|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object java.lang.Throwable java.lang.Exception java.lang.RuntimeException org.owasp.esapi.errors.EnterpriseSecurityRuntimeException
public class EnterpriseSecurityRuntimeException
EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions. You should pass in the root cause exception wherever possible. Constructors for classes extending this class should be sure to call the appropriate super() method in order to ensure that logging and intrusion detection occur properly.
All EnterpriseSecurityRuntimeExceptions have two messages, one for the user and one for the log file. This way, a message can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile, all the critical information can be included in the exception so that it gets logged.
Note that the "logMessage" for ALL EnterpriseSecurityRuntimeExceptions is logged in the log file. This feature should be used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records. ALL EnterpriseSecurityRuntimeExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of application usage.
Field Summary | |
---|---|
protected Logger |
logger
The logger. |
protected java.lang.String |
logMessage
|
protected static long |
serialVersionUID
|
Constructor Summary | |
---|---|
protected |
EnterpriseSecurityRuntimeException()
Instantiates a new security exception. |
|
EnterpriseSecurityRuntimeException(java.lang.String userMessage,
java.lang.String logMessage)
Creates a new instance of EnterpriseSecurityException. |
|
EnterpriseSecurityRuntimeException(java.lang.String userMessage,
java.lang.String logMessage,
java.lang.Throwable cause)
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable. |
Method Summary | |
---|---|
java.lang.String |
getLogMessage()
Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users. |
java.lang.String |
getUserMessage()
Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user. |
Methods inherited from class java.lang.Throwable |
---|
fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static final long serialVersionUID
protected final Logger logger
protected java.lang.String logMessage
Constructor Detail |
---|
protected EnterpriseSecurityRuntimeException()
public EnterpriseSecurityRuntimeException(java.lang.String userMessage, java.lang.String logMessage)
userMessage
- the message displayed to the userlogMessage
- the message loggedpublic EnterpriseSecurityRuntimeException(java.lang.String userMessage, java.lang.String logMessage, java.lang.Throwable cause)
userMessage
- the message displayed to the userlogMessage
- the message loggedcause
- the causeMethod Detail |
---|
public java.lang.String getUserMessage()
public java.lang.String getLogMessage()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |