In some Oracle Commerce Platform applications, you might want to generate IDs that, for security purposes, cannot be easily guessed. For example, Core Commerce generates IDs for a gift certificates. The ObfuscatedSQLIdGenerator obfuscates the generated IDs in two ways. First, for a given batch of reserved IDs, it gives out only a few IDs. Second, IDs can be optionally hex encoded when being used as String IDs. Both the String and long IDs generated use a pseudo-random number generator to get a long ID from the current batch of IDs. In addition to not giving out the same ID twice, this implementation is not given out adjacent long IDs (or String IDs that come from adjacent long IDs).

The IdSpace properties batchSize and idsPerBatch are used in conjunction. The batchSize property works as in the SQLIdGenerator. The idsPerBatch property is the maximum number of IDs that are given out in any given batch.

It is strongly recommended that idsPerBatch be less than 1 percent of the batchSize. This is both for security and performance. For security, a sparse—that is, less dense—ID space makes it harder to guess IDs. Because this implementation does not give out adjacent IDs, it might be forced to do more work to find suitable IDs if the ID space is too dense. This implementation does not allow an ID space to be added that is denser than 10 percent. That is, idsPerBatch divided by batchSize must be less than 0.1. Always set these two properties together to maintain the 1 percent density goal.

The recommended values for batchSize and idsPerBatch are 100000 and 997, respectively. These numbers are not magic: 100000 is the default batch size, while 997 is a prime number that is slightly less than 1 percent of the batch size.