若依升級spring boot3過程
一、為何要升級到spring boot3?
因為新發布的spring boot3本身就支持spring native了,意味著可以用更小的內存和更快的啟動速度,而更小的內存意味著服務器可以運行更多的項目,節約成本。所以第一步,先升級到spring boot3,不要再用之前舊的低于spring boot3版本的方式去實現spring native了。本文以若依前后端分離單體版為演示版本。
二、升級步驟
1、安裝jdk17
低版本jdk不支持,必須至少采用jdk17
https://download.oracle.com/java/17/latest/jdk-17_windows-x64_bin.exe
2、下載若依
https://github.com/yangzongzhuan/RuoYi-Vue-fast
3、導入項目,修改jdk
idea需用2022.2或更高版本
先修改pom文件spring boot版本,改為3.0.2
然后再導入
最后修改jdk版本,怎么修改jdk就不贅述了
4、javaee轉jakara
使用idea自帶的轉換功能
5、再次修改pom
這時候會有一些報錯,需要修改pom
fork配置注釋掉
<plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <configuration> <!-- <fork>true</fork> 如果沒有該配置,devtools不會生效 --> </configuration> </plugin>
缺失javax.xml.bing,則添加依賴
<dependency> <groupId>javax.xml.bind</groupId> <artifactId>jaxb-api</artifactId> <version>2.3.0</version> </dependency>
6、spring boot3對應的spring security6,需采用新的配置方式,
SecurityConfig.java文件改為以下,且路徑通配符**需改為*
package com.ruoyi.framework.config; import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter; import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl; import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.logout.LogoutFilter; import org.springframework.web.filter.CorsFilter; /** * spring security配置 * * @author ruoyi */ @EnableMethodSecurity(securedEnabled = true, jsr250Enabled = true) @Configuration public class SecurityConfig { /** * 自定義用戶認證邏輯 */ @Autowired private UserDetailsService userDetailsService; /** * 認證失敗處理類 */ @Autowired private AuthenticationEntryPointImpl unauthorizedHandler; /** * 退出處理類 */ @Autowired private LogoutSuccessHandlerImpl logoutSuccessHandler; /** * token認證過濾器 */ @Autowired private JwtAuthenticationTokenFilter authenticationTokenFilter; /** * 跨域過濾器 */ @Autowired private CorsFilter corsFilter; @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { return authenticationConfiguration.getAuthenticationManager(); } @Bean public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception { httpSecurity // CSRF禁用,因為不使用session .csrf().disable() // 禁用HTTP響應標頭 .headers().cacheControl().disable().and() // 認證失敗處理類 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // 基于token,所以不需要session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // 過濾請求 .authorizeRequests() // 對于登錄login 注冊register 驗證碼captchaImage 允許匿名訪問 .requestMatchers("/login", "/register", "/captchaImage").permitAll() // 靜態資源,可匿名訪問 .requestMatchers(HttpMethod.GET, "/", "/*.html", "/*/*.html", "/*/*.css", "/*/*.js", "/profile/*").permitAll() .requestMatchers("/swagger-ui.html", "/swagger-resources/*", "/webjars/*", "/*/api-docs", "/druid/*").permitAll() // 除上面外的所有請求全部需要鑒權認證 .anyRequest().authenticated() .and() .headers().frameOptions().disable(); // 添加Logout filter httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler); // 添加JWT filter httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); // 添加CORS filter httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class); httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class); return httpSecurity.build(); } /** * 強散列哈希加密實現 */ @Bean public BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder(); } /** * 身份認證接口 */ protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); } }
7、關閉com.alibaba.druid數據庫監聽功能
這玩意有安全隱患,漏掃會報告,感覺用處不大,而且啟動也報錯誤,application-druid.yml相關配置改為false即可
statViewServlet:
enabled: false
8、再次修改pom
此時可嘗試啟動,若啟動失敗,報mybatis相關錯誤,則需要將mybatis-spring-boot-starter升級到最新版本,默認版本不支持spring boot3
升級到
<dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>3.0.1</version> </dependency>
9、啟動
沒有意外的話就沒有意外了,可以啟動成功,然后下載前端項目,運行訪問后臺。
10、后續
spring native打包啟動項目。
11、項目地址
浙公網安備 33010602011771號