Added base SecurityComponent interface that all controls should inherit from

Chris Schmidt · Chris Schmidt · commit b1c050d0c001 · 2013-11-17T12:57:00.000-07:00
diff --git a/src/main/java/org/owasp/esapi/core/SecurityComponent.java b/src/main/java/org/owasp/esapi/core/SecurityComponent.java
@@ -0,0 +1,18 @@
+package org.owasp.esapi.core;
+
+import java.util.UUID;
+
+/**
+ * This is the very basic interface that all Security Control implementations should implement. It is expected that each
+ * control/component will have a UUID associated with it so that locater services can locate the implementations based on
+ * some registry and to allow multiple instances of single components to exist within an application.
+ *
+ * @author Chris Schmidt (chris.schmidt@owasp.org) http://www.ContrastSecurity.com
+ */
+public interface SecurityComponent {
+    /**
+     * Returns the Unique Identifier for this component/control instance.
+     * @return Unique Identifier for this component/control instance
+     */
+    UUID getComponentID();
+}
diff --git a/src/main/java/org/owasp/esapi/core/accesscontrol/AccessController.java b/src/main/java/org/owasp/esapi/core/accesscontrol/AccessController.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi.core.accesscontrol;
 
+import org.owasp.esapi.core.SecurityComponent;
+
 /**
  * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
  * enforce access control. In most applications, access control must be performed in multiple different locations across
@@ -51,7 +53,7 @@
  * @author Jeff Williams (jeff.williams@aspectsecurity.com) ESAPI v0-1.5
  * @author Chris Schmidt (chris.schmidt@contrastsecurity.com) ESAPI v3.0
  */
-public interface AccessController {
+public interface AccessController extends SecurityComponent {
     /**
      * Developers should call isAuthorized to control execution flow. For
      * example, if you want to decide whether to display a UI widget in the
diff --git a/src/main/java/org/owasp/esapi/core/authentication/Authenticator.java b/src/main/java/org/owasp/esapi/core/authentication/Authenticator.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi.core.authentication;
 
+import org.owasp.esapi.core.SecurityComponent;
+
 /**
  * The Authenticator interface defines a set of methods for generating and
  * handling account credentials and session identifiers. The goal of this
@@ -13,6 +15,6 @@
  * @author Chris Schmidt (chris.schmidt@contrastsecurity.com)
  * @since June 1, 2007
  */
-public interface Authenticator {
+public interface Authenticator extends SecurityComponent {
 
 }
diff --git a/src/main/java/org/owasp/esapi/core/encoding/Encoder.java b/src/main/java/org/owasp/esapi/core/encoding/Encoder.java
@@ -1,5 +1,6 @@
 package org.owasp.esapi.core.encoding;
 
+import org.owasp.esapi.core.SecurityComponent;
 import org.owasp.esapi.core.validation.ValidationException;
 
 /**
@@ -9,7 +10,7 @@
  *
  * @author Chris Schmidt (chris.schmidt@owasp.org) http://www.ContrastSecurity.com
  */
-public interface Encoder {
+public interface Encoder extends SecurityComponent {
 
 
     /**
diff --git a/src/main/java/org/owasp/esapi/core/event/SecurityEventListener.java b/src/main/java/org/owasp/esapi/core/event/SecurityEventListener.java
@@ -1,7 +1,9 @@
 package org.owasp.esapi.core.event;
 
+import org.owasp.esapi.core.SecurityComponent;
+
 import java.util.EventListener;
 
-public interface SecurityEventListener extends EventListener {
+public interface SecurityEventListener extends EventListener, SecurityComponent {
     <T> void onSecurityEvent(SecurityEvent event, T eventContext);
 }
diff --git a/src/main/java/org/owasp/esapi/core/logging/SecurityLogger.java b/src/main/java/org/owasp/esapi/core/logging/SecurityLogger.java
@@ -1,5 +1,6 @@
 package org.owasp.esapi.core.logging;
 
+import org.owasp.esapi.core.SecurityComponent;
 import org.owasp.esapi.core.event.SecurityEvent;
 
 /**
@@ -14,7 +15,7 @@
  * logging event in addition to the event description which can be logged allowing filtering based off of Security Event
  * when parsing or reading Security logs.
  */
-public interface SecurityLogger {
+public interface SecurityLogger extends SecurityComponent {
     <T extends SecurityEvent> void audit(T event, String message, Object... parms);
     <T extends SecurityEvent> void audit(T event, Throwable t, String message, Object... parms);
 
diff --git a/src/main/java/org/owasp/esapi/core/validation/Validator.java b/src/main/java/org/owasp/esapi/core/validation/Validator.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi.core.validation;
 
+import org.owasp.esapi.core.SecurityComponent;
+
 /**
  * The Validator interface defines a set of methods for validating untrusted input. Validators can be
  * used to validate simple or complex data-types depending on the implementation.
@@ -14,7 +16,7 @@
  * @version 3.0
  */
 @SuppressWarnings("UnusedDeclaration")
-public interface Validator {
+public interface Validator extends SecurityComponent {
     /**
      * Validates the given input and throws a {@link ValidationException} if validation fails.
      *

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,9 @@`
`1`	`1`	`package org.owasp.esapi.core.event;`
`2`	`2`
	`3`	`+import org.owasp.esapi.core.SecurityComponent;`
	`4`	`+`
`3`	`5`	`import java.util.EventListener;`
`4`	`6`
`5`		`-public interface SecurityEventListener extends EventListener {`
	`7`	`+public interface SecurityEventListener extends EventListener, SecurityComponent {`
`6`	`8`	`<T> void onSecurityEvent(SecurityEvent event, T eventContext);`
`7`	`9`	`}`