From 7ab14ff293f636b3d3a08f5668a2a51ac5d83d25 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 15 六月 2021 10:26:02 +0800
Subject: [PATCH] 定时任务屏蔽rmi远程调用

---
 ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
index f770a7d..e779b64 100644
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
@@ -13,12 +13,14 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.annotation.Log;
+import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.exception.job.TaskException;
 import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.quartz.domain.SysJob;
 import com.ruoyi.quartz.service.ISysJobService;
@@ -81,7 +83,11 @@
     {
         if (!CronUtils.isValid(sysJob.getCronExpression()))
         {
-            return AjaxResult.error("cron表达式不正确");
+            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败，Cron表达式不正确");
+        }
+        else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
+        {
+            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
         }
         sysJob.setCreateBy(SecurityUtils.getUsername());
         return toAjax(jobService.insertJob(sysJob));
@@ -97,7 +103,11 @@
     {
         if (!CronUtils.isValid(sysJob.getCronExpression()))
         {
-            return AjaxResult.error("cron表达式不正确");
+            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败，Cron表达式不正确");
+        }
+        else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
+        {
+            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
         }
         sysJob.setUpdateBy(SecurityUtils.getUsername());
         return toAjax(jobService.updateJob(sysJob));

--
Gitblit v1.9.2