? ? ? 本文介紹了由SpringBoot2升級到SpringBoot3.3.0升級方案，新版本的升級可以解決舊版本存在的部分漏洞問題。

一、jdk17下載安裝

1、下載

官網下載地址

Java Archive Downloads - Java SE 17

Jdk17下載后，可不設置系統變量java_home，僅在idea的指定項目中設置即可。

2、Jdk17項目環境設置

a).File-->Settings-->Build,Execution,Deployment-->Compiler-->Java Compiler

b).File-->Project Settings-->modules

source和Dependencies均設置為jdk17

c).File-->Plateform Settings-->SDKS

d).啟動類Edit Configuration-->Run/Debug Configurations

二、依賴升級

主要依賴升級和替換引入

Java17 && Spring3.3.0 && mybatis-plus3.5.6 && Spring Security6.3.0 && Swagger3 && jakarta??&&maven3.6

1、Java17依賴升級

<properties><java.version>17</java.version><mybatis-plus.version>3.5.6</mybatis-plus.version><flowable.version>7.0.0</flowable.version></properties>

<build><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-compiler-plugin</artifactId><version>3.1</version><configuration><source>${java.version}</source><target>${java.version}</target><encoding>${project.build.sourceEncoding}</encoding></configuration></plugin></plugins>
</build>

2、SpringBoot3.3.0依賴升級

<!-- SpringBoot的依賴配置-->
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-dependencies</artifactId><version>3.3.0</version><type>pom</type><scope>import</scope>
</dependency>

3、mybatis-plus3.5.6依賴升級

<dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>${mybatis-plus.version}</version><exclusions><exclusion><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId></exclusion></exclusions>
</dependency>
<dependency><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId><version>3.0.3</version>
</dependency>

<dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId>
</dependency>
<dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-core</artifactId><version>3.5.6</version><scope>compile</scope>
</dependency>

4、SpringSecurity6.3.0依賴升級

<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>6.3.0</version>
</dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId><version>6.3.0</version>
</dependency>

5、Swagger.3.0依賴升級

<dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>6.1.8</version>
</dependency>
<dependency><groupId>org.springdoc</groupId><artifactId>springdoc-openapi-starter-webmvc-ui</artifactId><version>2.3.0</version>
</dependency>
<dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId>
</dependency>

<!-- openAPI包，替換?Swagger 的?SpringFox -->
<dependency><groupId>org.springdoc</groupId><artifactId>springdoc-openapi-starter-webmvc-ui</artifactId><version>2.3.0</version>
</dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId>
</dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional>
</dependency>
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope>
</dependency>

6、jakarta包替換

<dependency><groupId>jakarta.annotation</groupId><artifactId>jakarta.annotation-api</artifactId>
</dependency>

7、其他

<dependency><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId>
</dependency>
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId>
</dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId>
</dependency>
<dependency><groupId>jakarta.validation</groupId><artifactId>jakarta.validation-api</artifactId>
</dependency>
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-lang3</artifactId>
</dependency><dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-annotations</artifactId>
</dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId>
</dependency>
<dependency><groupId>org.springframework</groupId><artifactId>spring-tx</artifactId>
</dependency>

版本查看：

?mvn -version

java -version

三、Swagger3.0升級(OpenAPI)

1、配置文件

OpenAPIConfig.java

package com.inspur.web.core.config;import io.swagger.v3.oas.models.ExternalDocumentation;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Info;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;/*** @author: Inspur* @datetime: 2024/3/26* @desc:*/
@Configuration
public class OpenAPIConfig {@Beanpublic OpenAPI openAPI() {return new OpenAPI().info(new Info().title("接口文檔標題").description("SpringBoot3 集成?Swagger3接口文檔").version("v1")).externalDocs(new ExternalDocumentation().description("項目API文檔").url("/"));}
}

2、使用示例

SwaggerController.java

import io.swagger.v3.oas.annotations.Hidden;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.web.bind.annotation.*;
/*** @author: zjl* @datetime: 2024/3/26* @desc:*/
@Tag(name = "控制器：測試Swagger3", description = "描述：測試Swagger3")
@RestController
public class SwaggerController {@Operation(summary = "測試Swagger3注解方法Get")@Parameters({@Parameter(name = "id",description = "編碼"),@Parameter(name = "headerValue",description = "header傳送內容")})@ApiResponses({@ApiResponse(responseCode = "200", description = "請求成功"),@ApiResponse(responseCode = "400", description = "請求參數沒填好"),@ApiResponse(responseCode = "401", description = "沒有權限"),@ApiResponse(responseCode = "403", description = "禁止訪問"),@ApiResponse(responseCode = "404", description = "請求路徑沒有或頁面跳轉路徑不對")})@GetMapping(value = "/swagger/student")public Object getStudent(@RequestParam @Parameter(example = "2") ?String id,@RequestHeader @Parameter(example = "2") String headerValue){return id;}@Operation(summary = "測試Swagger3注解方法Post")@ApiResponses({@ApiResponse(responseCode = "200", description = "請求成功"),@ApiResponse(responseCode = "400", description = "請求參數沒填好"),@ApiResponse(responseCode = "401", description = "沒有權限"),@ApiResponse(responseCode = "403", description = "禁止訪問"),@ApiResponse(responseCode = "404", description = "請求路徑沒有或頁面跳轉路徑不對")})@PostMapping(value = "/swagger/student", produces = "application/json")public SwaggerApiModel updateStudent(@RequestBody SwaggerApiModel model){return model;}/*** swagger 不暴漏該 api，通過@Hidden隱藏* 但是仍然可以訪問* @return*/@Hidden@GetMapping(value = "/swagger/hiddenApi")public String hiddenApi(){return "hiddenApi";}/*** swagger 暴漏該 api，沒有配置@Hidden會展示* @return*/@GetMapping(value = "/swagger/noHiddenApi")public String noHiddenApi(){return "noHiddenApi";}
}

3、swagger2和swagger3主要區別

四、SpringSecurity6

1、攔截器變化

?extends HandlerInterceptorAdapter

==>

implements HandlerInterceptor

自定義攔截器

implements WebMvcConfigurer

==>

extends WebMvcConfigurationSupport

跨域配置eg：ResourceConfig.java：

addAllowedOrigin ==>

addAllowedOriginPattern

@Configuration
public class ResourcesConfig implements WebMvcConfigurer
{@Bean
public CorsFilter corsFilter()
{// 設置訪問源地址
// config.addAllowedOrigin("*");config.addAllowedOriginPattern("*");}}

2、過濾器變化

antMatchers?==> requestMatchers

匹配地址時 “**”==> “*”

示例:

Spring2:

public class SecurityConfig extends WebSecurityConfigurerAdapter
{@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
{return super.authenticationManagerBean();
}@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{httpSecurity// CSRF禁用，因為不使用session.csrf().disable()// 認證失敗處理類.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()// 基于token，所以不需要session.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()// 過濾請求.authorizeRequests()// 對于登錄login 注冊register 驗證碼captchaImage 允許匿名訪問.antMatchers("/login","/loginApp", "/appLogin","/register", "/captchaImage","/factory/getPublicKey").anonymous().antMatchers(HttpMethod.GET,"/","/*.html","/**/*.html","/**/*.css","/**/*.js","/profile/**").permitAll().antMatchers("/common/download**").anonymous()// 除上面外的所有請求全部需要鑒權認證.anyRequest().authenticated().and().headers().frameOptions().disable();
httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 添加JWT filter
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// 添加CORS filter
httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception{auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());}
}/*** 強散列哈希加密實現*/
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder()
{return new BCryptPasswordEncoder();
}}

Spring3：

@Configuration
@EnableWebSecurity
@AllArgsConstructor
@EnableMethodSecurity
public class SecurityConfig
{@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {return authenticationConfiguration.getAuthenticationManager();
}@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {http// CSRF禁用，因為不使用session.csrf().disable()// 禁用HTTP響應標頭.headers().cacheControl().disable().and()// 認證失敗處理類.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()// 基于token，所以不需要session.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()// 過濾請求.authorizeRequests()// 對于登錄login 注冊register 驗證碼captchaImage 允許匿名訪問// ???????????????// 對于登錄login 注冊register 驗證碼captchaImage 允許匿名訪問.requestMatchers("/login","/loginApp", "/appLogin","/register", "/captchaImage","/factory/getPublicKey").anonymous().requestMatchers(HttpMethod.GET,"/","/*.html","/*/*.html","/*/*.css","/*/*.js","/profile/**").permitAll().requestMatchers("/common/download**").anonymous()// 除上面外的所有請求全部需要鑒權認證.anyRequest().authenticated().and().headers().frameOptions().disable();
// 添加Logout filter
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 添加JWT filter
http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// 添加CORS filter
http.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
http.addFilterBefore(corsFilter, LogoutFilter.class);}/*** 強散列哈希加密實現*/
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder()
{return new BCryptPasswordEncoder();
}}

五、Maven3.6

六、javax替換 Jakarta

批量替換：

javax.persistence.* ??-> jakarta.persistence.*

javax.validation.* ???-> jakarta.validation.*

javax.servlet.* ??????-> jakarta.servlet.*

javax.annotation.* ???-> jakarta.annotation.*

javax.transaction.* ??-> jakarta.transaction.*

import javax. ?==> ?import jakarta.

或者使用idea工具：Refactor==>Migrate

七、controller請求地址問題

對于GetMapping方法，@PathVariable(“roleId”)?需要注明變量名

public AjaxResult getInfo(@PathVariable Long roleId)

==>

public AjaxResult getInfo(@PathVariable("roleId") Long roleId)

八、配置文件修改

# swagger3spring:mvc:pathmatch:matching-strategy: ant_path_matcher# 升級后可能導致不支持Bean的注入依賴，可以在配置文件解決main:allow-circular-references:?true ?#允許循環依賴