Java bean validation alternatives to OWASP ESAPI

With OWASP demoting Java ESAPI from a flagship project and all of the discussion and uncertainty revolving around the library, I'd like to see what alternatives are available. I currently utilize ESAPI for input validation, HTML/JS/etc encoding and CSRF. I've looked around and found libraries such as OVal, Vlad and others, but have not found an inclusive library that handles the previous 3 items all-inclusive. I'd also like it to be externally "configurable" for the rules as well if possible (as ESAPI is).

Do you have any recommendations to handle Java input/bean validation, HTML/JS encoding and CSRF token utilization? Either open source or commercial.

Solution

If you are using some of the following web frameworks, Spring MVC, Grails, Struts 1, Struts 2, JSF, take a look to HDIV

You can see the differece between HDIV and ESAPI features at: Difference between HDIV and ESAPI

NoClassDefFoundError org/apache/poi/ss/usermodel/Workbook
Tinkerpop vertex property single cardinality is not working
What's the difference between ZonedDateTime and OffsetDateTime?
Error: The method add(Shape) in the type ArrayList<Shape> is not applicable for the arguments (Shape.Rectangle)
How do I save ArrayLists with different names in a while loop?
How to parse a BPMN file with Java?
IntelliJ - test configuration. How to configure once run for everyone?
Jasper Reports: JRBeanCollectionDataSource cannot be resolved to a type
What is a "static class" in Java?
Spring's @RequestParam with Enum
Do Java arrays have a maximum size?
How to automatically convert if-else if statement to switch
net.sf.jsqlparser.parser.ParseException: Encountered unexpected token: "@" "@"
Java: Making System.out.println() argument span multiple lines?
Identifier versus keyword
How can I multiply all the digits in an integer (between 000 & 1000 exclusive) without using control statements or loops?
Jackson deserialize generic class with field T as POJO or String array
Role-based authentication not working with Keycloak and Java Spring
Installing two apk using one apk
@KafkaHandler in the consumer doesn't consume the topic message as an object class, only as a string
map vs flatMap in reactor
Request Matcher not working to permit allowed path
Java - Sending an object that points to a BufferedImage through a Socket
does NewDirectByteBuffer create a copy in native code
Excel-like JTable Cell Editor, with an empty cell at edition start
Adding binary numbers
Java Spring API NoClassDefFoundError: javax/persistence/EntityManagerFactory
Leetcode - Find the student that will replace the chalk
UnsatisfiedDependencyException: Error creating bean with name
Is there a way to save multiple config files in a sub-folder of the plugin-folder (Spigot & Maven)