Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8B3439F89 for ; Fri, 4 Nov 2011 16:58:45 +0000 (UTC) Received: (qmail 49642 invoked by uid 500); 4 Nov 2011 16:58:42 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 49478 invoked by uid 500); 4 Nov 2011 16:58:41 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 49469 invoked by uid 99); 4 Nov 2011 16:58:41 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 16:58:41 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.62.16] (HELO qmta01.westchester.pa.mail.comcast.net) (76.96.62.16) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 16:58:34 +0000 Received: from omta13.westchester.pa.mail.comcast.net ([76.96.62.52]) by qmta01.westchester.pa.mail.comcast.net with comcast id t4oJ1h00617dt5G514yDUh; Fri, 04 Nov 2011 16:58:13 +0000 Received: from Christophers-MacBook-Pro.local ([69.143.109.145]) by omta13.westchester.pa.mail.comcast.net with comcast id t4yC1h00B38FjT13Z4yC4G; Fri, 04 Nov 2011 16:58:13 +0000 Message-ID: <4EB419A3.3060209@christopherschultz.net> Date: Fri, 04 Nov 2011 12:58:11 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Tomcat Users List CC: Pete Gould Subject: Re: CsrfPreventionFilter - LRU cache References: In-Reply-To: X-Enigmail-Version: 1.3.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pete, On 11/4/11 9:14 AM, Pete Gould wrote: > I have recently been using the > org.apache.catalina.filters.CsrfPreventionFilter, and I notice that > the documentation for setNonceCacheSize states: > > "Sets the number of previously issued nonces that will be cached on > a LRU basis to support parallel requests..." > > However, looking at the implementation of the cache, it appears to > be a FIFO implementation rather than a LRU cache. I'm happy to > raise a bug and supply a patch for whichever is the desired > implementation, but need to determine what the original intention > is first - based on the Javadoc it would suggest that the intention > is for the cache to be LRU, could anyone here confirm that? That's my expectation: LRU means to remove the element that was least recently used. > In order to act as an LRU cache, the LinkedHashMap(int > initialCapacity, float loadFactor, boolean accessOrder) constructor > would need to be used with accessOrder set to true. +1 > Also the add and contains methods would need to be altered as > follows, as "LinkedHashMap.containsKey" does not act as a > structural modification. > > public void add(T key) { synchronized(cache) { cache.put(key, > key); } } I'm not sure add() needs to change. > public boolean contains(T key) { synchronized(cache) { return > cache.get(key) != null; } } +1 > Either cache implementation will work for the majority of cases, > however I came across this issue when issuing Ajax requests which > repeatedly use the same nonce string and after 5 requests the value > I'm using is ejected from the (FIFO) cache, changing the cache to > LRU fixes this (although could potentially result in the same token > being used for N requests). Good catch. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk60GaMACgkQ9CaO5/Lv0PBQXwCgltBfdKYoJLnCLEHWgnm5ryV4 s3kAn0K9L4tz2XnzqoHhFSO07EsmINfk =ba9N -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org