------------------------------------------------------------------------------------------------------------------------------
Springboot打包把lib分开打,指定外部lib文件
注:将lib下的文件放到jar包同级目录my-lib里面,然后启动指定lib目录位置
启动脚本:java -Dloader.path=./my-lib -jar map-resource.jar
pom配置:
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.hxtt.unicom.mapresource.MapResourceApplication</mainClass>
<layout>ZIP</layout>
<!--排除项目第三方依赖包-->
<includes>
<include>
<groupId>nothing</groupId>
<artifactId>nothing</artifactId>
</include>
</includes>
</configuration>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
<!--打包依赖lib-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>copy-dependencies</id>
<phase>prepare-package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/lib</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
参考:
https://blog.csdn.net/weixin_32524367/article/details/110138359
https://blog.csdn.net/sayyy/article/details/94720775
https://blog.csdn.net/JavaStudyljh/article/details/119637250
------------------------------------------------------------------------------------------------------------------------------
FastJson的0day漏洞
1、autotype开关可能被绕过,攻击者伪装自定义攻击类,利用rmi,去指定的rmi地址中调用方法
2、fastjson1.2.68及以后的版本可以设置safeMode=true禁用autotype
2.1、ParserConfig.getGlobalInstance().setSafeMode(true);
2.2、-Dfastjson.parser.safeMode=true
public static void main(String[] args) {
ParserConfig.getGlobalInstance().setSafeMode(true);
Apple apple = new Apple(100);
TestDto dto = new TestDto("1", "zhangsan", 20, apple);
System.out.println(JSON.toJSONString(dto));
TestDto testDto = JSON.parseObject(JSON.toJSONString(dto), TestDto.class);
System.out.println(testDto.getName());
System.out.println(JSON.toJSONString(dto, SerializerFeature.WriteClassName));
TestDto testDto1 = JSON.parseObject(JSON.toJSONString(dto, SerializerFeature.WriteClassNam