|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
| Packages that use AccessControlException | |
|---|---|
| org.owasp.esapi | The ESAPI interfaces and Exception classes model the most
important security functions to enterprise web applications. |
| org.owasp.esapi.reference | This package contains reference implementations of the ESAPI interfaces. |
| org.owasp.esapi.reference.accesscontrol | |
| org.owasp.esapi.reference.accesscontrol.policyloader | |
| Uses of AccessControlException in org.owasp.esapi |
|---|
| Methods in org.owasp.esapi that throw AccessControlException | ||
|---|---|---|
void |
AccessController.assertAuthorized(java.lang.Object key,
java.lang.Object runtimeParameter)
assertAuthorized executes the AccessControlRule
that is identified by key and listed in the
resources/ESAPI-AccessControlPolicy.xml file. |
|
void |
AccessController.assertAuthorizedForData(java.lang.String action,
java.lang.Object data)
Checks if the current user is authorized to access the referenced data. |
|
void |
AccessController.assertAuthorizedForFile(java.lang.String filepath)
Checks if the current user is authorized to access the referenced file. |
|
void |
AccessController.assertAuthorizedForFunction(java.lang.String functionName)
Checks if the current user is authorized to access the referenced function. |
|
void |
AccessController.assertAuthorizedForService(java.lang.String serviceName)
Checks if the current user is authorized to access the referenced service. |
|
void |
AccessController.assertAuthorizedForURL(java.lang.String url)
Checks if the current user is authorized to access the referenced URL. |
|
void |
HTTPUtilities.assertSecureChannel()
Calls assertSecureChannel with the *current* request. |
|
void |
HTTPUtilities.assertSecureChannel(javax.servlet.http.HttpServletRequest request)
Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response. |
|
void |
HTTPUtilities.assertSecureRequest()
Calls assertSecureRequest with the *current* request. |
|
void |
HTTPUtilities.assertSecureRequest(javax.servlet.http.HttpServletRequest request)
Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc... |
|
|
AccessReferenceMap.getDirectReference(K indirectReference)
Get the original direct object reference from an indirect reference. |
|
|
AccessReferenceMap.removeDirectReference(T direct)
Removes a direct reference and its associated indirect reference from the AccessReferenceMap. |
|
void |
HTTPUtilities.sendForward(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String location)
This method performs a forward to any resource located inside the WEB-INF directory. |
|
void |
HTTPUtilities.sendForward(java.lang.String location)
Calls sendForward with the *current* request and response. |
|
void |
HTTPUtilities.sendRedirect(javax.servlet.http.HttpServletResponse response,
java.lang.String location)
This method performs a forward to any resource located inside the WEB-INF directory. |
|
void |
HTTPUtilities.sendRedirect(java.lang.String location)
Calls sendRedirect with the *current* response. |
|
| Uses of AccessControlException in org.owasp.esapi.reference |
|---|
| Methods in org.owasp.esapi.reference that throw AccessControlException | ||
|---|---|---|
void |
DefaultAccessController.assertAuthorized(java.lang.Object key,
java.lang.Object runtimeParameter)
assertAuthorized executes the AccessControlRule
that is identified by key and listed in the
resources/ESAPI-AccessControlPolicy.xml file. |
|
void |
DefaultAccessController.assertAuthorizedForData(java.lang.String action,
java.lang.Object data)
Checks if the current user is authorized to access the referenced data. |
|
void |
DefaultAccessController.assertAuthorizedForFile(java.lang.String filepath)
Deprecated. |
|
void |
DefaultAccessController.assertAuthorizedForFunction(java.lang.String functionName)
Checks if the current user is authorized to access the referenced function. |
|
void |
DefaultAccessController.assertAuthorizedForService(java.lang.String serviceName)
Checks if the current user is authorized to access the referenced service. |
|
void |
DefaultAccessController.assertAuthorizedForURL(java.lang.String url)
Checks if the current user is authorized to access the referenced URL. |
|
void |
DefaultHTTPUtilities.assertSecureChannel()
Calls assertSecureChannel with the *current* request. |
|
void |
DefaultHTTPUtilities.assertSecureChannel(javax.servlet.http.HttpServletRequest request)
Ensures the use of SSL to protect any sensitive parameters in the request and any sensitive data in the response. |
|
void |
DefaultHTTPUtilities.assertSecureRequest()
Calls assertSecureRequest with the *current* request. |
|
void |
DefaultHTTPUtilities.assertSecureRequest(javax.servlet.http.HttpServletRequest request)
Ensures that the request uses both SSL and POST to protect any sensitive parameters in the querystring from being sniffed, logged, bookmarked, included in referer header, etc... |
|
|
AbstractAccessReferenceMap.getDirectReference(K indirectReference)
Get the original direct object reference from an indirect reference. |
|
static AccessController |
DefaultAccessController.getInstance()
|
|
|
AbstractAccessReferenceMap.removeDirectReference(T direct)
Removes a direct reference and its associated indirect reference from the AccessReferenceMap. |
|
void |
DefaultHTTPUtilities.sendForward(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
java.lang.String location)
This method performs a forward to any resource located inside the WEB-INF directory. |
|
void |
DefaultHTTPUtilities.sendForward(java.lang.String location)
Calls sendForward with the *current* request and response. |
|
void |
DefaultHTTPUtilities.sendRedirect(javax.servlet.http.HttpServletResponse response,
java.lang.String location)
This method performs a forward to any resource located inside the WEB-INF directory. |
|
void |
DefaultHTTPUtilities.sendRedirect(java.lang.String location)
Calls sendRedirect with the *current* response. |
|
| Uses of AccessControlException in org.owasp.esapi.reference.accesscontrol |
|---|
| Methods in org.owasp.esapi.reference.accesscontrol that throw AccessControlException | |
|---|---|
void |
ExperimentalAccessController.assertAuthorized(java.lang.Object key,
java.lang.Object runtimeParameter)
|
void |
ExperimentalAccessController.assertAuthorizedForData(java.lang.String action,
java.lang.Object data)
Deprecated. |
void |
ExperimentalAccessController.assertAuthorizedForFile(java.lang.String filepath)
Deprecated. |
void |
ExperimentalAccessController.assertAuthorizedForFunction(java.lang.String functionName)
Deprecated. |
void |
ExperimentalAccessController.assertAuthorizedForService(java.lang.String serviceName)
Deprecated. |
void |
ExperimentalAccessController.assertAuthorizedForURL(java.lang.String url)
Deprecated. |
boolean |
FileBasedACRs.isAuthorizedForData(java.lang.String action,
java.lang.Object data)
TODO Javadoc |
boolean |
FileBasedACRs.isAuthorizedForFile(java.lang.String filepath)
TODO Javadoc |
boolean |
FileBasedACRs.isAuthorizedForFunction(java.lang.String functionName)
TODO Javadoc |
boolean |
FileBasedACRs.isAuthorizedForService(java.lang.String serviceName)
TODO Javadoc |
| Constructors in org.owasp.esapi.reference.accesscontrol that throw AccessControlException | |
|---|---|
ExperimentalAccessController()
|
|
| Uses of AccessControlException in org.owasp.esapi.reference.accesscontrol.policyloader |
|---|
| Methods in org.owasp.esapi.reference.accesscontrol.policyloader that throw AccessControlException | |
|---|---|
void |
PolicyDTO.addAccessControlRule(java.lang.String key,
java.lang.String accessControlRuleClassName,
java.lang.Object policyParameter)
|
PolicyDTO |
ACRPolicyFileLoader.load()
|
|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||