Module dk.cloudcreate.essentials.components.queue.postgresql
Package dk.cloudcreate.essentials.components.queue.postgresql

Class PostgresqlDurableQueuesBuilder

java.lang.Object
dk.cloudcreate.essentials.components.queue.postgresql.PostgresqlDurableQueuesBuilder
public final class PostgresqlDurableQueuesBuilder extends Object
Security
It is the responsibility of the user of this component to sanitize the setSharedQueueTableName(String) to ensure the security of all the SQL statements generated by this component. The PostgresqlDurableQueues component will call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table name as a first line of defense.
The PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
However, Essentials components as well as PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.

It is highly recommended that the sharedQueueTableName value is only derived from a controlled and trusted source.
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the sharedQueueTableName value.
Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.

  • Constructor Details

    • PostgresqlDurableQueuesBuilder

      public PostgresqlDurableQueuesBuilder()

  • Method Details

    • setUnitOfWorkFactory

      public PostgresqlDurableQueuesBuilder setUnitOfWorkFactory(dk.cloudcreate.essentials.components.foundation.transaction.jdbi.HandleAwareUnitOfWorkFactory<? extends dk.cloudcreate.essentials.components.foundation.transaction.jdbi.HandleAwareUnitOfWork> unitOfWorkFactory)
      Parameters:
      unitOfWorkFactory - the UnitOfWorkFactory needed to access the database
      Returns:
      this builder instance

    • setJsonSerializer

      public PostgresqlDurableQueuesBuilder setJsonSerializer(dk.cloudcreate.essentials.components.foundation.json.JSONSerializer jsonSerializer)
      Parameters:
      jsonSerializer - Set the JSONSerializer that is used to serialize/deserialize message payloads.
      If not set, then JacksonJSONSerializer with the PostgresqlDurableQueues.createDefaultObjectMapper() will be used
      Returns:
      this builder instance

    • setSharedQueueTableName

      public PostgresqlDurableQueuesBuilder setSharedQueueTableName(String sharedQueueTableName)
      Parameters:
      sharedQueueTableName - the name of the table that will contain all messages (across all QueueName's)
      Default is PostgresqlDurableQueues.DEFAULT_DURABLE_QUEUES_TABLE_NAME
      Note:
      To support customization of storage table name, the sharedQueueTableName will be directly used in constructing SQL statements through string concatenation, which exposes the component to SQL injection attacks.

      Security Note:
      It is the responsibility of the user of this component to sanitize the sharedQueueTableName to ensure the security of all the SQL statements generated by this component. The PostgresqlDurableQueues component will call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table name as a first line of defense.
      The PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
      However, Essentials components as well as PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
      The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
      Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
      Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.

      It is highly recommended that the sharedQueueTableName value is only derived from a controlled and trusted source.
      To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the sharedQueueTableName value.
      Failure to adequately sanitize and validate this value could expose the application to SQL injection vulnerabilities, compromising the security and integrity of the database.
      Returns:
      this builder instance

    • setMultiTableChangeListener

      public PostgresqlDurableQueuesBuilder setMultiTableChangeListener(dk.cloudcreate.essentials.components.foundation.postgresql.MultiTableChangeListener<dk.cloudcreate.essentials.components.foundation.postgresql.TableChangeNotification> multiTableChangeListener)
      Parameters:
      multiTableChangeListener - optional MultiTableChangeListener that allows PostgresqlDurableQueues to use QueuePollingOptimizer
      Returns:
      this builder instance

    • setQueuePollingOptimizerFactory

      public PostgresqlDurableQueuesBuilder setQueuePollingOptimizerFactory(Function<dk.cloudcreate.essentials.components.foundation.messaging.queue.operations.ConsumeFromQueue,dk.cloudcreate.essentials.components.foundation.messaging.queue.QueuePollingOptimizer> queuePollingOptimizerFactory)
      Parameters:
      queuePollingOptimizerFactory - optional QueuePollingOptimizer factory that creates a QueuePollingOptimizer per ConsumeFromQueue command - if set to null PostgresqlDurableQueues.createQueuePollingOptimizerFor(ConsumeFromQueue) is used instead
      Returns:
      this builder instance

    • setMessageHandlingTimeout

      public PostgresqlDurableQueuesBuilder setMessageHandlingTimeout(Duration messageHandlingTimeout)
      Parameters:
      messageHandlingTimeout - Only required if transactionalMode is TransactionalMode.SingleOperationTransaction.
      The parameter defines the timeout for messages being delivered, but haven't yet been acknowledged. After this timeout the message delivery will be reset and the message will again be a candidate for delivery
      Default is 30 seconds
      Returns:
      this builder instance

    • setTransactionalMode

      public PostgresqlDurableQueuesBuilder setTransactionalMode(dk.cloudcreate.essentials.components.foundation.messaging.queue.TransactionalMode transactionalMode)
      Parameters:
      transactionalMode - The TransactionalMode for this DurableQueues instance. If set to TransactionalMode.SingleOperationTransaction then the consumer MUST call the DurableQueues.acknowledgeMessageAsHandled(AcknowledgeMessageAsHandled) explicitly in a new UnitOfWork
      Note: The default consumer calls DurableQueues.acknowledgeMessageAsHandled(AcknowledgeMessageAsHandled) after successful message handling Default value TransactionalMode.SingleOperationTransaction
      Returns:
      this builder instance

    • build

      public PostgresqlDurableQueues build()