簡介
此次升級是爲了解決舊版本的各種漏洞問題。
開發軟件:IDEA2019
項目環境:java 8,springboot2.0.5
目標版本:java 8,springboot2.5.5
本文檔前後變化對比,舊代碼使用、// 等表示。
依賴升級
升級版本
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<!-- <version>2.0.5.RELEASE</version> -->
<version>2.5.5</version> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<!-- <spring-cloud.version>Finchley.RELEASE</spring-cloud.version> -->
<spring-cloud.version>2020.0.3</spring-cloud.version>
<skipTests>true</skipTests>
<easypoi.version>3.2.0</easypoi.version>
<!-- <tomcat.version>8.5.81</tomcat.version> -->
<tomcat.version>9.0.50</tomcat.version>
</properties>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-all</artifactId>
<!-- <version>4.1.28.Final</version> -->
<version>4.1.6.Final</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<!-- <version>1.4.0</version> -->
<version>1.7.1</version>
</dependency>
新增
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<!-- Swagger 2 -->
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
代碼調整
import變化
import org.apache.commons.lang.StringUtils;
改爲
import org.apache.commons.lang3.StringUtils;
CollectionUtils變化
set.addAll(CollectionUtils.arrayToList(str.split(",")));
// set.addAll(CollectionUtils.arrayToList(str.split(",")));//2.0.5
驗證變化
Length變爲Size
//import org.hibernate.validator.constraints.Length;
import org.checkerframework.checker.units.qual.Length;
註解修改
//@Length(min = 1, max = 100, message = "發送對象不能爲空")
@Size(min = 1, max = 100, message = "發送對象不能爲空")
Shiro
提示ShiroFilterFactoryBean不存在
//@Bean
@Bean(name = "shiroFilterFactoryBean")
public ShiroFilterFactoryBean factory(SecurityManager securityManager) {
跨域問題
使用addAllowedOrigin導致跨域不成功,提示不允許使用*
// corsConfiguration.addAllowedOrigin("*");
//原本是addAllowedOrigin,改爲addAllowedOriginPattern
corsConfiguration.addAllowedOriginPattern("*");
增加啓動配置
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowCredentials(true).allowedOriginPatterns("*");
}
};
}
版本說明
spring-boot-starter-parent 2.2.5使用 Spring Framework 是哪個版本
鏈接:https://blog.csdn.net/java_zjn/article/details/108711513
springBoot 和 spring security 版本對應關係 (至2.3.12.RELEASE)
鏈接:https://blog.csdn.net/xhf852963/article/details/121494936
| Spring Boot | Spring Security | 是否受CVE-2022-22978影響 |
|---|---|---|
| 2.5.13 | 5.5.6 | 是 |
| 2.5.14 | 5.5.8 | 否(可用) |
| 2.6.5 | 5.6.2 | 是 |
| 2.6.7 | 5.6.3 | 是 |
| 2.6.8 | 5.6.5 | 否(可用) |