I heard that taking the HttpRequest and HttpRespone from controller to implementation level is no good for the Security level.. is that true.. and if so how to avoid it... please do advice..
Thank you in advance..
HttpServletRequest should not be passed to the service layer.
If you need the request explicitly you can place the logic in the web layer. Or extend the library and allow it to take a Map of parameters (if possible) and you can also
Wrap the HttpRequest and HttpResponse in your classes implementing interfaces and make the service layer rely on the interfaces.