validator;

}

}