背景介绍
前置依赖说明,
springboot
用的版本是2.x.x
版本 ,JDK用的是1.8
版本
某一天
springboot
应用被扫描出现以下漏洞
Spring Web UriComponentsBuilder URL解析不当漏洞(CVE-2024-22243)
原创2024年5月1日小于 1 分钟
前置依赖说明,
springboot
用的版本是2.x.x
版本 ,JDK用的是1.8
版本
某一天
springboot
应用被扫描出现以下漏洞
Spring Web UriComponentsBuilder URL解析不当漏洞(CVE-2024-22243)
有一天我很好奇为什么有些类没配置会自动加载,并生成容器实例,经查发现是
spring.factories
文件的作用
本文介绍Spingboot-spring.factories加载流程
的代码自动加载原理
SpringApplication.run(App.class, args)
Enumeration<URL> urls = classLoader != null ? classLoader.getResources("META-INF/spring.factories") : ClassLoader.getSystemResources("META-INF/spring.factories");
this.initializers = org.springframework.context.ApplicationContextInitializer.class
0 = "org.springframework.boot.context.ConfigurationWarningsApplicationContextInitializer"
1 = "org.springframework.boot.context.ContextIdApplicationContextInitializer"
2 = "org.springframework.boot.context.config.DelegatingApplicationContextInitializer"
3 = "org.springframework.boot.web.context.ServerPortInfoApplicationContextInitializer"
4 = "org.springframework.boot.autoconfigure.SharedMetadataReaderFactoryContextInitializer"
5 = "org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingListener"
this.listeners = org.springframework.context.ApplicationListener.class
0 = "org.springframework.boot.ClearCachesApplicationListener"
1 = "org.springframework.boot.builder.ParentContextCloserApplicationListener"
2 = "org.springframework.boot.context.FileEncodingApplicationListener"
3 = "org.springframework.boot.context.config.AnsiOutputApplicationListener"
4 = "org.springframework.boot.context.config.ConfigFileApplicationListener"
5 = "org.springframework.boot.context.config.DelegatingApplicationListener"
6 = "org.springframework.boot.context.logging.ClasspathLoggingApplicationListener"
7 = "org.springframework.boot.context.logging.LoggingApplicationListener"
8 = "org.springframework.boot.liquibase.LiquibaseServiceLocatorApplicationListener"
9 = "org.springframework.boot.autoconfigure.BackgroundPreinitializer"
SpringApplicationRunListener.class
SpringApplicationRunListeners listeners = getRunListeners(args);
org.springframework.boot.context.event.EventPublishingRunListener