|
|
|
@ -1,5 +1,5 @@ |
|
|
|
|
/* |
|
|
|
|
* Copyright 2002-2012 the original author or authors. |
|
|
|
|
* Copyright 2002-2016 the original author or authors. |
|
|
|
|
* |
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
@ -36,6 +36,11 @@ import org.springframework.beans.factory.FactoryBean; |
|
|
|
|
* expense of being tied to Java. Nevertheless, it is as easy to set up as |
|
|
|
|
* Hessian and Burlap, which is its main advantage compared to RMI. |
|
|
|
|
* |
|
|
|
|
* <p><b>WARNING: Be aware of vulnerabilities due to unsafe Java deserialization: |
|
|
|
|
* Manipulated input streams could lead to unwanted code execution on the server |
|
|
|
|
* during the deserialization step. As a consequence, do not expose HTTP invoker |
|
|
|
|
* endpoints to untrusted clients but rather just between your own services.</b> |
|
|
|
|
* |
|
|
|
|
* @author Juergen Hoeller |
|
|
|
|
* @since 1.1 |
|
|
|
|
* @see #setServiceInterface |
|
|
|
|