Class IntrusionException

  • All Implemented Interfaces:
    java.io.Serializable

    public class IntrusionException
    extends EnterpriseSecurityRuntimeException
    An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by either specially logging the event, logging out the current user, or invalidating the current user's account.

    Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from anywhere and will not require a lot of special exception handling.

    Author:
    Jeff Williams (jeff.williams@aspectsecurity.com)
    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected Logger logger
      The logger.
      protected java.lang.String logMessage  
    • Constructor Summary

      Constructors 
      Constructor Description
      IntrusionException​(java.lang.String userMessage, java.lang.String logMessage)
      Creates a new instance of IntrusionException.
      IntrusionException​(java.lang.String userMessage, java.lang.String logMessage, java.lang.Throwable cause)
      Instantiates a new intrusion exception.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String getLogMessage()
      Returns a String that is safe to display in logs, but probably not to users
      java.lang.String getUserMessage()
      Returns a String containing a message that is safe to display to users
      • Methods inherited from class java.lang.Throwable

        addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Field Detail

      • logger

        protected final transient Logger logger
        The logger.
      • logMessage

        protected java.lang.String logMessage
    • Constructor Detail

      • IntrusionException

        public IntrusionException​(java.lang.String userMessage,
                                  java.lang.String logMessage)
        Creates a new instance of IntrusionException.
        Parameters:
        userMessage - the message to display to users
        logMessage - the message logged
      • IntrusionException

        public IntrusionException​(java.lang.String userMessage,
                                  java.lang.String logMessage,
                                  java.lang.Throwable cause)
        Instantiates a new intrusion exception.
        Parameters:
        userMessage - the message to display to users
        logMessage - the message logged
        cause - the cause
    • Method Detail

      • getUserMessage

        public java.lang.String getUserMessage()
        Returns a String containing a message that is safe to display to users
        Overrides:
        getUserMessage in class EnterpriseSecurityRuntimeException
        Returns:
        a String containing a message that is safe to display to users
      • getLogMessage

        public java.lang.String getLogMessage()
        Returns a String that is safe to display in logs, but probably not to users
        Overrides:
        getLogMessage in class EnterpriseSecurityRuntimeException
        Returns:
        a String containing a message that is safe to display in logs, but probably not to users