tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Found org.apache.catalina.filters.CSRF_NONCE
Date Fri, 22 Apr 2011 13:47:39 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mathew,

On 4/15/2011 4:11 PM, Mathew Samuel wrote:
> It does not appear like I have access to HttpServletResponse. Damn.
> So if I did have access to that then I could just call
> response.encodeURL and everything would seriously just auto-magically
> work?

Yes.

> Any other way, or Object, I can use in its place?
>
> I like your idea Chris of generating a new nonce and adding it to the
> cache. Trouble is that generateNonce() procedure from
> org.apache.catalina.filters.CsrfPreventionFilter is protected so I
> can't use that. Well, unless I subclass it of course. Is that what
> you were thinking?

Make up your own. The generateNonce method just generates a random
string... you ought to be able to do that in your code, somehow.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2xhvsACgkQ9CaO5/Lv0PDmDgCgl3/dsVEOKsj9ZZKONgSsG7p6
DF8An2SMEtH/SY4S2BZmOsYJGuGqn72h
=MljX
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message