You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2019/11/19 17:26:22 UTC
[tomcat] branch master updated: Post-review from kkolonko: fix typo
in constant name, push initialization down into subclass.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new cab2a8e Post-review from kkolonko: fix typo in constant name, push initialization down into subclass.
cab2a8e is described below
commit cab2a8eaf142e80aee92d287b464bf8540828b1a
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Tue Nov 19 12:25:32 2019 -0500
Post-review from kkolonko: fix typo in constant name, push initialization down into subclass.
---
java/org/apache/catalina/filters/Constants.java | 2 +-
.../apache/catalina/filters/CsrfPreventionFilter.java | 17 +++++++++++++++++
.../catalina/filters/CsrfPreventionFilterBase.java | 10 ----------
3 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/catalina/filters/Constants.java b/java/org/apache/catalina/filters/Constants.java
index 87dd6c4..ab550b1 100644
--- a/java/org/apache/catalina/filters/Constants.java
+++ b/java/org/apache/catalina/filters/Constants.java
@@ -72,6 +72,6 @@ public final class Constants {
* The servlet context attribute key under which the
* CSRF REST header name can be found.
*/
- public static final String CSRF_REST_NONCE_HEDAER_NAME_KEY =
+ public static final String CSRF_REST_NONCE_HEADER_NAME_KEY =
"org.apache.catalina.filters.CSRF_REST_NONCE_HEADER_NAME";
}
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 369745b..8aace6b 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -24,6 +24,7 @@ import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -83,6 +84,22 @@ public class CsrfPreventionFilter extends CsrfPreventionFilterBase {
}
@Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ // Set the parameters
+ super.init(filterConfig);
+
+ // Put the expected request parameter name into the application scope
+ filterConfig.getServletContext().setAttribute(
+ Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
+ Constants.CSRF_NONCE_REQUEST_PARAM);
+
+ // Put the expected request header name into the application scope
+ filterConfig.getServletContext().setAttribute(
+ Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
+ Constants.CSRF_REST_NONCE_HEADER_NAME);
+ }
+
+ @Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java b/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
index 8d401af..c0083f0 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
@@ -78,16 +78,6 @@ public abstract class CsrfPreventionFilterBase extends FilterBase {
// Set the parameters
super.init(filterConfig);
- // Put the expected request parameter name into the application scope
- filterConfig.getServletContext().setAttribute(
- Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
- Constants.CSRF_NONCE_REQUEST_PARAM);
-
- // Put the expected request header name into the application scope
- filterConfig.getServletContext().setAttribute(
- Constants.CSRF_REST_NONCE_HEDAER_NAME_KEY,
- Constants.CSRF_REST_NONCE_HEADER_NAME);
-
try {
Class<?> clazz = Class.forName(randomClass);
randomSource = (Random) clazz.getConstructor().newInstance();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org