public class JdbcNonceVerifier extends org.springframework.jdbc.core.support.JdbcDaoSupport implements NonceVerifier
The JdbcNonceVerifier requires a a javax.sql.DataSource to be configured and passed in to it with the setDataSource setter method. The table name also needs to be specified, either through the constructor, or through the setTableName setter.
Since the nonces are constructed on the web server and not on the shared database server, they may accidentally collide. Also, if the machines clocks are out of sync, the nonces from the machine that is behind may be removed prematurely from the database by the other machine.
The specified table must have the following structure:
INVALID_TIMESTAMP, OK, SEEN, TOO_OLD
Constructor and Description |
---|
JdbcNonceVerifier(int maxAge) |
JdbcNonceVerifier(int maxAge,
String tableName) |
Modifier and Type | Method and Description |
---|---|
int |
getMaxAge()
Returns the expiration timeout for nonces, in seconds.
|
String |
getTableName() |
int |
seen(String opUrl,
String nonce)
Checks if a nonce was seen before.
|
void |
setMaxAge(int ageSeconds)
Sets the expiration timeout for nonces, in seconds.
|
void |
setTableName(String tableName) |
public JdbcNonceVerifier(int maxAge)
public JdbcNonceVerifier(int maxAge, String tableName)
public int getMaxAge()
NonceVerifier
getMaxAge
in interface NonceVerifier
public void setMaxAge(int ageSeconds)
NonceVerifier
setMaxAge
in interface NonceVerifier
public int seen(String opUrl, String nonce)
NonceVerifier
seen
in interface NonceVerifier
NonceVerifier.OK
only if this nonce has a valid time stamp, the time stamp did not age and the nonce was not
seen before.public String getTableName()
public void setTableName(String tableName)
Copyright © 2018 Sxip. All rights reserved.