JSP Parameter to Action Object Mapping Plugin

Overview

JSP Parameter to Action Object Mapping Plugin does this great thing. Here is also a short overview of what it does and why a developer would want to use it.

Many applications expose their internal object references to users. Attackers use parameter tampering to change references and violate the intended but unenforced access control policy. Frequently, these references point to file systems and databases, but any exposed application construct could be vulnerable.

The best protection is to avoid exposing direct object references to users by using an index, indirect reference map, or other indirect method that is easy to validate. If a direct object reference must be used, ensure that the user is authorized before using it.

• Avoid exposing your private object references to users whenever possible, such as primary keys or filenames
• Validate any private object references extensively with an "accept known good" approach
• Verify authorization to all referenced objects

So to avoid internal object implementation to end user, this plugin can be used.

Features

• Web Security constraint handled in this plugin for Direct Object reference attack

• Single HTML request parameter can be set in Action Object in multiple sub class object

Usage

Instructions how to use your plugin.

Example

This is a quick example of JSP Parameter to Action Object Mapping Plugin in action

You could also include screenshots by attaching the images to this page

Settings

The following settings can be customized. See the developer guide.

Installation

This plugin can be installed by copying the plugin jar into your application's /WEB-INF/lib directory. No other files need to be copied or created.

Resources

• Links to any other documentation or related products

Version History