Explore
1-17 of 17
Avoid mapping to multiple HTTP request methods
Map to one HTTP request method for best practices
- info
- java
- Spring
- framework specific
- web
- Spring Web
- quality
Code quality: Do not add @Scope("singleton") on a Spring (rest)controller, service or repository
Adding @Scope("singleton") is redundant
- info
- java
- web
- framework specific
- Spring Boot
- Spring
- quality
Constructor argument (Object) needs to be migrated to java.time before Constructor Migration can occur
Constructor argument (Object) needs to be migrated to java.time before Constructor Migration can occur
- info
- java
- framework specific
- java.time
- Joda-Time
- quality
Constructor argument (Object) needs to be migrated to java.time before Constructor Migration can occur
Constructor argument (Object) needs to be migrated to java.time before Constructor Migration can occur
- info
- java
- framework specific
- java.time
- Joda-Time
- quality
Constructor argument (ReadableInstant) needs to be migrated to java.time before Constructor Migration can occur
Constructor argument (ReadableInstant) needs to be migrated to java.time before Constructor Migration can occur
- info
- java
- framework specific
- java.time
- Joda-Time
- quality
Create private constructor for utility class (all fields/methods are static)
This utility class only contains static fields and methods. Consider protecting against accidental instantiation.
- info
- java
- Java basic
- quality
Field injection is not recommended
Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.
- info
- java
- kotlin
- Spring
- Spring Core
- dependency injection
- framework specific
- quality
Field injection is not recommended (lombok)
Field injection is not recommended, because the list of required dependencies are unclear during instance creation. This makes testing more difficult and could lead to runtime exceptions when the bean is instantiated without spring.
- info
- java
- kotlin
- Spring
- Spring Core
- dependency injection
- framework specific
- Lombok
- quality
Information Exposure: Do not place sensitive information on ClipBoard
Never copy sensitive information to the ClipBoard
- info
- java
- security
- framework specific
- mobile
- Android
Security Misconfiguration: XSS protection: Add CSP header - xssProtection
Add a CSP header for additional protection agains XSS and data injection
- info
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Security Misconfiguration: XSS protection: Add CSP header - XXssConfig
Add a CSP header for additional protection agains XSS and data injection
- info
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Spring Security recommends DelegatingPasswordEncoder for best practices
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean - BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Untrusted input in logging
Prevent log injection by filtering untrusted input
- info
- java
- security
- OWASP Top 10
- framework specific
- logging
- Logger
- injection
Use composed requestmapping annotations
Improve readability by using Spring's composed annotations
- info
- java
- Spring
- framework specific
- web
- Spring Web
- quality