org.openid4java.consumer
Class JdbcNonceVerifier
java.lang.Object
org.springframework.dao.support.DaoSupport
org.springframework.jdbc.core.support.JdbcDaoSupport
org.openid4java.consumer.JdbcNonceVerifier
- All Implemented Interfaces:
- NonceVerifier, org.springframework.beans.factory.InitializingBean
public class JdbcNonceVerifier
- extends org.springframework.jdbc.core.support.JdbcDaoSupport
- implements NonceVerifier
JDBC implementation of a NonceVerifier.
The JdbcNonceVerifier requires a a javax.sql.DataSource to be configured
and passed in to it with the setDataSource setter method. The table name
also needs to be specified, either through the constructor, or through the
setTableName setter.
Since the nonces are constructed on the web server and not on the shared
database server, they may accidentally collide. Also, if the machines
clocks are out of sync, the nonces from the machine that is behind may be
removed prematurely from the database by the other machine.
The specified table must have the following structure:
- opurl : string
- nonce : string
- date : date
- primary key : opurl, nonce
- Author:
- Andrew Evenson, Graff Haley
Fields inherited from class org.springframework.dao.support.DaoSupport |
logger |
Method Summary |
int |
getMaxAge()
Returns the expiration timeout for nonces, in seconds. |
java.lang.String |
getTableName()
|
int |
seen(java.lang.String opUrl,
java.lang.String nonce)
Checks if a nonce was seen before. |
void |
setMaxAge(int ageSeconds)
Sets the expiration timeout for nonces, in seconds. |
void |
setTableName(java.lang.String tableName)
|
Methods inherited from class org.springframework.jdbc.core.support.JdbcDaoSupport |
checkDaoConfig, createJdbcTemplate, getConnection, getDataSource, getExceptionTranslator, getJdbcTemplate, initTemplateConfig, releaseConnection, setDataSource, setJdbcTemplate |
Methods inherited from class org.springframework.dao.support.DaoSupport |
afterPropertiesSet, initDao |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
_log
private static org.apache.commons.logging.Log _log
_verifier
private NonceVerifier _verifier
_tableName
private java.lang.String _tableName
_deleteSQL
private java.lang.String _deleteSQL
_insertSQL
private java.lang.String _insertSQL
JdbcNonceVerifier
public JdbcNonceVerifier(int maxAge)
JdbcNonceVerifier
public JdbcNonceVerifier(int maxAge,
java.lang.String tableName)
getMaxAge
public int getMaxAge()
- Description copied from interface:
NonceVerifier
- Returns the expiration timeout for nonces, in seconds.
- Specified by:
getMaxAge
in interface NonceVerifier
setMaxAge
public void setMaxAge(int ageSeconds)
- Description copied from interface:
NonceVerifier
- Sets the expiration timeout for nonces, in seconds.
- Specified by:
setMaxAge
in interface NonceVerifier
seen
public int seen(java.lang.String opUrl,
java.lang.String nonce)
- Description copied from interface:
NonceVerifier
- Checks if a nonce was seen before. It also checks if the time stamp at the beginning of the noce is valid.
Also, if old nonces are discarded the it should check if the time stamp for this noce is still valid.
- Specified by:
seen
in interface NonceVerifier
- Returns:
NonceVerifier.OK
only if this nonce has a valid time stamp, the time stamp did not age and the nonce was not
seen before.
getTableName
public java.lang.String getTableName()
setTableName
public void setTableName(java.lang.String tableName)
Copyright 2006-2008 Sxip Identity Corporation