This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 0e6732b Removed direct call to Class.newInstance() (#510)
0e6732b is described below
commit 0e6732b526ea5a077b5b4307843e03e38c672f67
Author: kabutz <he...@javaspecialists.eu>
AuthorDate: Thu Mar 31 20:16:17 2022 +0300
Removed direct call to Class.newInstance() (#510)
---
.../security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
index 8b9cc31..c834fb4 100644
--- a/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
+++ b/framework/security/src/main/java/org/apache/ofbiz/security/CsrfUtil.java
@@ -24,7 +24,6 @@ import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.MultivaluedHashMap;
@@ -68,9 +67,11 @@ public final class CsrfUtil {
try {
String className = UtilProperties.getPropertyValue("security",
"csrf.defense.strategy",
NoCsrfDefenseStrategy.class.getCanonicalName());
- Class<?> c = Class.forName(className);
+ Class<? extends ICsrfDefenseStrategy> c =
+ Class.forName(className).asSubclass(
+ ICsrfDefenseStrategy.class);
strategyCanonicalName = c.getCanonicalName();
- setStrategy((ICsrfDefenseStrategy) c.newInstance());
+ setStrategy(c.getConstructor().newInstance());
} catch (Exception e) {
Debug.logError(e, MODULE);
setStrategy(new NoCsrfDefenseStrategy());
