Home Explore Help
Register Sign In
yanghuangyu
/
fengyun
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

定时任务屏蔽rmi远程调用

RuoYi 3 years ago
parent
200106df39
commit
7ab14ff293
3 changed files with 18 additions and 3 deletions
Split View Show Diff Stats
  1. 5 0
      ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
  2. 12 2
      ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
  3. 1 1
      ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml

+ 5 - 0
ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
View File 

@@ -126,4 +126,9 @@ public class Constants
 
      * 资源映射路径 前缀

      */

     public static final String RESOURCE_PREFIX = "/profile";

+

+    /**

+     * RMI 远程方法调用

+     */

+    public static final String LOOKUP_RMI = "rmi://";

 }

+ 12 - 2
ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
View File 

@@ -13,12 +13,14 @@ import org.springframework.web.bind.annotation.RequestBody;
 
 import org.springframework.web.bind.annotation.RequestMapping;

 import org.springframework.web.bind.annotation.RestController;

 import com.ruoyi.common.annotation.Log;

+import com.ruoyi.common.constant.Constants;

 import com.ruoyi.common.core.controller.BaseController;

 import com.ruoyi.common.core.domain.AjaxResult;

 import com.ruoyi.common.core.page.TableDataInfo;

 import com.ruoyi.common.enums.BusinessType;

 import com.ruoyi.common.exception.job.TaskException;

 import com.ruoyi.common.utils.SecurityUtils;

+import com.ruoyi.common.utils.StringUtils;

 import com.ruoyi.common.utils.poi.ExcelUtil;

 import com.ruoyi.quartz.domain.SysJob;

 import com.ruoyi.quartz.service.ISysJobService;

@@ -81,7 +83,11 @@ public class SysJobController extends BaseController
 
     {

         if (!CronUtils.isValid(sysJob.getCronExpression()))

         {

-            return AjaxResult.error("cron表达式不正确");

+            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败,Cron表达式不正确");

+        }

+        else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))

+        {

+            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用");

         }

         sysJob.setCreateBy(SecurityUtils.getUsername());

         return toAjax(jobService.insertJob(sysJob));

@@ -97,7 +103,11 @@ public class SysJobController extends BaseController
 
     {

         if (!CronUtils.isValid(sysJob.getCronExpression()))

         {

-            return AjaxResult.error("cron表达式不正确");

+            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败,Cron表达式不正确");

+        }

+        else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))

+        {

+            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用");

         }

         sysJob.setUpdateBy(SecurityUtils.getUsername());

         return toAjax(jobService.updateJob(sysJob));

+ 1 - 1
ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
View File 

@@ -140,7 +140,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 
 	    </foreach>

 	</update>

 	 

-	 <update id="updateDeptStatusNormal" parameterType="Long">

+	<update id="updateDeptStatusNormal" parameterType="Long">

  	    update sys_dept set status = '0' where dept_id in 

  	    <foreach collection="array" item="deptId" open="(" separator="," close=")">

         	#{deptId}