You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/04/01 08:53:48 UTC
[ofbiz-framework] branch release22.01 updated: Removed direct call to Class.newInstance() (#510)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release22.01 by this push:
new a959be7 Removed direct call to Class.newInstance() (#510)
a959be7 is described below
commit a959be75e90f626c27c01fc2f9f8a7b8c0d221f2
Author: kabutz <he...@javaspecialists.eu>
AuthorDate: Thu Mar 31 20:16:17 2022 +0300
Removed direct call to Class.newInstance() (#510)
---
.../security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
index 8b9cc31..c834fb4 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
@@ -24,7 +24,6 @@ import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.MultivaluedHashMap;
@@ -68,9 +67,11 @@ public final class CsrfUtil {
try {
String className = UtilProperties.getPropertyValue("security", "csrf.defense.strategy",
NoCsrfDefenseStrategy.class.getCanonicalName());
- Class<?> c = Class.forName(className);
+ Class<? extends ICsrfDefenseStrategy> c =
+ Class.forName(className).asSubclass(
+ ICsrfDefenseStrategy.class);
strategyCanonicalName = c.getCanonicalName();
- setStrategy((ICsrfDefenseStrategy) c.newInstance());
+ setStrategy(c.getConstructor().newInstance());
} catch (Exception e) {
Debug.logError(e, MODULE);
setStrategy(new NoCsrfDefenseStrategy());