org.owasp.esapi.reference
Class DefaultIntrusionDetector
java.lang.Object
org.owasp.esapi.reference.DefaultIntrusionDetector
- All Implemented Interfaces:
- IntrusionDetector
public class DefaultIntrusionDetector
- extends java.lang.Object
- implements IntrusionDetector
Reference implementation of the IntrusionDetector interface. This
implementation monitors EnterpriseSecurityExceptions to see if any user
exceeds a configurable threshold in a configurable time period. For example,
it can monitor to see if a user exceeds 10 input validation issues in a 1
minute period. Or if there are more than 3 authentication problems in a 10
second period. More complex implementations are certainly possible, such as
one that establishes a baseline of expected behavior, and then detects
deviations from that baseline. This implementation stores state in the
user's session, so that it will be properly cleaned up when the session is
terminated. State is not otherwise persisted, so attacks that span sessions
will not be detectable.
- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
IntrusionDetector
Method Summary |
void |
addEvent(java.lang.String eventName,
java.lang.String logMessage)
Adds the event to the IntrusionDetector. |
void |
addException(java.lang.Exception e)
Adds the exception to the IntrusionDetector. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DefaultIntrusionDetector
public DefaultIntrusionDetector()
addException
public void addException(java.lang.Exception e)
- Adds the exception to the IntrusionDetector. This method should immediately log the exception so that developers throwing an
IntrusionException do not have to remember to log every error. The implementation should store the exception somewhere for the current user
in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing
the current user's security exceptions. If the User has reached any security thresholds, the appropriate security action can be taken and logged.
- Specified by:
addException
in interface IntrusionDetector
- Parameters:
e
-
addEvent
public void addEvent(java.lang.String eventName,
java.lang.String logMessage)
throws IntrusionException
- Adds the event to the IntrusionDetector. This method should immediately log the event. The implementation should store the event somewhere for the current user
in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing
the current user's security event. If the User has reached any security thresholds, the appropriate security action can be taken and logged.
- Specified by:
addEvent
in interface IntrusionDetector
- Parameters:
eventName
- the event to addlogMessage
- the message to log with the event
- Throws:
IntrusionException
- the intrusion exception
Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.