On Mar 24, 2014, at 4:24 PM, Akash Jain <akash.delh...@gmail.com> wrote:
> Yes, it uses LinkedHashMap internally which is not thread safe. > http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html First, please don’t top post. The convention adopted by this list is to reply inline or at the bottom. I don’t see what you mean here. Using LinkedHashMap does not automatically mean there will be threading issues and the link you’ve referenced is not discussing a threading issue. Can you explain your concern more? Dan > > > On Mon, Mar 24, 2014 at 1:09 PM, Daniel Mikusa <dmik...@gopivotal.com>wrote: > >> On Mar 24, 2014, at 3:49 PM, Akash Jain <akash.delh...@gmail.com> wrote: >> >>> How can I prevent CSRF protection using Tomcat 7 ? >>> >>> I have heard that tomcat 7 provides CSRF filter >>> >> http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html >> >> Yes. The manager application uses it. You could look at the source code, >> if you need an example. >> >>> But is it thread safe ? >> >> I do not know off the top of my head. Is there a reason that you are >> asking? Have you seen something that would indicate that it is not? >> >> Dan >> >>> Or shall we do a custom protection in our spring 3 application ? >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
