1.背景
snakeyaml:1.33被扫描出漏洞,需要升级版本;
升级版本后发现与spring-boot-nacos-starter依赖的snakeyaml不兼容;
java.lang.NoSuchMethodError: org.yaml.snakeyaml.constructor.Constructor: method <init>()V not found
参照网上的方法重写几个类以及无参构造函数,成功解决问题;
但是有个应用是依赖的jar包单独打包的,就导致无法载入自己重写的snakeyaml的类。
2.原始pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>xdd</artifactId>
<groupId>com.pcl.pero</groupId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<modelVersion>1.0.0</modelVersion>
<artifactId>pcl-pero</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.boot</groupId>
<artifactId>nacos-config-spring-boot-starter</artifactId>
<version>0.3.0-RC</version>
</dependency>
</dependencies>
<build>
<finalName>pcl-pero</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>copy</id>
<phase>package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<!--指定的依赖路径-->
<outputDirectory>
${project.build.directory}/lib
</outputDirectory>
<excludeGroupIds>
org.projectlombok
</excludeGroupIds>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifest>
<!--addClasspath表示需要加入到类构建路径-->
<addClasspath>true</addClasspath>
<!--classpathPrefix指定生成的Manifest文件中Class-Path依赖lib前面都加上路径,构建出lib/xx.jar-->
<classpathPrefix>lib/</classpathPrefix>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<layout>ZIP</layout>
<includes>
<include>
<groupId>${groupId}</groupId>
<artifactId>${artifactId}</artifactId>
</include>
</includes>
</configuration>
</plugin>
</plugins>
</build>
</project>
3.如何修复
主要思想就是自己打一个修改好代码的jar包,打包的时候再引用这个jar包
1.使用maven-dependency-plugin的unpack将重写的方法覆盖jar包里方法,并解压到${project.build.directory}/classes路径,后续可以注释掉
2.去${project.build.directory}/classes下打包新jar包,jar cvf snakeyaml-2.2.jar ./org
3.把新打包的jar包添加进来,参考https://www.cnblogs.com/wdgde/p/16541641.html
4.exclusion排除依赖
5.maven-jar-plugin配置manifestEntries,手动添加lib/snakeyaml-2.2.jar
4.修改后的pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>xdd</artifactId>
<groupId>com.pcl.pero</groupId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<modelVersion>1.0.0</modelVersion>
<artifactId>pcl-pero</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba.boot</groupId>
<artifactId>nacos-config-spring-boot-starter</artifactId>
<version>0.3.0-RC</version>
<exclusions>
<exclusion>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.2</version>
<scope>system</scope>
<systemPath>${project.basedir}/lib/snakeyaml-2.2.jar</systemPath>
</dependency>
</dependencies>
<build>
<finalName>pcl-pero</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>unpack</id>
<phase>generate-sources</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<overWrite>false</overWrite>
<outputDirectory>${project.build.directory}/classes</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
<execution>
<id>copy</id>
<phase>package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<!--指定的依赖路径-->
<outputDirectory>
${project.build.directory}/lib
</outputDirectory>
<excludeGroupIds>
org.projectlombok
</excludeGroupIds>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifest>
<!--addClasspath表示需要加入到类构建路径-->
<addClasspath>true</addClasspath>
<!--classpathPrefix指定生成的Manifest文件中Class-Path依赖lib前面都加上路径,构建出lib/xx.jar-->
<classpathPrefix>lib/</classpathPrefix>
</manifest>
<manifestEntries>
<Class-Path>lib/snakeyaml-2.2.jar</Class-Path>
</manifestEntries>
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<layout>ZIP</layout>
<includes>
<include>
<groupId>${groupId}</groupId>
<artifactId>${artifactId}</artifactId>
</include>
</includes>
</configuration>
</plugin>
</plugins>
</build>
</project>
标签:plugin,snakeyaml,boot,jar,二三,maven,org From: https://www.cnblogs.com/wdgde/p/18582481