Java框架如何应对安全威胁？

import javax.servlet.http.HttpServletRequest;

if (!request.getParameter("email").contains("@")) {
    // 输入非法
}

import javax.servlet.http.HttpServletResponse;

response.setContentType("text/html;charset=UTF-8");
response.getWriter().write("<p>Hello World</p>
                    <div class="aritcle_card">
                        <a class="aritcle_card_img" href="/xiazai/shouce/1761">
                            <img src="https://img.php.cn/upload/manual/000/000/018/170678020972965.png" alt="Sencha touch 开发指南 中文WORD版">
                        </a>
                        <div class="aritcle_card_info">
                            <a href="/xiazai/shouce/1761">Sencha touch 开发指南 中文WORD版</a>
                            <p>本文档主要讲述的是Sencha touch 开发指南；主要介绍如何使用Sencha Touch为手持设备进行应用开发，主要是针对iPhone这样的高端手机，我们会通过一个详细的例子来介绍整个开发的流程。 Sencha Touch是专门为移动设备开发应用的Javascrt框架。通过Sencha Touch你可以创建非常像native app的web app，用户界面组件和数据管理全部基于HTML5和CSS3的web标准，全面兼容Android和Apple iOS。希望本文档会给有需要的朋友带来帮助；感兴趣的</p>
                            <div class="">
                                <img src="/static/images/card_xiazai.png" alt="Sencha touch 开发指南 中文WORD版">
                                <span>0</span>
                            </div>
                        </div>
                        <a href="/xiazai/shouce/1761" class="aritcle_card_btn">
                            <span>查看详情</span>
                            <img src="/static/images/cardxiayige-3.png" alt="Sencha touch 开发指南 中文WORD版">
                        </a>
                    </div>
                ");

import javax.servlet.http.HttpSession;

session.setAttribute("userId", user.getId());
session.setMaxInactiveInterval(30 * 60);

import javax.crypto.Cipher;

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedData = cipher.doFinal("My Password".getBytes());

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .addFilterBefore(new CustomAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
            .authorizeRequests()
            .antMatchers("/admin").hasRole("ADMIN")
            .anyRequest().authenticated();
    }
}