diff --git a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
index c3efdc3f1657..967a8cc32f89 100644
--- a/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
+++ b/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java
@@ -526,22 +526,30 @@ private Map<String, UriRedirectInfo> ensureCsrfMap(HttpSession session)
         Map<String, UriRedirectInfo> csrfMap = (Map<String, UriRedirectInfo>)session.getAttribute(CSRF_MAP);
         if (csrfMap == null)
         {
-            // Create a custom Map so we can only have a limited number of request URIs saved.
-            csrfMap = new LinkedHashMap<String, UriRedirectInfo>()
-            {
-                private static final int MAX_SIZE = 64;
-
-                @Override
-                protected boolean removeEldestEntry(Map.Entry<String, UriRedirectInfo> eldest)
-                {
-                    return size() > MAX_SIZE;
-                }
-            };
+            csrfMap = new MRUMap(64);
             session.setAttribute(CSRF_MAP, csrfMap);
         }
         return csrfMap;
     }
 
+    private static class MRUMap extends LinkedHashMap<String, UriRedirectInfo>
+    {
+        private static final long serialVersionUID = 5375723072014233L;
+
+        private final int _size;
+
+        private MRUMap(int size)
+        {
+            _size = size;
+        }
+
+        @Override
+        protected boolean removeEldestEntry(Map.Entry<String, UriRedirectInfo> eldest)
+        {
+            return size() > _size;
+        }
+    }
+
     private static class UriRedirectInfo implements Serializable
     {
         private static final long serialVersionUID = 139567755844461433L;