简介

这是个简单的教务系统网站,并且结合了图书订购功能,希望这个小DEMO能对大家学习有帮助

使用技术

IoC容器:spring

web框架:springmvc

orm框架:mybatis

安全框架:shiro

数据源:dbcp2

日志: sl4j

Json: Gson

前端框架:Bootstrap

起步:

1.初始化项目

1)下载Mysql,创建一个数据库名字为giit,导入create.sql与populate.sql,直接运行其中sql即可

2)下载Tomcat

3)使用Intellij Idea导入项目,之后配置项目启动方式,使用刚才下载好的Tomcat

4)运行

使用简介:

1.权限介绍:

根据导入的populate.sql,运行网站初始时会存在四个权限角色:

1).管理员,账号为admin

2).学生,账号为student

3).教师,账号为teache

4).供应商,账号为supplier

密码均为123456

功能介绍:

1.基本信息功能:

其中可以设置一些基本的学校信息,也就是数据库中的实体-关系,之后就可以基于这些基本的关系信息进行更加复杂的功能,例如选课后可以记录多少学生选择了这门课程,只会教师提交图书后计算图书总数可以通过其中的关系得到

1)系部信息

2)专业信息

3)班级信息

4)课程信息

5)学生管理

2.图书管理功能:

1)教师上传图书

2)秘书审批图书

3)查看已审核图书

数据库表结构:

Dependency org.apache.shiro:shiro-web, leading to CVE problem

Hi, In javaee-tutorial，there is a dependency org.apache.shiro:shiro-web:1.2.4 that calls the risk method.

CVE-2020-11989

The scope of this CVE affected version is [,1.5.3)

After further analysis, in this project, the main Api called is <org.apache.shiro.web.util.WebUtils: java.lang.String getPathWithinApplication(javax.servlet.http.HttpServletRequest)>

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 3

<org.apache.shiro.web.util.WebUtils: java.lang.String getPathWithinApplication(javax.servlet.http.HttpServletRequest)>
at <com.giit.www.filter.FormLoginFilter: boolean isLoginRequest(javax.servlet.http.HttpServletRequest)> (com.giit.www.filter.FormLoginFilter.java:[60]) in /detect/unzip/javaee-tutorial-master/target/classes
at <com.giit.www.filter.FormLoginFilter: boolean onPreHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)> (com.giit.www.filter.FormLoginFilter.java:[26]) in /detect/unzip/javaee-tutorial-master/target/classes

Dependency tree--

[INFO] core:com.giit.www.orderbook:war:1.0-SNAPSHOT
[INFO] +- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO] +- org.apache.shiro:shiro-core:jar:1.4.2:compile
[INFO] |  +- org.apache.shiro:shiro-lang:jar:1.4.2:compile
[INFO] |  +- org.apache.shiro:shiro-cache:jar:1.4.2:compile
[INFO] |  +- org.apache.shiro:shiro-crypto-hash:jar:1.4.2:compile
[INFO] |  |  \- org.apache.shiro:shiro-crypto-core:jar:1.4.2:compile
[INFO] |  +- org.apache.shiro:shiro-crypto-cipher:jar:1.4.2:compile
[INFO] |  +- org.apache.shiro:shiro-config-core:jar:1.4.2:compile
[INFO] |  +- org.apache.shiro:shiro-config-ogdl:jar:1.4.2:compile
[INFO] |  |  \- commons-beanutils:commons-beanutils:jar:1.9.3:compile
[INFO] |  |     \- commons-collections:commons-collections:jar:3.2.2:compile
[INFO] |  \- org.apache.shiro:shiro-event:jar:1.4.2:compile
[INFO] +- org.apache.shiro:shiro-web:jar:1.2.4:compile
[INFO] +- org.apache.shiro:shiro-quartz:jar:1.2.4:compile
[INFO] |  \- org.opensymphony.quartz:quartz:jar:1.6.1:compile
[INFO] +- org.apache.shiro:shiro-spring:jar:1.2.4:compile
[INFO] +- org.apache.shiro:shiro-aspectj:jar:1.2.4:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.38:compile
[INFO] +- org.aspectj:aspectjrt:jar:1.8.8:compile
[INFO] +- org.aspectj:aspectjweaver:jar:1.8.8:compile
[INFO] |  \- org.springframework:spring-core:jar:4.2.4.RELEASE:compile
[INFO] +- org.springframework:spring-context-support:jar:4.2.4.RELEASE:compile
[INFO] |  +- org.springframework:spring-beans:jar:4.2.4.RELEASE:compile
[INFO] |  \- org.springframework:spring-context:jar:4.2.4.RELEASE:compile
[INFO] |     \- org.springframework:spring-aop:jar:4.2.4.RELEASE:compile
[INFO] |        \- aopalliance:aopalliance:jar:1.0:compile
[INFO] +- org.springframework:spring-jdbc:jar:4.2.4.RELEASE:compile
[INFO] +- org.springframework:spring-tx:jar:4.2.4.RELEASE:compile
[INFO] +- org.springframework:spring-webmvc:jar:4.2.4.RELEASE:compile
[INFO] |  +- org.springframework:spring-expression:jar:4.2.4.RELEASE:compile
[INFO] |  \- org.springframework:spring-web:jar:4.2.4.RELEASE:compile
[INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
[INFO] +- javax.servlet.jsp:jsp-api:jar:2.2:compile
[INFO] +- javax.servlet:jstl:jar:1.2:compile
[INFO] +- org.mybatis:mybatis-spring:jar:1.2.4:compile
[INFO] +- org.mybatis:mybatis:jar:3.3.1:compile
[INFO] +- cglib:cglib:jar:3.2.0:compile
[INFO] |  +- org.ow2.asm:asm:jar:5.0.3:compile
[INFO] |  \- org.apache.ant:ant:jar:1.9.4:compile
[INFO] |     \- org.apache.ant:ant-launcher:jar:1.9.4:compile
[INFO] +- commons-logging:commons-logging:jar:1.2:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.14:compile
[INFO] +- log4j:log4j:jar:1.2.17:compile
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.3:compile
[INFO] |  \- org.apache.logging.log4j:log4j-api:jar:2.3:compile
[INFO] +- org.slf4j:slf4j-log4j12:jar:1.7.14:compile
[INFO] +- ognl:ognl:jar:3.1.2:compile
[INFO] |  \- javassist:javassist:jar:3.11.0.GA:compile
[INFO] +- org.javassist:javassist:jar:3.20.0-GA:compile
[INFO] +- org.apache.commons:commons-pool2:jar:2.3:compile
[INFO] +- org.apache.commons:commons-dbcp2:jar:2.1:compile
[INFO] +- com.google.code.gson:gson:jar:2.6:compile
[INFO] \- commons-fileupload:commons-fileupload:jar:1.3.3:compile
[INFO]    \- commons-io:commons-io:jar:2.2:compile

Suggested solutions:

Update dependency version

Thank you very much.

c0de8ug / javaee-tutorial Goto Github PK

javaee-tutorial's Introduction

简介

使用技术

起步:

使用简介:

功能介绍:

1.基本信息功能:

2.图书管理功能:

数据库表结构:

javaee-tutorial's People

Contributors

Stargazers

Watchers

Forkers

javaee-tutorial's Issues

Recommend Projects

Recommend Topics

Recommend Org