Yes, it uses LinkedHashMap internally which is not thread safe. http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html
On Mon, Mar 24, 2014 at 1:09 PM, Daniel Mikusa <dmik...@gopivotal.com>wrote: > On Mar 24, 2014, at 3:49 PM, Akash Jain <akash.delh...@gmail.com> wrote: > > > How can I prevent CSRF protection using Tomcat 7 ? > > > > I have heard that tomcat 7 provides CSRF filter > > > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html > > Yes. The manager application uses it. You could look at the source code, > if you need an example. > > > But is it thread safe ? > > I do not know off the top of my head. Is there a reason that you are > asking? Have you seen something that would indicate that it is not? > > Dan > > > Or shall we do a custom protection in our spring 3 application ? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
