You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/04/01 08:53:48 UTC

[ofbiz-framework] branch release22.01 updated: Removed direct call to Class.newInstance() (#510)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release22.01 by this push:
     new a959be7  Removed direct call to Class.newInstance() (#510)
a959be7 is described below

commit a959be75e90f626c27c01fc2f9f8a7b8c0d221f2
Author: kabutz <he...@javaspecialists.eu>
AuthorDate: Thu Mar 31 20:16:17 2022 +0300

    Removed direct call to Class.newInstance() (#510)
---
 .../security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
index 8b9cc31..c834fb4 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
@@ -24,7 +24,6 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.core.MultivaluedHashMap;
@@ -68,9 +67,11 @@ public final class CsrfUtil {
         try {
             String className = UtilProperties.getPropertyValue("security", "csrf.defense.strategy",
                     NoCsrfDefenseStrategy.class.getCanonicalName());
-            Class<?> c = Class.forName(className);
+            Class<? extends ICsrfDefenseStrategy> c =
+                    Class.forName(className).asSubclass(
+                            ICsrfDefenseStrategy.class);
             strategyCanonicalName = c.getCanonicalName();
-            setStrategy((ICsrfDefenseStrategy) c.newInstance());
+            setStrategy(c.getConstructor().newInstance());
         } catch (Exception e) {
             Debug.logError(e, MODULE);
             setStrategy(new NoCsrfDefenseStrategy());