[Esapi-user] ESAPI integration with Spring + DWR

Alex azlist1 at gmail.com
Sat Jun 11 14:26:34 EDT 2011


Hi again,

I am developing a web-application using Spring MVC and DWR for the "View"
(as in MVC) portion of the application.

I googled a while for an integration of ESAPI with spring but I couldn't
find anything other that forum posts, and discussions on the subject with no
concrete implementation.

My search is mainly focused on input sanitization. My Idea would be to have
a spring MVC filter that would automatically cleanup and eventually reject
"poisonned" HTTP requests  (SQL injection etc...) even before a validation
of input is attempted (using the spring validators/controller framework).

Has anyone heard of such an implementation?
I'm looking for a Spring filter that would nicely integrate with the ESAPI
reference implementation.

Also I am using DWR to perform all the async stuff. I have integrated DWR
with spring using config files and as far as I can tell all DWR input can
follow  the regular Spring http request flow provided I configure it
propeerly. that would mean that the Spring ESAPI filter discussed above
could be used to validate DWR input as well.

Does any one have experience with this ?
Has anybody gone down this road yet?

I would happily start a small project for this and contribute back provided
someone can put me on the right tracks :)

Thank you for helping.

Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110611/e3a4c1bd/attachment.html 


More information about the Esapi-user mailing list