解决axis commons-fileupload 漏洞解决

928255095 · 928255095 · commit 82f9a4ed2bda · 2018-12-23T14:28:22.000+08:00
diff --git a/java110-common/pom.xml b/java110-common/pom.xml
@@ -30,7 +30,7 @@
             <groupId>com.java110</groupId>
             <artifactId>java110-config</artifactId>
         </dependency>
-
+        <!--
         <dependency>
             <groupId>org.apache.axis</groupId>
             <artifactId>axis</artifactId>
@@ -48,6 +48,7 @@
             <groupId>wsdl4j</groupId>
             <artifactId>wsdl4j</artifactId>
         </dependency>
+        -->
 
         <dependency>
             <groupId>commons-httpclient</groupId>
diff --git a/java110-common/src/main/java/com/java110/common/util/WebServiceAxisClient.java b/java110-common/src/main/java/com/java110/common/util/WebServiceAxisClient.java
@@ -10,30 +10,13 @@
 import com.java110.common.constant.ResponseConstant;
 import com.java110.common.exception.BusinessException;
 import com.java110.common.log.LoggerEngine;
-import org.apache.axis.client.Call;
-import org.apache.axis.client.Service;
+//import org.apache.axis.client.Call;
+//import org.apache.axis.client.Service;
 
 
 public class WebServiceAxisClient extends LoggerEngine {
     public static void main(String[] args) {
-        String url = "http://135.192.70.67:9084/serviceAgent/http/FactorageManager_ForAgent?AppKey=2017082401";
-        String function = "queryOrderInfo";
 
-        String xml  = "<QueryOrderInfoRequest>\n" +
-                "\t<accNbr>18009706604</accNbr>\n" +
-                "\t<accNbrType>1</accNbrType> \n" +
-                "\t<areaCode>0971</areaCode>\n" +
-                "\t<channelId></channelId>\n" +
-                "\t<staffCode></staffCode> \t\n" +
-                "</QueryOrderInfoRequest>";
-
-        try {
-            Object retObj = WebServiceAxisClient.callWebService(url, function, new Object[]{xml});
-
-
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
     }
 
     /**
@@ -64,17 +47,17 @@ public static Object callWebService(String url, String function, Object[] obj,In
         try {
             logger.debug("-----------开始调用Web Service-----------");
             // 创建Service对象，Service对用用于创建Call对象
-            Service service = new Service();
-            // 创建Call对象，Call对象用于调用服务
-            Call call = (Call) service.createCall();
-            // 为Call对象设置WebService的url
-            call.setTargetEndpointAddress(new java.net.URL(url));
-            // 为Call对象设置调用的方法名
-            call.setOperationName(function);
-            // 设置等待时间
-            call.setTimeout(timeOut);
-            // 调用WebService的方法，并获得返回值
-            retObj = call.invoke(obj);
+//            Service service = new Service();
+//            // 创建Call对象，Call对象用于调用服务
+//            Call call = (Call) service.createCall();
+//            // 为Call对象设置WebService的url
+//            call.setTargetEndpointAddress(new java.net.URL(url));
+//            // 为Call对象设置调用的方法名
+//            call.setOperationName(function);
+//            // 设置等待时间
+//            call.setTimeout(timeOut);
+//            // 调用WebService的方法，并获得返回值
+//            retObj = call.invoke(obj);
             logger.debug("-----------调用Web Service正常结束-----------");
         } catch (Exception e) {
             logger.error("-----------调用Web Service异常,原因:{}", e);
diff --git a/pom.xml b/pom.xml
@@ -63,7 +63,7 @@
         <mysql.version>5.1.39</mysql.version>
         <commons-pool2.version>2.2</commons-pool2.version>
         <commons-collections.version>3.2.1</commons-collections.version>
-        <commons-fileupload.version>1.3.1</commons-fileupload.version>
+        <commons-fileupload.version>1.3.3</commons-fileupload.version>
         <commons-codec.version>1.6</commons-codec.version>
         <commons-logging.version>1.1.1</commons-logging.version>
         <commons-lang.version>2.5</commons-lang.version>
@@ -308,7 +308,7 @@
             </dependency>
 
 
-            <!-- https://mvnrepository.com/artifact/org.apache.axis2/axis2 -->
+            <!-- https://mvnrepository.com/artifact/org.apache.axis2/axis2
             <dependency>
                 <groupId>org.apache.axis</groupId>
                 <artifactId>axis</artifactId>
@@ -330,6 +330,7 @@
                 <artifactId>wsdl4j</artifactId>
                 <version>${axis.version}</version>
             </dependency>
+            -->
 
             <dependency>
                 <groupId>net.sf.ehcache</groupId>
