• Home
• org.codehaus.sonar-plugins.java
• java-checks
• 3.2
• source code
• S2226.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2226.html Maven / Gradle / Ivy

By contract, a servlet container creates one instance of each servlet and then a dedicated thread is attached to each new incoming HTTP request to process this request. So all threads are sharing the servlet instances and by extension instance fields.  To prevent any misunderstanding and unexpected behavior at runtime, all servlet fields should then be either static and/or final, or simply removed.

With Struts 1.X, the same constraint exists on org.apache.struts.action.Action.

Noncompliant Code Example
public class MyServlet extends HttpServlet {
  private String userName;  //As this field is shared by all users, it's obvious that this piece of information should be managed differently
  ...
}


or 

public class MyAction extends Action {
  private String userName;  //Same reason
  ...
}


See

	
CERT VNA06-J - Do not use non-static member fields in a servlet