Song/xkrs_ms
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

定时任务屏蔽rmi远程调用

Browse Source
This commit is contained in:
RuoYi 2021-06-15 10:26:02 +08:00
parent 200106df39
commit 7ab14ff293
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
View File

@ -126,4 +126,9 @@ public class Constants
* 资源映射路径 前缀 * 资源映射路径 前缀
*/ */
public static final String RESOURCE_PREFIX = "/profile"; public static final String RESOURCE_PREFIX = "/profile";
/**
* RMI 远程方法调用
*/
public static final String LOOKUP_RMI = "rmi://";
} }

14
ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
View File

@ -13,12 +13,14 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import com.ruoyi.common.annotation.Log; import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.controller.BaseController; import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.exception.job.TaskException; import com.ruoyi.common.exception.job.TaskException;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.quartz.domain.SysJob; import com.ruoyi.quartz.domain.SysJob;
import com.ruoyi.quartz.service.ISysJobService; import com.ruoyi.quartz.service.ISysJobService;
@ -81,7 +83,11 @@ public class SysJobController extends BaseController
{ {
if (!CronUtils.isValid(sysJob.getCronExpression())) if (!CronUtils.isValid(sysJob.getCronExpression()))
{ {
return AjaxResult.error("cron表达式不正确"); return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败Cron表达式不正确");
}
else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
{
return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
} }
sysJob.setCreateBy(SecurityUtils.getUsername()); sysJob.setCreateBy(SecurityUtils.getUsername());
return toAjax(jobService.insertJob(sysJob)); return toAjax(jobService.insertJob(sysJob));
@ -97,7 +103,11 @@ public class SysJobController extends BaseController
{ {
if (!CronUtils.isValid(sysJob.getCronExpression())) if (!CronUtils.isValid(sysJob.getCronExpression()))
{ {
return AjaxResult.error("cron表达式不正确"); return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败Cron表达式不正确");
}
else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
{
return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
} }
sysJob.setUpdateBy(SecurityUtils.getUsername()); sysJob.setUpdateBy(SecurityUtils.getUsername());
return toAjax(jobService.updateJob(sysJob)); return toAjax(jobService.updateJob(sysJob));

2
ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
View File

@ -140,7 +140,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
</foreach> </foreach>
</update> </update>
<update id="updateDeptStatusNormal" parameterType="Long"> <update id="updateDeptStatusNormal" parameterType="Long">
update sys_dept set status = '0' where dept_id in update sys_dept set status = '0' where dept_id in
<foreach collection="array" item="deptId" open="(" separator="," close=")"> <foreach collection="array" item="deptId" open="(" separator="," close=")">
#{deptId} #{deptId}