[OWASP-ESAPI] SafeRequests within SafeRequests

Rogan Dawes lists at dawes.za.net
Tue May 26 08:23:31 EDT 2009


Stewart Short wrote:
> 
> 
> Our web applications are based on WebLogic 8.1 page flows which is a
> technology built on top of struts. I have recently been looking at
> integrating OWASP ESAPI (v1.4) and one problem I noticed is that when
> processing involves a chain of actions, i.e. resulting in *.do requests,
> you end up with SafeRequests within SafeRequests, with one level for
> each action in the chain. Therefore, should the doFilter method in
> SafeHTTPFilter only create a new SafeRequest if the request passed in is
> not an instance of SafeRequest?

Yes, I think so.

Rogan


More information about the OWASP-ESAPI mailing list