From 9cb93432b38d8af20058f5a95b90b370869422f1 Mon Sep 17 00:00:00 2001 From: Lachlan Roberts Date: Thu, 13 May 2021 00:53:35 +1000 Subject: [PATCH] Issue #6205 - Fix serialization issues in OpenIdAuthenticator Signed-off-by: Lachlan Roberts --- .../security/openid/OpenIdAuthenticator.java | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java index c3efdc3f1657..967a8cc32f89 100644 --- a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java +++ b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java @@ -526,22 +526,30 @@ private Map ensureCsrfMap(HttpSession session) Map csrfMap = (Map)session.getAttribute(CSRF_MAP); if (csrfMap == null) { - // Create a custom Map so we can only have a limited number of request URIs saved. - csrfMap = new LinkedHashMap() - { - private static final int MAX_SIZE = 64; - - @Override - protected boolean removeEldestEntry(Map.Entry eldest) - { - return size() > MAX_SIZE; - } - }; + csrfMap = new MRUMap(64); session.setAttribute(CSRF_MAP, csrfMap); } return csrfMap; } + private static class MRUMap extends LinkedHashMap + { + private static final long serialVersionUID = 5375723072014233L; + + private final int _size; + + private MRUMap(int size) + { + _size = size; + } + + @Override + protected boolean removeEldestEntry(Map.Entry eldest) + { + return size() > _size; + } + } + private static class UriRedirectInfo implements Serializable { private static final long serialVersionUID = 139567755844461433L;