-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mathew,
On 4/15/2011 3:42 PM, Mathew Samuel wrote: > However the exception I received back was the following: > java.lang.ClassCastException: > org.apache.catalina.filters.CsrfPreventionFilter$LruCache cannot be > cast to java.lang.String > > Ok, now I know that the org.apache.catalina.filters.CSRF_NONCE is not > a String but something else. In the API description for > org.apache.catalina.filters.CsrfPreventionFilter.LruCache<T> there is > only two methods: add and contains. Neither of which would help me > access the value of this CSRF_NONCE. Right: it's supposed to store nonces and let you look them up. There is a psuedo-current nonce for the request -- the one stored in the response wrapper object created by the CsrfPreventionFilter. > And maybe I'm going about this all wrong, and how this works, but > what I was thinking about doing was to grab what I had presumed to be > a value from the Attribute org.apache.catalina.filters.CSRF_NONCE and > ensure that value gets propagated so that when the XSLT does it's > transformation it will be there included with the link (we don't use > JSP). Do you have access to the response object (HttpServletResponse) itself? It would be far easier to call response.encodeURL and everything will work. > I am going about this correctly right? If so is there a value from > org.apache.catalina.filters.CSRF_NONCE that I should be able to > extract? Like the actual nonce value? Nope: it looks like it's an opaque store where the caller needs to know a priori what nonce will be used. If you are really desperate, you could just generate a new nonce and add it to the cache ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2ooTUACgkQ9CaO5/Lv0PBR+ACgohJQSP3FuIdObaRnVVZGD3kw 8VsAn0QdusmJGkAk6wwkWSU9/EL1eLL5 =JKIa -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org