Module dk.cloudcreate.essentials.components.foundation
Package dk.cloudcreate.essentials.components.foundation.postgresql

Class MultiTableChangeListener<T extends TableChangeNotification>

java.lang.Object
dk.cloudcreate.essentials.components.foundation.postgresql.MultiTableChangeListener<T>
All Implemented Interfaces:
Closeable, AutoCloseable
public final class MultiTableChangeListener<T extends TableChangeNotification> extends Object implements Closeable
Variant of ListenNotify.listen(Jdbi, String, Duration) that allows you to listen for notifications from multiple tables using a single polling thread Security It is the responsibility of the user of this component to sanitize any table or column names provided to methods in this class to ensure the security of all the SQL statements generated by this component. The ListenNotify/MultiTableChangeListener component will call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table/column names as a first line of defense.
The PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
However, Essentials components as well as PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that the tableName value is only derived from a controlled and trusted source.
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the table/column name values.
Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.

  • Constructor Details

    • MultiTableChangeListener

      public MultiTableChangeListener(org.jdbi.v3.core.Jdbi jdbi, Duration pollingInterval, JSONSerializer jsonSerializer, dk.cloudcreate.essentials.reactive.EventBus eventBus)

  • Method Details

    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable

    • getEventBus

      public dk.cloudcreate.essentials.reactive.EventBus getEventBus()

    • listenToNotificationsFor

      public MultiTableChangeListener listenToNotificationsFor(String tableName, Class<? extends T> tableNotificationType)
      Start listening for notifications related to changes to the given table
      Note: Remember to install the notification support, using ListenNotify.addChangeNotificationTriggerToTable(Handle, String, List, String...), prior to using this method
      Parameters:
      tableName - the name of the table to listen to for TableChangeNotification's

      Note:
      The tableName as well the result of ListenNotify.resolveTableChangeChannelName(String) will be directly used in constructing SQL statements through string concatenation, which exposes the component to SQL injection attacks.

      Security Note:
      It is the responsibility of the user of this component to sanitize the tableName to ensure the security of all the SQL statements generated by this component. The MultiTableChangeListener component will call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table name as a first line of defense.
      The PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
      However, Essentials components as well as PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
      The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
      Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
      Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.

      It is highly recommended that the tableName value is only derived from a controlled and trusted source.
      To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the tableName value.
      Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.
      tableNotificationType - the concrete type of TableChangeNotification that each ListenNotify.SqlOperation related change will result in
      Returns:
      this listener instance

    • unlistenToNotificationsFor

      public MultiTableChangeListener unlistenToNotificationsFor(String tableName)
      Stop listening for notifications related to changes to the given table
      Parameters:
      tableName - the name of the table to stop listen for TableChangeNotification's to

      Note:
      The tableName as well the result of ListenNotify.resolveTableChangeChannelName(String) will be directly used in constructing SQL statements through string concatenation, which exposes the component to SQL injection attacks.

      Security Note:
      It is the responsibility of the user of this component to sanitize the tableName to ensure the security of all the SQL statements generated by this component. The MultiTableChangeListener component will call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table name as a first line of defense.
      The PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
      However, Essentials components as well as PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
      The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
      Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
      Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.

      It is highly recommended that the tableName value is only derived from a controlled and trusted source.
      To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the tableName value.
      Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.
      Returns:
      this listener instance