Skip to content

Commit

Permalink
Shiro < 1.10.0 版本 存在安全漏洞
Browse files Browse the repository at this point in the history
  • Loading branch information
李鹏军 committed Aug 4, 2023
1 parent e83819a commit 051d962
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
5 changes: 2 additions & 3 deletions platform-api/src/main/java/com/platform/resolver/LoginUserHandlerMethodArgumentResolver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,15 @@ public boolean supportsParameter(MethodParameter parameter) {

@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer container,
NativeWebRequest request, WebDataBinderFactory factory) throws Exception {
NativeWebRequest request, WebDataBinderFactory factory) {
//获取用户ID
Object object = request.getAttribute(AuthorizationInterceptor.LOGIN_USER_KEY, RequestAttributes.SCOPE_REQUEST);
if (object == null) {
return null;
}

//获取用户信息
UserVo user = userService.queryObject((Long) object);

return user;
return userService.queryObject((Long) object);
}
}
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
<slf4j-version>1.7.19</slf4j-version>
<log4j-version>1.2.17</log4j-version>
<fastjson-version>1.2.83</fastjson-version>
<shiro-version>1.3.2</shiro-version>
<shiro-version>1.12.0</shiro-version>
<velocity-version>1.7</velocity-version>
<velocity-tools-version>2.0</velocity-tools-version>
<jstl-version>1.2</jstl-version>
Expand Down

0 comments on commit 051d962

Please sign in to comment.