[OWASP-ESAPI] Question about Provider/Implementation architecture

Jim Manico jim.manico at owasp.org
Wed Aug 12 18:43:27 EDT 2009

Assuming that you would have many apps with the same set of sub-providers, 
you would be able to "bundle" your set inside of one ESAPI master 
implementation, and initialize it with one call, as an *optional* feature. 
Whats wrong with that?

- Jim

----- Original Message ----- 
From: "Rogan Dawes" <lists at dawes.za.net>
To: "Jim Manico" <jim.manico at owasp.org>
Cc: <owasp-esapi at lists.owasp.org>
Sent: Wednesday, August 12, 2009 12:05 PM
Subject: Re: [OWASP-ESAPI] Question about Provider/Implementation 

> Jim Manico wrote:
>> And for what it's worth, I think it would be rather easy to do. We just
>> need a master interface that excapsultates the functionality of the
>> sub-providers that we already have, and then support...
>> *ESAPI.addProvider(new com.your.company.ESAPI());*
>> Then when you implement *com.your.company.ESAPI* it will have to 
>> implement the master ESAPI interface....
> How is this different to (better than) the current:
> ESAPI.setEncoder(new com.yourcompany.Encoder());
> for the bits you actually want to implement yourself?
> all addProvider would do is:
> public void addProvider(Provider provider) {
>    setEncoder(provider.encoder());
>    ...
> }
> but provider would have to have implementations for EVERY ESAPI
> interface, even those where you just want to use the reference.
> Doesn't seem like an improvement to me.
> Rogan

More information about the OWASP-ESAPI mailing list