org.openid4java.consumer
Class JdbcNonceVerifier

java.lang.Object
  extended by org.springframework.dao.support.DaoSupport
      extended by org.springframework.jdbc.core.support.JdbcDaoSupport
          extended by org.openid4java.consumer.JdbcNonceVerifier
All Implemented Interfaces:
NonceVerifier, org.springframework.beans.factory.InitializingBean

public class JdbcNonceVerifier
extends org.springframework.jdbc.core.support.JdbcDaoSupport
implements NonceVerifier

JDBC implementation of a NonceVerifier.

The JdbcNonceVerifier requires a a javax.sql.DataSource to be configured and passed in to it with the setDataSource setter method. The table name also needs to be specified, either through the constructor, or through the setTableName setter.

Since the nonces are constructed on the web server and not on the shared database server, they may accidentally collide. Also, if the machines clocks are out of sync, the nonces from the machine that is behind may be removed prematurely from the database by the other machine.

The specified table must have the following structure:

Author:
Andrew Evenson, Graff Haley

Nested Class Summary
private  class JdbcNonceVerifier.GenericNonceVerifier
           
 
Field Summary
private  java.lang.String _deleteSQL
           
private  java.lang.String _insertSQL
           
private static org.apache.commons.logging.Log _log
           
private  java.lang.String _tableName
           
private  NonceVerifier _verifier
           
 
Fields inherited from class org.springframework.dao.support.DaoSupport
logger
 
Fields inherited from interface org.openid4java.consumer.NonceVerifier
INVALID_TIMESTAMP, OK, SEEN, TOO_OLD
 
Constructor Summary
JdbcNonceVerifier(int maxAge)
           
JdbcNonceVerifier(int maxAge, java.lang.String tableName)
           
 
Method Summary
 int getMaxAge()
          Returns the expiration timeout for nonces, in seconds.
 java.lang.String getTableName()
           
 int seen(java.lang.String opUrl, java.lang.String nonce)
          Checks if a nonce was seen before.
 void setMaxAge(int ageSeconds)
          Sets the expiration timeout for nonces, in seconds.
 void setTableName(java.lang.String tableName)
           
 
Methods inherited from class org.springframework.jdbc.core.support.JdbcDaoSupport
checkDaoConfig, createJdbcTemplate, getConnection, getDataSource, getExceptionTranslator, getJdbcTemplate, initTemplateConfig, releaseConnection, setDataSource, setJdbcTemplate
 
Methods inherited from class org.springframework.dao.support.DaoSupport
afterPropertiesSet, initDao
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

_log

private static org.apache.commons.logging.Log _log

_verifier

private NonceVerifier _verifier

_tableName

private java.lang.String _tableName

_deleteSQL

private java.lang.String _deleteSQL

_insertSQL

private java.lang.String _insertSQL
Constructor Detail

JdbcNonceVerifier

public JdbcNonceVerifier(int maxAge)

JdbcNonceVerifier

public JdbcNonceVerifier(int maxAge,
                         java.lang.String tableName)
Method Detail

getMaxAge

public int getMaxAge()
Description copied from interface: NonceVerifier
Returns the expiration timeout for nonces, in seconds.

Specified by:
getMaxAge in interface NonceVerifier

setMaxAge

public void setMaxAge(int ageSeconds)
Description copied from interface: NonceVerifier
Sets the expiration timeout for nonces, in seconds.

Specified by:
setMaxAge in interface NonceVerifier

seen

public int seen(java.lang.String opUrl,
                java.lang.String nonce)
Description copied from interface: NonceVerifier
Checks if a nonce was seen before. It also checks if the time stamp at the beginning of the noce is valid. Also, if old nonces are discarded the it should check if the time stamp for this noce is still valid.

Specified by:
seen in interface NonceVerifier
Returns:
NonceVerifier.OK only if this nonce has a valid time stamp, the time stamp did not age and the nonce was not seen before.

getTableName

public java.lang.String getTableName()

setTableName

public void setTableName(java.lang.String tableName)


Copyright 2006-2008 Sxip Identity Corporation