SaExpV1 SaExpV1 - 17 days ago 10
Java Question

Is it bad to take HttpRequest and HttpRespone to the implementation level in spring

I heard that taking the HttpRequest and HttpRespone from controller to implementation level is no good for the Security level.. is that true.. and if so how to avoid it... please do advice..

Thank you in advance..

Answer

HttpServletRequest should not be passed to the service layer.

If you need the request explicitly you can place the logic in the web layer. Or extend the library and allow it to take a Map of parameters (if possible) and you can also

Wrap the HttpRequest and HttpResponse in your classes implementing interfaces and make the service layer rely on the interfaces.