Comments (6)
Actually, I think the loginPage should be passed in from the web.xml entry for
the
filter as opposed to in the properties file, as the ESAPI jar may be shared
across
multiple web applications but they have their own login pages where anonymous
users
should be sent.
Patch for trunk is attached.
Original comment by chrisisbeef
on 25 Jul 2009 at 12:01
Attachments:
from owasp-esapi-java.
Scheduling this for ESAPI 2.1
Original comment by chrisisbeef
on 6 Nov 2009 at 8:51
- Added labels: Milestone-Release2.1, OpSys-All
from owasp-esapi-java.
Original comment by [email protected]
on 25 Jan 2010 at 10:17
- Added labels: Configuration
- Removed labels: OpSys-All, Usability
from owasp-esapi-java.
[deleted comment]
from owasp-esapi-java.
[deleted comment]
from owasp-esapi-java.
Agree with Chris' #1 comment; this should use an init parameter (let's call it
"loginPage") passed in from any relevant ESAPI servlet filter so it can be
specified in the web.xml as part of the JavaEE filter configuration.
Original comment by [email protected]
on 23 Sep 2014 at 1:43
- Added labels: FirstBug
from owasp-esapi-java.
Related Issues (20)
- AbstractAccessReferenceMap.addDirectReference not invariant
- setHeader blocks legitimate headers due to header name size limit being too low
- Log4j configuration with no root level causes NPE in Log4jLogger.java HOT 1
- Content Security Policy - Java Servlet Filter
- logger is gettin class cast exception
- [deleted issue]
- Regex in ESAPI.properties is not considering few of the french characters HOT 2
- Performance HOT 3
- -Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268
- HttpParamtervalue for allowing Xml Data
- HTTPParameterValue
- EncryptedPropertiesUtils Switch for Adding Values
- User session just jumped from unknown to 0:0:0:0:0:0:0:1 HOT 1
- ESAPI configuration files not included in dist.
- SecurityConfiguration for ESAPI.Encoder not found in ESAPI.properties. Using default: org.owasp.esapi.reference.DefaultEncoder HOT 1
- Need to update Apache Commons BeanUtils
- Multiple URLs are not supported by Validator.Redirect
- Duplicates ESAPI_en_US.properties in esapi-2.1.0-dist.zip HOT 1
- isValidInput failing for HTTPParameterValue {internalAction:getScreen} HOT 1
- StringUtilities.union() method is broken, weakens GenerateStrongPassword
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from owasp-esapi-java.