[Esapi-user] [Esapi-dev] New ESAPI Singleton Implementation

Chris Schmidt chrisisbeef at gmail.com
Fri Jun 11 23:26:29 EDT 2010


Looking forward to hearing how it does. I plan on writing a bunch of  
new demo code around it after I get back from uberconf next weekend in  
hopes that my appsecus talk gets in to demo 2.0 in it's entirety at  
that conf.

I am working on some implementation channels for it in my day jon as  
well which will be running in a high simulated traffic test  
environment for at least a couple weeks. Hopefully this will smoke out  
any threading issues I may have missed in my code review a few monthes  
ago and before I checked in.

Thanks guys!

PS I am thinking of submitting to do an esapi bootcamp at appsec dc so  
of it gets accepted I may send out a call to arms to get the swingset  
up to date so that I can use it for part of the bootcamp.

;)

Sent from my iPwn

On Jun 11, 2010, at 2:24 PM, "Jeff Williams" <jeff.williams at aspectsecurity.com 
 > wrote:

> Great job Chris! I’m gonna update and give it a spin.
>
>
>
> --Jeff
>
>
>
> From: esapi-dev-bounces at lists.owasp.org [mailto:esapi-dev- 
> bounces at lists.owasp.org] On Behalf Of Jim Manico
> Sent: Wednesday, June 09, 2010 3:30 PM
> To: Chris Schmidt
> Cc: ESAPI-Developers; ESAPI-Users
> Subject: Re: [Esapi-dev] [Esapi-user] New ESAPI Singleton  
> Implementation
>
>
>
> This is exceptional work, Chris.
>
> I'll update ESAPI in my core project and let you know how this works  
> in production.
>
> Thanks for taking this on - this is long overdue.
>
> Rock on!
>
>
> -- 
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> http://www.manico.net
>
>
>
>
>
> ESAPI Community -
>
> I have just checked in a major overhaul of the ESAPI Singleton  
> Pattern implementation that is currently in-use and am looking to  
> get this out into some test environments to be sure that I have all  
> the bugs smoked out.
>
> The change that was made is simple and is important if you are using  
> customized implementations of the ESAPI Classes.
>
> First - the ESAPI Locator is no longer responsible for maintaining  
> instances of classes, it is now setup to do exactly as it was  
> intended, act as a Service Locator. This means that the  
> responsiblity of both establishing and maintaining that a class  
> should be used as a singleton falls to the class itself.
>
> The ObjFactory that is used by ESAPI will now check for the  
> existence of a method with the following signature in the  
> implementation class it is creating:
>
> public static <Type> getInstance();
>
> If there is a getInstance method on the class, AND it is publicly  
> accessible, AND it is static, the ObjFactory will return the result  
> of calling that method rather than calling newInstance on the class  
> itself.
>
> This change will need to be reflected in any custom implementations  
> that you are using in your ESAPI
>
> If you have any questions, feel free to shoot them out on the ESAPI- 
> Users list and we will address your questions or concerns promptly.
>
> The issue associated with this revision is #128 - if you find issues  
> with the new singleton implementation, please submit an issue in the  
> google issue tracker and we will be notified.
>
> Thanks for your continued support, and we look forward to hearing  
> about your experiences using ESAPI!
>
> -- 
> Chris Schmidt
>
> OWASP ESAPI Developer
> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>
> Check out OWASP ESAPI for Java
> http://code.google.com/p/owasp-esapi-java/
>
> OWASP ESAPI for JavaScript
> http://code.google.com/p/owasp-esapi-js/
>
> Yet Another Developers Blog
> http://yet-another-dev.blogspot.com
>
> Bio and Resume
> http://www.digital-ritual.net/resume.html
>
>
>
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100611/c9dec21e/attachment.html 


More information about the Esapi-user mailing list