org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of esapi Show documentation

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

There is a newer version: 2.5.5.0

Show newest version

package org.owasp.esapi.reference.accesscontrol.policyloader;

import org.apache.commons.configuration.XMLConfiguration;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;

import static org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper.getParameterValue;

final public class DynaBeanACRParameterLoader  
	implements ACRParameterLoader {
	
	Logger logger = ESAPI.getLogger(this.getClass());
	
//	@Override
	public DynaBeanACRParameter getParameters(XMLConfiguration config, int currentRule) throws java.lang.Exception { //TODO reduce the exception
		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
		int numberOfParameters = config.getList("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]").size();
		for(int currentParameter = 0; currentParameter < numberOfParameters; currentParameter++) {
			String parameterName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@name]");
			String parameterType = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@type]");
			Object parameterValue = getParameterValue(config, currentRule, currentParameter, parameterType);
			policyParameter.set(parameterName, parameterValue);
		}
		policyParameter.lock(); //This line makes the policyParameter read only. 
		logger.info(Logger.SECURITY_SUCCESS, "Loaded " + numberOfParameters + 
				" parameters: " + policyParameter.toString());
		return policyParameter;
	}
}