Java RMI

Author: JoyChou93

java-sec-code.iml

@@ -60,8 +60,10 @@
     <orderEntry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
     <orderEntry type="library" name="Maven: com.google.protobuf:protobuf-java:2.6.0" level="project" />
     <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.49" level="project" />
-    <orderEntry type="library" name="Maven: org.jdom:jdom2:2.0.4" level="project" />
+    <orderEntry type="library" name="Maven: org.jdom:jdom2:2.0.6" level="project" />
     <orderEntry type="library" name="Maven: org.dom4j:dom4j:2.1.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.shiro:shiro-web:1.3.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.shiro:shiro-core:1.3.2" level="project" />
     <orderEntry type="library" name="Maven: com.google.guava:guava:21.0" level="project" />
     <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.1" level="project" />
     <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.4" level="project" />

pom.xml

@@ -71,7 +71,7 @@
             <artifactId>dom4j</artifactId>
             <version>2.1.1</version>
         </dependency>
-
+        
 
         <!-- 获取url根域名-->
         <dependency>

src/main/java/org/joychou/RMI/Client.java

@@ -0,0 +1,21 @@
+package org.joychou.RMI;
+
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+public class Client {
+
+    private Client() {}
+
+    public static void main(String[] args) {
+        try {
+            Registry registry = LocateRegistry.getRegistry("localhost");
+            Hello stub = (Hello) registry.lookup("Hello");
+            String response = stub.sayHello();
+            System.out.println("response: " + response);
+        } catch (Exception e) {
+            System.err.println("Client exception: " + e.toString());
+            e.printStackTrace();
+        }
+    }
+}

src/main/java/org/joychou/RMI/Hello.java

@@ -0,0 +1,9 @@
+package org.joychou.RMI;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+
+// 定义远程接口
+public interface Hello extends Remote {
+    String sayHello() throws RemoteException;
+}

src/main/java/org/joychou/RMI/Server.java

@@ -0,0 +1,30 @@
+package org.joychou.RMI;
+
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+import java.rmi.server.UnicastRemoteObject;
+
+
+
+public class Server implements Hello {
+
+    public String sayHello() {
+        return "Hello Word!";
+    }
+
+    public static void main(String args[]) {
+
+        try {
+            Server obj = new Server();
+            Hello stub = (Hello) UnicastRemoteObject.exportObject(obj, 0);
+            LocateRegistry.createRegistry(1099);
+            Registry registry = LocateRegistry.getRegistry();
+            registry.bind("Hello", stub);
+            System.out.println("绑定1099端口成功");
+        } catch (Exception e) {
+            System.err.println("Server exception: " + e.toString());
+            e.printStackTrace();
+        }
+    }
+}
+

src/main/java/org/joychou/controller/URLRedirect.java

@@ -1,7 +1,9 @@
 package org.joychou.controller;
 
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 
 import javax.servlet.RequestDispatcher;
@@ -20,6 +22,10 @@
 @RequestMapping("/urlRedirect")
 public class URLRedirect {
 
+    @GetMapping("/redirect")
+    public String redirect(@RequestParam("url") String url) {
+        return "redirect:" + url;
+    }
     /**
      * @disc: 存在URL重定向漏洞
      * @fix: 添加URL白名单 https://github.com/JoyChou93/trident/blob/master/src/main/java/CheckURL.java