public class EnterpriseSecurityRuntimeException extends RuntimeException
All EnterpriseSecurityRuntimeExceptions have two messages, one for the user and one for the log file. This way, a message can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile, all the critical information can be included in the exception so that it gets logged.
Note that the "logMessage" for ALL EnterpriseSecurityRuntimeExceptions is logged in the log file. This feature should be used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records. ALL EnterpriseSecurityRuntimeExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of application usage.
Modifier and Type | Field and Description |
---|---|
protected Logger |
logger
The logger.
|
protected String |
logMessage |
protected static long |
serialVersionUID |
Modifier | Constructor and Description |
---|---|
protected |
EnterpriseSecurityRuntimeException()
Instantiates a new enterprise security runtime exception.
|
protected |
EnterpriseSecurityRuntimeException(String userMessage)
Instantiates a new enterprise security runtime exception with a user
message.
|
|
EnterpriseSecurityRuntimeException(String userMessage,
String logMessage)
Creates a new instance of EnterpriseSecurityException.
|
|
EnterpriseSecurityRuntimeException(String userMessage,
String logMessage,
Throwable cause)
Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
|
protected |
EnterpriseSecurityRuntimeException(String userMessage,
Throwable cause)
Instantiates a new enterprise security runtime exception with a
user message and cause.
|
Modifier and Type | Method and Description |
---|---|
String |
getLogMessage()
Returns a message that is safe to display in logs, but may contain
sensitive information and therefore probably should not be displayed to
users.
|
String |
getUserMessage()
Returns message meant for display to users
Note that if you are unsure of what set this message, it would probably
be a good idea to encode this message before displaying it to the end user.
|
addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
protected static final long serialVersionUID
protected final Logger logger
protected String logMessage
protected EnterpriseSecurityRuntimeException()
protected EnterpriseSecurityRuntimeException(String userMessage)
userMessage
- Message displayed to user.protected EnterpriseSecurityRuntimeException(String userMessage, Throwable cause)
userMessage
- Message displayed to user.cause
- The cause (which is saved for later retrieval by the
getCause() method). (A null value is permitted, and indicates that the
cause is nonexistent or unknown.)public EnterpriseSecurityRuntimeException(String userMessage, String logMessage)
userMessage
- the message displayed to the userlogMessage
- the message loggedpublic EnterpriseSecurityRuntimeException(String userMessage, String logMessage, Throwable cause)
userMessage
- the message displayed to the userlogMessage
- the message loggedcause
- the causepublic String getUserMessage()
public String getLogMessage()
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.