Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spring-security/web
History
Rob Winch 1a650acbcc SEC-1998: DummyRequest extend HttpServletRequestWrapper 
Previously DummyRequest implemented HttpServletRequest which caused complications
since Servlet 2.5 and Servlet 3 had non passive changes. While we were "safe" if the
Servlet 3 methods were never invoked reflective access of the methods would also
problems. We could prevent users from accessing the methods of DummyRequest by
returning new HttpServletRequestWrapper(DummyRequest), but a debugger could
potentially try to iterate over the methods triggering a NoClassDefFoundError.

DummyRequest now extends HttpServletRequestWrapper which will be dynamically
linked to the proper version of HttpServletRequest. We use a Dynamic Proxy that
throws UnsupportedOperationException to implement any methods we are not
interested in.
 		2012-12-11 14:21:03 -06:00
..
src SEC-1998: DummyRequest extend HttpServletRequestWrapper 2012-12-11 14:21:03 -06:00
template.mf SEC-1689: Moved core codec code into crypto package and removed existing duplication (Hex encoding etc). Refactoring of crypto code to use CharSequence for where possible instead of String. 2011-03-17 01:43:31 +00:00
web.gradle SEC-1998: Provide integration with WebAsyncManager#startCallableProcessing 2012-11-28 17:56:03 -06:00