say i have a working spring mvc web app which includes the following,
<context:component-scan base-package="com.my_company.my_prj.my_controller_pkg" />
apparently this project depends on a few 3rd open source libraries including spring framework, etc,
how can i make sure the vendors of those libs will never release a new version of jars which secretly (or accidentally) includes a @Controller annotated class which is like e.g. com.my_company.my_prj.my_controller_pkg.Format_C_Drive_Controller.java, and BOOM!, my web site new release will open a door to anyone to format my c drive in the server.
is there any way to let spring component scan only load beans from some predefined jar files or classpath directories which are fully under my control?
thanks