org.owasp.esapi.errors
Class EnterpriseSecurityException

java.lang.Object
  java.lang.Throwable
      java.lang.Exception
          org.owasp.esapi.errors.EnterpriseSecurityException

All Implemented Interfaces:

java.io.Serializable

Direct Known Subclasses:

AccessControlException, AuthenticationException, AvailabilityException, CertificateException, EncodingException, EncryptionException, ExecutorException, IntegrityException, ValidationException

public class EnterpriseSecurityException

extends java.lang.Exception

EnterpriseSecurityException is the base class for all security related exceptions. You should pass in the root cause exception where possible. Constructors for classes extending EnterpriseSecurityException should be sure to call the appropriate super() method in order to ensure that logging and intrusion detection occur properly.

All EnterpriseSecurityExceptions have two messages, one for the user and one for the log file. This way, a message can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile, all the critical information can be included in the exception so that it gets logged.

Note that the "logMessage" for ALL EnterpriseSecurityExceptions is logged in the log file. This feature should be used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records. ALL EnterpriseSecurityExceptions are also sent to the IntrusionDetector for use in detecting anomolous patterns of application usage.

Author:

Jeff Williams (jeff.williams@aspectsecurity.com)

See Also:

Serialized Form

Constructor Summary

EnterpriseSecurityException(java.lang.String userMessage, java.lang.String logMessage)
Creates a new instance of EnterpriseSecurityException.

EnterpriseSecurityException(java.lang.String userMessage, java.lang.String logMessage, java.lang.Throwable cause)
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.

Method Summary

java.lang.String	getLogMessage()
java.lang.String	getUserMessage()

Methods inherited from class java.lang.Throwable

fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

EnterpriseSecurityException

public EnterpriseSecurityException(java.lang.String userMessage,
                                   java.lang.String logMessage)

Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by using this API, applications will generate an extensive security log. In addition, this exception is automatically registered with the IntrusionDetector, so that quotas can be checked.

EnterpriseSecurityException

public EnterpriseSecurityException(java.lang.String userMessage,
                                   java.lang.String logMessage,
                                   java.lang.Throwable cause)

Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.

Parameters:

cause - the cause

Method Detail

getUserMessage

public java.lang.String getUserMessage()

getLogMessage

public java.lang.String getLogMessage()