root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Polishing

This commit is contained in:
Juergen Hoeller 2015-11-14 23:52:39 +01:00
parent 4b682275c9
commit 1cb6069734
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
spring-core/src/main/java/org/springframework/core/SerializableTypeWrapper.java
View File

@ -389,9 +389,9 @@ abstract class SerializableTypeWrapper {
public Type getType() {
Object result = this.result;
if (result == null) {
// Lazy invocation of the target method
// Lazy invocation of the target method on the provided type
result = ReflectionUtils.invokeMethod(this.method, this.provider.getType());
// Cache the result for further calls
// Cache the result for further calls to getType()
this.result = result;
}
return (result instanceof Type[] ? ((Type[]) result)[this.index] : (Type) result);
@ -405,7 +405,7 @@ abstract class SerializableTypeWrapper {
private void readObject(ObjectInputStream inputStream) throws IOException, ClassNotFoundException {
inputStream.defaultReadObject();
this.method = ReflectionUtils.findMethod(this.provider.getType().getClass(), this.methodName);
Assert.state(this.method.getReturnType() == Type.class || this.method.getReturnType() == Type[].class);
Assert.state(Type.class == this.method.getReturnType() || Type[].class == this.method.getReturnType());
}
}

4
src/asciidoc/web-mvc.adoc
View File

@ -867,7 +867,7 @@ also <<mvc-config-content-negotiation>> for content negotiation configuration.
[[mvc-ann-requestmapping-rfd]]
==== Suffix Suffix Pattern Matching and RFD
==== Suffix Pattern Matching and RFD
Reflected file download (RFD) attack was first described in a
https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/[paper by Trustwave]
@ -907,7 +907,7 @@ Below are additional recommendations from the report:
For an example of how to do that with Spring see https://github.com/rwinch/spring-jackson-owasp[spring-jackson-owasp].
* Configure suffix pattern matching to be turned off or restricted to explicitly
registered suffixes only.
* Configure content negotiation with the properties “useJaf” and “ignoreUknownPathExtension”
* Configure content negotiation with the properties "useJaf" and "ignoreUnknownPathExtensions"
set to false which would result in a 406 response for URLs with unknown extensions.
Note however that this may not be an option if URLs are naturally expected to have
a dot towards the end.