一个老的spring boot项目中使用到了shiro,存在安全漏洞,由于源码丢失,只好采用解压jar升级里面shiro的jar来解决了。但是升级以后遇到报错如下。
报错信息
Caused by: java.lang.NoClassDefFoundError: org/owasp/encoder/Encode
at org.apache.shiro.web.filter.PathMatchingFilter.pathsMatch(PathMatchingFilter.java:134) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:186) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) ~[shiro-web-1.5.3.jar!/:1.5.3]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) ~[shiro-core-1.5.3.jar!/:1.5.3]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) ~[shiro-core-1.5.3.jar!/:1.5.3]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) ~[shiro-core-1.5.3.jar!/:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) ~[shiro-web-1.5.3.jar!/:1.5.3]
… 59 more
原因分析
缺少OWASP Java Encoder 的jar导致。
解决办法
添加owasp的jar包即可。
下载地址:https://owasp.org/www-project-java-encoder/
我最终下载的jar的版本是:
https://repo1.maven.org/maven2/org/owasp/encoder/encoder/1.2.3/encoder-1.2.3.jar
增加这个jar以后就不会报错了。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)