简介
此次升级是为了解决旧版本的各种漏洞问题。
开发软件:IDEA2019
项目环境:java 8,springboot2.0.5
目标版本:java 8,springboot2.5.5
本文档前后变化对比,旧代码使用、// 等表示。
依赖升级
升级版本
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<!-- <version>2.0.5.RELEASE</version> -->
<version>2.5.5</version> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<!-- <spring-cloud.version>Finchley.RELEASE</spring-cloud.version> -->
<spring-cloud.version>2020.0.3</spring-cloud.version>
<skipTests>true</skipTests>
<easypoi.version>3.2.0</easypoi.version>
<!-- <tomcat.version>8.5.81</tomcat.version> -->
<tomcat.version>9.0.50</tomcat.version>
</properties>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<!-- <version>4.1.28.Final</version> -->
<version>4.1.6.Final</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<!-- <version>1.4.0</version> -->
<version>1.7.1</version>
</dependency>
新增
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<!-- Swagger 2 -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
代码调整
import变化
import org.apache.commons.lang.StringUtils;
改为
import org.apache.commons.lang3.StringUtils;
CollectionUtils变化
set.addAll(CollectionUtils.arrayToList(str.split(",")));
// set.addAll(CollectionUtils.arrayToList(str.split(",")));//2.0.5
验证变化
Length变为Size
//import org.hibernate.validator.constraints.Length;
import org.checkerframework.checker.units.qual.Length;
注解修改
//@Length(min = 1, max = 100, message = "发送对象不能为空")
@Size(min = 1, max = 100, message = "发送对象不能为空")
Shiro
提示ShiroFilterFactoryBean不存在
//@Bean
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean factory(SecurityManager securityManager) {
跨域问题
使用addAllowedOrigin导致跨域不成功,提示不允许使用*
// corsConfiguration.addAllowedOrigin("*");
//原本是addAllowedOrigin,改为addAllowedOriginPattern
corsConfiguration.addAllowedOriginPattern("*");
增加启动配置
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowCredentials(true).allowedOriginPatterns("*");
}
};
}
版本说明
spring-boot-starter-parent 2.2.5使用 Spring Framework 是哪个版本
链接:https://blog.csdn.net/java_zjn/article/details/108711513
springBoot 和 spring security 版本对应关系 (至2.3.12.RELEASE)
链接:https://blog.csdn.net/xhf852963/article/details/121494936
| Spring Boot | Spring Security | 是否受CVE-2022-22978影响 |
|---|---|---|
| 2.5.13 | 5.5.6 | 是 |
| 2.5.14 | 5.5.8 | 否(可用) |
| 2.6.5 | 5.6.2 | 是 |
| 2.6.7 | 5.6.3 | 是 |
| 2.6.8 | 5.6.5 | 否(可用) |