org.owasp.esapi.errors
Class IntrusionException

java.lang.Object
  extended by java.lang.Throwable
      extended by java.lang.Exception
          extended by java.lang.RuntimeException
              extended by org.owasp.esapi.errors.IntrusionException
All Implemented Interfaces:
java.io.Serializable

public class IntrusionException
extends java.lang.RuntimeException

An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by either specially logging the event, logging out the current user, or invalidating the current user's account.

Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from anywhere and will not require a lot of special exception handling.

Author:
Jeff Williams ([email protected])
See Also:
Serialized Form

Field Summary
protected  Logger logger
          The logger.
protected  java.lang.String logMessage
           
 
Constructor Summary
IntrusionException(java.lang.String userMessage, java.lang.String logMessage)
          Creates a new instance of IntrusionException.
IntrusionException(java.lang.String userMessage, java.lang.String logMessage, java.lang.Throwable cause)
          Instantiates a new intrusion exception.
 
Method Summary
 java.lang.String getLogMessage()
          Returns a String that is safe to display in logs, but probably not to users
 java.lang.String getUserMessage()
          Returns a String containing a message that is safe to display to users
 
Methods inherited from class java.lang.Throwable
fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

logger

protected final transient Logger logger
The logger.


logMessage

protected java.lang.String logMessage
Constructor Detail

IntrusionException

public IntrusionException(java.lang.String userMessage,
                          java.lang.String logMessage)
Creates a new instance of IntrusionException.

Parameters:
userMessage - the message to display to users
logMessage - the message logged

IntrusionException

public IntrusionException(java.lang.String userMessage,
                          java.lang.String logMessage,
                          java.lang.Throwable cause)
Instantiates a new intrusion exception.

Parameters:
userMessage - the message to display to users
logMessage - the message logged
cause - the cause
Method Detail

getUserMessage

public java.lang.String getUserMessage()
Returns a String containing a message that is safe to display to users

Returns:
a String containing a message that is safe to display to users

getLogMessage

public java.lang.String getLogMessage()
Returns a String that is safe to display in logs, but probably not to users

Returns:
a String containing a message that is safe to display in logs, but probably not to users


Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.