一个老的spring boot项目中使用到了shiro,存在安全漏洞,由于源码丢失,只好采用解压jar升级里面shiro的jar来解决了。但是升级以后遇到报错如下。
报错信息Caused by: java.lang.NoClassDefFoundError: org/owasp/encoder/Encode at org.apache.shiro.web.filter.PathMatchingFilter.pathsMatch(PathMatchingFilter.java:134) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:186) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) ~[shiro-web-1.5.3.jar!/:1.5.3] at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) ~[shiro-core-1.5.3.jar!/:1.5.3] at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) ~[shiro-core-1.5.3.jar!/:1.5.3] at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) ~[shiro-core-1.5.3.jar!/:1.5.3] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) ~[shiro-web-1.5.3.jar!/:1.5.3] … 59 more
原因分析缺少OWASP Java Encoder 的jar导致。
解决办法添加owasp的jar包即可。 下载地址:https://owasp.org/www-project-java-encoder/
我最终下载的jar的版本是: https://repo1.maven.org/maven2/org/owasp/encoder/encoder/1.2.3/encoder-1.2.3.jar
增加这个jar以后就不会报错了。
