[Esapi-user] [Esapi-dev] New ESAPI Singleton Implementation

Jeff Williams jeff.williams at aspectsecurity.com
Fri Jun 11 16:24:37 EDT 2010


Great job Chris! I'm gonna update and give it a spin.

 

--Jeff

 

From: esapi-dev-bounces at lists.owasp.org
[mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Wednesday, June 09, 2010 3:30 PM
To: Chris Schmidt
Cc: ESAPI-Developers; ESAPI-Users
Subject: Re: [Esapi-dev] [Esapi-user] New ESAPI Singleton Implementation

 

This is exceptional work, Chris. 

I'll update ESAPI in my core project and let you know how this works in
production.

Thanks for taking this on - this is long overdue.

Rock on!



-- 
Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager
http://www.manico.net







ESAPI Community -

I have just checked in a major overhaul of the ESAPI Singleton Pattern
implementation that is currently in-use and am looking to get this out
into some test environments to be sure that I have all the bugs smoked
out. 

The change that was made is simple and is important if you are using
customized implementations of the ESAPI Classes.

First - the ESAPI Locator is no longer responsible for maintaining
instances of classes, it is now setup to do exactly as it was intended,
act as a Service Locator. This means that the responsiblity of both
establishing and maintaining that a class should be used as a singleton
falls to the class itself. 

The ObjFactory that is used by ESAPI will now check for the existence of
a method with the following signature in the implementation class it is
creating:

public static <Type> getInstance();

If there is a getInstance method on the class, AND it is publicly
accessible, AND it is static, the ObjFactory will return the result of
calling that method rather than calling newInstance on the class itself.


This change will need to be reflected in any custom implementations that
you are using in your ESAPI

If you have any questions, feel free to shoot them out on the
ESAPI-Users list and we will address your questions or concerns
promptly.

The issue associated with this revision is #128 - if you find issues
with the new singleton implementation, please submit an issue in the
google issue tracker and we will be notified.

Thanks for your continued support, and we look forward to hearing about
your experiences using ESAPI!

-- 
Chris Schmidt

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/

Yet Another Developers Blog
http://yet-another-dev.blogspot.com

Bio and Resume
http://www.digital-ritual.net/resume.html




 
 
_______________________________________________
Esapi-user mailing list
Esapi-user at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-user
  






 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100611/f4b63bde/attachment.html 


More information about the Esapi-user mailing list