DefaultIntrusionDetector (ESAPI 2.0 2.0

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.reference
Class DefaultIntrusionDetector

java.lang.Object
  org.owasp.esapi.reference.DefaultIntrusionDetector

All Implemented Interfaces:: IntrusionDetector

public class DefaultIntrusionDetector
extends java.lang.Object
implements IntrusionDetector
extends java.lang.Object
implements IntrusionDetector

Reference implementation of the IntrusionDetector interface. This implementation monitors EnterpriseSecurityExceptions to see if any user exceeds a configurable threshold in a configurable time period. For example, it can monitor to see if a user exceeds 10 input validation issues in a 1 minute period. Or if there are more than 3 authentication problems in a 10 second period. More complex implementations are certainly possible, such as one that establishes a baseline of expected behavior, and then detects deviations from that baseline. This implementation stores state in the user's session, so that it will be properly cleaned up when the session is terminated. State is not otherwise persisted, so attacks that span sessions will not be detectable.

Since:: June 1, 2007
Author:: Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
See Also:: IntrusionDetector

Constructor Summary
`DefaultIntrusionDetector()`

Method Summary
`void`	`addEvent(java.lang.String eventName, java.lang.String logMessage)` Adds the event to the IntrusionDetector.
`void`	`addException(java.lang.Exception e)` Adds the exception to the IntrusionDetector.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

DefaultIntrusionDetector

public DefaultIntrusionDetector()

Method Detail

addException

public void addException(java.lang.Exception e)

Adds the exception to the IntrusionDetector. This method should immediately log the exception so that developers throwing an IntrusionException do not have to remember to log every error. The implementation should store the exception somewhere for the current user in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing the current user's security exceptions. If the User has reached any security thresholds, the appropriate security action can be taken and logged.

Specified by:: addException in interface IntrusionDetector

Parameters:: e -

addEvent

public void addEvent(java.lang.String eventName,
                     java.lang.String logMessage)
              throws IntrusionException

Adds the event to the IntrusionDetector. This method should immediately log the event. The implementation should store the event somewhere for the current user in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing the current user's security event. If the User has reached any security thresholds, the appropriate security action can be taken and logged.

Specified by:: addEvent in interface IntrusionDetector

Parameters:: eventName - the event to add; logMessage - the message to log with the event
Throws:: IntrusionException - the intrusion exception