Interface IntrusionDetector

  • All Known Implementing Classes:
    DefaultIntrusionDetector

    public interface IntrusionDetector
    The IntrusionDetector interface is intended to track security relevant events and identify attack behavior. The implementation can use as much state as necessary to detect attacks, but note that storing too much state will burden your system.

    The interface is currently designed to accept exceptions as well as custom events. Implementations can use this stream of information to detect both normal and abnormal behavior.

    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addEvent​(java.lang.String eventName, java.lang.String logMessage)
      Adds the event to the IntrusionDetector.
      void addException​(java.lang.Exception exception)
      Adds the exception to the IntrusionDetector.
    • Method Detail

      • addException

        void addException​(java.lang.Exception exception)
                   throws IntrusionException
        Adds the exception to the IntrusionDetector. This method should immediately log the exception so that developers throwing an IntrusionException do not have to remember to log every error. The implementation should store the exception somewhere for the current user in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing the current user's security exceptions. If the User has reached any security thresholds, the appropriate security action can be taken and logged.
        Parameters:
        exception - the exception thrown
        Throws:
        IntrusionException - the intrusion exception
      • addEvent

        void addEvent​(java.lang.String eventName,
                      java.lang.String logMessage)
               throws IntrusionException
        Adds the event to the IntrusionDetector. This method should immediately log the event. The implementation should store the event somewhere for the current user in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing the current user's security event. If the User has reached any security thresholds, the appropriate security action can be taken and logged.
        Parameters:
        eventName - the event to add
        logMessage - the message to log with the event
        Throws:
        IntrusionException - the intrusion exception