Re: CSRF protection in Tomcat 7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Akash, On 3/24/14, 5:39 PM, Akash Jain wrote: On Mon, Mar 24, 2014 at 1:37 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2014-03-25 0:24 GMT+04:00 Akash Jain akash.delh...@gmail.com: Yes, it uses LinkedHashMap internally which is not

CSRF protection in Tomcat 7

How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html But is it thread safe ? Or shall we do a custom protection in our spring 3 application ?

Re: CSRF protection in Tomcat 7

Spring Security provides CSRF protection as well: http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/reference/htmlsingle/#csrf On Mon, Mar 24, 2014 at 3:49 PM, Akash Jain akash.delh...@gmail.com wrote: How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7

Re: CSRF protection in Tomcat 7

/htmlsingle/#csrf On Mon, Mar 24, 2014 at 3:49 PM, Akash Jain akash.delh...@gmail.com wrote: How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html

Re: CSRF protection in Tomcat 7

On Mar 24, 2014, at 3:49 PM, Akash Jain akash.delh...@gmail.com wrote: How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html Yes. The manager

Re: CSRF protection in Tomcat 7

can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html Yes. The manager application uses it. You could look at the source code, if you need an example

Re: CSRF protection in Tomcat 7

dmik...@gopivotal.comwrote: On Mar 24, 2014, at 3:49 PM, Akash Jain akash.delh...@gmail.com wrote: How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters

Re: CSRF protection in Tomcat 7

2014-03-25 0:24 GMT+04:00 Akash Jain akash.delh...@gmail.com: Yes, it uses LinkedHashMap internally which is not thread safe. http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html A 3 years old thread? The rules here: http://tomcat.apache.org/lists.html#tomcat-users -

Re: CSRF protection in Tomcat 7

24, 2014 at 1:09 PM, Daniel Mikusa dmik...@gopivotal.com wrote: On Mar 24, 2014, at 3:49 PM, Akash Jain akash.delh...@gmail.com wrote: How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api

Re: CSRF protection in Tomcat 7

On Mon, Mar 24, 2014 at 1:37 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2014-03-25 0:24 GMT+04:00 Akash Jain akash.delh...@gmail.com: Yes, it uses LinkedHashMap internally which is not thread safe. http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html A 3