fix: 升级springboot 版本为 2.7.10, 修复 CVE-2023-20860

opsli-api/pom.xml

@@ -43,9 +43,9 @@
             <groupId>com.github.xiaoymin</groupId>
             <artifactId>knife4j-spring-boot-starter</artifactId>
             <!--在引用时请在maven中央仓库搜索最新版本号-->
-            <version>2.0.5</version>
+            <version>${knife4j.version}</version>
         </dependency>
         <!-- ———————————————————— 集成SwaggerApi - 结束 ———————————————————— -->
 
     </dependencies>
-</project>
+</project>

opsli-base-support/opsli-core/pom.xml

@@ -120,8 +120,9 @@
 
         <!-- page-helper 分页 -->
         <dependency>
-            <groupId>com.github.pagehelper</groupId>
+            <groupId>org.opsliframework.boot</groupId>
-            <artifactId>pagehelper-spring-boot-starter</artifactId>
+            <artifactId>opsli-plugins-pagehelper</artifactId>
+            <version>${pagehelper.version}</version>
         </dependency>
 
         <!-- druid -->

opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/SwaggerConfig.java

@@ -21,10 +21,14 @@ import com.google.common.collect.Lists;
 import io.swagger.annotations.ApiOperation;
 import org.opsli.core.autoconfigure.properties.GlobalProperties;
 import org.opsli.core.utils.UserTokenUtil;
+import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
+import org.springframework.util.ReflectionUtils;
+import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping;
 import springfox.bean.validators.configuration.BeanValidatorPluginsConfiguration;
 import springfox.documentation.builders.ApiInfoBuilder;
 import springfox.documentation.builders.ParameterBuilder;
@@ -35,10 +39,14 @@ import springfox.documentation.service.*;
 import springfox.documentation.spi.DocumentationType;
 import springfox.documentation.spi.service.contexts.SecurityContext;
 import springfox.documentation.spring.web.plugins.Docket;
+import springfox.documentation.spring.web.plugins.WebFluxRequestHandlerProvider;
+import springfox.documentation.spring.web.plugins.WebMvcRequestHandlerProvider;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
 import javax.annotation.Resource;
+import java.lang.reflect.Field;
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * Swagger 配置类
@@ -151,4 +159,41 @@ public class SwaggerConfig {
         return new ApiKey(UserTokenUtil.TOKEN_NAME, UserTokenUtil.TOKEN_NAME, "header");
     }
 
+    /**
+     * 解决springboot2.6 和springfox不兼容问题
+     * @return
+     */
+    @Bean
+    public static BeanPostProcessor springfoxHandlerProviderBeanPostProcessor() {
+        return new BeanPostProcessor() {
+
+            @Override
+            public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
+                if (bean instanceof WebMvcRequestHandlerProvider || bean instanceof WebFluxRequestHandlerProvider) {
+                    customizeSpringfoxHandlerMappings(getHandlerMappings(bean));
+                }
+                return bean;
+            }
+
+            private <T extends RequestMappingInfoHandlerMapping> void customizeSpringfoxHandlerMappings(List<T> mappings) {
+                List<T> copy = mappings.stream()
+                        .filter(mapping -> mapping.getPatternParser() == null)
+                        .collect(Collectors.toList());
+                mappings.clear();
+                mappings.addAll(copy);
+            }
+
+            @SuppressWarnings("unchecked")
+            private List<RequestMappingInfoHandlerMapping> getHandlerMappings(Object bean) {
+                try {
+                    Field field = ReflectionUtils.findField(bean.getClass(), "handlerMappings");
+                    field.setAccessible(true);
+                    return (List<RequestMappingInfoHandlerMapping>) field.get(bean);
+                } catch (IllegalArgumentException | IllegalAccessException e) {
+                    throw new IllegalStateException(e);
+                }
+            }
+        };
+    }
+
 }

opsli-modulars/opsli-modulars-generator/src/main/java/org/opsli/modulars/generator/importable/service/MySQLDatabaseTableServiceImpl.java

@@ -24,6 +24,7 @@ import org.opsli.modulars.generator.importable.entity.DatabaseTable;
 import org.opsli.modulars.generator.importable.mapper.MySQLDatabaseTableMapper;
 import org.opsli.modulars.generator.table.service.IGenTableService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
@@ -50,6 +51,7 @@ public class MySQLDatabaseTableServiceImpl implements DatabaseTableService {
     @Autowired(required = false)
     private MySQLDatabaseTableMapper mapper;
 
+    @Lazy
     @Autowired
     private IGenTableService iGenTableService;
 

opsli-modulars/opsli-modulars-generator/src/main/java/org/opsli/modulars/generator/logs/service/impl/GenLogsServiceImpl.java

@@ -40,6 +40,7 @@ import org.opsli.modulars.generator.table.service.IGenTableService;
 import org.opsli.modulars.generator.table.wrapper.GenTableAndColumnModel;
 import org.opsli.modulars.generator.table.wrapper.GenTableModel;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -53,6 +54,7 @@ import java.util.List;
  * @author parker
  * @date 2020-09-16 17:34
  */
+@Lazy(false)
 @Service
 public class GenLogsServiceImpl extends CrudServiceImpl<GenLogsMapper, GenLogs, GenLogsModel>
         implements IGenLogsService {

opsli-modulars/opsli-modulars-generator/src/main/java/org/opsli/modulars/generator/table/service/impl/GenTableServiceImpl.java

@@ -37,6 +37,7 @@ import org.opsli.modulars.generator.table.service.IGenTableService;
 import org.opsli.modulars.generator.table.wrapper.GenTableAndColumnModel;
 import org.opsli.modulars.generator.table.wrapper.GenTableModel;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -57,9 +58,11 @@ public class GenTableServiceImpl extends CrudServiceImpl<GenTableMapper, GenTabl
     @Autowired(required = false)
     private GenTableMapper mapper;
 
+    @Lazy
     @Autowired
     private IGenTableColumnService iGenTableColumnService;
 
+    @Lazy
     @Autowired
     private IGenLogsService iGenLogsService;
 

opsli-plugins/opsli-plugins-pagehelper/pom.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>opsli-plugins</artifactId>
+        <groupId>org.opsliframework.boot</groupId>
+        <version>1.0.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <version>1.4.6</version>
+    <artifactId>opsli-plugins-pagehelper</artifactId>
+
+    <properties>
+        <pagehelper.version>5.3.2</pagehelper.version>
+        <mybatis-spring-boot.version>2.2.2</mybatis-spring-boot.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <scope>compile</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.github.pagehelper</groupId>
+            <artifactId>pagehelper</artifactId>
+            <version>${pagehelper.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-autoconfigure</artifactId>
+            <version>${mybatis-spring-boot.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+            <version>${mybatis-spring-boot.version}</version>
+        </dependency>
+
+        <!-- Compile dependencies -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-autoconfigure</artifactId>
+        </dependency>
+
+    </dependencies>
+
+</project>

opsli-plugins/opsli-plugins-pagehelper/src/main/java/org/opsli/plugins/pagehelper/PageHelperAutoConfiguration.java

@@ -0,0 +1,69 @@
+package org.opsli.plugins.pagehelper;
+
+import com.github.pagehelper.PageInterceptor;
+import org.apache.ibatis.plugin.Interceptor;
+import org.apache.ibatis.session.SqlSessionFactory;
+import org.mybatis.spring.boot.autoconfigure.MybatisAutoConfiguration;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Lazy;
+
+import java.util.List;
+
+/**
+ * 自定注入分页插件
+ *
+ * @author liuzh
+ */
+@Configuration
+@ConditionalOnBean(SqlSessionFactory.class)
+@EnableConfigurationProperties(PageHelperProperties.class)
+@AutoConfigureAfter(MybatisAutoConfiguration.class)
+@Lazy(false)
+public class PageHelperAutoConfiguration implements InitializingBean {
+
+    private final List<SqlSessionFactory> sqlSessionFactoryList;
+
+    private final PageHelperProperties properties;
+
+    public PageHelperAutoConfiguration(List<SqlSessionFactory> sqlSessionFactoryList, PageHelperProperties properties) {
+        this.sqlSessionFactoryList = sqlSessionFactoryList;
+        this.properties = properties;
+    }
+
+    @Override
+    public void afterPropertiesSet() {
+        // 关闭 Banner
+        String bannerFlag = Boolean.TRUE.equals(this.properties.getBanner())?"true":"false";
+        System.setProperty("pagehelper.banner", bannerFlag);
+
+        PageInterceptor interceptor = new PageInterceptor();
+        interceptor.setProperties(this.properties);
+        for (SqlSessionFactory sqlSessionFactory : sqlSessionFactoryList) {
+            org.apache.ibatis.session.Configuration configuration = sqlSessionFactory.getConfiguration();
+            if (!containsInterceptor(configuration, interceptor)) {
+                configuration.addInterceptor(interceptor);
+            }
+        }
+    }
+
+    /**
+     * 是否已经存在相同的拦截器
+     *
+     * @param configuration
+     * @param interceptor
+     * @return
+     */
+    private boolean containsInterceptor(org.apache.ibatis.session.Configuration configuration, Interceptor interceptor) {
+        try {
+            // getInterceptors since 3.2.2
+            return configuration.getInterceptors().contains(interceptor);
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+}

opsli-plugins/opsli-plugins-pagehelper/src/main/java/org/opsli/plugins/pagehelper/PageHelperProperties.java

@@ -0,0 +1,135 @@
+package org.opsli.plugins.pagehelper;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+import java.util.Properties;
+
+/**
+ * Configuration properties for PageHelper.
+ *
+ * @author liuzh
+ */
+@ConfigurationProperties(prefix = PageHelperProperties.PAGEHELPER_PREFIX)
+public class PageHelperProperties extends Properties {
+
+    public static final String PAGEHELPER_PREFIX = "pagehelper";
+
+    public Boolean getOffsetAsPageNum() {
+        return Boolean.valueOf(getProperty("offsetAsPageNum"));
+    }
+
+    public void setOffsetAsPageNum(Boolean offsetAsPageNum) {
+        setProperty("offsetAsPageNum", offsetAsPageNum.toString());
+    }
+
+    public Boolean getRowBoundsWithCount() {
+        return Boolean.valueOf(getProperty("rowBoundsWithCount"));
+    }
+
+    public void setRowBoundsWithCount(Boolean rowBoundsWithCount) {
+        setProperty("rowBoundsWithCount", rowBoundsWithCount.toString());
+    }
+
+    public Boolean getPageSizeZero() {
+        return Boolean.valueOf(getProperty("pageSizeZero"));
+    }
+
+    public void setPageSizeZero(Boolean pageSizeZero) {
+        setProperty("pageSizeZero", pageSizeZero.toString());
+    }
+
+    public Boolean getReasonable() {
+        return Boolean.valueOf(getProperty("reasonable"));
+    }
+
+    public void setReasonable(Boolean reasonable) {
+        setProperty("reasonable", reasonable.toString());
+    }
+
+    public Boolean getSupportMethodsArguments() {
+        return Boolean.valueOf(getProperty("supportMethodsArguments"));
+    }
+
+    public void setSupportMethodsArguments(Boolean supportMethodsArguments) {
+        setProperty("supportMethodsArguments", supportMethodsArguments.toString());
+    }
+
+    public String getDialect() {
+        return getProperty("dialect");
+    }
+
+    public void setDialect(String dialect) {
+        setProperty("dialect", dialect);
+    }
+
+    public String getHelperDialect() {
+        return getProperty("helperDialect");
+    }
+
+    public void setHelperDialect(String helperDialect) {
+        setProperty("helperDialect", helperDialect);
+    }
+
+    public Boolean getAutoRuntimeDialect() {
+        return Boolean.valueOf(getProperty("autoRuntimeDialect"));
+    }
+
+    public void setAutoRuntimeDialect(Boolean autoRuntimeDialect) {
+        setProperty("autoRuntimeDialect", autoRuntimeDialect.toString());
+    }
+
+    public Boolean getAutoDialect() {
+        return Boolean.valueOf(getProperty("autoDialect"));
+    }
+
+    public void setAutoDialect(Boolean autoDialect) {
+        setProperty("autoDialect", autoDialect.toString());
+    }
+
+    public Boolean getCloseConn() {
+        return Boolean.valueOf(getProperty("closeConn"));
+    }
+
+    public void setCloseConn(Boolean closeConn) {
+        setProperty("closeConn", closeConn.toString());
+    }
+
+    public String getParams() {
+        return getProperty("params");
+    }
+
+    public void setParams(String params) {
+        setProperty("params", params);
+    }
+
+    public Boolean getDefaultCount() {
+        return Boolean.valueOf(getProperty("defaultCount"));
+    }
+
+    public void setDefaultCount(Boolean defaultCount) {
+        setProperty("defaultCount", defaultCount.toString());
+    }
+
+    public String getDialectAlias() {
+        return getProperty("dialectAlias");
+    }
+
+    public void setDialectAlias(String dialectAlias) {
+        setProperty("dialectAlias", dialectAlias);
+    }
+
+    public String getAutoDialectClass() {
+        return getProperty("autoDialectClass");
+    }
+
+    public void setAutoDialectClass(String autoDialectClass) {
+        setProperty("autoDialectClass", autoDialectClass);
+    }
+
+    public Boolean getBanner() {
+        return Boolean.valueOf(getProperty("banner"));
+    }
+    public void setBanner(Boolean banner) {
+        setProperty("banner", banner.toString());
+    }
+}

opsli-plugins/opsli-plugins-pagehelper/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -0,0 +1,88 @@
+{
+  "groups": [
+    {
+      "name": "pagehelper",
+      "type": "org.opsli.plugins.pagehelper.PageHelperProperties",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    }
+  ],
+  "properties": [
+    {
+      "name": "pagehelper.banner",
+      "type": "java.lang.Boolean",
+      "defaultValue": false,
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.auto-dialect",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.auto-dialect-class",
+      "type": "java.lang.String",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.auto-runtime-dialect",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.close-conn",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.default-count",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.dialect",
+      "type": "java.lang.String",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.dialect-alias",
+      "type": "java.lang.String",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.helper-dialect",
+      "type": "java.lang.String",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.offset-as-page-num",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.page-size-zero",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.params",
+      "type": "java.lang.String",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.reasonable",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.row-bounds-with-count",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    },
+    {
+      "name": "pagehelper.support-methods-arguments",
+      "type": "java.lang.Boolean",
+      "sourceType": "org.opsli.plugins.pagehelper.PageHelperProperties"
+    }
+  ],
+  "hints": []
+}

opsli-plugins/opsli-plugins-pagehelper/src/main/resources/META-INF/spring.factories

@@ -0,0 +1,3 @@
+# Auto Configure
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+org.opsli.plugins.pagehelper.PageHelperAutoConfiguration

opsli-plugins/pom.xml

@@ -25,6 +25,7 @@
         <module>opsli-plugins-email</module>
         <module>opsli-plugins-sms</module>
         <module>opsli-plugins-security</module>
+        <module>opsli-plugins-pagehelper</module>
     </modules>
 
     <dependencyManagement>

opsli-starter/src/main/resources/application.yaml

@@ -36,8 +36,6 @@ spring:
       max-file-size: 10MB
       max-request-size: 10MB
   #静态资源
-  resources:
-    static-locations: classpath:/META-INF/resources/,classpath:/resources/, classpath:/static/, classpath:/public/,file:${opsli.web.upload-path}
   #json 时间戳统一转换
   jackson:
     date-format: yyyy-MM-dd HH:mm:ss
@@ -52,7 +50,13 @@ spring:
   #
   #main:
   #  allow-bean-definition-overriding: true
-
+  web:
+    resources:
+      static-locations: classpath:/META-INF/resources/,classpath:/resources/, classpath:/static/, classpath:/public/,file:${opsli.web.upload-path}
+  mvc:
+    #Spring Boot 2.6+后映射匹配的默认策略已从AntPathMatcher更改为PathPatternParser,需要手动指定为ant-path-matcher
+    pathmatch:
+      matching-strategy: ant_path_matcher
   # 缓存配置项
   cache:
     # 前缀

pom.xml

@@ -34,7 +34,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.5.6</version>
+        <version>2.7.10</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -59,12 +59,15 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>1.8</java.version>
-        <spring-boot.version>2.5.6</spring-boot.version>
+        <!-- 修复 CVE-2023-20860 -->
+        <spring-boot.version>2.7.10</spring-boot.version>
         <skipTests>true</skipTests>
 
         <fastjson.version>1.2.83</fastjson.version>
+        <mybatis.version>3.5.9</mybatis.version>
         <mybatis-plus.version>3.5.2</mybatis-plus.version>
-        <pagehelper.version>1.3.0</pagehelper.version>
+        <pagehelper.version>1.4.6</pagehelper.version>
+        <knife4j.version>3.0.3</knife4j.version>
 
         <jwt.version>3.10.3</jwt.version>
         <oshi.version>5.6.1</oshi.version>
@@ -169,19 +172,17 @@
             </dependency>
 
             <!-- mybatis-plus -->
+            <dependency>
+                <groupId>org.mybatis</groupId>
+                <artifactId>mybatis</artifactId>
+                <version>${mybatis.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.baomidou</groupId>
                 <artifactId>mybatis-plus-boot-starter</artifactId>
                 <version>${mybatis-plus.version}</version>
             </dependency>
 
-            <!-- page-helper 分页 -->
-            <dependency>
-                <groupId>com.github.pagehelper</groupId>
-                <artifactId>pagehelper-spring-boot-starter</artifactId>
-                <version>${pagehelper.version}</version>
-            </dependency>
-
             <!-- druid -->
             <dependency>
                 <groupId>com.alibaba</groupId>