Springboot版本升级

简介

此次升级是为了解决旧版本的各种漏洞问题。

开发软件:IDEA2019
项目环境:java 8,springboot2.0.5
目标版本:java 8,springboot2.5.5

本文档前后变化对比,旧代码使用、// 等表示。

依赖升级

升级版本

<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<!-- <version>2.0.5.RELEASE</version>  -->
		<version>2.5.5</version> <!-- lookup parent from repository -->
	</parent>

<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
		<java.version>1.8</java.version>
		<!-- <spring-cloud.version>Finchley.RELEASE</spring-cloud.version> -->
		<spring-cloud.version>2020.0.3</spring-cloud.version>
		<skipTests>true</skipTests>
		<easypoi.version>3.2.0</easypoi.version>
		<!-- <tomcat.version>8.5.81</tomcat.version> -->
		<tomcat.version>9.0.50</tomcat.version>
</properties>

      <dependency>
			<groupId>io.netty</groupId>
			<artifactId>netty-all</artifactId>
		<!-- 	<version>4.1.28.Final</version> -->
			<version>4.1.6.Final</version>
		</dependency>

      <dependency>
			<groupId>org.apache.shiro</groupId>
			<artifactId>shiro-spring-boot-web-starter</artifactId>
			<!-- <version>1.4.0</version> -->
			<version>1.7.1</version>
		</dependency>

新增

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-validation</artifactId>
		</dependency>
		<!-- Swagger 2 -->
		<dependency>
			<groupId>io.springfox</groupId>
			<artifactId>springfox-swagger2</artifactId>
			<version>2.9.2</version>
		</dependency>
		<dependency>
			<groupId>io.springfox</groupId>
			<artifactId>springfox-swagger-ui</artifactId>
			<version>2.9.2</version>
		</dependency>

代码调整

import变化

import org.apache.commons.lang.StringUtils;
改为
import org.apache.commons.lang3.StringUtils;

CollectionUtils变化

        set.addAll(CollectionUtils.arrayToList(str.split(",")));
//        set.addAll(CollectionUtils.arrayToList(str.split(",")));//2.0.5

验证变化

Length变为Size

//import org.hibernate.validator.constraints.Length;
import org.checkerframework.checker.units.qual.Length;

注解修改

    //@Length(min = 1, max = 100, message = "发送对象不能为空")
    @Size(min = 1, max = 100, message = "发送对象不能为空")

Shiro

提示ShiroFilterFactoryBean不存在

 //@Bean
    @Bean(name = "shiroFilterFactoryBean")
    public ShiroFilterFactoryBean factory(SecurityManager securityManager) {

跨域问题

使用addAllowedOrigin导致跨域不成功,提示不允许使用*

//        corsConfiguration.addAllowedOrigin("*");
        //原本是addAllowedOrigin,改为addAllowedOriginPattern
        corsConfiguration.addAllowedOriginPattern("*");

增加启动配置

  @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**").allowCredentials(true).allowedOriginPatterns("*");
            }
        };
    }

版本说明

spring-boot-starter-parent 2.2.5使用 Spring Framework 是哪个版本
链接:https://blog.csdn.net/java_zjn/article/details/108711513

springBoot 和 spring security 版本对应关系 (至2.3.12.RELEASE)
链接:https://blog.csdn.net/xhf852963/article/details/121494936

Spring Boot Spring Security 是否受CVE-2022-22978影响
2.5.13 5.5.6
2.5.14 5.5.8 否(可用)
2.6.5 5.6.2
2.6.7 5.6.3
2.6.8 5.6.5 否(可用)
posted @ 2024-04-25 21:01  心存善念  阅读(214)  评论(0编辑  收藏  举报