[OWASP-ESAPI] Feature Request: AccessReferenceMap Serialization
Neil Matatall
nmatatal at uci.edu
Wed Mar 11 16:37:41 EDT 2009
On the topic of changing things, should we submit feature requests to
this list directly? I couldn't find anything on the OWASP page other
than the Google code bug tracker. What does everyone think about making
the AccessReferenceMap extend Serializable? That way we can just toss
the object into the session and pull it out when we need the references
instead of the approach taken in the Swingset Application.
session.setAttribute(ind0, directReference0);
session.setAttribute(ind1, directReference1);
session.setAttribute(ind2, directReference2);
session.setAttribute(ind3, directReference3);
session.setAttribute(ind4, directReference4);
session.setAttribute(ind5, directReference5);
session.setAttribute(ind6, directReference6);
session.setAttribute("ind0", ind0);
session.setAttribute("ind1", ind1);
session.setAttribute("ind2", ind2);
session.setAttribute("ind3", ind3);
session.setAttribute("ind4", ind4);
session.setAttribute("ind5", ind5);
session.setAttribute("ind6", ind6);
Retrieving the reference from the session becomes somewhat clunky. By
making the AccessReferenceMap Serializable, we can save it to the
session and write code like this:
AccessReferenceMap refMap = (AccessReferenceMap)
request.getSession().getAttribute("refMap");
String indirectRef = request.getParameter("indirectReference");
Object resource = refMap.getDirectReference(indirectRef);
Neil
More information about the OWASP-ESAPI
mailing list