将项目中的fastjson相关代码删去，换用jackson

atjiu · atjiu · commit 008d07eab683 · 2024-07-30T14:45:09.000+08:00
但：justauth依赖中也用到了fastjson，如果用不到第三方登录，可以打开pom.xml找到justauth依赖处，有注释说明
diff --git a/pom.xml b/pom.xml
@@ -190,6 +190,13 @@
             <groupId>me.zhyd.oauth</groupId>
             <artifactId>JustAuth</artifactId>
             <version>${justauth.version}</version>
+            <!-- 如果用不到第三方登录，可以将下面这个注释掉的 exclusions 打开，将justauth里用到的fastjson排队掉，这样就不会报漏洞了 -->
+            <!--<exclusions>
+                <exclusion>
+                    <groupId>com.alibaba</groupId>
+                    <artifactId>fastjson</artifactId>
+                </exclusion>
+            </exclusions>-->
         </dependency>
 
         <!--云存储 OSS-->
diff --git a/src/main/java/co/yiiu/pybbs/config/websocket/MessageDecoder.java b/src/main/java/co/yiiu/pybbs/config/websocket/MessageDecoder.java
@@ -1,21 +1,21 @@
 package co.yiiu.pybbs.config.websocket;
 
+import co.yiiu.pybbs.util.JsonUtil;
 import co.yiiu.pybbs.util.Message;
-import com.alibaba.fastjson.JSON;
 
 import javax.websocket.Decoder;
 import javax.websocket.EndpointConfig;
 
 public class MessageDecoder implements Decoder.Text<Message> {
     @Override
     public Message decode(String s) {
-        return JSON.parseObject(s, Message.class);
+        return JsonUtil.jsonToObject(s, Message.class);
     }
 
     @Override
     public boolean willDecode(String s) {
         // 验证json字符串是否合法，合法才会进入decode()方法进行转换，不合法直接抛异常
-        return JSON.isValid(s);
+        return JsonUtil.isValid(s);
     }
 
     @Override
diff --git a/src/main/java/co/yiiu/pybbs/config/websocket/MessageEncoder.java b/src/main/java/co/yiiu/pybbs/config/websocket/MessageEncoder.java
@@ -1,15 +1,15 @@
 package co.yiiu.pybbs.config.websocket;
 
+import co.yiiu.pybbs.util.JsonUtil;
 import co.yiiu.pybbs.util.Message;
-import com.alibaba.fastjson.JSON;
 
 import javax.websocket.Encoder;
 import javax.websocket.EndpointConfig;
 
 public class MessageEncoder implements Encoder.Text<Message> {
     @Override
     public String encode(Message o) {
-        return JSON.toJSONString(o);
+        return JsonUtil.objectToJson(o);
     }
 
     @Override
diff --git a/src/main/java/co/yiiu/pybbs/util/JsonUtil.java b/src/main/java/co/yiiu/pybbs/util/JsonUtil.java
@@ -46,4 +46,14 @@ public static String objectToJson(Object obj) {
             return null;
         }
     }
+
+    public static boolean isValid(String json) {
+        try {
+            objectMapper.readTree(json);
+            return true;
+        } catch (JsonProcessingException e) {
+            log.error("validate json string error: {}", e.getMessage());
+            return false;
+        }
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -46,4 +46,14 @@ public static String objectToJson(Object obj) {`
`46`	`46`	`return null;`
`47`	`47`	`}`
`48`	`48`	`}`
	`49`	`+`
	`50`	`+ public static boolean isValid(String json) {`
	`51`	`+ try {`
	`52`	`+ objectMapper.readTree(json);`
	`53`	`+ return true;`
	`54`	`+ } catch (JsonProcessingException e) {`
	`55`	`+ log.error("validate json string error: {}", e.getMessage());`
	`56`	`+ return false;`
	`57`	`+ }`
	`58`	`+ }`
`49`	`59`	`}`