Latest build

nomadinjax · Aug 20, 2013 · 2d125c5 · 2d125c5
1 parent 4c596c8
commit 2d125c5
Show file tree

Hide file tree

Showing 351 changed files with 26,542 additions and 22,950 deletions.
diff --git a/apiref/allclasses-frame.html b/apiref/allclasses-frame.html
@@ -0,0 +1,241 @@
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by colddoc on {ts '2013-08-19 21:48:25'} -->
+<TITLE>
+All Classes
+</TITLE>
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameHeadingFont">
+<B>All Classes</B></FONT>
+
+<BR>
+
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT CLASS="FrameItemFont">
+
+<A HREF="org/owasp/esapi/errors/AccessControlException.html" title="class in org.owasp.esapi.errors" target="classFrame">AccessControlException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/AccessController.html" title="class in org.owasp.esapi" target="classFrame"><i>AccessController</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/AccessReferenceMap.html" title="class in org.owasp.esapi" target="classFrame"><i>AccessReferenceMap</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/AuthenticationAccountsException.html" title="class in org.owasp.esapi.errors" target="classFrame">AuthenticationAccountsException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/AuthenticationCredentialsException.html" title="class in org.owasp.esapi.errors" target="classFrame">AuthenticationCredentialsException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/AuthenticationException.html" title="class in org.owasp.esapi.errors" target="classFrame">AuthenticationException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/AuthenticationHostException.html" title="class in org.owasp.esapi.errors" target="classFrame">AuthenticationHostException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/AuthenticationLoginException.html" title="class in org.owasp.esapi.errors" target="classFrame">AuthenticationLoginException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/Authenticator.html" title="class in org.owasp.esapi" target="classFrame"><i>Authenticator</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/AvailabilityException.html" title="class in org.owasp.esapi.errors" target="classFrame">AvailabilityException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/CertificateException.html" title="class in org.owasp.esapi.errors" target="classFrame">CertificateException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultEncoder.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultEncoder</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultEncryptedProperties.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultEncryptedProperties</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultExecutor.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultExecutor</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultHTTPUtilities.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultHTTPUtilities</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultHTTPUtilities$ThreadLocalRequest.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultHTTPUtilities$ThreadLocalRequest</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultHTTPUtilities$ThreadLocalResponse.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultHTTPUtilities$ThreadLocalResponse</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultIntrusionDetector.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultIntrusionDetector</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultIntrusionDetector$Event.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultIntrusionDetector$Event</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultRandomizer.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultRandomizer</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultSecurityConfiguration.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultSecurityConfiguration</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultUser.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultUser</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/DefaultValidator.html" title="class in org.owasp.esapi.reference" target="classFrame">DefaultValidator</A>
+<BR>
+
+<A HREF="org/owasp/esapi/Encoder.html" title="class in org.owasp.esapi" target="classFrame"><i>Encoder</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/EncodingException.html" title="class in org.owasp.esapi.errors" target="classFrame">EncodingException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/EncryptedProperties.html" title="class in org.owasp.esapi" target="classFrame"><i>EncryptedProperties</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/EncryptionException.html" title="class in org.owasp.esapi.errors" target="classFrame">EncryptionException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/Encryptor.html" title="class in org.owasp.esapi" target="classFrame"><i>Encryptor</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/EnterpriseSecurityException.html" title="class in org.owasp.esapi.errors" target="classFrame">EnterpriseSecurityException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/ESAPI.html" title="class in org.owasp.esapi" target="classFrame">ESAPI</A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/Exception.html" title="class in org.owasp.esapi.util" target="classFrame">Exception</A>
+<BR>
+
+<A HREF="org/owasp/esapi/Executor.html" title="class in org.owasp.esapi" target="classFrame"><i>Executor</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/ExecutorException.html" title="class in org.owasp.esapi.errors" target="classFrame">ExecutorException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/File.html" title="class in org.owasp.esapi.util" target="classFrame">File</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/FileBasedAccessController.html" title="class in org.owasp.esapi.reference" target="classFrame">FileBasedAccessController</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/FileBasedAccessController$Rule.html" title="class in org.owasp.esapi.reference" target="classFrame">FileBasedAccessController$Rule</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/FileBasedAuthenticator.html" title="class in org.owasp.esapi.reference" target="classFrame">FileBasedAuthenticator</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/FileBasedAuthenticator$ThreadLocalUser.html" title="class in org.owasp.esapi.reference" target="classFrame">FileBasedAuthenticator$ThreadLocalUser</A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/HttpServletRequest.html" title="class in org.owasp.esapi.util" target="classFrame"><i>HttpServletRequest</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/HttpServletResponse.html" title="class in org.owasp.esapi.util" target="classFrame"><i>HttpServletResponse</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/HttpSession.html" title="class in org.owasp.esapi.util" target="classFrame"><i>HttpSession</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/HTTPUtilities.html" title="class in org.owasp.esapi" target="classFrame"><i>HTTPUtilities</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/IntegrityException.html" title="class in org.owasp.esapi.errors" target="classFrame">IntegrityException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/IntrusionDetector.html" title="class in org.owasp.esapi" target="classFrame"><i>IntrusionDetector</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/IntrusionException.html" title="class in org.owasp.esapi.errors" target="classFrame">IntrusionException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/JavaEncryptor.html" title="class in org.owasp.esapi.reference" target="classFrame">JavaEncryptor</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/JavaLogFactory.html" title="class in org.owasp.esapi.reference" target="classFrame">JavaLogFactory</A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/JavaLogFactory$JavaLogger.html" title="class in org.owasp.esapi.reference" target="classFrame">JavaLogFactory$JavaLogger</A>
+<BR>
+
+<A HREF="org/owasp/esapi/LogFactory.html" title="class in org.owasp.esapi" target="classFrame"><i>LogFactory</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/Logger.html" title="class in org.owasp.esapi" target="classFrame"><i>Logger</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/Object.html" title="class in org.owasp.esapi.util" target="classFrame">Object</A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/Principal.html" title="class in org.owasp.esapi.util" target="classFrame"><i>Principal</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/reference/RandomAccessReferenceMap.html" title="class in org.owasp.esapi.reference" target="classFrame">RandomAccessReferenceMap</A>
+<BR>
+
+<A HREF="org/owasp/esapi/Randomizer.html" title="class in org.owasp.esapi" target="classFrame"><i>Randomizer</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/RuntimeException.html" title="class in org.owasp.esapi.util" target="classFrame">RuntimeException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/SafeFile.html" title="class in org.owasp.esapi" target="classFrame">SafeFile</A>
+<BR>
+
+<A HREF="org/owasp/esapi/filters/SafeRequest.html" title="class in org.owasp.esapi.filters" target="classFrame">SafeRequest</A>
+<BR>
+
+<A HREF="org/owasp/esapi/filters/SafeResponse.html" title="class in org.owasp.esapi.filters" target="classFrame">SafeResponse</A>
+<BR>
+
+<A HREF="org/owasp/esapi/filters/SafeSession.html" title="class in org.owasp.esapi.filters" target="classFrame">SafeSession</A>
+<BR>
+
+<A HREF="org/owasp/esapi/SecurityConfiguration.html" title="class in org.owasp.esapi" target="classFrame"><i>SecurityConfiguration</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/ServletRequest.html" title="class in org.owasp.esapi.util" target="classFrame"><i>ServletRequest</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/ServletResponse.html" title="class in org.owasp.esapi.util" target="classFrame"><i>ServletResponse</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/util/ThreadLocal.html" title="class in org.owasp.esapi.util" target="classFrame">ThreadLocal</A>
+<BR>
+
+<A HREF="org/owasp/esapi/User.html" title="class in org.owasp.esapi" target="classFrame"><i>User</i></A>
+<BR>
+
+<A HREF="org/owasp/esapi/User$ANONYMOUS.html" title="class in org.owasp.esapi" target="classFrame">User$ANONYMOUS</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/ValidationAvailabilityException.html" title="class in org.owasp.esapi.errors" target="classFrame">ValidationAvailabilityException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/ValidationErrorList.html" title="class in org.owasp.esapi" target="classFrame">ValidationErrorList</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/ValidationException.html" title="class in org.owasp.esapi.errors" target="classFrame">ValidationException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/errors/ValidationUploadException.html" title="class in org.owasp.esapi.errors" target="classFrame">ValidationUploadException</A>
+<BR>
+
+<A HREF="org/owasp/esapi/Validator.html" title="class in org.owasp.esapi" target="classFrame"><i>Validator</i></A>
+<BR>
+
+</FONT>
+</TD>
+</TR>
+</TABLE>
+
+</BODY>
+</HTML>
diff --git a/esapi4cf-apiref/index.html → apiref/index.html b/esapi4cf-apiref/index.html → apiref/index.html
@@ -2,9 +2,9 @@
 <!--NewPage-->
 <HTML>
 <HEAD>
-<!-- Generated by colddoc on {ts '2013-03-04 20:35:02'} -->
+<!-- Generated by colddoc on {ts '2013-08-19 21:48:25'} -->
 <TITLE>
-Generated Documentation (ESAPI4CF 1.4.4)
+Generated Documentation (ESAPI4CF 1.0)
 </TITLE>
 <SCRIPT type="text/javascript">
     targetPage = "" + window.location.search;

diff --git a/...4cf/org/owasp/esapi/AccessController.html → apiref/org/owasp/esapi/AccessController.html b/...4cf/org/owasp/esapi/AccessController.html → apiref/org/owasp/esapi/AccessController.html
@@ -4,16 +4,16 @@
 <!--NewPage-->
 <HTML>
 <HEAD>
-<!-- Generated by colddoc on {ts '2013-03-04 20:35:07'} -->
+<!-- Generated by colddoc on {ts '2013-08-19 21:48:31'} -->
 <TITLE>
 Callable
 </TITLE>
 
-<META NAME="keywords" CONTENT="esapi4cf.org.owasp.esapi.concurrent.Callable interface">
+<META NAME="keywords" CONTENT="org.owasp.esapi.concurrent.Callable interface">
 
 
 
-<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../stylesheet.css" TITLE="Style">
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../stylesheet.css" TITLE="Style">
 
 <SCRIPT type="text/javascript">
 function windowTitle()
@@ -45,7 +45,7 @@
 
 
 
-	<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+	<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
 
 
 
@@ -64,7 +64,7 @@
 </TD>
 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
 
-ESAPI4CF 1.4.4</EM>
+ESAPI4CF 1.0</EM>
 
 </TD>
 </TR>
@@ -73,7 +73,7 @@
 
 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
 
-	  <A HREF="../../../../index.html?esapi4cf/org/owasp/esapi/AccessController.html" target="_top"><B>FRAMES</B></A>  &nbsp;
+	  <A HREF="../../../index.html?org/owasp/esapi/AccessController.html" target="_top"><B>FRAMES</B></A>  &nbsp;
 
 </FONT></TD>
 
@@ -86,7 +86,7 @@
 <!-- ======== START OF CLASS DATA ======== -->
 <H2>
 <FONT SIZE="-1">
-esapi4cf.org.owasp.esapi</FONT>
+org.owasp.esapi</FONT>
 <BR>
 
 Interface
@@ -106,7 +106,7 @@ <H2>
 
 
 
-<PRE>esapi4cf.org.owasp.esapi.AccessController
+<PRE>org.owasp.esapi.AccessController
 </PRE>
 
 
@@ -116,7 +116,7 @@ <H2>
 	<DD>
 
 
-			<a href="../../../..//esapi4cf/org/owasp/esapi/reference/FileBasedAccessController.html" title="class in esapi4cf.org.owasp.esapi.reference">FileBasedAccessController</a>
+			<a href="../../..//org/owasp/esapi/reference/FileBasedAccessController.html" title="class in org.owasp.esapi.reference">FileBasedAccessController</a>
 
 	</DD>
 	</DL>
@@ -137,6 +137,10 @@ <H2>
 </DL>
 
 
+<P>
+	The AccessController interface defines a set of methods that can be used in a wide variety of applications to enforce access control. In most applications, access control must be performed in multiple different locations across the various application layers. This class provides access control for URLs, business functions, data, services, and files. The implementation of this interface will need to access the current User object (from Authenticator.getCurrentUser()) to determine roles or permissions. In addition, the implementation will also need information about the resources that are being accessed. Using the user information and the resource information, the implementation should return an access control decision. Implementers are encouraged to implement the ESAPI access control methods, like assertAuthorizedForFunction() using existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful, methods like isUserInRole() can be confusing for developers, as users may be in multiple roles or possess multiple overlapping privileges. Direct use of these finer grained access control methods encourages the use of complex boolean tests throughout the code, which can easily lead to developer mistakes. The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like assertAuthorizedForData() so that access control is easy to use and easy to verify. Note that in the user interface layer, access control checks can be used to control whether particular controls are rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business function or access any data in your application. Therefore, access control checks in the user interface should be repeated in both the business logic and data layers.
+<P>
+
 
 <HR>
 
@@ -670,7 +674,7 @@ <H2>
 
 
 
-	<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+	<TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1">    <A HREF="../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
 
 
 
@@ -689,7 +693,7 @@ <H2>
 </TD>
 <TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
 
-ESAPI4CF 1.4.4</EM>
+ESAPI4CF 1.0</EM>
 
 </TD>
 </TR>
@@ -698,7 +702,7 @@ <H2>
 
 <TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
 
-	  <A HREF="../../../../index.html?esapi4cf/org/owasp/esapi/AccessController.html" target="_top"><B>FRAMES</B></A>  &nbsp;
+	  <A HREF="../../../index.html?org/owasp/esapi/AccessController.html" target="_top"><B>FRAMES</B></A>  &nbsp;
 
 </FONT></TD>