You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/08/11 23:34:11 UTC
svn commit: r1372031 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/catalina/filters/CsrfPreventionFilter.java
webapps/docs/changelog.xml
Author: kkolinko
Date: Sat Aug 11 21:34:11 2012
New Revision: 1372031
URL: http://svn.apache.org/viewvc?rev=1372031&view=rev
Log:
Fix conflict with CSRF protection filter and clustering. Cache needs to be serializable.
It is backport of r1083987 from 7.0.x
(markt)
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 11 21:34:11 2012
@@ -28,12 +28,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT:
[ start all new proposals below, under PATCHES PROPOSED. ]
-* Fix conflict with CSRF protection filter and clustering
- Cache needs to be serializable
- http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1083987&r2=1083986&pathrev=1083987
- +1: markt, kkolinko, rjung
- -1:
-
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java Sat Aug 11 21:34:11 2012
@@ -18,6 +18,7 @@
package org.apache.catalina.filters;
import java.io.IOException;
+import java.io.Serializable;
import java.security.SecureRandom;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -294,7 +295,9 @@ public class CsrfPreventionFilter extend
}
}
- private static class LruCache<T> {
+ protected static class LruCache<T> implements Serializable {
+
+ private static final long serialVersionUID = 1L;
// Although the internal implementation uses a Map, this cache
// implementation is only concerned with the keys.
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Aug 11 21:34:11 2012
@@ -174,6 +174,11 @@
<bug>53531</bug>: Fix ExpandWar.expand to check the return value of
File.mkdir and File.mkdirs. (schultz)
</fix>
+ <fix>
+ Make the CSRF nonce cache in <code>CsrfPreventionFilter</code>
+ serializable so that it can be replicated across a cluster and/or
+ persisted across Tomcat restarts. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org