GitHub-Spring
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polishing

pull/921/head
Juergen Hoeller 11 years ago
parent
4b682275c9
commit
1cb6069734
2 changed files with 5 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      spring-core/src/main/java/org/springframework/core/SerializableTypeWrapper.java
  2. 4
      src/asciidoc/web-mvc.adoc

6
spring-core/src/main/java/org/springframework/core/SerializableTypeWrapper.java
Unescape View File

@ -389,9 +389,9 @@ abstract class SerializableTypeWrapper { @@ -389,9 +389,9 @@ abstract class SerializableTypeWrapper {
public Type getType() {
Object result = this.result;
if (result == null) {
// Lazy invocation of the target method
// Lazy invocation of the target method on the provided type
result = ReflectionUtils.invokeMethod(this.method, this.provider.getType());
// Cache the result for further calls
// Cache the result for further calls to getType()
this.result = result;
}
return (result instanceof Type[] ? ((Type[]) result)[this.index] : (Type) result);
@ -405,7 +405,7 @@ abstract class SerializableTypeWrapper { @@ -405,7 +405,7 @@ abstract class SerializableTypeWrapper {
private void readObject(ObjectInputStream inputStream) throws IOException, ClassNotFoundException {
inputStream.defaultReadObject();
this.method = ReflectionUtils.findMethod(this.provider.getType().getClass(), this.methodName);
Assert.state(this.method.getReturnType() == Type.class || this.method.getReturnType() == Type[].class);
Assert.state(Type.class == this.method.getReturnType() || Type[].class == this.method.getReturnType());
}
}

4
src/asciidoc/web-mvc.adoc
Unescape View File

@ -867,7 +867,7 @@ also <<mvc-config-content-negotiation>> for content negotiation configuration. @@ -867,7 +867,7 @@ also <<mvc-config-content-negotiation>> for content negotiation configuration.
[[mvc-ann-requestmapping-rfd]]
==== Suffix Suffix Pattern Matching and RFD
==== Suffix Pattern Matching and RFD
Reflected file download (RFD) attack was first described in a
https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/[paper by Trustwave]
@ -907,7 +907,7 @@ Below are additional recommendations from the report: @@ -907,7 +907,7 @@ Below are additional recommendations from the report:
For an example of how to do that with Spring see https://github.com/rwinch/spring-jackson-owasp[spring-jackson-owasp].
* Configure suffix pattern matching to be turned off or restricted to explicitly
registered suffixes only.
* Configure content negotiation with the properties “useJaf” and “ignoreUknownPathExtension”
* Configure content negotiation with the properties "useJaf" and "ignoreUnknownPathExtensions"
set to false which would result in a 406 response for URLs with unknown extensions.
Note however that this may not be an option if URLs are naturally expected to have
a dot towards the end.

Write Preview
Loading…
Cancel
Save