コード例 #1
0
 /**
  * Load the preferred JCE provider for ESAPI based on the <b>ESAPI.properties</b> property {@code
  * Encryptor.PreferredJCEProvider}. If this property is null (i.e., unset) or set to an empty
  * string, then no JCE provider is inserted at the "preferred" position and thus the Java VM
  * continues to use whatever the default it was using for this (generally specified in the file
  * {@code $JAVA_HOME/jre/security/java.security}).
  *
  * @return The actual preference position at which the provider was added, (which is expected to
  *     be 1) or -1 if the provider was not added because it is already installed at some other
  *     position. -1 is also returned if the {@code Encryptor.PreferredJCEProvider} was not set or
  *     set to an empty string, i.e., if the application <i>has</i> no preferred JCE provider.
  * @exception NoSuchProviderException - thrown if the provider class could not be loaded or added
  *     to the {@code SecurityManager} or any other reason for failure.
  * @see <a
  *     href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.htm">
  *     ESAPI 2.0 Symmetric Encryption User Guide</a>
  */
 public static int loadESAPIPreferredJCEProvider() throws NoSuchProviderException {
   String prefJCEProvider = ESAPI.securityConfiguration().getPreferredJCEProvider();
   try {
     // If unset or set to empty string, then don't try to change it.
     if (prefJCEProvider == null || prefJCEProvider.trim().length() == 0) {
       // Always log, per NSA suggestion.
       logger.always(Logger.SECURITY_AUDIT, "No Encryptor.PreferredJCEProvider specified.");
       return -1; // Unchanged; it is, whatever it is.
     } else {
       return insertProviderAt(prefJCEProvider, 1);
     }
   } catch (NoSuchProviderException ex) {
     // Will already have logged with exception msg.
     String msg = "failed to load *preferred* " + "JCE crypto provider, " + prefJCEProvider;
     logger.always(Logger.SECURITY_AUDIT, msg); // Per NSA suggestion.
     logger.error(Logger.SECURITY_FAILURE, msg);
     throw ex;
   }
 }
コード例 #2
0
 /**
  * Returns a <code>String</code> containing the real path for a given virtual path. For example,
  * the path "/index.html" returns the absolute file path on the server's filesystem would be
  * served by a request for "http://host/contextPath/index.html", where contextPath is the context
  * path of this ServletContext..
  *
  * <p>The real path returned will be in a form appropriate to the computer and operating system on
  * which the servlet container is running, including the proper path separators. This method
  * returns <code>null</code> if the servlet container cannot translate the virtual path to a real
  * path for any reason (such as when the content is being made available from a <code>.war</code>
  * archive).
  *
  * @param path a <code>String</code> specifying a virtual path
  * @return a <code>String</code> specifying the real path, or null if the translation cannot be
  *     performed
  */
 public String getRealPath(String path) {
   return ESAPI.securityConfiguration().getResourceFile(path).getAbsolutePath();
 }