tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Akash Jain <akash.delh...@gmail.com>
Subject Re: CSRF protection in Tomcat 7
Date Mon, 24 Mar 2014 20:24:43 GMT
Yes, it uses LinkedHashMap internally which is not thread safe.
http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html


On Mon, Mar 24, 2014 at 1:09 PM, Daniel Mikusa <dmikusa@gopivotal.com>wrote:

> On Mar 24, 2014, at 3:49 PM, Akash Jain <akash.delhite@gmail.com> wrote:
>
> > How can I prevent CSRF protection using Tomcat 7 ?
> >
> > I have heard that tomcat 7 provides CSRF filter
> >
> http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html
>
> Yes.  The manager application uses it.  You could look at the source code,
> if you need an example.
>
> > But is it thread safe ?
>
> I do not know off the top of my head.  Is there a reason that you are
> asking?  Have you seen something that would indicate that it is not?
>
> Dan
>
> > Or shall we do a custom protection in our spring 3 application ?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message