https://bz.apache.org/bugzilla/show_bug.cgi?id=65853
--- Comment #17 from Marvin Fröhlich <apa...@froehlich-mail.net> ---
(In reply to Mark Thomas from comment #16)
> Done.
Thanks a lot.
(In reply to Mark Thomas from comment #16)
> Do you mean there is no need to call createNoneCache() since that is what
> happens in lines 166-180?
> I think it is sufficient to make the test at line 166
> if (nonceCache == null && !skipNonceGeneration(req))
>
> If skipNonceCheck(req) is false and nonceCache is null the method will have
> already exited so there is no need to check it at line 166.
I see, I wasn't clear enough.
I suggest this code for current 123-125:
##########################
boolean skipNonceCheck = skipNonceCheck(req);
boolean skipNonceGeneration = skipNonceGeneration(req);
NonceCache<String> nonceCache = ((session == null) || (skipNonceCheck &&
skipNonceGeneration)) ? null : getNonceCache(req, session);
if (!skipNonceCheck) {
##########################
This way the call to getNonceCache(req, session) is skipped, if both
skipNonceCheck and skipNonceGeneration are true (or no session is available)
and hence nonce handling is skipped at all for this request.
This is, what I meant by "there's no neede to call getNonceCache(req)".
You're right with your suggestion about 166.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
