Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
Modifier and Type | Field and Description |
---|---|
static User |
User.ANONYMOUS
The ANONYMOUS user is used to represent an unidentified user.
|
Modifier and Type | Method and Description |
---|---|
User |
Authenticator.createUser(String accountName,
String password1,
String password2)
Creates a new User with the information provided.
|
User |
Authenticator.getCurrentUser()
Returns the currently logged in User.
|
User |
Authenticator.getUser(long accountId)
Returns the User matching the provided accountId.
|
User |
Authenticator.getUser(String accountName)
Returns the User matching the provided accountName.
|
User |
Authenticator.login()
Calls login with the *current* request and response.
|
User |
Authenticator.login(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method should be called for every HTTP request, to login the current user either from the session of HTTP
request.
|
Modifier and Type | Method and Description |
---|---|
void |
Authenticator.changePassword(User user,
String currentPassword,
String newPassword,
String newPassword2)
Changes the password for the specified user.
|
String |
Authenticator.generateStrongPassword(User user,
String oldPassword)
Generate strong password that takes into account the user's information and old password.
|
void |
Authenticator.setCurrentUser(User user)
Sets the currently logged in User.
|
boolean |
Authenticator.verifyPassword(User user,
String password)
Verify that the supplied password matches the password for this user.
|
void |
Authenticator.verifyPasswordStrength(String oldPassword,
String newPassword,
User user)
Ensures that the password meets site-specific complexity requirements, like length or number
of character sets.
|
Modifier and Type | Class and Description |
---|---|
class |
DefaultUser
Reference implementation of the User interface.
|
Modifier and Type | Method and Description |
---|---|
User |
FileBasedAuthenticator.createUser(String accountName,
String password1,
String password2)
Creates a new User with the information provided.
|
User |
AbstractAuthenticator.getCurrentUser()
Returns the currently logged in User.
|
User |
FileBasedAuthenticator.getUser(long accountId)
Returns the User matching the provided accountId.
|
User |
FileBasedAuthenticator.getUser(String accountName)
Returns the User matching the provided accountName.
|
protected User |
AbstractAuthenticator.getUserFromSession()
Gets the user from session.
|
User |
AbstractAuthenticator.login()
Calls login with the *current* request and response.
|
User |
AbstractAuthenticator.login(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
This method should be called for every HTTP request, to login the current user either from the session of HTTP
request.
|
Modifier and Type | Method and Description |
---|---|
void |
FileBasedAuthenticator.changePassword(User user,
String currentPassword,
String newPassword,
String newPassword2)
Changes the password for the specified user.
|
String |
FileBasedAuthenticator.generateStrongPassword(User user,
String oldPassword)
Generate strong password that takes into account the user's information and old password.
|
void |
AbstractAuthenticator.setCurrentUser(User user)
Sets the currently logged in User.
|
boolean |
FileBasedAuthenticator.verifyPassword(User user,
String password)
Verify that the supplied password matches the password for this user.
|
void |
FileBasedAuthenticator.verifyPasswordStrength(String oldPassword,
String newPassword,
User user)
Ensures that the password meets site-specific complexity requirements, like length or number
of character sets.
|
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.