本文介绍了由SpringBoot2升级到SpringBoot3.3.0升级方案,新版本的升级可以解决旧版本存在的部分漏洞问题。
一、jdk17下载安装
1、下载
官网下载地址
Java Archive Downloads - Java SE 17
Jdk17下载后,可不设置系统变量java_home,仅在idea的指定项目中设置即可。
2、Jdk17项目环境设置
a).File-->Settings-->Build,Execution,Deployment-->Compiler-->Java Compiler
b).File-->Project Settings-->modules
source和Dependencies均设置为jdk17
c).File-->Plateform Settings-->SDKS
d).启动类Edit Configuration-->Run/Debug Configurations
二、依赖升级
主要依赖升级和替换引入
Java17 && Spring3.3.0 && mybatis-plus3.5.6 && Spring Security6.3.0 && Swagger3 && jakarta &&maven3.6
1、Java17依赖升级
<properties><java.version>17</java.version><mybatis-plus.version>3.5.6</mybatis-plus.version><flowable.version>7.0.0</flowable.version></properties>
<build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.1</version><configuration><source>${java.version}</source><target>${java.version}</target><encoding>${project.build.sourceEncoding}</encoding></configuration></plugin></plugins></build>
2、SpringBoot3.3.0依赖升级
<!-- SpringBoot的依赖配置--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>3.3.0</version><type>pom</type><scope>import</scope></dependency>
3、mybatis-plus3.5.6依赖升级
<dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>${mybatis-plus.version}</version><exclusions><exclusion><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId></exclusion></exclusions></dependency><dependency><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId><version>3.0.3</version></dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId></dependency><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-core</artifactId><version>3.5.6</version><scope>compile</scope></dependency>
4、SpringSecurity6.3.0依赖升级
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>6.3.0</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId><version>6.3.0</version></dependency>
5、Swagger.3.0依赖升级
<dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>6.1.8</version></dependency><dependency><groupId>org.springdoc</groupId><artifactId>springdoc-openapi-starter-webmvc-ui</artifactId><version>2.3.0</version></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency>
<!-- openAPI包,替换 Swagger 的 SpringFox --><dependency><groupId>org.springdoc</groupId><artifactId>springdoc-openapi-starter-webmvc-ui</artifactId><version>2.3.0</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency>
6、jakarta包替换
<dependency><groupId>jakarta.annotation</groupId><artifactId>jakarta.annotation-api</artifactId></dependency>
7、其他
<dependency><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId></dependency><dependency><groupId>jakarta.validation</groupId><artifactId>jakarta.validation-api</artifactId></dependency><dependency><groupId>org.apache.commons</groupId><artifactId>commons-lang3</artifactId></dependency><dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-annotations</artifactId></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId></dependency>
版本查看:
mvn -version
java -version
三、Swagger3.0升级(OpenAPI)
1、配置文件
OpenAPIConfig.java
package com.inspur.web.core.config;import io.swagger.v3.oas.models.ExternalDocumentation;import io.swagger.v3.oas.models.OpenAPI;import io.swagger.v3.oas.models.info.Info;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;/*** @author: Inspur* @datetime: 2024/3/26* @desc:*/@Configurationpublic class OpenAPIConfig {@Beanpublic OpenAPI openAPI() {return new OpenAPI().info(new Info().title("接口文档标题").description("SpringBoot3 集成 Swagger3接口文档").version("v1")).externalDocs(new ExternalDocumentation().description("项目API文档").url("/"));}}
2、使用示例
SwaggerController.java
import io.swagger.v3.oas.annotations.Hidden;import io.swagger.v3.oas.annotations.Operation;import io.swagger.v3.oas.annotations.Parameter;import io.swagger.v3.oas.annotations.Parameters;import io.swagger.v3.oas.annotations.responses.ApiResponse;import io.swagger.v3.oas.annotations.responses.ApiResponses;import io.swagger.v3.oas.annotations.tags.Tag;import org.springframework.web.bind.annotation.*;/*** @author: zjl* @datetime: 2024/3/26* @desc:*/@Tag(name = "控制器:测试Swagger3", description = "描述:测试Swagger3")@RestControllerpublic class SwaggerController {@Operation(summary = "测试Swagger3注解方法Get")@Parameters({@Parameter(name = "id",description = "编码"),@Parameter(name = "headerValue",description = "header传送内容")})@ApiResponses({@ApiResponse(responseCode = "200", description = "请求成功"),@ApiResponse(responseCode = "400", description = "请求参数没填好"),@ApiResponse(responseCode = "401", description = "没有权限"),@ApiResponse(responseCode = "403", description = "禁止访问"),@ApiResponse(responseCode = "404", description = "请求路径没有或页面跳转路径不对")})@GetMapping(value = "/swagger/student")public Object getStudent(@RequestParam @Parameter(example = "2") String id,@RequestHeader @Parameter(example = "2") String headerValue){return id;}@Operation(summary = "测试Swagger3注解方法Post")@ApiResponses({@ApiResponse(responseCode = "200", description = "请求成功"),@ApiResponse(responseCode = "400", description = "请求参数没填好"),@ApiResponse(responseCode = "401", description = "没有权限"),@ApiResponse(responseCode = "403", description = "禁止访问"),@ApiResponse(responseCode = "404", description = "请求路径没有或页面跳转路径不对")})@PostMapping(value = "/swagger/student", produces = "application/json")public SwaggerApiModel updateStudent(@RequestBody SwaggerApiModel model){return model;}/*** swagger 不暴漏该 api,通过@Hidden隐藏* 但是仍然可以访问* @return*/@Hidden@GetMapping(value = "/swagger/hiddenApi")public String hiddenApi(){return "hiddenApi";}/*** swagger 暴漏该 api,没有配置@Hidden会展示* @return*/@GetMapping(value = "/swagger/noHiddenApi")public String noHiddenApi(){return "noHiddenApi";}}
3、swagger2和swagger3主要区别
四、SpringSecurity6
1、拦截器变化
extends HandlerInterceptorAdapter
==>
implements HandlerInterceptor
自定义拦截器
implements WebMvcConfigurer
==>
extends WebMvcConfigurationSupport
跨域配置eg:ResourceConfig.java:
addAllowedOrigin ==>
addAllowedOriginPattern
@Configurationpublic class ResourcesConfig implements WebMvcConfigurer{@Beanpublic CorsFilter corsFilter(){// 设置访问源地址// config.addAllowedOrigin("*");config.addAllowedOriginPattern("*");}}
2、过滤器变化
antMatchers ==> requestMatchers
匹配地址时 “*”==> “”
示例:
Spring2:
public class SecurityConfig extends WebSecurityConfigurerAdapter{@Bean@Overridepublic AuthenticationManager authenticationManagerBean() throws Exception{return super.authenticationManagerBean();}@Overrideprotected void configure(HttpSecurity httpSecurity) throws Exception{httpSecurity// CSRF禁用,因为不使用session.csrf().disable()// 认证失败处理类.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()// 基于token,所以不需要session.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()// 过滤请求.authorizeRequests()// 对于登录login 注册register 验证码captchaImage 允许匿名访问.antMatchers("/login","/loginApp", "/appLogin","/register", "/captchaImage","/factory/getPublicKey").anonymous().antMatchers(HttpMethod.GET,"/","/*.html","/**/*.html","/**/*.css","/**/*.js","/profile/**").permitAll().antMatchers("/common/download**").anonymous()// 除上面外的所有请求全部需要鉴权认证.anyRequest().authenticated().and().headers().frameOptions().disable();httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);// 添加JWT filterhttpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);// 添加CORS filterhttpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception{auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());}}/*** 强散列哈希加密实现*/@Beanpublic BCryptPasswordEncoder bCryptPasswordEncoder(){return new BCryptPasswordEncoder();}}
Spring3:
@Configuration@EnableWebSecurity@AllArgsConstructor@EnableMethodSecuritypublic class SecurityConfig{@Beanpublic AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {return authenticationConfiguration.getAuthenticationManager();}@Beanpublic SecurityFilterChain filterChain(HttpSecurity http) throws Exception {http// CSRF禁用,因为不使用session.csrf().disable()// 禁用HTTP响应标头.headers().cacheControl().disable().and()// 认证失败处理类.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()// 基于token,所以不需要session.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()// 过滤请求.authorizeRequests()// 对于登录login 注册register 验证码captchaImage 允许匿名访问// // 对于登录login 注册register 验证码captchaImage 允许匿名访问.requestMatchers("/login","/loginApp", "/appLogin","/register", "/captchaImage","/factory/getPublicKey").anonymous().requestMatchers(HttpMethod.GET,"/","/*.html","/*/*.html","/*/*.css","/*/*.js","/profile/**").permitAll().requestMatchers("/common/download**").anonymous()// 除上面外的所有请求全部需要鉴权认证.anyRequest().authenticated().and().headers().frameOptions().disable();// 添加Logout filterhttp.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);// 添加JWT filterhttp.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);// 添加CORS filterhttp.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);http.addFilterBefore(corsFilter, LogoutFilter.class);}/*** 强散列哈希加密实现*/@Beanpublic BCryptPasswordEncoder bCryptPasswordEncoder(){return new BCryptPasswordEncoder();}}
五、Maven3.6
六、javax替换 Jakarta
批量替换:
javax.persistence.* -> jakarta.persistence.*
javax.validation.* -> jakarta.validation.*
javax.servlet.* -> jakarta.servlet.*
javax.annotation.* -> jakarta.annotation.*
javax.transaction.* -> jakarta.transaction.*
import javax. ==> import jakarta.
或者使用idea工具:Refactor==>Migrate
七、controller请求地址问题
对于GetMapping方法,@PathVariable(“roleId”) 需要注明变量名
public AjaxResult getInfo(@PathVariable Long roleId)
==>
public AjaxResult getInfo(@PathVariable("roleId") Long roleId)
八、配置文件修改
# swagger3spring:mvc:pathmatch:matching-strategy: ant_path_matcher# 升级后可能导致不支持Bean的注入依赖,可以在配置文件解决main:allow-circular-references: true #允许循环依赖
本文转载自: https://blog.csdn.net/xingyuemengjin/article/details/140389165
版权归原作者 曼曼青青草 所有, 如有侵权,请联系我们删除。
版权归原作者 曼曼青青草 所有, 如有侵权,请联系我们删除。