svn commit: r1372031 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/filters/CsrfPreventionFilter.java webapps/docs/changelog.xml

Sat, 11 Aug 2012 14:34:57 -0700 

Author: kkolinko
Date: Sat Aug 11 21:34:11 2012
New Revision: 1372031

URL: http://svn.apache.org/viewvc?rev=1372031&view=rev
Log:
Fix conflict with CSRF protection filter and clustering. Cache needs to be 
serializable.
It is backport of r1083987 from 7.0.x
(markt)

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt
    
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 11 21:34:11 2012
@@ -28,12 +28,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-* Fix conflict with CSRF protection filter and clustering
-  Cache needs to be serializable
-  
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1083987&r2=1083986&pathrev=1083987
-  +1: markt, kkolinko, rjung
-  -1:
-
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
(original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java 
Sat Aug 11 21:34:11 2012
@@ -18,6 +18,7 @@
 package org.apache.catalina.filters;
 
 import java.io.IOException;
+import java.io.Serializable;
 import java.security.SecureRandom;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
@@ -294,7 +295,9 @@ public class CsrfPreventionFilter extend
         }
     }
     
-    private static class LruCache<T> {
+    protected static class LruCache<T> implements Serializable {
+
+        private static final long serialVersionUID = 1L;
 
         // Although the internal implementation uses a Map, this cache
         // implementation is only concerned with the keys.

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Aug 11 21:34:11 2012
@@ -174,6 +174,11 @@
         <bug>53531</bug>: Fix ExpandWar.expand to check the return value of
         File.mkdir and File.mkdirs. (schultz)
       </fix>
+      <fix>
+        Make the CSRF nonce cache in <code>CsrfPreventionFilter</code>
+        serializable so that it can be replicated across a cluster and/or
+        persisted across Tomcat restarts. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to