[Esapi-user] ESAPI integration with Spring + DWR
azlist1 at gmail.com
Sat Jun 11 14:26:34 EDT 2011
I am developing a web-application using Spring MVC and DWR for the "View"
(as in MVC) portion of the application.
I googled a while for an integration of ESAPI with spring but I couldn't
find anything other that forum posts, and discussions on the subject with no
My search is mainly focused on input sanitization. My Idea would be to have
a spring MVC filter that would automatically cleanup and eventually reject
"poisonned" HTTP requests (SQL injection etc...) even before a validation
of input is attempted (using the spring validators/controller framework).
Has anyone heard of such an implementation?
I'm looking for a Spring filter that would nicely integrate with the ESAPI
Also I am using DWR to perform all the async stuff. I have integrated DWR
with spring using config files and as far as I can tell all DWR input can
follow the regular Spring http request flow provided I configure it
propeerly. that would mean that the Spring ESAPI filter discussed above
could be used to validate DWR input as well.
Does any one have experience with this ?
Has anybody gone down this road yet?
I would happily start a small project for this and contribute back provided
someone can put me on the right tracks :)
Thank you for helping.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user