Class DefaultIntrusionDetector

  • All Implemented Interfaces:
    IntrusionDetector

    public class DefaultIntrusionDetector
    extends java.lang.Object
    implements IntrusionDetector
    Reference implementation of the IntrusionDetector interface. This implementation monitors EnterpriseSecurityExceptions to see if any user exceeds a configurable threshold in a configurable time period. For example, it can monitor to see if a user exceeds 10 input validation issues in a 1 minute period. Or if there are more than 3 authentication problems in a 10 second period. More complex implementations are certainly possible, such as one that establishes a baseline of expected behavior, and then detects deviations from that baseline. This implementation stores state in the user's session, so that it will be properly cleaned up when the session is terminated. State is not otherwise persisted, so attacks that span sessions will not be detectable.
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
    See Also:
    IntrusionDetector
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addEvent​(java.lang.String eventName, java.lang.String logMessage)
      Adds the event to the IntrusionDetector.
      void addException​(java.lang.Exception e)
      Adds the exception to the IntrusionDetector.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • DefaultIntrusionDetector

        public DefaultIntrusionDetector()
    • Method Detail

      • addException

        public void addException​(java.lang.Exception e)
        Adds the exception to the IntrusionDetector. This method should immediately log the exception so that developers throwing an IntrusionException do not have to remember to log every error. The implementation should store the exception somewhere for the current user in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing the current user's security exceptions. If the User has reached any security thresholds, the appropriate security action can be taken and logged.
        Specified by:
        addException in interface IntrusionDetector
        Parameters:
        e -
      • addEvent

        public void addEvent​(java.lang.String eventName,
                             java.lang.String logMessage)
                      throws IntrusionException
        Adds the event to the IntrusionDetector. This method should immediately log the event. The implementation should store the event somewhere for the current user in order to check if the User has reached the threshold for any Enterprise Security Exceptions. The User object is the recommended location for storing the current user's security event. If the User has reached any security thresholds, the appropriate security action can be taken and logged.
        Specified by:
        addEvent in interface IntrusionDetector
        Parameters:
        eventName - the event to add
        logMessage - the message to log with the event
        Throws:
        IntrusionException - the intrusion exception