Difference between revisions of "Talk:ESAPI Specification"

From OWASP
Jump to: navigation, search
(Created page with "I tried to keep the specification as compatible as I can with the existing APIs, however there are definately places where existing users are going to have to modify their code -...")
 
(AccessController: new section)
Line 2: Line 2:
  
 
--[[User:Chris Schmidt|Chris Schmidt]] 02:23, 16 June 2011 (EDT)
 
--[[User:Chris Schmidt|Chris Schmidt]] 02:23, 16 June 2011 (EDT)
 +
 +
== AccessController ==
 +
 +
Let's start with discussing the proposed changes to the AccessController.
 +
 +
Summary of proposed changes:
 +
* Drop deprecated methods isAuthorizedForXXX, assertAuthorizedForXXX
 +
* Replace (Object) Parameters with strongly typed StereoTypes

Revision as of 01:25, 16 June 2011

I tried to keep the specification as compatible as I can with the existing APIs, however there are definately places where existing users are going to have to modify their code - specifically where it deals with Encoding and Validation. I believe these changes are absolutely necessary however to establish a good cross-platform specification. I also believe the migration path allows for the smoothest transition for end-users (developers) to make the necessary changes without completely breaking their existing implementations. This is similar to the path that Spring-Security took with it's 2.0 -> 2.5 -> 3.0 path where they did a very similar thing and I used their experience as the basis for the proposed roadmap.

--Chris Schmidt 02:23, 16 June 2011 (EDT)

AccessController

Let's start with discussing the proposed changes to the AccessController.

Summary of proposed changes:

  • Drop deprecated methods isAuthorizedForXXX, assertAuthorizedForXXX
  • Replace (Object) Parameters with strongly typed StereoTypes