Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2326: CsrfRequestDataValueProcessor should directly implement RequestDataValueProcessor #2554

Closed
spring-issuemaster opened this issue Sep 14, 2013 · 0 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link

commented Sep 14, 2013

Nick Williams (Migrated from SEC-2326) said:

Originally, the CsrfRequestDataValueProcessor just implemented RequestDataValueProcessor directly. When Spring Framework 4.0 changed the API for RequestDataValueProcessor, CsrfRequestDataValueProcessor was changed in commit 26166ef6e8b7dd192f9ce3302ad4d5a7d0c15859 to add support for this new API.

However, the changes made seem overly complex to me. The change made to RequestDataValueProcessor simply changed the signature of one method. A class can implement both the 3.0 and 4.0 versions of RequestDataValueProcessor by simply overloading that method. There is no need that I can see to use a proxy and the static create method. Using that technique just makes the code harder to read.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.