From 1665fa2793618f8e4f1363ba40d8dccaca57801b Mon Sep 17 00:00:00 2001 From: RuoYi Date: Tue, 15 Aug 2023 12:24:16 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8D=87=E7=BA=A7fastjson=E5=88=B0=E6=9C=80?= =?UTF-8?q?=E6=96=B0=E7=89=882.0.39?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 2 +- .../java/com/ruoyi/common/core/constant/Constants.java | 5 +++++ .../redis/configure/FastJson2JsonRedisSerializer.java | 7 +++++-- .../com/ruoyi/common/security/service/TokenService.java | 5 +++++ 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 152f413f..cde7c6bd 100644 --- a/pom.xml +++ b/pom.xml @@ -30,7 +30,7 @@ 3.5.2 2.13.0 2.3 - 2.0.34 + 2.0.39 0.9.1 8.2.2 4.1.2 diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java index c7e1f34e..da271c42 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java @@ -117,6 +117,11 @@ public class Constants */ public static final String RESOURCE_PREFIX = "/profile"; + /** + * 自动识别json对象白名单配置(仅允许解析的包名,范围越小越安全) + */ + public static final String[] JSON_WHITELIST_STR = { "org.springframework", "com.ruoyi" }; + /** * 定时任务白名单配置(仅允许访问的包名,如其他需要可以自行添加) */ diff --git a/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/configure/FastJson2JsonRedisSerializer.java b/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/configure/FastJson2JsonRedisSerializer.java index 76fe2751..7450399b 100644 --- a/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/configure/FastJson2JsonRedisSerializer.java +++ b/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/configure/FastJson2JsonRedisSerializer.java @@ -6,6 +6,8 @@ import org.springframework.data.redis.serializer.SerializationException; import com.alibaba.fastjson2.JSON; import com.alibaba.fastjson2.JSONReader; import com.alibaba.fastjson2.JSONWriter; +import com.alibaba.fastjson2.filter.Filter; +import com.ruoyi.common.core.constant.Constants; /** * Redis使用FastJson序列化 @@ -16,8 +18,9 @@ public class FastJson2JsonRedisSerializer implements RedisSerializer { public static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8"); - private Class clazz; + static final Filter AUTO_TYPE_FILTER = JSONReader.autoTypeFilter(Constants.JSON_WHITELIST_STR); + private Class clazz; public FastJson2JsonRedisSerializer(Class clazz) { @@ -44,6 +47,6 @@ public class FastJson2JsonRedisSerializer implements RedisSerializer } String str = new String(bytes, DEFAULT_CHARSET); - return JSON.parseObject(str, clazz, JSONReader.Feature.SupportAutoType); + return JSON.parseObject(str, clazz, AUTO_TYPE_FILTER); } } diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/TokenService.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/TokenService.java index 139ee8b5..29717928 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/TokenService.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/TokenService.java @@ -4,6 +4,8 @@ import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; import javax.servlet.http.HttpServletRequest; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import com.ruoyi.common.core.constant.CacheConstants; @@ -25,6 +27,8 @@ import com.ruoyi.system.api.model.LoginUser; @Component public class TokenService { + private static final Logger log = LoggerFactory.getLogger(TokenService.class); + @Autowired private RedisService redisService; @@ -106,6 +110,7 @@ public class TokenService } catch (Exception e) { + log.error("获取用户信息异常'{}'", e.getMessage()); } return user; }