由于存在安全漏洞,我将log4j版本升级到2.15.0。但在部署时,我在wildfly服务器中收到“EMPTY_BYTE_ARRAY”错误。
Pom.xml:
<properties>
<java.version>1.8</java.version>
<log4j2.version>2.16.0</log4j2.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-rest</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Add Log4j2 Dependency -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j2</artifactId>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${log4j2.version}</version>
</dependency>
<!-- Add Log4j2 Async Dependency -->
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
<version>1.4</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
<version>1.5.1</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
<version>1.0-b04</version>
</dependency>
<dependency>
<groupId>javax.xml.rpc</groupId>
<artifactId>javax.xml.rpc-api</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>wsdl4j</groupId>
<artifactId>wsdl4j</artifactId>
</dependency>
<dependency>
<groupId>org.modelmapper</groupId>
<artifactId>modelmapper</artifactId>
<version>2.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.12.0</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.6.1</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>com.lmax</groupId>
<artifactId>disruptor</artifactId>
<version>3.4.2</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId>
<version>1.7</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.6</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-mail</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.11</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>错误日志:
2021-12-14 15:45:52,957 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 95) MSC000001: Failed to start service jboss.deployment.unit."lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war".undertow-deployment: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
at org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
at org.apache.logging.log4j.core.config.ConfigurationSource.(ConfigurationSource.java:56)
at org.apache.logging.log4j.core.config.NullConfiguration.(NullConfiguration.java:32)
at org.apache.logging.log4j.core.LoggerContext.(LoggerContext.java:85)
at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.createContext(ClassLoaderContextSelector.java:254)
at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.locateContext(ClassLoaderContextSelector.java:218)
at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:140)
at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:123)
at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:230)
at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
at org.apache.logging.log4j.LogManager.getContext(LogManager.java:174)
at org.springframework.boot.logging.log4j2.Log4J2LoggingSystem.getLoggerContext(Log4J2LoggingSystem.java:264)
at org.springframework.boot.logging.log4j2.Log4J2LoggingSystem.beforeInitialize(Log4J2LoggingSystem.java:131)
at org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationStartingEvent(LoggingApplicationListener.java:220)
at org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationEvent(LoggingApplicationListener.java:199)
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
at org.springframework.boot.context.event.EventPublishingRunListener.starting(EventPublishingRunListener.java:69)
at org.springframework.boot.SpringApplicationRunListeners.starting(SpringApplicationRunListeners.java:48)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:302)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:157)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:137)
at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:91)
at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:171)
at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:204)
at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:187)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:255)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:96)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
... 8 more
2021-12-14 15:45:52,967 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 3) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war\".undertow-deployment" => "java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
Caused by: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY"}}
2021-12-14 15:45:52,968 ERROR [org.jboss.as.server] (External Management Request Threads -- 3) WFLYSRV0021: Deploy of deployment "lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war" was rolled back with the following failure message:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war\".undertow-deployment" => "java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
Caused by: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY"}}
9条答案
按热度按时间kpbwa7wx1#
我必须做两件事才能让它工作:
1.如果还没有,请创建src/main/webapp/WEB-INF/jboss-deployment-structure.xml。
1.在我的例子中,war文件在WEB-INF/lib中仍然有2.11.0和新的2.16.0版本。我打开war并删除了2.11.0版本。
emeijp432#
Wildfly使用log4j-api工件(可能是比2.16.0更旧的版本),log4j-api和log4j-core之间的版本不匹配将导致问题。有关如何将log4j-core合并到应用程序中的文档
有关更多信息,请查看:https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/
kadbb4593#
所以今天早上我在将log4j更新到2.15.0版本时遇到了这个问题。我发现的问题是一个maven依赖项正在拉入一个旧版本的log4j(在我的例子中是2.14.1),这将给予错误常量“EMPTY_BYTE_ARRAY”。在2.15.0中,EMPTY_BYTE_ARRAY不存在,并产生此错误。
我建议查看您的maven依赖树,看看是否有旧版本的log4j-api、log4j-core或另一个log4j库被拉入,而不是您正在使用的版本,看起来是2.16.0。
我通过Eclipse将我的Maven目标设置为“dependency:tree”来实现这一点。
y1aodyip4#
能够通过切换到JSONLayout而不是PatternLayout来解决(不是修复)。PatternLayout在某些情况下似乎不起作用,即使使用其默认构造函数...还没有弄清楚原因。
3yhwsihp5#
我遇到了一个类似的问题。
在我的例子中,我需要用log4j-xxx替换spring-boot-starter-log4j 2。一开始,我只添加了log4j-slf 4j-impl、log4j-core、log4j-jul和jul-to-slf 4j。在比较了依赖树之后,我还添加了log4j-api,问题就解决了。
所以我建议你比较一下依赖关系树,看看是否缺少一些依赖关系。
368yc8dk6#
由于某种原因,在我的例子中,log4j-api和log4j-core的版本不匹配。所以,我不得不手动将其从pom中排除。现在它按预期工作。
62o28rlo7#
如果无法使用2.15.0或2.16.0,请尝试2.12.2,同时修复安全漏洞。这里是log4j站点:https://logging.apache.org/log4j/2.x/
缓解措施
在2.12.2版中,Log4j预设会停用JNDI的存取。现在需要明确启用在组态中使用JNDI。呼叫JndiLookup现在会传回常数字串。此外,Log4j现在预设会将通信协定限制为仅限java。消息查阅功能已完全移除。
在2.16.0版中,Log4j预设会停用对JNDI的存取。组态中的JNDI查询现在需要明确启用。此外,Log4j现在预设会将协定限制为仅限java、ldap和ldap,并将ldap协定限制为仅限存取Java原始对象。必须明确允许本机主机以外的主机。消息查询功能已完全移除。
oalqel3c8#
在pom.xml中添加log4j2.version之后,例如
<log4j2.version>..2.17.1的</log4j2.version>说明
我们需要清理和编译现有文件。使用Maven,通过运行
mvn全新安装
通过执行这一步,我们将拥有所有最新编译的文件,并且我们将避免遇到错误。