Some problems encountered in upgrading Struts2 to 2.5.30 and solutions

Enterprise 2023-06-25 09:44:43 views: null

1. Background

  1. Since Struts2 was exposed to a remote execution vulnerability, it needs to be upgraded to 2.5.30 to solve it
  2. The struts2-core version currently used by the program is 2.3.32, the spring version is 2.5.6, the commons-lang3 version is 3.1, and the jdk version is 1.6
  3. maven project management

Two, the solution

  1. Upgrade the Struts2-core package version, upgrade the jdk version, and upgrade the spring version
  2. Upgrade the Struts2-core package version, upgrade the jdk version

3. The solution process

  1. First, upgrade the version of the Struts2-core package in the pom file to 2.5.30 and perform a simple compilation to see any changes. As a result, the program reports an error actionContext.getParameters(). After the version upgrade, the object type has changed from Map to
    insert image description here
    insert image description here
    In order to avoid affecting the logic of subsequent programs, HttpParameters can obtain the map through the new version of the method toMap(), and call the new version of the HttpParameters.create().buildNoNestedWrapping() method when filling
         Map parmeters = actionContext.getParameters().toMap();
     actionContext.setParameters(HttpParameters.create(parmeters).buildNoNestedWrapping());
  2. After modifying the program, compile and pass, use jdk1.6 to start the program, and find that an error is reported Baidu and check the source code to find that jdk version 1.7 or above
      java.lang.UnsupportedClassVersionError: org/apache/lucene/store/Directory :
   Unsupported major.minor version 51.0
    insert image description here
  3. Upgrade the jdk version to 1.8, then the corresponding spring version also needs to be upgraded, otherwise an error will be reported, and the current jdk version of spring does not support annotations
        [org.springframework.context.annotation.ComponentScanBeanDefinitionParser]
     are only available on JDK 1.5 and higher
  4. Modify the spring-related version in the pom file to 4.3.29.RELEASE for compilation. The error reported this time is terrible. For example, spring-jdbc has changed a lot in the new version, many methods have been abandoned, and there are too many dao-level related programs in the program It cannot be modified in a short time, and the risk is too high, so by referring to the blog – link , add the org.springframework.core package in the src folder, and add a JdkVersion.java file to enable the annotation to identify jdk8, replacing the risks and troubles caused by upgrading the spring version .
  5. After adding the jdk8 compatible version configuration, start the program again and find an error
       Dispatcher initialization failed java.lang.RuntimeException:
   java.lang.reflect.InvocationTargetException
    The class address of the Struts filter in web.xml has changed and needs to be modified to remove the ng directory
    insert image description here
  6. After the modification, start the error again. Check that the error is related to the commons.lang3 package. Check through mavenTree and find that there is an obvious conflict. Check that the version of commons.lang3 in the Struts2-core package is 3.8.1
       com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
   File: ContainerImpl.javaMethod: constructLine: 425 - 
   com/opensymphony/xwork2/inject/ContainerImpl.java:425:-1Caused by:
   Caused by: java.lang.NoSuchMethodError:
   org.apache.commons.lang3.text.StrSubstitutor.setValueDelimiter(Ljava/lang/String;)Lorg/apache/commons/lang3/text/StrSubstitutor;
   at com.opensymphony.xwork2.config.providers.EnvsValueSubstitutor.<init>(EnvsValueSubstitutor.java:35)
  7. Modify the version of the pom file commons.lang3 to 3.8.1, compile and start again, and report an error ActionContext.getParameters()Ljava/util/Map; NoSuchMethodError, this getParameters() problem has been solved in step 1, and it should be an error reported during compilation Yes, then it means that this method does not come from the code I wrote. According to the error message, I found out that a referenced jar uses the old version of Struts2, and the getParameters() method is called. We are calling this during operation. There was a problem with the method, and then the corresponding jar package was modified
  8. There is no problem in starting jdk8 again, and the program can run normally

Three, to be resolved

  1. You can start and run the program locally, but I haven’t tried it online yet. There may still be some pitfalls from jdk1.6 to 1.8 that need to be resolved. For example, jvm has changed a lot in the version, and relevant parameter adjustments must be considered.

Guess you like

Origin blog.csdn.net/weixin_43288999/article/details/124328422
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com