Author: markt
Date: Sat Jul 10 16:19:26 2010
New Revision: 962872
URL: http://svn.apache.org/viewvc?rev=962872&view=rev
Log:
Align implementation with docs. nonceCacheSize should be configurable
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
Modified:
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?rev=962872&r1=962871&r2=962872&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java Sat
Jul 10 16:19:26 2010
@@ -55,7 +55,7 @@ public class CsrfPreventionFilter extend
private final Set<String> entryPoints = new HashSet<String>();
- private final int nonceCacheSize = 5;
+ private int nonceCacheSize = 5;
@Override
protected Log getLogger() {
@@ -79,6 +79,19 @@ public class CsrfPreventionFilter extend
}
}
+ /**
+ * Sets the number of previously issued nonces that will be cached on a LRU
+ * basis to support parallel requests, limited use of the refresh and back
+ * in the browser and similar behaviors that may result in the submission
+ * of a previous nonce rather than the current one. If not set, the default
+ * value of 5 will be used.
+ *
+ * @param nonceCacheSize The number of nonces to cache
+ */
+ public void setNonceCacheSize(int nonceCacheSize) {
+ this.nonceCacheSize = nonceCacheSize;
+ }
+
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
