Bat*_*atu 10 java log4j log4j2 spring-boot
由于安全漏洞,我将 log4j 版本升级到 2.15.0。但在部署时,我在 Wildfly 服务器中收到“EMPTY_BYTE_ARRAY”错误。
Pom.xml:
<properties>
<java.version>1.8</java.version>
<log4j2.version>2.16.0</log4j2.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-rest</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Add Log4j2 Dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${log4j2.version}</version>
</dependency>
<!-- Add Log4j2 Async Dependency -->
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
<version>1.5.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
<version>1.0-b04</version>
</dependency>
<dependency>
<groupId>javax.xml.rpc</groupId>
<artifactId>javax.xml.rpc-api</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>wsdl4j</groupId>
<artifactId>wsdl4j</artifactId>
</dependency>
<dependency>
<groupId>org.modelmapper</groupId>
<artifactId>modelmapper</artifactId>
<version>2.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.12.0</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>com.lmax</groupId>
<artifactId>disruptor</artifactId>
<version>3.4.2</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>1.7</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.6</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.11</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
错误日志:
2021-12-14 15:45:52,957 错误 [org.jboss.msc.service.fail](ServerService 线程池 - 95)MSC000001:无法启动服务 jboss.deployment.unit。“lojistikteminatlitasimacilik-0.0.1-SNAPSHOT .war".undertow-部署:服务 jboss.deployment.unit 中的 org.jboss.msc.service.StartException。"lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war".undertow-部署:java.lang.NoSuchFieldError:EMPTY_BYTE_ARRAY
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
在 java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
在 java.util.concurrent.FutureTask.run(FutureTask.java:266)
在org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
在org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
在 org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
在 org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
在 java.lang.Thread.run(Thread.java:748)
在 org.jboss.threads.JBossThread.run(JBossThread.java:513)
引起原因:java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
在 org.apache.logging.log4j.core.config.ConfigurationSource.(ConfigurationSource.java:56)
在 org.apache.logging.log4j.core.config.NullConfiguration。(NullConfiguration.java:32)
在 org.apache.logging.log4j.core.LoggerContext.(LoggerContext.java:85)
在 org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.createContext(ClassLoaderContextSelector.java:254)
在 org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.locateContext(ClassLoaderContextSelector.java:218)
在 org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:140)
在 org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:123)
在 org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:230)
在 org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
在 org.apache.logging.log4j.LogManager.getContext(LogManager.java:174)
在 org.springframework.boot.logging.log4j2.Log4J2LoggingSystem.getLoggerContext(Log4J2LoggingSystem.java:264)
在org.springframework.boot.logging.log4j2.Log4J2LoggingSystem.beforeInitialize(Log4J2LoggingSystem.java:131)
在org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationStartingEvent(LoggingApplicationListener.java:220)
在 org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationEvent(LoggingApplicationListener.java:199)
在org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
在org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
在org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
在org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
在 org.springframework.boot.context.event.EventPublishingRunListener.starting(EventPublishingRunListener.java:69)
在 org.springframework.boot.SpringApplicationRunListeners.starting(SpringApplicationRunListeners.java:48)
在 org.springframework.boot.SpringApplication.run(SpringApplication.java:302)
在org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:157)
在org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:137)
在 org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:91)
在org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:171)
在 io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:204)
在 io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:187)
在 io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
在 io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
在 org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
在 io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:255)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:96)
在 org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
... 8 更多
2021-12-14 15:45:52,967 错误 [org.jboss.as.controller.management-operation](外部管理请求线程 -- 3)WFLYCTL0013:操作(“添加”)失败 - 地址:([(“部署”) " => "lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war")]) - 失败描述:{"WFLYCTL0080: 服务失败" => {"jboss.deployment.unit.\"lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war\ “.undertow-部署”=>“java.lang.NoSuchFieldError:EMPTY_BYTE_ARRAY
引起原因:java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY"}}
2021-12-14 15:45:52,968 错误 [org.jboss.as.server](外部管理请求线程 -- 3)WFLYSRV0021:部署“lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war”的部署已回滚以下失败消息:
{“WFLYCTL0080:失败的服务”=> {“jboss.deployment.unit。\”lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war\“.undertow-deployment”=>“java.lang.NoSuchFieldError:EMPTY_BYTE_ARRAY
引起原因:java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY"}}
Wildfly 使用 log4j-api 工件(可能是比 2.16.0 更旧的版本),log4j-api 和 log4j-core 之间的版本不匹配将导致问题。 有关如何将 log4j-core 合并到您的应用程序中的文档
有关更多信息,请检查:https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/
我必须做两件事才能让它发挥作用:
如果您还没有它,请创建 src/main/webapp/WEB-INF/jboss-deployment-struct.xml。里面添加
<jboss-deployment-structure>
<deployment>
<exclusions>
<module name="org.apache.logging.log4j.api"/>
</exclusions>
</deployment>
</jboss-deployment-structure>
就我而言,war 文件在 WEB-INF/lib 中仍然包含 2.11.0 和新的 2.16.0 版本。我打开战争并删除了2.11.0版本。
小智 1
能够通过切换到 JSONLayout 而不是 PatternLayout 来解决(而不是修复)。PatternLayout 在某些情况下似乎不起作用,即使使用它的默认构造函数......还没有弄清楚为什么。
| 归档时间: |
|
| 查看次数: |
12039 次 |
| 最近记录: |