打开项目里的 pom.xml
文件,就可以看到打开的 pom.xml
文件的左下角有一个 Dependency Analyzer
选项卡(如下图所示)
选择 “All Dependency as Tree
”,输入想要搜索的依赖名称,在下方可以看到依赖被引用的依赖,点击 Jump to Source
就可以看到具体的信息了
如果发现该依赖存在漏洞,则换个版本或使用其它的依赖
spring-cloud-netflix1.3.0.RELEASE 存在漏洞,jar包引入路径为:
Source/xxx.war/WEB-INF/lib/spring-cloud-netflix-eureka-client-1.3.0.RELEASE.jar
Source/xxx.war/WEB-INF/lib/spring-cloud-netflix-eureka-client-1.3.0.RELEASE.jar/META-INF/maven/org.springframework.cloud/spring-cloud-netflix-eureka-client/pom.xml
Source/xxx.war/WEB-INF/lib/spring-cloud-netflix-core-1.3.0.RELEASE.jar
Source/xxx.war/WEB-INF/lib/spring-cloud-netflix-core-1.3.0.RELEASE.jar/META-INF/maven/org.springframework.cloud/spring-cloud-netflix-core/pom.xml
由此,可以看出:如果在项目中确实有使用到这两个jar包的内容,则升级到推荐版本或是最新版本;如果没有使用到的话,可以exclusion排除jar包
microframework-parent
中引入,而 microframework-parent
是使用 parent
形式引入的(如下所示),需要exclusion它的话,必须将 parent
标签 改成 dependency
的形式,才能进行exclusion<parent>
<groupId>com.xxxx.xxx/groupId>
<artifactId>microframework-parent</artifactId>
<version>0.1.0.29</version>
</parent>
经过尝试后发现,必须写成如下形式,<dependencyManagement>
中进行定义 microframework-parent
(否则,idea右侧的maven Project 中展示的项目Dependencies会出现问题) ,在 <dependencies>
中进行实际的排除 (真实打包jar包中缺少-可以在左侧的External Libraries中观察到,运行报错)
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.xxxx.xxx</groupId>
<artifactId>microframework-parent</artifactId>
<version>0.1.0.29</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>com.xxxx.xxx</groupId>
<artifactId>microframework-parent</artifactId>
<version>0.1.0.29</version>
<exclusions>
<exclusion>
<groupId>org.spring.framework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka</artifactId>
<exclusion>
<exclusion>
</dependency>
</dependencies>
easyexcel3.1.1自带的poi和poi-ooxml是4.1.2版本的,排除这两个包,引入5.2.2版本的
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>easyexcel</artifactId>
<version>3.1.1</version>
<exclusions>
<exclusion>
<artifactId>poi</artifactId>
<groupId>org.apache.poi</groupId>
</exclusion>
<exclusion>
<artifactId>poi-ooxml</artifactId>
<groupId>org.apache.poi</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
<version>5.2.2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-ooxml</artifactId>
<version>5.2.2</version>
<scope>compile</scope>
</dependency>
然后就会出现如下所示的报错信息:
com.alibaba.excel.exception.ExcelAnalysisException:java.lang.NoSuchFieldError:Factory
at com.alibaba.excel.analysis.ExcelAnalyserImpl.<init>(ExcelAnalyserImpl.java:61)~[easyexcel-core-3.1.1.jar:?]
at com.alibaba.excel.ExcelReader.<init>(ExcelReader.java:27)~[easyexcel-core-3.1.1.jar:?]
at com.alibaba.excel.read.builder.ExcelReaderBuilder.build(ExcelReaderBuilder.java:202) ~[easyexcel-core-3.1.1.jar:?]
at com.alibaba.excel.read.builder.ExcelReaderBuilder.sheet(ExcelReaderBuilder.java:239)
[easyexcel-core-3.1.1.jar:?]
com.alibaba.excel.read.builder.ExcelReaderBuilder.sheet(ExcelReaderBuilder.java:227)
~[easyexcel-core-3.1.1.jar:?]
at com.xxxxxxxxxxxxxxxxxx.asfservice.xxxxxxxxxImpl.singTreat(xxxxxAsfServicexxxxxxImpl.java:108) ~[classes/:0.1.0.29]
at com.xxxx.xxx.service.impl.DefaultAbTreatservice.single(DefaultAbTreatservice.java:229) ~[xx-xx-x-1.2.1.0.jar:?]
at com.xxxx.xxx.service.impl.DefaultAbTreatservice.singleTreat(DefaultAbTreatservice.java:76) ~[xx-xx-x-1.2.1.0.jar:?]
at com.xxxx.xxx.service.impl.ThreadPoolAbMessageservice.sendExe(ThreadPoolAbMessageservice.java:86) ~[xx-xx-x-1.2.1.0.jar:?]
at com.xxxx.xxx.schedule.DefaultInstanceRunnable.run(DefaultInstanceRunnable.java:99) ~[xx-xx-x-1.2.1.0.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_191]
at java.util.concurrent.ThreadPoolExecutorsworker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_191]
at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_191]
Caused by:
java.lang.NoSuchFieldError:Factory
at org.apache.poi.xssf.model.StylesTable.readFrom(StylesTable.java:219)~[poi-ooxml-5.2.2.jar:5.2.2]
at org.apache.poi.xssf.model.StylesTable.<init>(StylesTable.java:159)~[poi-ooxml-5.2.2.jar:5.2.2]
at org.apache.poi.xssf.eventusermodel.XSSFReader.getstylesTable(XSSFReader.java:166)~[poi-ooxml-5.2.2.jar:5.2.2]
at com.alibaba.excel.analysis.v07.XlsxSaxAnalyser.setstylesTable(XlsxSaxAnalyser.java:149)~[easyexcel-core-3.1.1.jar:?]
at com.alibaba.excel.analysis.v07.XlsxSaxAnalyser.<init>(XlsxSaxAnalyser.java:106)~[easyexcel-core-3.1.1.jar:?]
at com.alibaba.excel.analysis.ExcelAnalyserImpl.choiceExcelExecutor(ExcelAnalyserImpl.java:103)~[easyexcel-core-3.1.1.jar:?]
at com.alibaba.excel.analysis.ExcelAnalyserImp.<init>(ExceLAnalyserImpl.java:55)~[easyexcel-core-3.1.1.jar:?]
... 12 more
原因:poi-ooxml-schemas 和 poi-ooxml-lite 冲突
poi-ooxml 5.2.2
版本里使用到了 poi-ooxml-lite 5.2.2
依赖5.0.0
版本起,原来的 poi-ooxml-schemas
改名为 poi-ooxml-lite
easyexcel 3.1.1
中使用到了 poi-ooxml-schemas
依赖maven clean时,遇到如下错误:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-clean-plugin:3.1.0:clean (default-compile) on project [项目名称]: Execution default-clean of goal org.apache.maven.plugins:maven-clean-plugin:3.1.0:cleanfailed: A required class was missing while executing org.apache.maven.plugins:3.1.0:clean:org/apache/maven/shared/utils/0s
[ERROR] --------------------------------------------------------------------------------
[ERROR] realm = plugin>org.apache.maven.plugins:maven-clean-plugin:3.1.0
[ERROR] strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy
[ERROR] urls[0] = file:/H:/Chandra/settings/maven/repository/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-compiler-plugin-3.1.0.jar
[ERROR] urls[1] = file:/H:/Chandra/settings/maven/repository/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
[ERROR] Number of foreign imports: 1
[ERROR] import: Entry[import from realm ClassRealm[maven.api, parent: null]]
[ERROR] ------------------------------------:org.apache.maven.plugins:3.1.0:clean:org/apache/maven/shared/utils/0s
解决步骤:
<plugins>
中插入:<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>3.0.0</version>
</plugin>
<!-- add log4j2 version start-->
<dependency>
<groupId>org.apache.loging.log4j</groupId>
<artifactId>log4j-1.2-api</artifactId>
<version>2.17.2</version>
<exclusions>
<exclusion>
<artifactId>log4j-api</artifactId>
<groupId>org.apache.loging.log4j</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.loging.log4j</groupId>
<artifactId>log4j-slf4j-impl</artifactId>
<version>2.17.2</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.loging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.17.2</version>
<exclusions>
<exclusion>
<artifactId>log4j-api</artifactId>
<groupId>org.apache.loging.log4j</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<artifactId>log4j-api</artifactId>
<groupId>org.apache.loging.log4j</groupId>
</dependency>
<!-- add log4j2 version end-->
<!--delete log4j -->
<denpendency>
<group>
</denpendency>