!6 SpringBoot升级及安全隐患修改

Merge pull request !6 from Cambin/master

pom.xml

@@ -11,7 +11,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>1.5.10.RELEASE</version>
+		<version>2.0.0.RELEASE</version>
 	</parent>
 
 	<properties>
@@ -21,10 +21,10 @@
 		<mybatisplus.spring.boot.version>1.0.5</mybatisplus.spring.boot.version>
 		<mybatisplus.version>2.1.9</mybatisplus.version>
 		<mysql.version>5.1.38</mysql.version>
-		<druid.version>1.1.3</druid.version>
+		<druid.version>1.1.9</druid.version>
 		<quartz.version>2.3.0</quartz.version>
 		<commons.lang.version>2.6</commons.lang.version>
-		<commons.fileupload.version>1.3.1</commons.fileupload.version>
+		<commons.fileupload.version>1.2.2</commons.fileupload.version>
 		<commons.io.version>2.5</commons.io.version>
 		<commons.codec.version>1.10</commons.codec.version>
 		<commons.configuration.version>1.10</commons.configuration.version>
@@ -32,10 +32,11 @@
 		<jwt.version>0.7.0</jwt.version>
 		<kaptcha.version>0.0.9</kaptcha.version>
 		<qiniu.version>[7.2.0, 7.2.99]</qiniu.version>
-		<aliyun.oss.version>2.5.0</aliyun.oss.version>
+		<aliyun.oss.version>2.8.3</aliyun.oss.version>
 		<qcloud.cos.version>4.4</qcloud.cos.version>
-		<swagger.version>2.2.2</swagger.version>
+		<swagger.version>2.8.0</swagger.version>
 		<joda.time.version>2.9.9</joda.time.version>
+		<fastjson.version>1.2.45</fastjson.version>
 
 		<!--wagon plugin 配置-->
 		<service-path>/work/renren</service-path>
@@ -47,6 +48,11 @@
 
 	<dependencies>
 		<dependency>
+			<groupId>com.alibaba</groupId>
+			<artifactId>fastjson</artifactId>
+			<version>${fastjson.version}</version>
+		</dependency>
+		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>

src/main/java/io/renren/RenrenApplication.java

@@ -5,7 +5,8 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
 import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.support.SpringBootServletInitializer;
+
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Import;
 
 

src/main/java/io/renren/config/CorsConfig.java

@@ -2,10 +2,10 @@ package io.renren.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
-public class CorsConfig extends WebMvcConfigurerAdapter {
+public class CorsConfig implements WebMvcConfigurer {
 
     @Override
     public void addCorsMappings(CorsRegistry registry) {

src/main/java/io/renren/config/SwaggerConfig.java

@@ -4,7 +4,7 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import springfox.documentation.builders.ApiInfoBuilder;
 import springfox.documentation.builders.PathSelectors;
 import springfox.documentation.builders.RequestHandlerSelectors;
@@ -15,7 +15,7 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
 @Configuration
 @EnableSwagger2
-public class SwaggerConfig extends WebMvcConfigurerAdapter {
+public class SwaggerConfig implements WebMvcConfigurer {
 
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {

src/main/java/io/renren/modules/oss/cloud/QcloudCloudStorageService.java

@@ -17,12 +17,12 @@
 package io.renren.modules.oss.cloud;
 
 
+import com.alibaba.fastjson.JSONObject;
 import com.qcloud.cos.COSClient;
 import com.qcloud.cos.ClientConfig;
 import com.qcloud.cos.request.UploadFileRequest;
 import com.qcloud.cos.sign.Credentials;
 import io.renren.common.exception.RRException;
-import net.sf.json.JSONObject;
 import org.apache.commons.io.IOUtils;
 
 import java.io.IOException;
@@ -67,8 +67,8 @@ public class QcloudCloudStorageService extends CloudStorageService {
         UploadFileRequest request = new UploadFileRequest(config.getQcloudBucketName(), path, data);
         String response = client.uploadFile(request);
 
-        JSONObject jsonObject = JSONObject.fromObject(response);
-        if(jsonObject.getInt("code") != 0) {
+        JSONObject jsonObject = JSONObject.parseObject(response);
+        if(jsonObject.getInteger("code") != 0) {
             throw new RRException("文件上传失败，" + jsonObject.getString("message"));
         }
 

src/main/java/io/renren/modules/sys/entity/SysUserEntity.java

@@ -3,6 +3,7 @@ package io.renren.modules.sys.entity;
 import com.baomidou.mybatisplus.annotations.TableField;
 import com.baomidou.mybatisplus.annotations.TableId;
 import com.baomidou.mybatisplus.annotations.TableName;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import io.renren.common.validator.group.AddGroup;
 import io.renren.common.validator.group.UpdateGroup;
 import org.hibernate.validator.constraints.Email;
@@ -123,6 +124,7 @@ public class SysUserEntity implements Serializable {
 	 * 获取：密码
 	 * @return String
 	 */
+	@JsonIgnore
 	public String getPassword() {
 		return password;
 	}
@@ -207,6 +209,7 @@ public class SysUserEntity implements Serializable {
 		this.createUserId = createUserId;
 	}
 
+	@JsonIgnore
 	public String getSalt() {
 		return salt;
 	}

src/main/resources/application-dev.yml

@@ -4,12 +4,12 @@ spring:
         driverClassName: com.mysql.jdbc.Driver
         druid:
             first:  #数据源1
-                url: jdbc:mysql://localhost:3306/renren_fast?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8
-                username: renren
+                url: jdbc:mysql://192.168.0.100:3309/renren_fast?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8
+                username: root
                 password: 123456
             second:  #数据源2
-                url: jdbc:mysql://localhost:3306/renren_fast?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8
-                username: renren
+                url: jdbc:mysql://192.168.0.100:3309/renren_fast?allowMultiQueries=true&useUnicode=true&characterEncoding=UTF-8
+                username: root
                 password: 123456
             initial-size: 10
             max-active: 100

src/main/resources/application.yml

@@ -4,9 +4,10 @@ server:
         uri-encoding: UTF-8
         max-threads: 1000
         min-spare-threads: 30
-    port: 8080
+    port: 8082
     connection-timeout: 5000
-    context-path: /renren-fast
+    servlet:
+      context-path: /renren-fast
 
 spring:
     # 环境 dev|test|prod
@@ -18,6 +19,7 @@ spring:
         date-format: yyyy-MM-dd HH:mm:ss
     http:
         multipart:
+          servlet:
             max-file-size: 100MB
             max-request-size: 100MB
             enabled: true
@@ -26,13 +28,14 @@ spring:
         database: 0
         host: localhost
         port: 6379
-        password:       # 密码（默认为空）
+        password:   Nannan2017JK    # 密码（默认为空）
         timeout: 6000  # 连接超时时长（毫秒）
-        pool:
-            max-active: 1000  # 连接池最大连接数（使用负值表示没有限制）
-            max-wait: -1      # 连接池最大阻塞等待时间（使用负值表示没有限制）
-            max-idle: 10      # 连接池中的最大空闲连接
-            min-idle: 5       # 连接池中的最小空闲连接
+        jedis:
+          pool:
+              max-active: 1000  # 连接池最大连接数（使用负值表示没有限制）
+              max-wait: -1      # 连接池最大阻塞等待时间（使用负值表示没有限制）
+              max-idle: 10      # 连接池中的最大空闲连接
+              min-idle: 5       # 连接池中的最小空闲连接
 
 
 #mybatis
@@ -66,6 +69,10 @@ mybatis-plus:
     call-setters-on-nulls: true
 
 renren:
+    redis:
+      open: true
+    shiro:
+      redis: true
     # APP模块，是通过jwt认证的，如果要使用APP模块，则需要修改【加密秘钥】
     jwt:
         # 加密秘钥