Spring @Controller
s, @Service
s, and @Repository
s are singletons by default, meaning only one instance of the
class is ever instantiated in the application. Typically such a class might have a few static
members, such as a logger, but all
non-static
members should be managed by Spring. That is, they should have one of these annotations: @Resource
,
@Inject
, @Autowired
or @Value
.
Having non-injected members in one of these classes could indicate an attempt to manage state. Because they are singletons, such an attempt is almost guaranteed to eventually expose data from User1's session to User2.
This rule raises an issue when a singleton @Controller
, @Service
, or @Repository
has non-static
members that are not annotated with one of:
org.springframework.beans.factory.annotation.Autowired
org.springframework.beans.factory.annotation.Value
javax.annotation.Inject
javax.annotation.Resource
@Controller public class HelloWorld { private String name = null; @RequestMapping("/greet", method = GET) public String greet(String greetee) { if (greetee != null) { this.name = greetee; } return "Hello " + this.name; // if greetee is null, you see the previous user's data } }