Skip to content

Commit fb8a1a4

Browse files
dschadowdschadow
committed
Improved Hibernate session factory creation and handling
1 parent fcfb5a2 commit fb8a1a4

File tree

8 files changed

+31
-99
lines changed

8 files changed

+31
-99
lines changed

Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/daos/HibernateUtil.java

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -19,24 +19,24 @@
1919

2020
import org.hibernate.SessionFactory;
2121
import org.hibernate.cfg.Configuration;
22-
import org.hibernate.service.ServiceRegistry;
23-
import org.hibernate.service.ServiceRegistryBuilder;
2422

2523
/**
2624
* @author Dominik Schadow
2725
*/
2826
public class HibernateUtil {
27+
private static SessionFactory sessionFactory;
28+
2929
/**
3030
* Util class, no constructor required.
3131
*/
3232
private HibernateUtil() {
3333
}
3434

3535
public static SessionFactory getSessionFactory() {
36-
Configuration configuration = new Configuration();
37-
configuration.configure();
38-
ServiceRegistry serviceRegistry = new ServiceRegistryBuilder().applySettings(configuration.getProperties())
39-
.buildServiceRegistry();
40-
return configuration.buildSessionFactory(serviceRegistry);
36+
if (sessionFactory == null) {
37+
sessionFactory = new Configuration().configure().buildSessionFactory();
38+
}
39+
40+
return sessionFactory;
4141
}
4242
}

Ch07_XSS/src/main/java/de/dominikschadow/webappsecurity/domain/Customer.java

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -21,22 +21,19 @@
2121
import javax.persistence.GeneratedValue;
2222
import javax.persistence.GenerationType;
2323
import javax.persistence.Id;
24-
import java.io.Serializable;
2524

2625
/**
2726
* @author Dominik Schadow
2827
*/
2928
@Entity
30-
public class Customer implements Serializable {
31-
private static final long serialVersionUID = -7895805439708336685L;
32-
29+
public class Customer {
3330
@Id
3431
@GeneratedValue(strategy = GenerationType.AUTO)
3532
private int custId;
3633
private String name;
3734
private String status;
3835
private int orderLimit;
39-
private String comment;
36+
private String hint;
4037

4138
public int getCustId() {
4239
return custId;
@@ -70,12 +67,12 @@ public void setOrderLimit(int orderLimit) {
7067
this.orderLimit = orderLimit;
7168
}
7269

73-
public String getComment() {
74-
return comment;
70+
public String getHint() {
71+
return hint;
7572
}
7673

77-
public void setComment(String comment) {
78-
this.comment = comment;
74+
public void setHint(String hint) {
75+
this.hint = hint;
7976
}
8077

8178
@Override
@@ -85,7 +82,7 @@ public String toString() {
8582
customer.append(", Name ").append(name);
8683
customer.append(", Status ").append(status);
8784
customer.append(", Order Limit ").append(orderLimit);
88-
customer.append(", Comment ").append(comment);
85+
customer.append(", Hint ").append(hint);
8986

9087
return customer.toString();
9188
}

Ch07_XSS/src/main/resources/Customer.hbm.xml

Lines changed: 0 additions & 15 deletions
This file was deleted.

Ch07_XSS/src/main/resources/context.xml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
<?xml version='1.0' encoding='utf-8'?>
22
<Context useHttpOnly="false">
3-
3+
<Resource name="xssDS" auth="Container" type="javax.sql.DataSource"
4+
maxActive="100" maxIdle="30" maxWait="10000"
5+
username="sa" password="sa" driverClassName="org.h2.Driver"
6+
url="jdbc:h2:mem:xss"/>
47
</Context>

Ch07_XSS/src/main/resources/customerDB.properties

Lines changed: 0 additions & 4 deletions
This file was deleted.

Ch07_XSS/src/main/resources/customerDB.script

Lines changed: 0 additions & 54 deletions
This file was deleted.

Ch07_XSS/src/main/resources/hibernate.cfg.xml

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,11 @@
44
"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
55
<hibernate-configuration>
66
<session-factory>
7-
<property name="connection.driver_class">org.hsqldb.jdbcDriver</property>
8-
<property name="connection.url">jdbc:hsqldb:res:/customerDB</property>
9-
<property name="connection.username">sa</property>
10-
<property name="connection.password"></property>
11-
<property name="dialect">org.hibernate.dialect.HSQLDialect</property>
12-
<property name="hbm2ddl.auto">update</property>
13-
<property name="show_sql">true</property>
14-
<mapping resource="Customer.hbm.xml"/>
7+
<property name="hibernate.dialect">org.hibernate.dialect.H2Dialect</property>
8+
<property name="hibernate.connection.datasource">java:comp/env/xssDS</property>
9+
<property name="hibernate.hbm2ddl.auto">create-drop</property>
10+
<property name="show_sql">false</property>
11+
<mapping package="de.dominikschadow.webappsecurity.domain"/>
12+
<mapping class="de.dominikschadow.webappsecurity.domain.Customer"/>
1513
</session-factory>
1614
</hibernate-configuration>

Ch07_XSS/src/main/resources/import.sql

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1001, 'Arthur Dent', 'A', 10000, '');
2+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1003, 'Tricia Trillian McMillan', 'C', 1000, '');
3+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1004, 'Zaphod Beeblebrox', 'D', 500, 'President of the Galaxy');
4+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1005, 'Marvin', 'A', 100000, 'Depressive');
5+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1006, 'Slartibartfast', 'D', 100, '42');
6+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1007, 'Stored XSS', 'X', 9999, '<script>alert("Stored XSS - Session ID: " + document.cookie)</script>');
7+
INSERT INTO CUSTOMER (CUSTID, NAME, STATUS, ORDERLIMIT, HINT) VALUES (1002, 'Ford Prefect', 'B', 5000, '');

0 commit comments

Comments
 (0)