Design classes and methods for inheritance or declare them final [6]. Left non-final, a class or method can be maliciously overridden by an attacker. A class that does not permit subclassing is easier to implement and verify that it is secure. Prefer composition to inheritance.
Apply Guideline 4-5 / EXTEND-5 from the Secure Coding Guidelines for Java SE