This patch fixes a findbugs complaint about the way we are generating
random numbers for the login session.
Index:
C:/Users/Derek/Documents/workspace/mifos/src/org/mifos/framework/security/util/LoginFilter.java
===================================================================
---
C:/Users/Derek/Documents/workspace/mifos/src/org/mifos/framework/security/util/LoginFilter.java
(revision 12250)
+++
C:/Users/Derek/Documents/workspace/mifos/src/org/mifos/framework/security/util/LoginFilter.java
(working copy)
@@ -39,6 +39,7 @@
package org.mifos.framework.security.util;
import java.io.IOException;
+import java.security.SecureRandom;
import java.util.Random;
import javax.servlet.Filter;
@@ -64,7 +65,7 @@
* than the login page, force a login.
*/
public class LoginFilter implements Filter {
-
+ static java.security.SecureRandom randGen = new SecureRandom() ;
/**
* This function implements the login filter it checks if user is
not login
* it forces the user to login by redirecting him to login page
@@ -105,7 +106,7 @@
} else {
((HttpServletRequest) req).getSession(false)
.setAttribute(Constants.RANDOMNUM,
- new Random().nextLong());
+ randGen.nextLong());
chain.doFilter(req, res);
}
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
