Class EnterpriseSecurityRuntimeException

  • All Implemented Interfaces:
    java.io.Serializable
    Direct Known Subclasses:
    EncryptionRuntimeException, IntrusionException

    public class EnterpriseSecurityRuntimeException
    extends java.lang.RuntimeException
    EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions. You should pass in the root cause exception wherever possible. Constructors for classes extending this class should be sure to call the appropriate super() method in order to ensure that logging and intrusion detection occur properly.

    All EnterpriseSecurityRuntimeExceptions have two messages, one for the user and one for the log file. This way, a message can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile, all the critical information can be included in the exception so that it gets logged.

    Note that the "logMessage" for ALL EnterpriseSecurityRuntimeExceptions is logged in the log file. This feature should be used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records. ALL EnterpriseSecurityRuntimeExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of application usage.

    Since:
    October 8, 2010
    Author:
    August Detlefsen (augustd at codemagi dot com) CodeMagi, Inc.
    See Also:
    Serialized Form
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      protected EnterpriseSecurityRuntimeException()
      Instantiates a new enterprise security runtime exception.
      protected EnterpriseSecurityRuntimeException​(java.lang.String userMessage)
      Instantiates a new enterprise security runtime exception with a user message.
        EnterpriseSecurityRuntimeException​(java.lang.String userMessage, java.lang.String logMessage)
      Creates a new instance of EnterpriseSecurityException.
        EnterpriseSecurityRuntimeException​(java.lang.String userMessage, java.lang.String logMessage, java.lang.Throwable cause)
      Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
      protected EnterpriseSecurityRuntimeException​(java.lang.String userMessage, java.lang.Throwable cause)
      Instantiates a new enterprise security runtime exception with a user message and cause.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String getLogMessage()
      Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
      java.lang.String getUserMessage()
      Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
      • Methods inherited from class java.lang.Throwable

        addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Field Detail

      • logger

        protected final Logger logger
        The logger.
      • logMessage

        protected java.lang.String logMessage
    • Constructor Detail

      • EnterpriseSecurityRuntimeException

        protected EnterpriseSecurityRuntimeException()
        Instantiates a new enterprise security runtime exception.
      • EnterpriseSecurityRuntimeException

        protected EnterpriseSecurityRuntimeException​(java.lang.String userMessage)
        Instantiates a new enterprise security runtime exception with a user message. (Needed by anything which subclasses this.)
        Parameters:
        userMessage - Message displayed to user.
      • EnterpriseSecurityRuntimeException

        protected EnterpriseSecurityRuntimeException​(java.lang.String userMessage,
                                                     java.lang.Throwable cause)
        Instantiates a new enterprise security runtime exception with a user message and cause. (Needed by anything which subclasses this.)
        Parameters:
        userMessage - Message displayed to user.
        cause - The cause (which is saved for later retrieval by the getCause() method). (A null value is permitted, and indicates that the cause is nonexistent or unknown.)
      • EnterpriseSecurityRuntimeException

        public EnterpriseSecurityRuntimeException​(java.lang.String userMessage,
                                                  java.lang.String logMessage)
        Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by using this API, applications will generate an extensive security log. In addition, this exception is automatically registered with the IntrusionDetector, so that quotas can be checked. It should be noted that messages that are intended to be displayed to the user should be safe for display. In other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the context of the exception.
        Parameters:
        userMessage - the message displayed to the user
        logMessage - the message logged
      • EnterpriseSecurityRuntimeException

        public EnterpriseSecurityRuntimeException​(java.lang.String userMessage,
                                                  java.lang.String logMessage,
                                                  java.lang.Throwable cause)
        Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable. It should be noted that messages that are intended to be displayed to the user should be safe for display. In other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the context of the exception.
        Parameters:
        userMessage - the message displayed to the user
        logMessage - the message logged
        cause - the cause
    • Method Detail

      • getUserMessage

        public java.lang.String getUserMessage()
        Returns message meant for display to users Note that if you are unsure of what set this message, it would probably be a good idea to encode this message before displaying it to the end user.
        Returns:
        a String containing a message that is safe to display to users
      • getLogMessage

        public java.lang.String getLogMessage()
        Returns a message that is safe to display in logs, but may contain sensitive information and therefore probably should not be displayed to users.
        Returns:
        a String containing a message that is safe to display in logs, but probably not to users as it may contain sensitive information.