Comments (2)
spring-operator
commented on September 13, 2024
Chris Wood commented
I've come across this issue before, and come up with a good (albeit slightly hacky) solution. Much of the bulk of the java serialization data is made up of class descriptors. Since we're only ever saving the data between requests, there's no chance that the class will change.
My solution is to firstly write a list of 'known classes' to an ObjectOutputStream, then reflect on the object that you're writing and find all the class types that will get written to the stream and write the classes, then flush the stream and take note of the stream length, and then finally write the object and close the stream.
Into a second output buffer with gzip compression write all the names of the classes that were found on introspection as UTF-8, followed by the trailing end of the OOS buffer from above.
On reconstitution prepare a new OOS buffer, write the known classes, and then read the list of found classes from the beginning of the data and write these, then flush the stream and append the rest of the data.
This works quite well, compressing a ~2000 char serialized state (~1000 when gzipped) down to only 300 chars. It works because all the subsequent references to a class already serialized gets written as a back reference in the stream, and so emits only 8 bytes rather than a much larger number.
Another thing I've done is to (optionaly) checksum the resulting data. I applied this checksum to the result of the above process, realy that is not the best time to do the checksum, it would be better to checksum the first OOS and then write the checksum on that because that would protect against the class definition changing.
I'll attach the relivant classes.
from spring-webflow.
spring-operator
commented on September 13, 2024
Chris Wood commented
NB: I'd advise against putting this data in the request URL. Different browsers handle different maximum lengths, and you never know when the data might just get a bit too long
from spring-webflow.
Related Issues (20)
- Spring Faces migration to Jakarta EE HOT 7
- Update JSF samples to Jakarta EE HOT 1
- How accept a enum value in post method? HOT 1
- No documentation published yet for SWF 3.0.0 GA HOT 6
- Running with Framework 6.2.0-SNAPSHOT gives NoSuchMethodException for parameterless action HOT 1
- Is Spring Webflow worth using? Seems dead... HOT 5
- Springboot Version 2.5.12 [SWF-1754] HOT 1
- spring ws security vulnerability [SWF-1758] HOT 1
- It is not possible to store a flow's messages external to the app's jar [SWF-1747]
- Not possible to find out how to change the location of the message bundle used by a flow [SWF-1748] HOT 1
- SWF makes JSF's ViewState lose CSRF token characteristics [SWF-1749]
- Plans to port to Jakarta EE 9? [SWF-1750] HOT 1
- Spring boot microservice not falling back to default [SWF-1751] HOT 1
- Spring does not Throw Exception if duplicate property [SWF-1752] HOT 1
- Redundant default security when spring-security-core in the classpath [SWF-1753] HOT 2
- Spring rsocket not works properly in request Channel mode from version 2.5 of the spring framework onwards [SWF-1755] HOT 1
- Loading document with Map<String,Object> as one of field giving Basic type must not be null! [SWF-1756] HOT 1
- Compatibility with Spring Framework 6, Java 17, and Jakarta EE [SWF-1757] HOT 3
- Spring Data Redis -2.7.3 [SWF-1759] HOT 1
- Maximum cursor exceeds ORA-01000: maximum open cursors exceeded [SWF-1760] HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-webflow.