[OWASP-ESAPI] Feature Request: AccessReferenceMap Serialization

Neil Matatall nmatatal at uci.edu
Wed Mar 11 16:37:41 EDT 2009

On the topic of changing things, should we submit feature requests to 
this list directly?  I couldn't find anything on the OWASP page other 
than the Google code bug tracker.  What does everyone think about making 
the AccessReferenceMap extend Serializable?  That way we can just toss 
the object into the session and pull it out when we need the references 
instead of the approach taken in the Swingset Application. 

                session.setAttribute(ind0, directReference0);
                session.setAttribute(ind1, directReference1);
                session.setAttribute(ind2, directReference2);
                session.setAttribute(ind3, directReference3);
                session.setAttribute(ind4, directReference4);
                session.setAttribute(ind5, directReference5);
                session.setAttribute(ind6, directReference6);
                session.setAttribute("ind0", ind0);
                session.setAttribute("ind1", ind1);
                session.setAttribute("ind2", ind2);
                session.setAttribute("ind3", ind3);
                session.setAttribute("ind4", ind4);
                session.setAttribute("ind5", ind5);
                session.setAttribute("ind6", ind6);

Retrieving the reference from the session becomes somewhat clunky.  By 
making the AccessReferenceMap Serializable, we can save it to the 
session and write code like this:

AccessReferenceMap refMap = (AccessReferenceMap) 
String indirectRef = request.getParameter("indirectReference");
Object resource = refMap.getDirectReference(indirectRef);


More information about the OWASP-ESAPI mailing list