定时任务屏蔽rmi远程调用

@@ -126,4 +126,9 @@ public class Constants
      * 资源映射路径 前缀
      * 资源映射路径 前缀
      */
      */
     public static final String RESOURCE_PREFIX = "/profile";
     public static final String RESOURCE_PREFIX = "/profile";
+
+    /**
+     * RMI 远程方法调用
+     */
+    public static final String LOOKUP_RMI = "rmi://";
 }
 }

@@ -13,12 +13,14 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.annotation.Log;
+import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.exception.job.TaskException;
 import com.ruoyi.common.exception.job.TaskException;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.quartz.domain.SysJob;
 import com.ruoyi.quartz.domain.SysJob;
 import com.ruoyi.quartz.service.ISysJobService;
 import com.ruoyi.quartz.service.ISysJobService;
@@ -81,7 +83,11 @@ public class SysJobController extends BaseController
     {
     {
         if (!CronUtils.isValid(sysJob.getCronExpression()))
         if (!CronUtils.isValid(sysJob.getCronExpression()))
         {
         {
-            return AjaxResult.error("cron表达式不正确");
+            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败，Cron表达式不正确");
+        }
+        else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
+        {
+            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
         }
         }
         sysJob.setCreateBy(SecurityUtils.getUsername());
         sysJob.setCreateBy(SecurityUtils.getUsername());
         return toAjax(jobService.insertJob(sysJob));
         return toAjax(jobService.insertJob(sysJob));
@@ -97,7 +103,11 @@ public class SysJobController extends BaseController
     {
     {
         if (!CronUtils.isValid(sysJob.getCronExpression()))
         if (!CronUtils.isValid(sysJob.getCronExpression()))
         {
         {
-            return AjaxResult.error("cron表达式不正确");
+            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败，Cron表达式不正确");
+        }
+        else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
+        {
+            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
         }
         }
         sysJob.setUpdateBy(SecurityUtils.getUsername());
         sysJob.setUpdateBy(SecurityUtils.getUsername());
         return toAjax(jobService.updateJob(sysJob));
         return toAjax(jobService.updateJob(sysJob));

@@ -140,7 +140,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 	    </foreach>
 	    </foreach>
 	</update>
 	</update>
 	 
 	 
-	 <update id="updateDeptStatusNormal" parameterType="Long">
+	<update id="updateDeptStatusNormal" parameterType="Long">
  	    update sys_dept set status = '0' where dept_id in 
  	    update sys_dept set status = '0' where dept_id in 
  	    <foreach collection="array" item="deptId" open="(" separator="," close=")">
  	    <foreach collection="array" item="deptId" open="(" separator="," close=")">
         	#{deptId}
         	#{deptId}