More specifically, instead of putting FlowExecution objects in a server-side store this repository encodes them directly into the continuationId of a generated CompositeFlowExecutionKey . When asked to load a flow execution by its key, this repository decodes the serialized continuationId, restoring the FlowExecution object at the state it was when encoded.

Note: currently this repository implementation does not by default support conversation invalidation after completion, which enables automatic prevention of duplicate submission after a conversation is completed. Support for this requires tracking active conversations using a conversation service backed by some centralized storage medium like a database table.

Warning: storing state (a flow execution continuation) on the client entails a certain security risk. This implementation does not provide a secure way of storing state on the client, so a malicious client could reverse engineer a continuation and get access to possible sensitive data stored in the flow execution. If you need more security and still want to store continuations on the client, subclass this class and override the methods #encode(FlowExecution)) and decode(String) , implementing them with a secure encoding/decoding algorithm, e.g. based on public/private key encryption.

This class depends on the Jakarta Commons Codec library to do BASE64 encoding. Commons code must be available in the classpath when using this implementation.