[OWASP-ESAPI] introduction, grails

Jim Manico jim.manico at owasp.org
Mon Mar 9 21:26:19 EDT 2009


Hey there - I hope all is well.

If you build your own implementation of the Authenticator interface, which we rightly expect you to do so, you only need to call

ESAPI.setAuthenticator( new MyNonFlatFileAuthenticator()) );

In perhaps a J2EE filter that always gets hit before the app, then you are all set - the rest of you app will use your personal version of the Authenticator.

We want you to not have ESAPI, but to have YOUR ESAPI! =)

- Jim
  ----- Original Message ----- 
  From: Bradley Beddoes 
  To: owasp-esapi at lists.owasp.org 
  Sent: Monday, March 09, 2009 11:56 AM
  Subject: [OWASP-ESAPI] introduction, grails

  Firstly congratulation on the work being done with ESAPI, I've spent the last few days going over lots of various pieces of documentation on your website. 

  Anyways after looking around at all the various pieces I had a few questions:

  * In some of the interfaces (Authenticator for example) there seems to be a number of functions that imply a local store of user information (chagePassword, createUser etc). This doesn't make much sense to me in an enterprise situation using a central LDAP server or overall SSO system. What is the advised approach in this situation? I was thinking just implement these functions as a no-op, potentially throwing AuthenticationException

  * Has anybody done anything with integrating between ESAPI and Grails (grails.org)? If so I'd be very happy to hear about your experiences, I'm considering doing something in this space. The safe(er)HTTPFilter and AccessReferenceMap in-particular seem pretty useful for apps being built with grails.

  Thanks for your time guys (and gals? :) ), appreciate it.


  Catch me on Twitter: @bradleybeddoes


  OWASP-ESAPI mailing list
  OWASP-ESAPI at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090309/5d054c8f/attachment.html 

More information about the OWASP-ESAPI mailing list