public final class PropNames extends Object
ESAPI.properties
as
well as some of the default property values for some of those properties. This class is not intended
to be extended or instantiated. Technically, an interface would have worked here, but we
also wanted to be able to prevent 'implements PropNames', which really does not make much
sense since no specific behavior is promised here. Another alternative would have
been to place all of these in the org.owasp.esapi.SecurityConfiguration
interface,
but that interface is already overly bloated. Hence this was decided as a compromise.
Note that the constants herein were originally all defined within
org.owasp.esapi.reference.DefaultSecurityConfiguration
, but those
values are now marked deprecated and they are candidates for removal 2 years
from the date of this release.
Mostly this is intended to prevent having to hard-code property names all
over the place in implementation-level classes (e.g.,
org.owasp.esapi.reference.DefaultSecurityConfiguration
).
It is suggested that this file be used as a 'static import';
e.g.,
import static org.owasp.esapi.PropNames.*; // Import all properties, en masse or import static org.owasp.esapi.PropNames.SomeSpecificPropName; // Import specific property nameThis can be extremely useful when used with methods such as
SecurityConfiguration.getIntProp(String propName)
,
SecurityConfiguration.getBooleanProp(String propName)
,
SecurityConfiguration.getStringProp(String propName)
, etc.DefaultSecurityConfiguration
Modifier and Type | Class and Description |
---|---|
static class |
PropNames.DefaultSearchPath
Enum used with the search paths used to locate an
ESAPI.properties and/or a validation.properties
file. |
public static final String REMEMBER_TOKEN_DURATION
public static final String IDLE_TIMEOUT_DURATION
public static final String ABSOLUTE_TIMEOUT_DURATION
public static final String ALLOWED_LOGIN_ATTEMPTS
public static final String USERNAME_PARAMETER_NAME
public static final String PASSWORD_PARAMETER_NAME
public static final String MAX_OLD_PASSWORD_HASHES
public static final String ALLOW_MULTIPLE_ENCODING
public static final String ALLOW_MIXED_ENCODING
public static final String CANONICALIZATION_CODECS
public static final String DISABLE_INTRUSION_DETECTION
public static final String MASTER_KEY
public static final String MASTER_SALT
public static final String KEY_LENGTH
public static final String ENCRYPTION_ALGORITHM
public static final String HASH_ALGORITHM
public static final String HASH_ITERATIONS
public static final String CHARACTER_ENCODING
public static final String RANDOM_ALGORITHM
public static final String DIGITAL_SIGNATURE_ALGORITHM
public static final String DIGITAL_SIGNATURE_KEY_LENGTH
public static final String PREFERRED_JCE_PROVIDER
public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION
public static final String CIPHERTEXT_USE_MAC
public static final String PLAINTEXT_OVERWRITE
public static final String IV_TYPE
public static final String COMBINED_CIPHER_MODES
public static final String ADDITIONAL_ALLOWED_CIPHER_MODES
public static final String KDF_PRF_ALG
public static final String PRINT_PROPERTIES_WHEN_LOADED
public static final String WORKING_DIRECTORY
public static final String APPROVED_EXECUTABLES
public static final String FORCE_HTTPONLYSESSION
public static final String FORCE_SECURESESSION
public static final String FORCE_HTTPONLYCOOKIES
public static final String FORCE_SECURECOOKIES
public static final String MAX_HTTP_HEADER_SIZE
public static final String UPLOAD_DIRECTORY
public static final String UPLOAD_TEMP_DIRECTORY
public static final String APPROVED_UPLOAD_EXTENSIONS
public static final String MAX_UPLOAD_FILE_BYTES
public static final String RESPONSE_CONTENT_TYPE
public static final String HTTP_SESSION_ID_NAME
public static final String APPLICATION_NAME
public static final String LOG_USER_INFO
public static final String LOG_CLIENT_INFO
public static final String LOG_ENCODING_REQUIRED
public static final String LOG_APPLICATION_NAME
public static final String LOG_SERVER_IP
public static final String VALIDATION_PROPERTIES
public static final String VALIDATION_PROPERTIES_MULTIVALUED
public static final String ACCEPT_LENIENT_DATES
public static final String VALIDATOR_HTML_VALIDATION_ACTION
public static final String VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE
public static final String DISCARD_LOGSPECIAL
java.lang.System
property that, if set to true
, will
disable logging from DefaultSecurityConfiguration.logToStdout()
methods, which is called from various logSpecial()
methods.public static final String LOG_IMPLEMENTATION
public static final String AUTHENTICATION_IMPLEMENTATION
public static final String ENCODER_IMPLEMENTATION
public static final String ACCESS_CONTROL_IMPLEMENTATION
public static final String ENCRYPTION_IMPLEMENTATION
public static final String INTRUSION_DETECTION_IMPLEMENTATION
public static final String RANDOMIZER_IMPLEMENTATION
public static final String EXECUTOR_IMPLEMENTATION
public static final String VALIDATOR_IMPLEMENTATION
public static final String HTTP_UTILITIES_IMPLEMENTATION
public static final String DEFAULT_LOG_IMPLEMENTATION
public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION
public static final String DEFAULT_ENCODER_IMPLEMENTATION
public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION
public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION
public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION
public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION
public static final String DEFAULT_EXECUTOR_IMPLEMENTATION
public static final String DEFAULT_HTTP_UTILITIES_IMPLEMENTATION
public static final String DEFAULT_VALIDATOR_IMPLEMENTATION
public static final String DEFAULT_RESOURCE_FILE
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.