GithubHelp home page GithubHelp logo

isabella232 / spring-webflow-client-repo Goto Github PK

View Code? Open in Web Editor NEW

This project forked from apereo/spring-webflow-client-repo

0.0 0.0 0.0 141 KB

Spring Webflow Client Repsitory, aka ClientContinuationFlowExecutionRepository for Spring Webflow 2.x.

License: Apache License 2.0

Shell 7.80% Java 92.20%

spring-webflow-client-repo's Introduction

Spring Webflow Client Repository Maven Central Mergify Status

This project provides a facility for storing flow execution state on the client in Spring Webflow 2.x. Flow state is stored as an encoded byte stream in the flow execution identifier provided to the client when rendering a view. It effectively provides a replacement for ClientContinuationFlowExecutionRepository that was available for Spring Webflow 1.x, but with the following notable improvements:

  • Support for conversation management (e.g. flow scope)
  • Encryption of encoded flow state to prevent tampering by malicious clients

Building Build Status

mvn clean install

Integration

Add spring-webflow-client-repo to your application:

<dependency>
    <groupId>org.apereo</groupId>
    <artifactId>spring-webflow-client-repo</artifactId>
    <version>1.0.3</version>
</dependency>

Usage

ClientFlowExecutionRepository is the core component for proving for client side flow state storage. The following configuration snippet demonstrates how to wire up the component in a Webflow project:

<bean name="flowExecutor" class="org.springframework.webflow.executor.FlowExecutorImpl">
  <constructor-arg ref="flowRegistry" />
  <constructor-arg ref="flowExecutionFactory" />
  <constructor-arg ref="flowExecutionRepository" />
</bean>

<webflow:flow-registry id="flowRegistry">
  <webflow:flow-location path="test-flow.xml" id="test"/>
</webflow:flow-registry>

<bean name="flowExecutionFactory" class="org.springframework.webflow.engine.impl.FlowExecutionImplFactory"
      p:executionKeyFactory-ref="flowExecutionRepository"
      p:executionListenerLoader-ref="listenerLoader"/>

<bean id="flowExecutionRepository" class="org.apereo.spring.webflow.plugin.ClientFlowExecutionRepository">
  <constructor-arg ref="flowExecutionFactory" />
  <constructor-arg ref="flowRegistry" />
  <constructor-arg ref="transcoder" />
</bean>

<bean id="listenerLoader" class="org.springframework.webflow.execution.factory.StaticFlowExecutionListenerLoader">
  <constructor-arg>
    <list>
      <!--
      <ref bean="firstExecutionListener" />
      <ref bean="secondExecutionListener" />
      <ref bean="thirdExecutionListener" />
      -->
    </list>
  </constructor-arg>
</bean>

<bean id="transcoder" class="org.apereo.spring.webflow.plugin.EncryptedTranscoder"
      p:compression="true" />

Requirements

Since the flow state is maintained in the flow execution identifier, the execution parameter MUST be stored in the response rendered to the client as either a request parameter or hidden form parameter. When rendering a form for user input, a hidden parameter is convenient:

<form:form modelAttribute="command" action="action.html">
  <input type="hidden" name="execution" value="${flowExecutionKey}" />

  <fieldset>
    ... 
    <div class="button">
      <input type="submit" id="save" name="_eventId_save" value="save"/>
      <input type="submit" name="_eventId_cancel" value="cancel"/>
    </div>
  </fieldset>
</form:form>

Security

Since the server is providing data to the client for which the server is the authority, the state MUST be validated when it is returned to the server after a round trip. There are two obvious strategies:

  1. Symmetric encryption using a key known exclusively to the server.
  2. Attaching a digital signature to the state that is verfied on post.

This project provides an implementation using symmetric encryption since it is simpler to implement and has the desirable property of hiding state details from the client. The Transcoder component provides a straightforward extension point to implement other encoding mechanisms.

spring-webflow-client-repo's People

Contributors

dependabot-preview[bot] avatar mergify[bot] avatar mmoayyed avatar serac avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.