文章详细记录了SpringBoot从1.5.7.RELEASE升级到2.7.10的过程,包括升级原因(SpringDoS漏洞),升级步骤,代码改动(如循环依赖、跨域配置、监听配置、Swagger升级、启动类改动)以及遇到的问题和解决方法,如启动报错、项目访问、打包失败和module-info.class错误。
springboot 升级 从1.5.7.RELEASE升级到2.7.10,跨度可谓是不大。
具体升级原因是,Spring DoS漏洞
具体什么是Spring DoS漏洞,可以从下面的文章看下
【安全警报】Spring DoS漏洞曝光!涉及所有版本,建议立即升级!
升级整了我好多天。把人都给整废了。很多的注解和旧的配置都要改动,哎那是真心的一个累。
话不多说。直接上代码
目录
1、替换spring-boot-starter-parent
一、 父版本升级
1、替换spring-boot-starter-parent
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.7.RELEASE</version>
<relativePath/>
</parent><parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.10</version>
<relativePath/>
</parent>2、移除
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.3.0.RELEASE</version><!--$NO-MVN-MAN-VER$-->
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
<version>1.3.0.RELEASE</version><!--$NO-MVN-MAN-VER$-->
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<version>7.0.59</version><!--$NO-MVN-MAN-VER$-->
<!--<scope>provided</scope>-->
</dependency>
这个jar下的 排除
spring-boot-starter
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>3、添加
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<!--其实这个可以去掉,不用新增,带改下升级即可,这里添加是代码改动有点多(不想改了)-->
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>2.0.1.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>6.0.14.Final</version>
<exclusions>
<exclusion>
<artifactId>validation-api</artifactId>
<groupId>javax.validation</groupId>
</exclusion>
</exclusions>
</dependency>注:swagger如果有更新,注解需要替换,具体参考如下
Swagger官网 :http://swagger.io/
Swagger官方文档:https://github.com/swagger-api/swagger-core/wiki/Annotations
话说回来,既然都已经升级这么多了 实话 替换成 Swagger直接替换成Springfox 相对更好些。(我是被这几天的升级搞得有点累,改不动了,就没改)
这里就不多多阐述了,有兴趣的同学可以了解下。
最后用
来解决冲突,排除掉冲突(爆红)的jar
二、代码改动
刚升级就遇到了很奇葩的东西。老版本的可能是支持这种,虽然写法有点那个,但是不影响。
但是升级之后就直接报出来了。大家尽量还是严谨遵守代码规范。
第一点:循环依赖
如果不想报错的话 ,yml中添加此配置即可-(循环依赖)
spring:
mvc:
pathmatch:
matching-strategy: ant_path_matcher
第二点:跨域问题。
@Bean
public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
/** 允许所有域名进行跨域调用 */
//config.addAllowedOrigin("*");//升级前
config.addAllowedOriginPattern("*");//升级后
/** 允许跨越发送cookie */
config.setAllowCredentials(true);
/** 放行全部原始头信息 */
config.addAllowedHeader("*");
/** 允许所有请求方法跨域调用 */
config.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}2.7.10版本升级对应的addAllowedOrigin已经升级为addAllowedOriginPattern。
第三点:监听的配置
// @Bean
// public InitParameterConfiguringServletContextInitializer initParamsInitializer() {
// Map<String, String> contextParams = new HashMap<>(10);
// contextParams.put("kissoConfigLocation", "classpath:sso.properties");
// return new InitParameterConfiguringServletContextInitializer(contextParams);
// }
升级后
@Bean
public ServletContextInitializer initializer() {
return servletContext -> servletContext.setInitParameter("kissoConfigLocation", "classpath:sso.properties");
}第四点:swagger的升级配置
@Bean
public Docket createRestApi() {
//添加head参数配置start
ParameterBuilder tokenPar = new ParameterBuilder();
List<Parameter> pars = new ArrayList<>();
tokenPar.name("Authorization")
.description("令牌")
.modelRef(new ModelRef("string"))
.parameterType("header")
.required(false).build();
return new Docket(DocumentationType.SWAGGER_2)
.apiInfo(apiInfo())
.select()
//加了ApiOperation注解的类,才生成接口文档
.apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
.paths(PathSelectors.any())
.build()
.securitySchemes(securitySchemes())
.globalOperationParameters(pars);//重点看:这里;
}第五点:启动类的改动
调整为 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
三、问题调整
1、启动报错,循环依赖
参考第二点的第一条。
2、启动正常,项目访问不了
springboot启动默认带有项目名称,yml中是有对应配置。这里配置了的话 就加上,未配置的话 就不需要加了
server:
port: 18083
servlet:
context-path: /test
3、启动正常,打包失败。
打包时提示:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:3.3.1:resources (default-resources) on project retailportalapi: filtering F:\IdeaProjects\retailportalapi\src\main\resources\doc\instructions\GAP测试报告 .doc to F:\IdeaProjects\retailportalapi\target\classes\doc\instructions\GAP测试报告 .doc failed with MalformedInputException: Input length = 1 -> [Help 1]
仔细看这个问题:提示这个问题打包的时候影响到了。
我这边是因为这个文件存在的格式问题,我直接给打包的时候忽略掉了。因为我这边前端以及其它地方用不到。
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>**/*.properties</exclude>
<exclude>doc/**</exclude>
<exclude>static/**</exclude>
</excludes>
</resource>如果你们有用到了,可以尝试修改这个文件的编码格式即可。
我的打包文件格式是这样的
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<fork>true</fork>
</configuration>
</plugin>
<!-- 跳过单元测试 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skipTests>true</skipTests>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
<configuration>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>ttf</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
</plugins>4、启动报错,module-info.class
Log4j:[2023-07-31 09:55:00] INFO HostConfig:911 - Deploying web application archive D:\tomcat\apache-tomcat-ECARD\webapps\retailportalapi.war
Log4j:[2023-07-31 09:55:13] ERROR ContextConfig:2005 - Unable to process Jar entry [META-INF/versions/11/module-info.class] from Jar [file:/D:/tomcat/apache-tomcat-ECARD/webapps/retailportalapi/WEB-INF/lib/HikariCP-4.0.3.jar] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 19
at org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:97)
at org.apache.tomcat.util.bcel.classfile.ConstantPool.<init>(ConstantPool.java:54)
at org.apache.tomcat.util.bcel.classfile.ClassParser.readConstantPool(ClassParser.java:174)
at org.apache.tomcat.util.bcel.classfile.ClassParser.parse(ClassParser.java:83)
at org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2053)
at org.apache.catalina.startup.ContextConfig.processAnnotationsJar(ContextConfig.java:1999)
at org.apache.catalina.startup.ContextConfig.processAnnotationsUrl(ContextConfig.java:1969)
at org.apache.catalina.startup.ContextConfig.processAnnotations(ContextConfig.java:1923)
at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1166)
at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:783)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:307)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5213)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:729)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:940)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1816)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Log4j:[2023-07-31 09:55:13] ERROR ContextConfig:2005 - Unable to process Jar entry [META-INF/versions/9/module-info.class] from Jar [file:/D:/tomcat/apache-tomcat-ECARD/webapps/retailportalapi/WEB-INF/lib/jackson-core-2.13.5.jar] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 19
at org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:97)
at org.apache.tomcat.util.bcel.classfile.ConstantPool.<init>(ConstantPool.java:54)
at org.apache.tomcat.util.bcel.classfile.ClassParser.readConstantPool(ClassParser.java:174)
at org.apache.tomcat.util.bcel.classfile.ClassParser.parse(ClassParser.java:83)
at org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2053)
at org.apache.catalina.startup.ContextConfig.processAnnotationsJar(ContextConfig.java:1999)
at org.apache.catalina.startup.ContextConfig.processAnnotationsUrl(ContextConfig.java:1969)
at org.apache.catalina.startup.ContextConfig.processAnnotations(ContextConfig.java:1923)
at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1166)
at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:783)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:307)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5213)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:729)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:940)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1816)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Log4j:[2023-07-31 09:55:14] ERROR ContextConfig:2005 - Unable to process Jar entry [module-info.class] from Jar [file:/D:/tomcat/apache-tomcat-ECARD/webapps/retailportalapi/WEB-INF/lib/txw2-2.3.8.jar] for annotations
org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 19解决方法
1、将项目tomcat版本升级至tomcat9,或者Tomcat升级到8.5以上也行,并且改项目集成日志方式 2、将项目部署方法改成jar包部署,使用springboot镜像
注:此报错其实也是可以避免 ,不影响启动的那种
修改Tomcat中conf文件夹中的catalina.properties文件
在这个属性上添加 启动中报错的jar包名称即可
tomcat.util.scan.StandardJarScanFilter.jarsToSkip
这些是我升级图中遇到的一些问题,还有一些小细节,没有写上来。有问题的同学可以下方留言。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
