On Mon, Mar 24, 2014 at 1:37 PM, Konstantin Kolinko <knst.koli...@gmail.com>wrote:
> 2014-03-25 0:24 GMT+04:00 Akash Jain <akash.delh...@gmail.com>: > > Yes, it uses LinkedHashMap internally which is not thread safe. > > > http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html > > > > A 3 years old thread? > > The rules here: > http://tomcat.apache.org/lists.html#tomcat-users > > -> 1. your version = ? > -> 6. don't top-post. > > Version used is 7.0.52 ..its old thread but I want to know if Tomcat's inbuilt CSRF filter is thread safe or not ? As there are other CSRF protection mechanism like spring security's , so if tomcat is good then we need not consider other options. The source code is available (both downloadable and online from svn). > All necessary syncs are there. > > > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?annotate=1148471&diff_format=l#l313 > > So you are saying its thread safe as per the diff ? > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
