Sping Boot Log4j2版本2.15.0 Wildfly服务器中出现EMPTY_BYTE_ARRAY错误

vnjpjtjt  于 2022-11-06  发布在  其他
关注(0)|答案(9)|浏览(368)

由于存在安全漏洞,我将log4j版本升级到2.15.0。但在部署时,我在wildfly服务器中收到“EMPTY_BYTE_ARRAY”错误。
Pom.xml:

<properties>
    <java.version>1.8</java.version>
    <log4j2.version>2.16.0</log4j2.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-rest</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
        <exclusions>
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-tomcat</artifactId>
            </exclusion>
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-logging</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
        <exclusions>
            <exclusion>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-logging</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

    <!-- Add Log4j2 Dependency -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-log4j2</artifactId>
    </dependency>
    <dependency>
        <groupId>org.apache.logging.log4j</groupId>
        <artifactId>log4j-api</artifactId>
        <version>${log4j2.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.logging.log4j</groupId>
        <artifactId>log4j-core</artifactId>
        <version>${log4j2.version}</version>
    </dependency>
    <!-- Add Log4j2 Async Dependency -->

    <dependency>
        <groupId>axis</groupId>
        <artifactId>axis</artifactId>
        <version>1.4</version>
        <scope>compile</scope>
    </dependency>
    <dependency>
        <groupId>axis</groupId>
        <artifactId>axis-wsdl4j</artifactId>
        <version>1.5.1</version>
        <scope>compile</scope>
    </dependency>
    <dependency>
        <groupId>javax.mail</groupId>
        <artifactId>mail</artifactId>
        <version>1.4.7</version>
    </dependency>
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.9.0</version>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>javax.servlet-api</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>org.glassfish</groupId>
        <artifactId>javax.json</artifactId>
        <version>1.0-b04</version>
    </dependency>
    <dependency>
        <groupId>javax.xml.rpc</groupId>
        <artifactId>javax.xml.rpc-api</artifactId>
        <version>1.1.1</version>
    </dependency>
    <dependency>
        <groupId>wsdl4j</groupId>
        <artifactId>wsdl4j</artifactId>
    </dependency>
    <dependency>
        <groupId>org.modelmapper</groupId>
        <artifactId>modelmapper</artifactId>
        <version>2.3.2</version>
    </dependency>
    <dependency>
        <groupId>org.apache.commons</groupId>
        <artifactId>commons-lang3</artifactId>
        <version>3.12.0</version>
    </dependency>
    <dependency>
        <groupId>commons-dbcp</groupId>
        <artifactId>commons-dbcp</artifactId>
        <version>1.4</version>
    </dependency>
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger2</artifactId>
        <version>2.6.1</version>
    </dependency>
    <dependency>
        <groupId>io.springfox</groupId>
        <artifactId>springfox-swagger-ui</artifactId>
        <version>2.6.1</version>
    </dependency>
    <dependency>
        <groupId>com.microsoft.sqlserver</groupId>
        <artifactId>mssql-jdbc</artifactId>
    </dependency>
    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
    </dependency>
    <dependency>
        <groupId>com.lmax</groupId>
        <artifactId>disruptor</artifactId>
        <version>3.4.2</version>
    </dependency>
    <dependency>
        <groupId>commons-validator</groupId>
        <artifactId>commons-validator</artifactId>
        <version>1.7</version>
    </dependency>
    <dependency>
        <groupId>com.google.code.gson</groupId>
        <artifactId>gson</artifactId>
        <version>2.8.6</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-mail</artifactId>
    </dependency>
    <dependency>
        <groupId>org.codehaus.jackson</groupId>
        <artifactId>jackson-mapper-asl</artifactId>
        <version>1.9.11</version>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

错误日志:

2021-12-14 15:45:52,957 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 95) MSC000001: Failed to start service jboss.deployment.unit."lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war".undertow-deployment: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at java.lang.Thread.run(Thread.java:748)
        at org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
        at org.apache.logging.log4j.core.config.ConfigurationSource.(ConfigurationSource.java:56)
        at org.apache.logging.log4j.core.config.NullConfiguration.(NullConfiguration.java:32)
        at org.apache.logging.log4j.core.LoggerContext.(LoggerContext.java:85)
        at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.createContext(ClassLoaderContextSelector.java:254)
        at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.locateContext(ClassLoaderContextSelector.java:218)
        at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:140)
        at org.apache.logging.log4j.core.selector.ClassLoaderContextSelector.getContext(ClassLoaderContextSelector.java:123)
        at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:230)
        at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
        at org.apache.logging.log4j.LogManager.getContext(LogManager.java:174)
        at org.springframework.boot.logging.log4j2.Log4J2LoggingSystem.getLoggerContext(Log4J2LoggingSystem.java:264)
        at org.springframework.boot.logging.log4j2.Log4J2LoggingSystem.beforeInitialize(Log4J2LoggingSystem.java:131)
        at org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationStartingEvent(LoggingApplicationListener.java:220)
        at org.springframework.boot.context.logging.LoggingApplicationListener.onApplicationEvent(LoggingApplicationListener.java:199)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:127)
        at org.springframework.boot.context.event.EventPublishingRunListener.starting(EventPublishingRunListener.java:69)
        at org.springframework.boot.SpringApplicationRunListeners.starting(SpringApplicationRunListeners.java:48)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:302)
        at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:157)
        at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:137)
        at org.springframework.boot.web.servlet.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:91)
        at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:171)
        at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:204)
        at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:187)
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
        at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:255)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:96)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
        ... 8 more
2021-12-14 15:45:52,967 ERROR [org.jboss.as.controller.management-operation] (External Management Request Threads -- 3) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war\".undertow-deployment" => "java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
    Caused by: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY"}}
2021-12-14 15:45:52,968 ERROR [org.jboss.as.server] (External Management Request Threads -- 3) WFLYSRV0021: Deploy of deployment "lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war" was rolled back with the following failure message:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"lojistikteminatlitasimacilik-0.0.1-SNAPSHOT.war\".undertow-deployment" => "java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY
    Caused by: java.lang.NoSuchFieldError: EMPTY_BYTE_ARRAY"}}
kpbwa7wx

kpbwa7wx1#

我必须做两件事才能让它工作:
1.如果还没有,请创建src/main/webapp/WEB-INF/jboss-deployment-structure.xml。

<jboss-deployment-structure>
  <deployment>
     <exclusions>
        <module name="org.apache.logging.log4j.api"/>
    </exclusions>
  </deployment>
</jboss-deployment-structure>

1.在我的例子中,war文件在WEB-INF/lib中仍然有2.11.0和新的2.16.0版本。我打开war并删除了2.11.0版本。

emeijp43

emeijp432#

Wildfly使用log4j-api工件(可能是比2.16.0更旧的版本),log4j-api和log4j-core之间的版本不匹配将导致问题。有关如何将log4j-core合并到应用程序中的文档
有关更多信息,请查看:https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/

kadbb459

kadbb4593#

所以今天早上我在将log4j更新到2.15.0版本时遇到了这个问题。我发现的问题是一个maven依赖项正在拉入一个旧版本的log4j(在我的例子中是2.14.1),这将给予错误常量“EMPTY_BYTE_ARRAY”。在2.15.0中,EMPTY_BYTE_ARRAY不存在,并产生此错误。
我建议查看您的maven依赖树,看看是否有旧版本的log4j-api、log4j-core或另一个log4j库被拉入,而不是您正在使用的版本,看起来是2.16.0。
我通过Eclipse将我的Maven目标设置为“dependency:tree”来实现这一点。

y1aodyip

y1aodyip4#

能够通过切换到JSONLayout而不是PatternLayout来解决(不是修复)。PatternLayout在某些情况下似乎不起作用,即使使用其默认构造函数...还没有弄清楚原因。

3yhwsihp

3yhwsihp5#

我遇到了一个类似的问题。
在我的例子中,我需要用log4j-xxx替换spring-boot-starter-log4j 2。一开始,我只添加了log4j-slf 4j-impl、log4j-core、log4j-jul和jul-to-slf 4j。在比较了依赖树之后,我还添加了log4j-api,问题就解决了。
所以我建议你比较一下依赖关系树,看看是否缺少一些依赖关系。

368yc8dk

368yc8dk6#

由于某种原因,在我的例子中,log4j-api和log4j-core的版本不匹配。所以,我不得不手动将其从pom中排除。现在它按预期工作。

<dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-core</artifactId>
            <version>2.17.1</version>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.logging.log4j</groupId>
                    <artifactId>log4j-api</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
            <version>2.17.1</version>
        </dependency>
62o28rlo

62o28rlo7#

如果无法使用2.15.0或2.16.0,请尝试2.12.2,同时修复安全漏洞。这里是log4j站点:https://logging.apache.org/log4j/2.x/

缓解措施

在2.12.2版中,Log4j预设会停用JNDI的存取。现在需要明确启用在组态中使用JNDI。呼叫JndiLookup现在会传回常数字串。此外,Log4j现在预设会将通信协定限制为仅限java。消息查阅功能已完全移除。
在2.16.0版中,Log4j预设会停用对JNDI的存取。组态中的JNDI查询现在需要明确启用。此外,Log4j现在预设会将协定限制为仅限java、ldap和ldap,并将ldap协定限制为仅限存取Java原始对象。必须明确允许本机主机以外的主机。消息查询功能已完全移除。

oalqel3c

oalqel3c8#

在pom.xml中添加log4j2.version之后,例如
<log4j2.version>..2.17.1的</log4j2.version>说明
我们需要清理和编译现有文件。使用Maven,通过运行
mvn全新安装
通过执行这一步,我们将拥有所有最新编译的文件,并且我们将避免遇到错误。

相关问题