Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.reference
Class DefaultSecurityConfiguration

java.lang.Object
  extended byorg.owasp.esapi.reference.DefaultSecurityConfiguration
All Implemented Interfaces:
SecurityConfiguration
public class DefaultSecurityConfiguration
extends java.lang.Object
implements SecurityConfiguration

The SecurityConfiguration manages all the settings used by the ESAPI in a single place. Initializing the Configuration is critically important to getting the ESAPI working properly. You must set a system property before invoking any part of the ESAPI. Here is how to do it: 

 
 java -Dorg.owasp.esapi.resources="C:\temp\resources"
You may have to add this to the batch script that starts your web server. For example, in the "catalina" script that starts Tomcat, you can set the JAVA_OPTS variable to the -D string above. Once the Configuration is initialized with a resource directory, you can edit it to set things like master keys and passwords, logging locations, error thresholds, and allowed file extensions.

Author:
jwilliams

Nested Class Summary
 
Nested classes inherited from class org.owasp.esapi.SecurityConfiguration
SecurityConfiguration.Threshold
 
Field Summary
static java.lang.String RESOURCE_DIRECTORY
           
 
Constructor Summary
DefaultSecurityConfiguration()
          Instantiates a new configuration.
 
Method Summary
 java.util.List getAllowedFileExtensions()
          Gets the allowed file extensions.
 int getAllowedFileUploadSize()
          Gets the allowed file upload size.
 int getAllowedLoginAttempts()
          Gets the allowed login attempts.
 java.lang.String getApplicationName()
          Gets the application name, used for logging
 java.lang.String getCharacterEncoding()
          Gets the character encoding.
 java.lang.String getDigitalSignatureAlgorithm()
          Gets the digital signature algorithm.
 java.lang.String getEncryptionAlgorithm()
          Gets the encryption algorithm.
 java.lang.String getHashAlgorithm()
          Gets the hasing algorithm.
 java.io.File getKeystore()
          Gets the keystore.
 boolean getLogEncodingRequired()
           
 java.util.logging.Level getLogLevel()
           
 char[] getMasterPassword()
          Gets the master password.
 byte[] getMasterSalt()
          Gets the master salt.
 int getMaxOldPasswordHashes()
          Gets the max old password hashes.
 java.lang.String getPasswordParameterName()
          Gets the password parameter name.
 SecurityConfiguration.Threshold getQuota(java.lang.String eventName)
          Gets an intrusion detection Quota.
 java.lang.String getRandomAlgorithm()
          Gets the random number generation algorithm.
 long getRememberTokenDuration()
           
 java.lang.String getResourceDirectory()
          Gets the resource directory.
 java.lang.String getResponseContentType()
           
 java.lang.String getUsernameParameterName()
          Gets the username parameter name.
 java.util.regex.Pattern getValidationPattern(java.lang.String key)
           
 java.util.Iterator getValidationPatternNames()
           
 void setResourceDirectory(java.lang.String dir)
          Sets the ESAPI resource directory.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

RESOURCE_DIRECTORY

public static final java.lang.String RESOURCE_DIRECTORY
See Also:
Constant Field Values
Constructor Detail

DefaultSecurityConfiguration

public DefaultSecurityConfiguration()
Instantiates a new configuration.

Method Detail

getApplicationName

public java.lang.String getApplicationName()
Description copied from interface: SecurityConfiguration
Gets the application name, used for logging

Specified by:
getApplicationName in interface SecurityConfiguration
Returns:
the application name

getMasterPassword

public char[] getMasterPassword()
Gets the master password.

Specified by:
getMasterPassword in interface SecurityConfiguration
Returns:
the master password

getKeystore

public java.io.File getKeystore()
Gets the keystore.

Specified by:
getKeystore in interface SecurityConfiguration
Returns:
the keystore

getResourceDirectory

public java.lang.String getResourceDirectory()
Gets the resource directory.

Specified by:
getResourceDirectory in interface SecurityConfiguration
Returns:
the resource directory

setResourceDirectory

public void setResourceDirectory(java.lang.String dir)
Description copied from interface: SecurityConfiguration
Sets the ESAPI resource directory.

Specified by:
setResourceDirectory in interface SecurityConfiguration

getMasterSalt

public byte[] getMasterSalt()
Gets the master salt.

Specified by:
getMasterSalt in interface SecurityConfiguration
Returns:
the master salt

getAllowedFileExtensions

public java.util.List getAllowedFileExtensions()
Gets the allowed file extensions.

Specified by:
getAllowedFileExtensions in interface SecurityConfiguration
Returns:
the allowed file extensions

getAllowedFileUploadSize

public int getAllowedFileUploadSize()
Gets the allowed file upload size.

Specified by:
getAllowedFileUploadSize in interface SecurityConfiguration
Returns:
the allowed file upload size

getPasswordParameterName

public java.lang.String getPasswordParameterName()
Gets the password parameter name.

Specified by:
getPasswordParameterName in interface SecurityConfiguration
Returns:
the password parameter name

getUsernameParameterName

public java.lang.String getUsernameParameterName()
Gets the username parameter name.

Specified by:
getUsernameParameterName in interface SecurityConfiguration
Returns:
the username parameter name

getEncryptionAlgorithm

public java.lang.String getEncryptionAlgorithm()
Gets the encryption algorithm.

Specified by:
getEncryptionAlgorithm in interface SecurityConfiguration
Returns:
the algorithm

getHashAlgorithm

public java.lang.String getHashAlgorithm()
Gets the hasing algorithm.

Specified by:
getHashAlgorithm in interface SecurityConfiguration
Returns:
the algorithm

getCharacterEncoding

public java.lang.String getCharacterEncoding()
Gets the character encoding.

Specified by:
getCharacterEncoding in interface SecurityConfiguration
Returns:
encoding name

getDigitalSignatureAlgorithm

public java.lang.String getDigitalSignatureAlgorithm()
Gets the digital signature algorithm.

Specified by:
getDigitalSignatureAlgorithm in interface SecurityConfiguration
Returns:
encoding name

getRandomAlgorithm

public java.lang.String getRandomAlgorithm()
Gets the random number generation algorithm.

Specified by:
getRandomAlgorithm in interface SecurityConfiguration
Returns:
encoding name

getAllowedLoginAttempts

public int getAllowedLoginAttempts()
Gets the allowed login attempts.

Specified by:
getAllowedLoginAttempts in interface SecurityConfiguration
Returns:
the allowed login attempts

getMaxOldPasswordHashes

public int getMaxOldPasswordHashes()
Gets the max old password hashes.

Specified by:
getMaxOldPasswordHashes in interface SecurityConfiguration
Returns:
the max old password hashes

getQuota

public SecurityConfiguration.Threshold getQuota(java.lang.String eventName)
Description copied from interface: SecurityConfiguration
Gets an intrusion detection Quota.

Specified by:
getQuota in interface SecurityConfiguration
Parameters:
eventName -
Returns:
the matching Quota

getLogLevel

public java.util.logging.Level getLogLevel()

getResponseContentType

public java.lang.String getResponseContentType()

getRememberTokenDuration

public long getRememberTokenDuration()

getValidationPatternNames

public java.util.Iterator getValidationPatternNames()

getValidationPattern

public java.util.regex.Pattern getValidationPattern(java.lang.String key)

getLogEncodingRequired

public boolean getLogEncodingRequired()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD