Here's an example call where I'm validating the "to" address field:
validator.getValidInput("toAddress", it.next(), "Email", Email.MAX_ADDRESS_SIZE, true)
ESAPI assumes you're using an IDE or have access to the direct source. If you're using Eclipse, just mouse-hover over the method name, and the parameter types will be displayed.
===UPDATED===
Here's the rip directly from the javadoc:
/**
* Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
* and input that is clearly an attack will generate a descriptive IntrusionException.
*
* @param context
* A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
* @param input
* The actual user input data to validate.
* @param type
* The regular expression name that maps to the actual regular expression from "ESAPI.properties".
* @param maxLength
* The maximum post-canonicalized String length allowed.
* @param allowNull
* If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
*
* @return The canonicalized user input.
*
* @throws ValidationException
* @throws IntrusionException
*/