tandraschko commented on code in PR #911:
URL: https://github.com/apache/myfaces/pull/911#discussion_r2285086426
##########
impl/src/main/java/org/apache/myfaces/util/token/TokenGenerator.java:
##########
@@ -31,23 +34,46 @@ public class TokenGenerator
{
private final AtomicLong seed;
+ private static Logger log =
Logger.getLogger(TokenGenerator.class.getName());
+
+ // TODO -- make a web parameter or it would be nice
+ // to consolidate RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM,
+ // and RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM
+ private String[] supportedAlgorithmsList =
{"SHA256DRBG","DRBG","SHA1PRNG"};
+
public TokenGenerator()
{
seed = new AtomicLong(generateSeed());
}
private long generateSeed()
{
- SecureRandom rng;
- try
+ SecureRandom rng = null;
Review Comment:
i assume generateSeed will be called again and again
so please cache rng - always re-lookup it causes exceptions and exceptions
each time
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@myfaces.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
