org.szegedi.spring.web.jsflow
Class JdbcFlowStateStorage
java.lang.Object
org.szegedi.spring.web.jsflow.support.FlowStateSerializer
org.szegedi.spring.web.jsflow.support.AbstractFlowStateStorage
org.szegedi.spring.web.jsflow.JdbcFlowStateStorage
- All Implemented Interfaces:
- org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationContextAware, FlowStateStorage
public class JdbcFlowStateStorage
- extends AbstractFlowStateStorage
A flow state storage that operates against a JDBC data source. The name of
the table and the columns are configurable, by default, it assumes one
autoincrementing, unique constrained, indexed column named "id", and one
column capable of storing a byte array (i.e. a BLOB) named "state" in a table
named "webflowstates". Additionally, a column named "random" is used to store
a nonunique but random 32-bit number. This makes it harder for attackers to
guess valid flowstate IDs. Note that no mechanism for purging "old" states is
provided. You need to write your own periodical task to delete the states
that are considered old. Adding a timestamp column to the table that defaults
to the time of insert is advised. I.e. a MySQL table definition would look
like
create table webflowstates (id bigint not null auto_increment, state blob
not null, random not null int, created timestamp default current_timestamp, primary key (id));
- Version:
- $Id: JdbcFlowStateStorage.java 38 2006-11-06 17:52:57Z szegedia $
- Author:
- Attila Szegedi
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JdbcFlowStateStorage
public JdbcFlowStateStorage()
setJdbcOperations
public void setJdbcOperations(org.springframework.jdbc.core.JdbcOperations jdbcOperations)
setIdColumnName
public void setIdColumnName(java.lang.String idColumnName)
setRandom
public void setRandom(java.util.Random random)
setRandomColumnName
public void setRandomColumnName(java.lang.String randomColumnName)
setStateColumnName
public void setStateColumnName(java.lang.String stateColumnName)
setTableName
public void setTableName(java.lang.String tableName)
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean- Overrides:
afterPropertiesSet in class FlowStateSerializer
- Throws:
java.lang.Exception
getSerializedState
protected byte[] getSerializedState(javax.servlet.http.HttpServletRequest request,
java.lang.String id)
throws java.lang.Exception
- Description copied from class:
AbstractFlowStateStorage
- Implement in subclasses to retrieve the serialized state.
- Specified by:
getSerializedState in class AbstractFlowStateStorage
- Parameters:
request - the HTTP request that triggered the retrieval. Can be used
to implement session-private storages for states.id - the id of the state
- Returns:
- the byte array representing the serialized state
- Throws:
java.lang.Exception
storeSerializedState
protected java.lang.String storeSerializedState(javax.servlet.http.HttpServletRequest request,
byte[] state)
throws java.lang.Exception
- Description copied from class:
AbstractFlowStateStorage
- Implement in subclasses to store the serialized state.
- Specified by:
storeSerializedState in class AbstractFlowStateStorage
- Parameters:
request - the HTTP request that triggered the store operation. Can
be used to implement session-private storages for states.state - byte array representing the serialized state
- Returns:
- the id of the state
- Throws:
java.lang.Exception