In any Java servlet container, such as Apache Tomcat, the javax.servlet.http.HttpServlet class is a singleton class. Consequently any fields in a subclass are only instantiated once, just like any static fields. A common mistake is to use fields in this class to store information specific to individual clients. Therefore, classes that inherit from HttpServlet must not contain non-static fields.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC11-J | Medium | Likely | High | P6 | L2 |
Automated Detection
...
Tool | Version | Checker | Description |
|---|---|---|---|
| Findbugs | 2.0.3 | MSF_MUTABLE_SERVLET_FIELD
| Implemented |
| Fortify | 6.10.0120 | Singleton_Member_Field | Implemented |
Bibliography
...