volosied commented on code in PR #911:
URL: https://github.com/apache/myfaces/pull/911#discussion_r2285626954
##########
impl/src/main/java/org/apache/myfaces/util/token/TokenGenerator.java:
##########
@@ -31,23 +34,46 @@ public class TokenGenerator
{
private final AtomicLong seed;
+ private static Logger log =
Logger.getLogger(TokenGenerator.class.getName());
+
+ // TODO -- make a web parameter or it would be nice
+ // to consolidate RANDOM_KEY_IN_CSRF_SESSION_TOKEN_SECURE_RANDOM_ALGORITM,
+ // and RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITHM
+ private String[] supportedAlgorithmsList =
{"SHA256DRBG","DRBG","SHA1PRNG"};
+
public TokenGenerator()
{
seed = new AtomicLong(generateSeed());
}
private long generateSeed()
{
- SecureRandom rng;
- try
+ SecureRandom rng = null;
Review Comment:
I agree, let me fix it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@myfaces.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
