Author: kkolinko
Date: Sat Aug 11 21:34:11 2012
New Revision: 1372031
URL: http://svn.apache.org/viewvc?rev=1372031&view=rev
Log:
Fix conflict with CSRF protection filter and clustering. Cache needs to be
serializable.
It is backport of r1083987 from 7.0.x
(markt)
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 11 21:34:11 2012
@@ -28,12 +28,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT:
[ start all new proposals below, under PATCHES PROPOSED. ]
-* Fix conflict with CSRF protection filter and clustering
- Cache needs to be serializable
-
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1083987&r2=1083986&pathrev=1083987
- +1: markt, kkolinko, rjung
- -1:
-
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java
Sat Aug 11 21:34:11 2012
@@ -18,6 +18,7 @@
package org.apache.catalina.filters;
import java.io.IOException;
+import java.io.Serializable;
import java.security.SecureRandom;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -294,7 +295,9 @@ public class CsrfPreventionFilter extend
}
}
- private static class LruCache<T> {
+ protected static class LruCache<T> implements Serializable {
+
+ private static final long serialVersionUID = 1L;
// Although the internal implementation uses a Map, this cache
// implementation is only concerned with the keys.
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1372031&r1=1372030&r2=1372031&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Aug 11 21:34:11 2012
@@ -174,6 +174,11 @@
<bug>53531</bug>: Fix ExpandWar.expand to check the return value of
File.mkdir and File.mkdirs. (schultz)
</fix>
+ <fix>
+ Make the CSRF nonce cache in <code>CsrfPreventionFilter</code>
+ serializable so that it can be replicated across a cluster and/or
+ persisted across Tomcat restarts. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
