[Esapi-user] Using Multiple Validators

Kevin W. Wall kevin.w.wall at gmail.com
Sun Oct 11 01:28:54 UTC 2015

On Fri, Oct 9, 2015 at 11:34 PM, Jorge Calderon <jcald1 at gmail.com> wrote:
> Is there a way to configure more than one validator in the
> ESAPI.properties configuration?  I'd like to be able to have access to
> both the DefaultValidator and a custom one. The reason for this is I
> want to be able to both have a custom version of a validation method
> and have access to the original set of methods.
> I would also like to be able to add new validation methods that are
> specific to our applications.  As of right now, I'm planning to create
> a custom concrete validation class that implements a custom validator
> interface which itself extends the ESAPI "Validator" interface.  I'm
> open to any other suggestions.


Assuming that the way that you wish to access these validators is via:

    ESAPI.validator().isValidInput( ... , ..., etc. );

then the answer is "no". (The same would be true for any other major
ESAPI feature such as Encoders, Authenticators, etc.)

Of course, what you could do it to access multiple Validators directly. E.g.,

   Validator dv = ESAPI.validator();   // Use the default one from
   Validator cv = new MyCustomValidator();  // your custom validator

and then access each as needed. The other alternative, is, as you allude,
to extend DefaultValidator class (or use it as a delegate class) and just use
that instead. You wouldn't really need to extend the Validator interface unless
you want to add additional methods to it. Keep in mind that ESAPI.validator()
creates a singleton instance of DefaultValidator (although that restriction is
not strictly necessary if you create your own custom version; see details in

Hope that helps. If not, try to provide more details so I can answer more

Blog: http://off-the-wall-security.blogspot.com/
NSA: All your crypto bit are belong to us.

More information about the Esapi-user mailing list