mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-06 02:32:14 +00:00
1a650acbcc
Previously DummyRequest implemented HttpServletRequest which caused complications since Servlet 2.5 and Servlet 3 had non passive changes. While we were "safe" if the Servlet 3 methods were never invoked reflective access of the methods would also problems. We could prevent users from accessing the methods of DummyRequest by returning new HttpServletRequestWrapper(DummyRequest), but a debugger could potentially try to iterate over the methods triggering a NoClassDefFoundError. DummyRequest now extends HttpServletRequestWrapper which will be dynamically linked to the proper version of HttpServletRequest. We use a Dynamic Proxy that throws UnsupportedOperationException to implement any methods we are not interested in.