Issue #6205 - Fix serialization issues in OpenIdAuthenticator

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-05-13 00:53:35 +10:00 · 2021-05-13 00:53:35 +10:00 · 8fee07aca8
parent df68a1229c
commit 8fee07aca8
1 changed files with 19 additions and 11 deletions
--- a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
+++ b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
@ -521,22 +521,30 @@ public class OpenIdAuthenticator extends LoginAuthenticator
        Map<String, UriRedirectInfo> csrfMap = (Map<String, UriRedirectInfo>)session.getAttribute(CSRF_MAP);
        if (csrfMap == null)
        {
-            // Create a custom Map so we can only have a limited number of request URIs saved.
-            csrfMap = new LinkedHashMap<>()
-            {
-                private static final int MAX_SIZE = 64;
-
-                @Override
-                protected boolean removeEldestEntry(Map.Entry<String, UriRedirectInfo> eldest)
-                {
-                    return size() > MAX_SIZE;
-                }
-            };
+            csrfMap = new MRUMap(64);
            session.setAttribute(CSRF_MAP, csrfMap);
        }
        return csrfMap;
    }

+    private static class MRUMap extends LinkedHashMap<String, UriRedirectInfo>
+    {
+        private static final long serialVersionUID = 5375723072014233L;
+
+        private final int _size;
+
+        private MRUMap(int size)
+        {
+            _size = size;
+        }
+
+        @Override
+        protected boolean removeEldestEntry(Map.Entry<String, UriRedirectInfo> eldest)
+        {
+            return size() > _size;
+        }
+    }
+
    private static class UriRedirectInfo implements Serializable
    {
        private static final long serialVersionUID = 139567755844461433L;