This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new cab2a8e Post-review from kkolonko: fix typo in constant name, push
initialization down into subclass.
cab2a8e is described below
commit cab2a8eaf142e80aee92d287b464bf8540828b1a
Author: Christopher Schultz <[email protected]>
AuthorDate: Tue Nov 19 12:25:32 2019 -0500
Post-review from kkolonko: fix typo in constant name, push initialization
down into subclass.
---
java/org/apache/catalina/filters/Constants.java | 2 +-
.../apache/catalina/filters/CsrfPreventionFilter.java | 17 +++++++++++++++++
.../catalina/filters/CsrfPreventionFilterBase.java | 10 ----------
3 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/catalina/filters/Constants.java
b/java/org/apache/catalina/filters/Constants.java
index 87dd6c4..ab550b1 100644
--- a/java/org/apache/catalina/filters/Constants.java
+++ b/java/org/apache/catalina/filters/Constants.java
@@ -72,6 +72,6 @@ public final class Constants {
* The servlet context attribute key under which the
* CSRF REST header name can be found.
*/
- public static final String CSRF_REST_NONCE_HEDAER_NAME_KEY =
+ public static final String CSRF_REST_NONCE_HEADER_NAME_KEY =
"org.apache.catalina.filters.CSRF_REST_NONCE_HEADER_NAME";
}
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 369745b..8aace6b 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -24,6 +24,7 @@ import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -83,6 +84,22 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
}
@Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ // Set the parameters
+ super.init(filterConfig);
+
+ // Put the expected request parameter name into the application scope
+ filterConfig.getServletContext().setAttribute(
+ Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
+ Constants.CSRF_NONCE_REQUEST_PARAM);
+
+ // Put the expected request header name into the application scope
+ filterConfig.getServletContext().setAttribute(
+ Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
+ Constants.CSRF_REST_NONCE_HEADER_NAME);
+ }
+
+ @Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
b/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
index 8d401af..c0083f0 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
@@ -78,16 +78,6 @@ public abstract class CsrfPreventionFilterBase extends
FilterBase {
// Set the parameters
super.init(filterConfig);
- // Put the expected request parameter name into the application scope
- filterConfig.getServletContext().setAttribute(
- Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
- Constants.CSRF_NONCE_REQUEST_PARAM);
-
- // Put the expected request header name into the application scope
- filterConfig.getServletContext().setAttribute(
- Constants.CSRF_REST_NONCE_HEDAER_NAME_KEY,
- Constants.CSRF_REST_NONCE_HEADER_NAME);
-
try {
Class<?> clazz = Class.forName(randomClass);
randomSource = (Random) clazz.getConstructor().newInstance();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
