[Esapi-user] [Esapi-dev] New ESAPI Singleton Implementation

Jeff Williams jeff.williams at aspectsecurity.com
Fri Jun 11 16:24:37 EDT 2010

Great job Chris! I'm gonna update and give it a spin.




From: esapi-dev-bounces at lists.owasp.org
[mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Wednesday, June 09, 2010 3:30 PM
To: Chris Schmidt
Cc: ESAPI-Developers; ESAPI-Users
Subject: Re: [Esapi-dev] [Esapi-user] New ESAPI Singleton Implementation


This is exceptional work, Chris. 

I'll update ESAPI in my core project and let you know how this works in

Thanks for taking this on - this is long overdue.

Rock on!

Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

ESAPI Community -

I have just checked in a major overhaul of the ESAPI Singleton Pattern
implementation that is currently in-use and am looking to get this out
into some test environments to be sure that I have all the bugs smoked

The change that was made is simple and is important if you are using
customized implementations of the ESAPI Classes.

First - the ESAPI Locator is no longer responsible for maintaining
instances of classes, it is now setup to do exactly as it was intended,
act as a Service Locator. This means that the responsiblity of both
establishing and maintaining that a class should be used as a singleton
falls to the class itself. 

The ObjFactory that is used by ESAPI will now check for the existence of
a method with the following signature in the implementation class it is

public static <Type> getInstance();

If there is a getInstance method on the class, AND it is publicly
accessible, AND it is static, the ObjFactory will return the result of
calling that method rather than calling newInstance on the class itself.

This change will need to be reflected in any custom implementations that
you are using in your ESAPI

If you have any questions, feel free to shoot them out on the
ESAPI-Users list and we will address your questions or concerns

The issue associated with this revision is #128 - if you find issues
with the new singleton implementation, please submit an issue in the
google issue tracker and we will be notified.

Thanks for your continued support, and we look forward to hearing about
your experiences using ESAPI!

Chris Schmidt


Check out OWASP ESAPI for Java

OWASP ESAPI for JavaScript

Yet Another Developers Blog

Bio and Resume

Esapi-user mailing list
Esapi-user at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100611/f4b63bde/attachment.html 

More information about the Esapi-user mailing list