On Mon, Mar 24, 2014 at 1:33 PM, Daniel Mikusa <dmik...@gopivotal.com>wrote:
> On Mar 24, 2014, at 4:24 PM, Akash Jain <akash.delh...@gmail.com> wrote: > > > Yes, it uses LinkedHashMap internally which is not thread safe. > > > http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html > > First, please don't top post. The convention adopted by this list is to > reply inline or at the bottom. > > I don't see what you mean here. Using LinkedHashMap does not > automatically mean there will be threading issues and the link you've > referenced is not discussing a threading issue. > > Can you explain your concern more? > Version used is 7.0.52 ..its old thread but I want to know if Tomcat's inbuilt CSRF filter is thread safe or not ? As there are other CSRF protection mechanism like spring security's , so if tomcat is good then we need not consider other options. > > Dan > > > > > > > > On Mon, Mar 24, 2014 at 1:09 PM, Daniel Mikusa <dmik...@gopivotal.com > >wrote: > > > >> On Mar 24, 2014, at 3:49 PM, Akash Jain <akash.delh...@gmail.com> > wrote: > >> > >>> How can I prevent CSRF protection using Tomcat 7 ? > >>> > >>> I have heard that tomcat 7 provides CSRF filter > >>> > >> > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html > >> > >> Yes. The manager application uses it. You could look at the source > code, > >> if you need an example. > >> > >>> But is it thread safe ? > >> > >> I do not know off the top of my head. Is there a reason that you are > >> asking? Have you seen something that would indicate that it is not? > >> > >> Dan > >> > >>> Or shall we do a custom protection in our spring 3 application ? > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
