[Esapi-user] Help on ESAPI For Controling access to URLs & Functions

Chris Schmidt chris.schmidt at owasp.org
Sat Aug 27 13:56:14 EDT 2011

I took this off list.

The access control implementation that cones with esapi is a very basic file based acl implementation and is meant for demonstration purposes only (as is the case for the authenticator as well)

That being said, what you will want to do is determine what you want to use for access control - you can either roll your own or use something that already exists such as JAAS or Spring-Security. Once you have chosen you access control provider you will want to implement the AccessController interface as an adapter that fronts your access control component. 

Hopefully that helps you out feel free to pass along any additional questions you have on the esapi-user mailing list or email me directly. 

Sent from my iPwn

On Aug 27, 2011, at 4:30 AM, Somen Das <somen.das at owasp.org> wrote:

> Dear Leaders,
> Has any one implemented ESAPI in their project. I need some help in
> configurng the access control for controling access to URLs &
> Functions.
> Can any body post a sample code or project showing how to implement
> ESAPI access control.
> Thanks & stay secure,
> Somen

More information about the Esapi-user mailing list