• Home
• org.owasp.esapi
• esapi
• 2.2.1.0-RC1
• source code
• IntrusionException.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.owasp.esapi.errors.IntrusionException Maven / Gradle / Ivy

/**
 * OWASP Enterprise Security API (ESAPI)
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * Enterprise Security API (ESAPI) project. For details, please see
 * http://www.owasp.org/index.php/ESAPI.
 *
 * Copyright (c) 2007 - The OWASP Foundation
 * 
 * The ESAPI is published by OWASP under the BSD license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jeff Williams Aspect Security
 * @created 2007
 */
package org.owasp.esapi.errors;

import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;

/**
 * An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
 * in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by
 * either specially logging the event, logging out the current user, or invalidating the current user's account.
 * 

 * Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from
 * anywhere and will not require a lot of special exception handling.
 * 
 * @author Jeff Williams ([email protected])
 */
public class IntrusionException extends EnterpriseSecurityRuntimeException {

    /** The Constant serialVersionUID. */
    private static final long serialVersionUID = 1L;

    /** The logger. */
    protected final transient Logger logger = ESAPI.getLogger("IntrusionException");

    /**
     *
     */
    protected String logMessage = null;

    /**
     * Creates a new instance of IntrusionException.
     * 
     * @param userMessage
     *            the message to display to users
     * @param logMessage
	 * 			  the message logged
     */
    public IntrusionException(String userMessage, String logMessage) {
        super(userMessage);
        this.logMessage = logMessage;
        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage);
    }

    /**
     * Instantiates a new intrusion exception.
     * 
     * @param userMessage
     *            the message to display to users
     * @param logMessage
	 * 			  the message logged
     * @param cause 
     *			  the cause
     */
    public IntrusionException(String userMessage, String logMessage, Throwable cause) {
        super(userMessage, cause);
        this.logMessage = logMessage;
        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage, cause);
    }

    /**
     * Returns a String containing a message that is safe to display to users
     * 
     * @return a String containing a message that is safe to display to users
     */
    public String getUserMessage() {
        return getMessage();
    }

    /**
     * Returns a String that is safe to display in logs, but probably not to users
     * 
     * @return a String containing a message that is safe to display in logs, but probably not to users
     */
    public String getLogMessage() {
        return logMessage;
    }

}