Class MultiTableChangeListener<T extends TableChangeNotification>
java.lang.Object
dk.cloudcreate.essentials.components.foundation.postgresql.MultiTableChangeListener<T>
- All Implemented Interfaces:
Closeable,AutoCloseable
public final class MultiTableChangeListener<T extends TableChangeNotification>
extends Object
implements Closeable
Variant of
The
However, Essentials components as well as
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that the
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the table/column name values.
Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.
ListenNotify.listen(Jdbi, String, Duration) that allows you to listen for notifications from multiple tables using a single polling thread
Security
It is the responsibility of the user of this component to sanitize any table or column names provided to methods in this class
to ensure the security of all the SQL statements generated by this component. The ListenNotify/MultiTableChangeListener component will
call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table/column names as a first line of defense.The
PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.However, Essentials components as well as
PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that the
tableName value is only derived from a controlled and trusted source.To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the table/column name values.
Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.
-
Constructor Summary
ConstructorsConstructorDescriptionMultiTableChangeListener(org.jdbi.v3.core.Jdbi jdbi, Duration pollingInterval, JSONSerializer jsonSerializer, dk.cloudcreate.essentials.reactive.EventBus eventBus, boolean filterDuplicateNotifications) -
Method Summary
Modifier and TypeMethodDescriptionbooleanAdds a customNotificationDuplicationFilterto the filter chain as the very first (highest priority).
TheNotificationDuplicationFilter's are used to extract unique keys from theNotification.getParameter()JSON content.
The key extracted fromNotificationDuplicationFilter.extractDuplicationKey(JsonNode)will be used insideMultiTableChangeListenerfor duplication checks across allNotification's returned in one poll.
If an emptyOptionalis returned then the given notification won't be deduplicated.
If two or moreNotification's in a given poll batch share the same duplication key, ANDisFilterDuplicateNotifications()is true, then only one of them will be published to the listeners registered with theMultiTableChangeListener
Note: Only a single instance of a particularNotificationDuplicationFilter, determined by callingObject.equals(Object)on the filters.booleanAdds a customNotificationDuplicationFilterto the filter chain as the very last (lowest priority).
TheNotificationDuplicationFilter's are used to extract unique keys from theNotification.getParameter()JSON content.
The key extracted fromNotificationDuplicationFilter.extractDuplicationKey(JsonNode)will be used insideMultiTableChangeListenerfor duplication checks across allNotification's returned in one poll.
If an emptyOptionalis returned then the given notification won't be deduplicated.
If two or moreNotification's in a given poll batch share the same duplication key, ANDisFilterDuplicateNotifications()is true, then only one of them will be published to the listeners registered with theMultiTableChangeListener
Note: Only a single instance of a particularNotificationDuplicationFilter, determined by callingObject.equals(Object)on the filters.voidclose()dk.cloudcreate.essentials.reactive.EventBusbooleanlistenToNotificationsFor(String tableName, Class<? extends T> tableNotificationType) Start listening for notifications related to changes to the given table
Note: Remember to install the notification support, usingListenNotify.addChangeNotificationTriggerToTable(Handle, String, List, String...), prior to using this methodvoidRemoves a customNotificationDuplicationFilterfrom the filter chain.unlistenToNotificationsFor(String tableName) Stop listening for notifications related to changes to the given table
-
Constructor Details
-
MultiTableChangeListener
public MultiTableChangeListener(org.jdbi.v3.core.Jdbi jdbi, Duration pollingInterval, JSONSerializer jsonSerializer, dk.cloudcreate.essentials.reactive.EventBus eventBus, boolean filterDuplicateNotifications)
-
-
Method Details
-
close
public void close()- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable
-
isFilterDuplicateNotifications
public boolean isFilterDuplicateNotifications() -
getEventBus
public dk.cloudcreate.essentials.reactive.EventBus getEventBus() -
removeDuplicationFilter
Removes a customNotificationDuplicationFilterfrom the filter chain.- Parameters:
filter- the filter to be added to the chain
-
addDuplicationFilterAsFirst
Adds a customNotificationDuplicationFilterto the filter chain as the very first (highest priority).
TheNotificationDuplicationFilter's are used to extract unique keys from theNotification.getParameter()JSON content.
The key extracted fromNotificationDuplicationFilter.extractDuplicationKey(JsonNode)will be used insideMultiTableChangeListenerfor duplication checks across allNotification's returned in one poll.
If an emptyOptionalis returned then the given notification won't be deduplicated.
If two or moreNotification's in a given poll batch share the same duplication key, ANDisFilterDuplicateNotifications()is true, then only one of them will be published to the listeners registered with theMultiTableChangeListener
Note: Only a single instance of a particularNotificationDuplicationFilter, determined by callingObject.equals(Object)on the filters.- Parameters:
filter- the filter to be added to the chain- Returns:
- true if the filter was added as the first, otherwise false (e.g. the filter was already added)
-
addDuplicationFilterAsLast
Adds a customNotificationDuplicationFilterto the filter chain as the very last (lowest priority).
TheNotificationDuplicationFilter's are used to extract unique keys from theNotification.getParameter()JSON content.
The key extracted fromNotificationDuplicationFilter.extractDuplicationKey(JsonNode)will be used insideMultiTableChangeListenerfor duplication checks across allNotification's returned in one poll.
If an emptyOptionalis returned then the given notification won't be deduplicated.
If two or moreNotification's in a given poll batch share the same duplication key, ANDisFilterDuplicateNotifications()is true, then only one of them will be published to the listeners registered with theMultiTableChangeListener
Note: Only a single instance of a particularNotificationDuplicationFilter, determined by callingObject.equals(Object)on the filters.- Parameters:
filter- the filter to be added to the chain- Returns:
- true if the filter was added as the last, otherwise false (e.g. the filter was already added)
-
listenToNotificationsFor
public MultiTableChangeListener listenToNotificationsFor(String tableName, Class<? extends T> tableNotificationType) Start listening for notifications related to changes to the given table
Note: Remember to install the notification support, usingListenNotify.addChangeNotificationTriggerToTable(Handle, String, List, String...), prior to using this method- Parameters:
tableName- the name of the table to listen to forTableChangeNotification's
Note:
ThetableNameas well the result ofListenNotify.resolveTableChangeChannelName(String)will be directly used in constructing SQL statements through string concatenation, which exposes the component to SQL injection attacks.
Security Note:
It is the responsibility of the user of this component to sanitize thetableNameto ensure the security of all the SQL statements generated by this component. TheMultiTableChangeListenercomponent will call thePostgresqlUtil.checkIsValidTableOrColumnName(String)method to validate the table name as a first line of defense.
ThePostgresqlUtil.checkIsValidTableOrColumnName(String)provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
However, Essentials components as well asPostgresqlUtil.checkIsValidTableOrColumnName(String)does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that thetableNamevalue is only derived from a controlled and trusted source.
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide thetableNamevalue.
Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.tableNotificationType- the concrete type ofTableChangeNotificationthat eachListenNotify.SqlOperationrelated change will result in- Returns:
- this listener instance
-
unlistenToNotificationsFor
Stop listening for notifications related to changes to the given table- Parameters:
tableName- the name of the table to stop listen forTableChangeNotification's to
Note:
ThetableNameas well the result ofListenNotify.resolveTableChangeChannelName(String)will be directly used in constructing SQL statements through string concatenation, which exposes the component to SQL injection attacks.
Security Note:
It is the responsibility of the user of this component to sanitize thetableNameto ensure the security of all the SQL statements generated by this component. TheMultiTableChangeListenercomponent will call thePostgresqlUtil.checkIsValidTableOrColumnName(String)method to validate the table name as a first line of defense.
ThePostgresqlUtil.checkIsValidTableOrColumnName(String)provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
However, Essentials components as well asPostgresqlUtil.checkIsValidTableOrColumnName(String)does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that thetableNamevalue is only derived from a controlled and trusted source.
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide thetableNamevalue.
Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.- Returns:
- this listener instance
-