完全替换shiro权限注解，新增手机登录、APP登录

2026-01-01 18:05:28 +08:00 · 2024-01-12 09:26:30 +08:00
parent 0faac01bb7
commit 3ac8ee304a
68 changed files with 1228 additions and 340 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,3 +10,5 @@ rebel.xml
 ## front
 **/*.lock
 os_del.cmd
 *.log
--- a/derby.log
+++ b/derby.log
@ -1,13 +0,0 @@
 ----------------------------------------------------------------
 Mon Nov 06 11:45:05 CST 2023:
 Booting Derby version The Apache Software Foundation - Apache Derby - 10.14.2.0 - (1828579): instance a816c00e-018b-a2bb-db1d-000001f2c9e8 
 on database directory memory:D:\dev\workspace_idea\jeecg\jeecg-boot\b8bc13ee-4d9a-4fe9-b521-8d23d69f4e24 with class loader jdk.internal.loader.ClassLoaders$AppClassLoader@63947c6b 
 Loaded from file:/D:/repository/org/apache/derby/derby/10.14.2.0/derby-10.14.2.0.jar
 java.vendor=Oracle Corporation
 java.runtime.version=17.0.9+11-LTS-201
 user.dir=D:\dev\workspace_idea\jeecg\jeecg-boot
 os.name=Windows 11
 os.arch=amd64
 os.version=10.0
 derby.system.home=null
 Database Class Loader started - derby.database.classpath=''
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java
@ -50,6 +50,13 @@ public interface CommonAPI {
     */
    public LoginUser getUserByName(String username);
    /**
     * 5根据用户手机号查询用户信息
     * @param username
     * @return
     */
    public LoginUser getUserByPhone(String phone);
    /**
     * 6字典表的 翻译
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
@ -3,7 +3,6 @@ package org.jeecg.common.aspect;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.alibaba.fastjson.serializer.PropertyFilter;
 import org.apache.shiro.SecurityUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@ -16,6 +15,7 @@ import org.jeecg.common.aspect.annotation.AutoLog;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.enums.ModuleType;
 import org.jeecg.common.constant.enums.OperateTypeEnum;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.IpUtils;
@ -102,7 +102,7 @@ public class AutoLogAspect {
        //设置IP地址
        dto.setIp(IpUtils.getIpAddr(request));
        //获取登录用户信息
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        if(sysUser!=null){
            dto.setUserid(sysUser.getUsername());
            dto.setUsername(sysUser.getRealname());
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
@ -10,6 +10,7 @@ import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.data.redis.connection.PoolException;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@ -92,6 +93,12 @@ public class JeecgBootExceptionHandler {
 		return Result.noauth("没有权限，请联系管理员授权");
 	}
 	@ExceptionHandler(AccessDeniedException.class)
 	public Result<?> handleAuthorizationException(AccessDeniedException e){
 		log.error(e.getMessage(), e);
 		return Result.noauth("没有权限，请联系管理员授权");
 	}
 	@ExceptionHandler(Exception.class)
 	public Result<?> handleException(Exception e){
 		log.error(e.getMessage(), e);
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
@ -13,6 +13,7 @@ import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecgframework.poi.excel.ExcelImportUtil;
 import org.jeecgframework.poi.excel.def.NormalExcelConstants;
 import org.jeecgframework.poi.excel.entity.ExportParams;
@ -53,7 +54,7 @@ public class JeecgController<T, S extends IService<T>> {
    protected ModelAndView exportXls(HttpServletRequest request, T object, Class<T> clazz, String title) {
        // Step.1 组装查询条件
        QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        // 过滤选中数据
        String selections = request.getParameter("selections");
@ -91,7 +92,7 @@ public class JeecgController<T, S extends IService<T>> {
    protected ModelAndView exportXlsSheet(HttpServletRequest request, T object, Class<T> clazz, String title,String exportFields,Integer pageNum) {
        // Step.1 组装查询条件
        QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        // Step.2 计算分页sheet数据
        double total = service.count();
        int count = (int)Math.ceil(total/pageNum);
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
@ -19,7 +19,6 @@ import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.DataBaseConstant;
@ -31,6 +30,7 @@ import org.jeecg.common.system.vo.SysUserCacheInfo;
 import org.jeecg.common.util.DateUtils;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.springframework.security.core.context.SecurityContextHolder;
 /**
@ -98,7 +98,7 @@ public class JwtUtil {
 	public static String getUsername(String token) {
 		try {
 			DecodedJWT jwt = JWT.decode(token);
-			LoginUser loginUser = JSONObject.parseObject(jwt.getClaim("sub").asString(), LoginUser.class);
+			LoginUser loginUser = SecureUtil.currentUser();
 			return loginUser.getUsername();
 		} catch (JWTDecodeException e) {
 			return null;
@ -181,7 +181,7 @@ public class JwtUtil {
 		//2.通过shiro获取登录用户信息
 		LoginUser sysUser = null;
 		try {
-			sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+			sysUser = SecureUtil.currentUser();
 		} catch (Exception e) {
 			log.warn("SecurityUtils.getSubject() 获取用户信息异常：" + e.getMessage());
 		}
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/LoginUser.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/LoginUser.java
@ -1,15 +1,18 @@
 package org.jeecg.common.system.vo;
 import com.alibaba.fastjson2.JSON;
 import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.experimental.Accessors;
 import org.jeecg.common.desensitization.annotation.SensitiveField;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import java.io.Serializable;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Set;
 /**
 * <p>
@ -136,27 +139,24 @@ public class LoginUser implements Serializable {
 	@Override
 	public String toString() {
-		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+		// 重新构建对象过滤一些敏感字段
-		return "{" +
+		LoginUser loginUser = new LoginUser();
-				"\"id\":\"" + id + '"' +
+		loginUser.setId(id);
-				", \"username\":\"" + username + '"' +
+		loginUser.setUsername(username);
-				", \"realname\":\"" + realname + '"' +
+		loginUser.setRealname(realname);
-				", \"password\":\"'" + password + '"' +
+		loginUser.setOrgCode(orgCode);
-				", \"orgCode\":\"" + orgCode + '"' +
+		loginUser.setSex(sex);
-				", \"avatar\":\"" + avatar + '"' +
+		loginUser.setEmail(email);
-				", \"sex\":" + sex +
+		loginUser.setPhone(phone);
-				", \"email\":\"" + email  + '"' +
+		loginUser.setDelFlag(delFlag);
-				", \"phone\":\"" + phone  + '"' +
+		loginUser.setStatus(status);
-				", \"status\":" + status +
+		loginUser.setActivitiSync(activitiSync);
-				", \"delFlag\":" + delFlag +
+		loginUser.setUserIdentity(userIdentity);
-				", \"activitiSync\":" + activitiSync +
+		loginUser.setDepartIds(departIds);
-				", \"userIdentity\":" + userIdentity +
+		loginUser.setPost(post);
-				", \"departIds\":\"" + departIds + '"' +
+		loginUser.setTelephone(telephone);
-				", \"post\":\"" + post  + '"' +
+		loginUser.setRelTenantIds(relTenantIds);
-				", \"telephone\":\"" + telephone  + '"' +
+		loginUser.setClientId(clientId);
-				", \"relTenantIds\":\"" + relTenantIds  + '"' +
+		return JSON.toJSONString(loginUser);
 				", \"clientId\":\"" + clientId  + '"' +
 				", \"salt\":\"" + salt  + '"' +
 				'}';
 	}
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java
@ -6,15 +6,12 @@ import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.CommonUtils;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.firewall.interceptor.enums.LowCodeUrlsEnum;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.web.servlet.HandlerInterceptor;
 import jakarta.annotation.Resource;
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java
@ -0,0 +1,53 @@
 package org.jeecg.config.security;
 import cn.hutool.core.util.ArrayUtil;
 import lombok.AllArgsConstructor;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.springframework.stereotype.Service;
 import org.springframework.util.PatternMatchUtils;
 import org.springframework.util.StringUtils;
 import java.util.Set;
 /**
 * @author EightMonth
 * @date 2024/1/10 17:00
 */
@Service("jps")
@AllArgsConstructor
 public class JeecgPermissionService {
    private final CommonAPI commonAPI;
    /**
     * 判断接口是否有任意xxx，xxx权限
     * @param permissions 权限
     * @return {boolean}
     */
    public boolean requiresPermissions(String... permissions) {
        if (ArrayUtil.isEmpty(permissions)) {
            return false;
        }
        LoginUser loginUser = SecureUtil.currentUser();
        Set<String> permissionList = commonAPI.queryUserAuths(loginUser.getUsername());
        return permissionList.stream().filter(StringUtils::hasText)
                .anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x));
    }
    /**
     * 判断接口是否有任意xxx，xxx角色
     * @param roles 角色
     * @return {boolean}
     */
    public boolean requiresRoles(String... roles) {
        if (ArrayUtil.isEmpty(roles)) {
            return false;
        }
        LoginUser loginUser = SecureUtil.currentUser();
        Set<String> roleList = commonAPI.queryUserRoles(loginUser.getUsername());
        return roleList.stream().filter(StringUtils::hasText)
                .anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x));
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/LoginType.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/LoginType.java
@ -0,0 +1,31 @@
 package org.jeecg.config.security;
 /**
 * 登录模式
 * @author EightMonth
 * @date 2024/1/10 17:43
 */
 public class LoginType {
    /**
     * 密码模式
     */
    public static final String PASSWORD = "password";
    /**
     * 手机号+验证码模式
     */
    public static final String PHONE = "phone";
    /**
     * app登录
     */
    public static final String APP = "app";
    /**
     * 扫码登录
     */
    public static final String SCAN = "scan";
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java
@ -6,36 +6,22 @@ import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
 import com.nimbusds.jose.jwk.source.JWKSource;
 import com.nimbusds.jose.proc.SecurityContext;
 import lombok.AllArgsConstructor;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.util.RedisUtil;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.security.password.PasswordGrantAuthenticationConvert;
 import org.jeecg.config.security.password.PasswordGrantAuthenticationProvider;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.http.MediaType;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.jwt.JwsHeader;
 import org.springframework.security.oauth2.jwt.JwtClaimsSet;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
-import org.springframework.security.oauth2.server.authorization.*;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
@ -52,9 +38,7 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.UUID;
 /**
@ -69,10 +53,6 @@ public class SecurityConfig {
    private JdbcTemplate jdbcTemplate;
    private OAuth2AuthorizationService authorizationService;
    private final CommonAPI commonAPI;
    private final RedisUtil redisUtil;
    private final JeecgBaseConfig jeecgBaseConfig;
    private final BaseCommonService baseCommonService;
    @Bean
    @Order(1)
@ -81,7 +61,7 @@ public class SecurityConfig {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .tokenEndpoint(tokenEndpoint -> tokenEndpoint.accessTokenRequestConverter(new PasswordGrantAuthenticationConvert())
-                        .authenticationProvider(new PasswordGrantAuthenticationProvider(jwtCustomizer(), authorizationService, tokenGenerator(), commonAPI, redisUtil, jeecgBaseConfig, baseCommonService)))
+                        .authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator())))
                //开启OpenID Connect 1.0（其中oidc为OpenID Connect的缩写）。 访问 /.well-known/openid-configuration即可获取认证信息
                .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
        http
@ -251,21 +231,4 @@ public class SecurityConfig {
                jwtGenerator, accessTokenGenerator, refreshTokenGenerator);
    }
    @Bean
    public OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
        return context -> {
            JwsHeader.Builder headers = context.getJwsHeader();
            JwtClaimsSet.Builder claims = context.getClaims();
            if (context.getTokenType().equals(OAuth2TokenType.ACCESS_TOKEN)) {
                // 自定义 access_token headers/claims
                claims.claim("username", context.getPrincipal().getName());
            } else if (context.getTokenType().getValue().equals(OidcParameterNames.ID_TOKEN)) {
                // 自定义 id_token headers/claims for
                claims.claim(IdTokenClaimNames.AUTH_TIME, Date.from(Instant.now()));
            }
        };
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationConvert.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationConvert.java
@ -0,0 +1,80 @@
 package org.jeecg.config.security.app;
 import jakarta.servlet.http.HttpServletRequest;
 import org.jeecg.config.security.LoginType;
 import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import java.util.HashMap;
 import java.util.Map;
 /**
 * @author EightMonth
 * @date 2024/1/1
 */
 public class AppGrantAuthenticationConvert implements AuthenticationConverter {
    @Override
    public Authentication convert(HttpServletRequest request) {
        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
        if (!LoginType.APP.equals(grantType)) {
            return null;
        }
        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
        //从request中提取请求参数，然后存入MultiValueMap<String, String>
        MultiValueMap<String, String> parameters = getParameters(request);
        // username (REQUIRED)
        String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
        if (!StringUtils.hasText(username) ||
                parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
            throw new OAuth2AuthenticationException("无效请求，用户名不能为空！");
        }
        String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
        if (!StringUtils.hasText(password) ||
                parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) {
            throw new OAuth2AuthenticationException("无效请求，密码不能为空！");
        }
        //收集要传入PasswordGrantAuthenticationToken构造方法的参数，
        //该参数接下来在PasswordGrantAuthenticationProvider中使用
        Map<String, Object> additionalParameters = new HashMap<>();
        //遍历从request中提取的参数，排除掉grant_type、client_id、code等字段参数，其他参数收集到additionalParameters中
        parameters.forEach((key, value) -> {
            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
                    !key.equals(OAuth2ParameterNames.CLIENT_ID) &&
                    !key.equals(OAuth2ParameterNames.CODE)) {
                additionalParameters.put(key, value.get(0));
            }
        });
        //返回自定义的PasswordGrantAuthenticationToken对象
        return new PasswordGrantAuthenticationToken(clientPrincipal, additionalParameters);
    }
    /**
     *从request中提取请求参数，然后存入MultiValueMap<String, String>
     */
    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
        Map<String, String[]> parameterMap = request.getParameterMap();
        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
        parameterMap.forEach((key, values) -> {
            if (values.length > 0) {
                for (String value : values) {
                    parameters.add(key, value);
                }
            }
        });
        return parameters;
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationProvider.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationProvider.java
@ -0,0 +1,284 @@
 package org.jeecg.config.security.app;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.exception.JeecgCaptchaException;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.system.vo.SysDepartModel;
 import org.jeecg.common.util.Md5Util;
 import org.jeecg.common.util.PasswordUtil;
 import org.jeecg.common.util.RedisUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.*;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
 import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.util.Assert;
 import java.security.Principal;
 import java.util.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 /**
 * @author EightMonth
 * @date 2024/1/1
 */
@Slf4j
 public class AppGrantAuthenticationProvider implements AuthenticationProvider {
    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
    private final OAuth2AuthorizationService authorizationService;
    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
    @Autowired
    private CommonAPI commonAPI;
    @Autowired
    private RedisUtil redisUtil;
    @Autowired
    private JeecgBaseConfig jeecgBaseConfig;
    @Autowired
    private BaseCommonService baseCommonService;
    public AppGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
        Assert.notNull(authorizationService, "authorizationService cannot be null");
        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
        this.authorizationService = authorizationService;
        this.tokenGenerator = tokenGenerator;
    }
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        PasswordGrantAuthenticationToken passwordGrantAuthenticationToken =  (PasswordGrantAuthenticationToken) authentication;
        Map<String, Object> additionalParameter = passwordGrantAuthenticationToken.getAdditionalParameters();
        // 授权类型
        AuthorizationGrantType authorizationGrantType = passwordGrantAuthenticationToken.getGrantType();
        // 用户名
        String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
        // 密码
        String password = (String) additionalParameter.get(OAuth2ParameterNames.PASSWORD);
        //请求参数权限范围
        String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
        //请求参数权限范围专场集合
        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
        // 验证码
        String captcha = (String) additionalParameter.get("captcha");
        String checkKey = (String) additionalParameter.get("checkKey");
        if(isLoginFailOvertimes(username)){
            throw new JeecgBootException("该用户登录失败次数过多，请于10分钟后再次登录！");
        }
        if(captcha==null){
            throw new JeecgBootException("验证码无效");
        }
        String lowerCaseCaptcha = captcha.toLowerCase();
        // 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
        String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret();
        String realKey = Md5Util.md5Encode(origin, "utf-8");
        Object checkCode = redisUtil.get(realKey);
        //当进入登录页时，有一定几率出现验证码错误 #1714
        if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
            log.warn("验证码错误，key= {} , Ui checkCode= {}, Redis checkCode = {}", checkKey, lowerCaseCaptcha, checkCode);
            // 改成特殊的code 便于前端判断
            throw new JeecgCaptchaException(HttpStatus.PRECONDITION_FAILED.value(), "验证码错误");
        }
        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(passwordGrantAuthenticationToken);
        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
        if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
            throw new JeecgBootException("非法登录");
        }
        LoginUser loginUser = commonAPI.getUserByName(username);
        // 检查用户可行性
        checkUserIsEffective(loginUser);
        // 不使用spring security passwordEncoder针对密码进行匹配，使用自有加密匹配，针对 spring security使用noop传输
        password = PasswordUtil.encrypt(username, password, loginUser.getSalt());
        if (!password.equals(loginUser.getPassword())) {
            addLoginFailOvertimes(username);
            throw new JeecgBootException("用户名或密码不正确");
        }
        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
                .registeredClient(registeredClient)
                .principal(usernamePasswordAuthenticationToken)
                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
                .authorizationGrantType(authorizationGrantType)
                .authorizedScopes(requestScopeSet)
                .authorizationGrant(passwordGrantAuthenticationToken);
        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
                .principalName(clientPrincipal.getName())
                .authorizedScopes(requestScopeSet)
                .attribute(Principal.class.getName(), username)
                .authorizationGrantType(authorizationGrantType);
        // ----- Access token -----
        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
        if (generatedAccessToken == null) {
            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                    "无法生成访问token，请联系管理系。", ERROR_URI);
            throw new OAuth2AuthenticationException(error);
        }
        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
        if (generatedAccessToken instanceof ClaimAccessor) {
            authorizationBuilder.token(accessToken, (metadata) -> {
                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
            });
        } else {
            authorizationBuilder.accessToken(accessToken);
        }
        // ----- Refresh token -----
        OAuth2RefreshToken refreshToken = null;
        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
                // 不向公共客户端颁发刷新令牌
                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                        "无法生成刷新token，请联系管理员。", ERROR_URI);
                throw new OAuth2AuthenticationException(error);
            }
            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
            authorizationBuilder.refreshToken(refreshToken);
        }
        OAuth2Authorization authorization = authorizationBuilder.build();
        authorizationService.save(authorization);
        // 登录成功，删除redis中的验证码
        redisUtil.del(realKey);
        redisUtil.del(CommonConstant.LOGIN_FAIL + username);
        baseCommonService.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
        Map<String, Object> addition = new HashMap<>();
        // 设置登录用户信息
        addition.put("userInfo", loginUser);
        addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
        List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
        addition.put("departs", departs);
        if (departs == null || departs.size() == 0) {
            addition.put("multi_depart", 0);
        } else if (departs.size() == 1) {
            commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
            addition.put("multi_depart", 1);
        } else {
            //查询当前是否有登录部门
            if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
                commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
            }
            addition.put("multi_depart", 2);
        }
        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, addition);
    }
    @Override
    public boolean supports(Class<?> authentication) {
        return PasswordGrantAuthenticationToken.class.isAssignableFrom(authentication);
    }
    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
        OAuth2ClientAuthenticationToken clientPrincipal = null;
        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
        }
        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
            return clientPrincipal;
        }
        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
    }
    /**
     * 登录失败超出次数5 返回true
     * @param username
     * @return
     */
    private boolean isLoginFailOvertimes(String username){
        String key = CommonConstant.LOGIN_FAIL + username;
        Object failTime = redisUtil.get(key);
        if(failTime!=null){
            Integer val = Integer.parseInt(failTime.toString());
            if(val>5){
                return true;
            }
        }
        return false;
    }
    /**
     * 记录登录失败次数
     * @param username
     */
    private void addLoginFailOvertimes(String username){
        String key = CommonConstant.LOGIN_FAIL + username;
        Object failTime = redisUtil.get(key);
        Integer val = 0;
        if(failTime!=null){
            val = Integer.parseInt(failTime.toString());
        }
        // 10分钟
        redisUtil.set(key, ++val, 10);
    }
    /**
     * 校验用户是否有效
     */
    private void checkUserIsEffective(LoginUser loginUser) {
        //情况1：根据用户信息查询，该用户不存在
        if (Objects.isNull(loginUser)) {
            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
            throw new JeecgBootException("该用户不存在，请注册");
        }
        //情况2：根据用户信息查询，该用户已注销
        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
            throw new JeecgBootException("该用户已注销");
        }
        //情况3：根据用户信息查询，该用户已冻结
        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
            throw new JeecgBootException("该用户已冻结");
        }
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationToken.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationToken.java
@ -0,0 +1,20 @@
 package org.jeecg.config.security.app;
 import org.jeecg.config.security.LoginType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
 import java.util.Map;
 /**
 * @author EightMonth
 * @date 2024/1/1
 */
 public class AppGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
    public AppGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
        super(new AuthorizationGrantType(LoginType.APP), clientPrincipal, additionalParameters);
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationConvert.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationConvert.java
@ -2,6 +2,7 @@ package org.jeecg.config.security.password;
 import jakarta.servlet.http.HttpServletRequest;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.config.security.LoginType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
@ -16,7 +17,7 @@ import java.util.HashMap;
 import java.util.Map;
 /**
- * @author kezhijie@co-mall.com
+ * @author EightMonth
 * @date 2024/1/1
 */
 public class PasswordGrantAuthenticationConvert implements AuthenticationConverter {
@ -24,7 +25,7 @@ public class PasswordGrantAuthenticationConvert implements AuthenticationConvert
    public Authentication convert(HttpServletRequest request) {
        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
-        if (!AuthorizationGrantType.PASSWORD.getValue().equals(grantType)) {
+        if (!LoginType.PASSWORD.equals(grantType)) {
            return null;
        }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationProvider.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationProvider.java
@ -13,11 +13,14 @@ import org.jeecg.common.util.RedisUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.oauth2.core.*;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
@ -27,7 +30,9 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
-import org.springframework.security.oauth2.server.authorization.token.*;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.util.Assert;
 import java.security.Principal;
@ -46,22 +51,20 @@ public class PasswordGrantAuthenticationProvider implements AuthenticationProvid
    private final OAuth2AuthorizationService authorizationService;
    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
-    private final CommonAPI commonAPI;
+    @Autowired
-    private final RedisUtil redisUtil;
+    private CommonAPI commonAPI;
-    private final JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
-    private final BaseCommonService baseCommonService;
+    private RedisUtil redisUtil;
-    private final OAuth2TokenCustomizer<JwtEncodingContext> oAuth2TokenCustomizer;
+    @Autowired
    private JeecgBaseConfig jeecgBaseConfig;
    @Autowired
    private BaseCommonService baseCommonService;
-    public PasswordGrantAuthenticationProvider(OAuth2TokenCustomizer<JwtEncodingContext> oAuth2TokenCustomizer, OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator, CommonAPI commonAPI, RedisUtil redisUtil, JeecgBaseConfig jeecgBaseConfig, BaseCommonService baseCommonService) {
+    public PasswordGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
        Assert.notNull(authorizationService, "authorizationService cannot be null");
        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
        this.authorizationService = authorizationService;
        this.tokenGenerator = tokenGenerator;
        this.commonAPI = commonAPI;
        this.redisUtil = redisUtil;
        this.jeecgBaseConfig = jeecgBaseConfig;
        this.baseCommonService = baseCommonService;
        this.oAuth2TokenCustomizer = oAuth2TokenCustomizer;
    }
    @Override
@ -125,7 +128,6 @@ public class PasswordGrantAuthenticationProvider implements AuthenticationProvid
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
                .put("username", username)
                .registeredClient(registeredClient)
                .principal(usernamePasswordAuthenticationToken)
                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationToken.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationToken.java
@ -1,5 +1,6 @@
 package org.jeecg.config.security.password;
 import org.jeecg.config.security.LoginType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
@ -7,13 +8,13 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
 import java.util.Map;
 /**
- * @author kezhijie@co-mall.com
+ * @author EightMonth
 * @date 2024/1/1
 */
 public class PasswordGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
    public PasswordGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
-        super(new AuthorizationGrantType(AuthorizationGrantType.PASSWORD.getValue()), clientPrincipal, additionalParameters);
+        super(new AuthorizationGrantType(LoginType.PASSWORD), clientPrincipal, additionalParameters);
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationConvert.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationConvert.java
@ -0,0 +1,77 @@
 package org.jeecg.config.security.phone;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
 import org.jeecg.config.security.LoginType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 import java.util.HashMap;
 import java.util.Map;
 /**
 * @author EightMonth
 * @date 2024/1/1
 */
@AllArgsConstructor
 public class PhoneGrantAuthenticationConvert implements AuthenticationConverter {
    @Override
    public Authentication convert(HttpServletRequest request) {
        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
        if (!LoginType.PHONE.equals(grantType)) {
            return null;
        }
        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
        //从request中提取请求参数，然后存入MultiValueMap<String, String>
        MultiValueMap<String, String> parameters = getParameters(request);
        // 验证码
        String captcha = parameters.getFirst("captcha");
        if (!StringUtils.hasText(captcha) ||
                parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
            throw new OAuth2AuthenticationException("无效请求，验证码不能为空！");
        }
        //收集要传入PhoneGrantAuthenticationToken构造方法的参数，
        //该参数接下来在PhoneGrantAuthenticationProvider中使用
        Map<String, Object> additionalParameters = new HashMap<>();
        //遍历从request中提取的参数，排除掉grant_type、client_id、code等字段参数，其他参数收集到additionalParameters中
        parameters.forEach((key, value) -> {
            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
                    !key.equals(OAuth2ParameterNames.CLIENT_ID) &&
                    !key.equals(OAuth2ParameterNames.CODE)) {
                additionalParameters.put(key, value.get(0));
            }
        });
        //返回自定义的PhoneGrantAuthenticationToken对象
        return new PhoneGrantAuthenticationToken(clientPrincipal, additionalParameters);
    }
    /**
     *从request中提取请求参数，然后存入MultiValueMap<String, String>
     */
    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
        Map<String, String[]> parameterMap = request.getParameterMap();
        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
        parameterMap.forEach((key, values) -> {
            if (values.length > 0) {
                for (String value : values) {
                    parameters.add(key, value);
                }
            }
        });
        return parameters;
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationProvider.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationProvider.java
@ -0,0 +1,267 @@
 package org.jeecg.config.security.phone;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.exception.JeecgCaptchaException;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.system.vo.SysDepartModel;
 import org.jeecg.common.util.Md5Util;
 import org.jeecg.common.util.PasswordUtil;
 import org.jeecg.common.util.RedisUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.*;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
 import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.util.Assert;
 import java.security.Principal;
 import java.util.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 /**
 * @author EightMonth
 * @date 2024/1/1
 */
@Slf4j
 public class PhoneGrantAuthenticationProvider implements AuthenticationProvider {
    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
    private final OAuth2AuthorizationService authorizationService;
    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
    @Autowired
    private CommonAPI commonAPI;
    @Autowired
    private RedisUtil redisUtil;
    @Autowired
    private JeecgBaseConfig jeecgBaseConfig;
    @Autowired
    private BaseCommonService baseCommonService;
    public PhoneGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
        Assert.notNull(authorizationService, "authorizationService cannot be null");
        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
        this.authorizationService = authorizationService;
        this.tokenGenerator = tokenGenerator;
    }
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        PasswordGrantAuthenticationToken passwordGrantAuthenticationToken =  (PasswordGrantAuthenticationToken) authentication;
        Map<String, Object> additionalParameter = passwordGrantAuthenticationToken.getAdditionalParameters();
        // 授权类型
        AuthorizationGrantType authorizationGrantType = passwordGrantAuthenticationToken.getGrantType();
        // 手机号
        String phone = (String) additionalParameter.get("mobile");
        if(isLoginFailOvertimes(phone)){
            throw new JeecgBootException("该用户登录失败次数过多，请于10分钟后再次登录！");
        }
        //请求参数权限范围
        String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
        //请求参数权限范围专场集合
        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
        // 验证码
        String captcha = (String) additionalParameter.get("captcha");
        LoginUser loginUser = commonAPI.getUserByPhone(phone);
        // 检查用户可行性
        checkUserIsEffective(loginUser);
        String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone;
        Object code = redisUtil.get(redisKey);
        if (!captcha.equals(code)) {
            //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
            addLoginFailOvertimes(phone);
            //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
            throw new JeecgBootException("手机验证码错误");
        }
        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(passwordGrantAuthenticationToken);
        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
        if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
            throw new JeecgBootException("非法登录");
        }
        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
                .registeredClient(registeredClient)
                .principal(usernamePasswordAuthenticationToken)
                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
                .authorizationGrantType(authorizationGrantType)
                .authorizedScopes(requestScopeSet)
                .authorizationGrant(passwordGrantAuthenticationToken);
        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
                .principalName(clientPrincipal.getName())
                .authorizedScopes(requestScopeSet)
                .attribute(Principal.class.getName(), loginUser.getUsername())
                .authorizationGrantType(authorizationGrantType);
        // ----- Access token -----
        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
        if (generatedAccessToken == null) {
            OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                    "无法生成访问token，请联系管理系。", ERROR_URI);
            throw new OAuth2AuthenticationException(error);
        }
        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
        if (generatedAccessToken instanceof ClaimAccessor) {
            authorizationBuilder.token(accessToken, (metadata) -> {
                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
            });
        } else {
            authorizationBuilder.accessToken(accessToken);
        }
        // ----- Refresh token -----
        OAuth2RefreshToken refreshToken = null;
        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
                // 不向公共客户端颁发刷新令牌
                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
                OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
                        "无法生成刷新token，请联系管理员。", ERROR_URI);
                throw new OAuth2AuthenticationException(error);
            }
            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
            authorizationBuilder.refreshToken(refreshToken);
        }
        OAuth2Authorization authorization = authorizationBuilder.build();
        authorizationService.save(authorization);
        baseCommonService.addLog("用户名: " + loginUser.getUsername() + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
        Map<String, Object> addition = new HashMap<>();
        // 设置登录用户信息
        addition.put("userInfo", loginUser);
        addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
        List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
        addition.put("departs", departs);
        if (departs == null || departs.size() == 0) {
            addition.put("multi_depart", 0);
        } else if (departs.size() == 1) {
            commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
            addition.put("multi_depart", 1);
        } else {
            //查询当前是否有登录部门
            if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
                commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
            }
            addition.put("multi_depart", 2);
        }
        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, addition);
    }
    @Override
    public boolean supports(Class<?> authentication) {
        return PasswordGrantAuthenticationToken.class.isAssignableFrom(authentication);
    }
    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
        OAuth2ClientAuthenticationToken clientPrincipal = null;
        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
        }
        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
            return clientPrincipal;
        }
        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
    }
    /**
     * 登录失败超出次数5 返回true
     * @param username
     * @return
     */
    private boolean isLoginFailOvertimes(String username){
        String key = CommonConstant.LOGIN_FAIL + username;
        Object failTime = redisUtil.get(key);
        if(failTime!=null){
            Integer val = Integer.parseInt(failTime.toString());
            if(val>5){
                return true;
            }
        }
        return false;
    }
    /**
     * 记录登录失败次数
     * @param username
     */
    private void addLoginFailOvertimes(String username){
        String key = CommonConstant.LOGIN_FAIL + username;
        Object failTime = redisUtil.get(key);
        Integer val = 0;
        if(failTime!=null){
            val = Integer.parseInt(failTime.toString());
        }
        // 10分钟
        redisUtil.set(key, ++val, 10);
    }
    /**
     * 校验用户是否有效
     */
    private void checkUserIsEffective(LoginUser loginUser) {
        //情况1：根据用户信息查询，该用户不存在
        if (Objects.isNull(loginUser)) {
            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
            throw new JeecgBootException("该用户不存在，请注册");
        }
        //情况2：根据用户信息查询，该用户已注销
        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
            throw new JeecgBootException("该用户已注销");
        }
        //情况3：根据用户信息查询，该用户已冻结
        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
            throw new JeecgBootException("该用户已冻结");
        }
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationToken.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationToken.java
@ -0,0 +1,20 @@
 package org.jeecg.config.security.phone;
 import org.jeecg.config.security.LoginType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
 import java.util.Map;
 /**
 * @author EightMonth
 * @date 2024/1/1
 */
 public class PhoneGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
    public PhoneGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
        super(new AuthorizationGrantType(LoginType.PHONE), clientPrincipal, additionalParameters);
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/utils/SecureUtil.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/utils/SecureUtil.java
@ -0,0 +1,17 @@
 package org.jeecg.config.security.utils;
 import com.alibaba.fastjson2.JSONObject;
 import org.jeecg.common.system.vo.LoginUser;
 import org.springframework.security.core.context.SecurityContextHolder;
 /**
 * @author EightMonth
 * @date 2024/1/10 17:03
 */
 public class SecureUtil {
    public static LoginUser currentUser() {
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        return JSONObject.parseObject(name, LoginUser.class);
    }
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
@ -20,7 +20,6 @@ import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
--- a/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/controller/JeecgOrderMainController.java
+++ b/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/controller/JeecgOrderMainController.java
@ -15,6 +15,7 @@ import org.jeecg.common.system.base.controller.JeecgController;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.demo.test.entity.JeecgDemo;
 import org.jeecg.modules.demo.test.entity.JeecgOrderCustomer;
 import org.jeecg.modules.demo.test.entity.JeecgOrderMain;
@ -186,7 +187,7 @@ public class JeecgOrderMainController extends JeecgController<JeecgOrderMain, IJ
        //Step.2 AutoPoi 导出Excel
        ModelAndView mv = new ModelAndView(new JeecgEntityExcelView());
        //获取当前用户
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        List<JeecgOrderMainPage> pageList = new ArrayList<JeecgOrderMainPage>();
--- a/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/service/impl/JeecgDemoServiceImpl.java
+++ b/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/service/impl/JeecgDemoServiceImpl.java
@ -8,6 +8,7 @@ import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.demo.test.entity.JeecgDemo;
 import org.jeecg.modules.demo.test.mapper.JeecgDemoMapper;
 import org.jeecg.modules.demo.test.service.IJeecgDemoService;
@ -83,7 +84,7 @@ public class JeecgDemoServiceImpl extends ServiceImpl<JeecgDemoMapper, JeecgDemo
 	@Override
 	public String getExportFields() {
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		//权限配置列导出示例
 		//1.配置前缀与菜单中配置的列前缀一致
 		List<String> noAuthList = new ArrayList<>();
--- a/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/fallback/SysBaseAPIFallback.java
+++ b/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/fallback/SysBaseAPIFallback.java
@ -447,4 +447,9 @@ public class SysBaseAPIFallback implements ISysBaseAPI {
    public void updateUserDepart(String username, String orgCode, Integer loginTenantId) {
    }
    @Override
    public LoginUser getUserByPhone(String phone) {
        return null;
    }
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/aop/TenantPackUserLogAspect.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/aop/TenantPackUserLogAspect.java
@ -1,7 +1,6 @@
 package org.jeecg.modules.aop;
 import com.alibaba.fastjson.JSON;
 import org.apache.shiro.SecurityUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.AfterThrowing;
 import org.aspectj.lang.annotation.Around;
@ -10,6 +9,7 @@ import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.jeecg.common.api.dto.LogDTO;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.SysTenantPack;
 import org.jeecg.modules.system.entity.SysTenantPackUser;
@ -80,7 +80,7 @@ public class TenantPackUserLogAspect {
                dto.setOperateType(opType);
                dto.setTenantId(tenantId);
                //获取登录用户信息
-                LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+                LoginUser sysUser = SecureUtil.currentUser();
                if(sysUser!=null){
                    dto.setUserid(sysUser.getUsername());
                    dto.setUsername(sysUser.getRealname());
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/oss/controller/OssFileController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/oss/controller/OssFileController.java
@ -9,6 +9,7 @@ import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.modules.oss.entity.OssFile;
 import org.jeecg.modules.oss.service.IOssFileService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@ -48,7 +49,7 @@ public class OssFileController {
 	@ResponseBody
 	@PostMapping("/upload")
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:ossFile:upload")
+	@PreAuthorize("@jps.requiresPermissions('system:ossFile:upload')")
 	public Result upload(@RequestParam("file") MultipartFile multipartFile) {
 		Result result = new Result();
 		try {
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/quartz/controller/QuartzJobController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/quartz/controller/QuartzJobController.java
@ -16,6 +16,7 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.ImportExcelUtil;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.quartz.entity.QuartzJob;
 import org.jeecg.modules.quartz.service.IQuartzJobService;
 import org.jeecgframework.poi.excel.ExcelImportUtil;
@ -26,6 +27,7 @@ import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.quartz.Scheduler;
 import org.quartz.SchedulerException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@ -82,7 +84,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:add")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:add')")
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
 	public Result<?> add(@RequestBody QuartzJob quartzJob) {
 		quartzJobService.saveAndScheduleJob(quartzJob);
@ -96,7 +98,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:edit')")
 	@RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
 	public Result<?> eidt(@RequestBody QuartzJob quartzJob) {
 		try {
@ -115,7 +117,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:delete')")
 	@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
 		QuartzJob quartzJob = quartzJobService.getById(id);
@ -134,7 +136,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	public Result<?> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
 		if (ids == null || "".equals(ids.trim())) {
@ -154,7 +156,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:pause")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:pause')")
 	@GetMapping(value = "/pause")
 	@Operation(summary = "停止定时任务")
 	public Result<Object> pauseJob(@RequestParam(name = "id") String id) {
@ -173,7 +175,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:resume")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:resume')")
 	@GetMapping(value = "/resume")
 	@Operation(summary = "启动定时任务")
 	public Result<Object> resumeJob(@RequestParam(name = "id") String id) {
@ -216,7 +218,7 @@ public class QuartzJobController {
 		mv.addObject(NormalExcelConstants.CLASS, QuartzJob.class);
        //获取当前登录用户
        //update-begin---author:wangshuai ---date:20211227  for：[JTC-116]导出人写死了------------
-        LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser user = SecureUtil.currentUser();
 		mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("定时任务列表数据", "导出人:"+user.getRealname(), "导出信息"));
        //update-end---author:wangshuai ---date:20211227  for：[JTC-116]导出人写死了------------
        mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
@ -274,7 +276,7 @@ public class QuartzJobController {
 	 * @return
 	 */
 	//@RequiresRoles("admin")
-    @RequiresPermissions("system:quartzJob:execute")
+	@PreAuthorize("@jps.requiresPermissions('system:quartzJob:execute')")
 	@GetMapping("/execute")
 	public Result<?> execute(@RequestParam(name = "id", required = true) String id) {
 		QuartzJob quartzJob = quartzJobService.getById(id);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
@ -1,6 +1,7 @@
 package org.jeecg.modules.system.controller;
 import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.aliyuncs.exceptions.ClientException;
@ -21,10 +22,10 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.*;
 import org.jeecg.common.util.encryption.EncryptedString;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.SysDepart;
 import org.jeecg.modules.system.entity.SysRoleIndex;
 import org.jeecg.modules.system.entity.SysTenant;
 import org.jeecg.modules.system.entity.SysUser;
 import org.jeecg.modules.system.model.SysLoginModel;
 import org.jeecg.modules.system.service.*;
@ -32,15 +33,23 @@ import org.jeecg.modules.system.service.impl.SysBaseApiImpl;
 import org.jeecg.modules.system.util.RandImageUtil;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.CacheManager;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.event.LogoutSuccessEvent;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.web.bind.annotation.*;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.util.*;
 import java.util.stream.Collectors;
 /**
 * @Author scott
@ -69,9 +78,19 @@ public class LoginController {
 	private BaseCommonService baseCommonService;
 	@Autowired
 	private JeecgBaseConfig jeecgBaseConfig;
 	@Autowired
 	private OAuth2AuthorizationService authorizationService;
 	@Autowired
 	private CacheManager cacheManager;
 	private final String BASE_CHECK_CODES = "qwertyuiplkjhgfdsazxcvbnmQWERTYUPLKJHGFDSAZXCVBNM1234567890";
 	/**
 	 * 使用spring authorization server提供的各类登录接口
 	 * @param sysLoginModel
 	 * @return
 	 */
 	@Deprecated
 	@Operation(summary = "登录接口")
 	@RequestMapping(value = "/login", method = RequestMethod.POST)
 	public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel){
@ -209,7 +228,15 @@ public class LoginController {
 			//清空用户的缓存信息（包括部门信息），例如sys:cache:user::<username>
 			redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername()));
 			//调用shiro的logout
-			SecurityUtils.getSubject().logout();
+//			SecurityUtils.getSubject().logout();
 			OAuth2Authorization authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
 			// 清空用户信息
 			cacheManager.getCache("user_details").evict(authorization.getPrincipalName());
 			// 清空access token
 			authorizationService.remove(authorization);
 	    	return Result.ok("退出登录成功！");
 	    }else {
 	    	return Result.error("Token无效!");
@ -279,7 +306,7 @@ public class LoginController {
 		Result<JSONObject> result = new Result<JSONObject>();
 		String username = user.getUsername();
 		if(oConvertUtils.isEmpty(username)) {
-			LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+			LoginUser sysUser = SecureUtil.currentUser();
 			username = sysUser.getUsername();
 		}
@ -542,7 +569,7 @@ public class LoginController {
 	/**
 	 * 切换菜单表为vue3的表
 	 */
-	@RequiresRoles({"admin"})
+	@PreAuthorize("@jps.requiresRoles('admin')")
 	@GetMapping(value = "/switchVue3Menu")
 	public Result<String> switchVue3Menu(HttpServletResponse response) {
 		Result<String> res = new Result<String>();
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementController.java
@ -24,6 +24,7 @@ import org.jeecg.common.util.RedisUtil;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.message.enums.RangeDateEnum;
 import org.jeecg.modules.message.websocket.WebSocket;
 import org.jeecg.modules.system.entity.SysAnnouncement;
@ -337,7 +338,7 @@ public class SysAnnouncementController {
 	public Result<Map<String, Object>> listByUser(@RequestParam(required = false, defaultValue = "5") Integer pageSize) {
 		Result<Map<String,Object>> result = new Result<Map<String,Object>>();
 		Map<String,Object> sysMsgMap = new HashMap(5);
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		String userId = sysUser.getId();
 //		//补推送数据（用户和通知的关系表）
@ -380,7 +381,7 @@ public class SysAnnouncementController {
        //导出文件名称
        mv.addObject(NormalExcelConstants.FILE_NAME, "系统通告列表");
        mv.addObject(NormalExcelConstants.CLASS, SysAnnouncement.class);
-        LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser user = SecureUtil.currentUser();
        mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("系统通告列表数据", "导出人:"+user.getRealname(), "导出信息"));
        mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
        return mv;
@ -548,7 +549,7 @@ public class SysAnnouncementController {
 		JSONObject obj = new JSONObject();
 		obj.put(WebsocketConst.MSG_CMD, WebsocketConst.CMD_USER);
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		webSocket.sendMessage(sysUser.getId(), obj.toJSONString());
 		// 4、性能统计耗时
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementSendController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementSendController.java
@ -14,6 +14,7 @@ import org.jeecg.common.constant.WebsocketConst;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.SqlInjectionUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.message.websocket.WebSocket;
 import org.jeecg.modules.system.entity.SysAnnouncementSend;
 import org.jeecg.modules.system.model.AnnouncementSendModel;
@ -196,7 +197,7 @@ public class SysAnnouncementSendController {
 	public Result<SysAnnouncementSend> editById(@RequestBody JSONObject json) {
 		Result<SysAnnouncementSend> result = new Result<SysAnnouncementSend>();
 		String anntId = json.getString("anntId");
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		String userId = sysUser.getId();
 		LambdaUpdateWrapper<SysAnnouncementSend> updateWrapper = new UpdateWrapper().lambda();
 		updateWrapper.set(SysAnnouncementSend::getReadFlag, CommonConstant.HAS_READ_FLAG);
@ -221,7 +222,7 @@ public class SysAnnouncementSendController {
 			@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
 			  @RequestParam(name="pageSize", defaultValue="10") Integer pageSize) {
 		Result<IPage<AnnouncementSendModel>> result = new Result<IPage<AnnouncementSendModel>>();
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		String userId = sysUser.getId();
 		announcementSendModel.setUserId(userId);
 		announcementSendModel.setPageNo((pageNo-1)*pageSize);
@ -240,7 +241,7 @@ public class SysAnnouncementSendController {
 	@PutMapping(value = "/readAll")
 	public Result<SysAnnouncementSend> readAll() {
 		Result<SysAnnouncementSend> result = new Result<SysAnnouncementSend>();
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		String userId = sysUser.getId();
 		LambdaUpdateWrapper<SysAnnouncementSend> updateWrapper = new UpdateWrapper().lambda();
 		updateWrapper.set(SysAnnouncementSend::getReadFlag, CommonConstant.HAS_READ_FLAG);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysCategoryController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysCategoryController.java
@ -18,6 +18,7 @@ import org.jeecg.common.util.ImportExcelUtil;
 import org.jeecg.common.util.ReflectHelper;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysCategory;
 import org.jeecg.modules.system.model.TreeSelectModel;
 import org.jeecg.modules.system.service.ISysCategoryService;
@ -238,7 +239,7 @@ public class SysCategoryController {
      //导出文件名称
      mv.addObject(NormalExcelConstants.FILE_NAME, "分类字典列表");
      mv.addObject(NormalExcelConstants.CLASS, SysCategory.class);
-      LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+      LoginUser user = SecureUtil.currentUser();
      mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("分类字典列表数据", "导出人:"+user.getRealname(), "导出信息"));
      return mv;
  }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysCommentController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysCommentController.java
@ -7,7 +7,6 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.dto.DataLogDTO;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
@ -15,6 +14,7 @@ import org.jeecg.common.system.api.ISysBaseAPI;
 import org.jeecg.common.system.base.controller.JeecgController;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysComment;
 import org.jeecg.modules.system.service.ISysCommentService;
 import org.jeecg.modules.system.vo.SysCommentFileVo;
@ -128,7 +128,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
        if(comment==null){
            return Result.error("该评论已被删除！");
        }
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        String username = sysUser.getUsername();
        String admin = "admin";
        //除了admin外 其他人只能删除自己的评论
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDataSourceController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDataSourceController.java
@ -27,6 +27,7 @@ import org.jeecg.modules.system.entity.SysDataSource;
 import org.jeecg.modules.system.service.ISysDataSourceService;
 import org.jeecg.modules.system.util.SecurityUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
@ -60,7 +61,7 @@ public class SysDataSourceController extends JeecgController<SysDataSource, ISys
     */
    @AutoLog(value = "多数据源管理-分页列表查询")
    @Operation(summary = "多数据源管理-分页列表查询")
-    @RequiresPermissions("system:datasource:list")
+    @PreAuthorize("@jps.requiresPermissions('system:datasource:list')")
    @GetMapping(value = "/list")
    public Result<?> queryPageList(
            SysDataSource sysDataSource,
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartController.java
@ -19,6 +19,7 @@ import org.jeecg.common.util.ImportExcelUtil;
 import org.jeecg.common.util.YouBianCodeUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysDepart;
 import org.jeecg.modules.system.entity.SysUser;
 import org.jeecg.modules.system.model.DepartIdModel;
@ -35,6 +36,7 @@ import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@ -74,7 +76,7 @@ public class SysDepartController {
 	@RequestMapping(value = "/queryMyDeptTreeList", method = RequestMethod.GET)
 	public Result<List<SysDepartTreeModel>> queryMyDeptTreeList() {
 		Result<List<SysDepartTreeModel>> result = new Result<>();
-		LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser user = SecureUtil.currentUser();
 		try {
 			if(oConvertUtils.isNotEmpty(user.getUserIdentity()) && user.getUserIdentity().equals( CommonConstant.USER_IDENTITY_2 )){
 				//update-begin--Author:liusq  Date:20210624  for:部门查询ids为空后的前端显示问题 issues/I3UD06
@ -178,7 +180,7 @@ public class SysDepartController {
 	 * @param sysDepart
 	 * @return
 	 */
-    @RequiresPermissions("system:depart:add")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:add')")
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
 	@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
 	public Result<SysDepart> add(@RequestBody SysDepart sysDepart, HttpServletRequest request) {
@ -204,7 +206,7 @@ public class SysDepartController {
 	 * @param sysDepart
 	 * @return
 	 */
-    @RequiresPermissions("system:depart:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
 	public Result<SysDepart> edit(@RequestBody SysDepart sysDepart, HttpServletRequest request) {
@ -232,7 +234,7 @@ public class SysDepartController {
    * @param id
    * @return
    */
-    @RequiresPermissions("system:depart:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:delete')")
    @RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
   public Result<SysDepart> delete(@RequestParam(name="id",required=true) String id) {
@ -258,7 +260,7 @@ public class SysDepartController {
 	 * @param ids
 	 * @return
 	 */
-    @RequiresPermissions("system:depart:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
 	public Result<SysDepart> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
@ -322,7 +324,7 @@ public class SysDepartController {
 	public Result<List<SysDepartTreeModel>> searchBy(@RequestParam(name = "keyWord", required = true) String keyWord,@RequestParam(name = "myDeptSearch", required = false) String myDeptSearch) {
 		Result<List<SysDepartTreeModel>> result = new Result<List<SysDepartTreeModel>>();
 		//部门查询，myDeptSearch为1时为我的部门查询，登录用户为上级时查只查负责部门下数据
-		LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser user = SecureUtil.currentUser();
 		String departIds = null;
 		if(oConvertUtils.isNotEmpty(user.getUserIdentity()) && user.getUserIdentity().equals( CommonConstant.USER_IDENTITY_2 )){
 			departIds = user.getDepartIds();
@ -382,7 +384,7 @@ public class SysDepartController {
     * @param response
     * @return
     */
-    @RequiresPermissions("system:depart:importExcel")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
 	@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartPermissionController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartPermissionController.java
@ -11,13 +11,13 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.base.controller.JeecgController;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.SysDepartPermission;
 import org.jeecg.modules.system.entity.SysDepartRolePermission;
@ -260,7 +260,7 @@ public class SysDepartPermissionController extends JeecgController<SysDepartPerm
 			 this.sysDepartRolePermissionService.saveDeptRolePermission(roleId, permissionIds, lastPermissionIds);
 			 result.success("保存成功！");
             //update-begin---author:wangshuai ---date:20220316  for：[VUEN-234]部门角色授权添加敏感日志------------
-             LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+             LoginUser loginUser = SecureUtil.currentUser();
             baseCommonService.addLog("修改部门角色ID:"+roleId+"的权限配置，操作人： " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
             //update-end---author:wangshuai ---date:20220316  for：[VUEN-234]部门角色授权添加敏感日志------------
             log.info("======部门角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
@ -6,21 +6,19 @@ import java.util.stream.Collectors;
 import com.alibaba.fastjson.JSON;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.aspect.annotation.AutoLog;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.service.*;
@ -31,6 +29,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.system.base.controller.JeecgController;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
@ -82,7 +81,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 								   HttpServletRequest req) {
 		QueryWrapper<SysDepartRole> queryWrapper = QueryGenerator.initQueryWrapper(sysDepartRole, req.getParameterMap());
 		Page<SysDepartRole> page = new Page<SysDepartRole>(pageNo, pageSize);
-		LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser user = SecureUtil.currentUser();
 		List<String> deptIds = null;
 //		if(oConvertUtils.isEmpty(deptId)){
 //			if(oConvertUtils.isNotEmpty(user.getUserIdentity()) && user.getUserIdentity().equals(CommonConstant.USER_IDENTITY_2) ){
@ -107,7 +106,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 	 * @param sysDepartRole
 	 * @return
 	 */
-    @RequiresPermissions("system:depart:role:add")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:role:add')")
 	@Operation(summary="部门角色-添加")
 	@PostMapping(value = "/add")
 	public Result<?> add(@RequestBody SysDepartRole sysDepartRole) {
@ -122,7 +121,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 	 * @return
 	 */
 	@Operation(summary="部门角色-编辑")
-    @RequiresPermissions("system:depart:role:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:role:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<?> edit(@RequestBody SysDepartRole sysDepartRole) {
 		sysDepartRoleService.updateById(sysDepartRole);
@ -137,7 +136,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 	 */
 	@AutoLog(value = "部门角色-通过id删除")
 	@Operation(summary="部门角色-通过id删除")
-    @RequiresPermissions("system:depart:role:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:role:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<?> delete(@RequestParam(name="id",required=true) String id) {
 		sysDepartRoleService.removeById(id);
@ -152,7 +151,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 	 */
 	@AutoLog(value = "部门角色-批量删除")
 	@Operation(summary="部门角色-批量删除")
-    @RequiresPermissions("system:depart:role:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:depart:role:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.sysDepartRoleService.removeByIds(Arrays.asList(ids.split(",")));
@ -192,7 +191,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 	  * @param json
 	  * @return
 	  */
-     @RequiresPermissions("system:depart:role:userAdd")
+	 @PreAuthorize("@jps.requiresPermissions('system:depart:role:userAdd')")
 	 @RequestMapping(value = "/deptRoleUserAdd", method = RequestMethod.POST)
 	 public Result<?> deptRoleAdd(@RequestBody JSONObject json) {
 		 String newRoleId = json.getString("newRoleId");
@ -200,7 +199,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
 		 String userId = json.getString("userId");
 		 departRoleUserService.deptRoleUserAdd(userId,newRoleId,oldRoleId);
         //update-begin---author:wangshuai ---date:20220316  for：[VUEN-234]部门角色分配添加敏感日志------------
-         LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+         LoginUser loginUser = SecureUtil.currentUser();
         baseCommonService.addLog("给部门用户ID："+userId+"分配角色，操作人： " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
         //update-end---author:wangshuai ---date:20220316  for：[VUEN-234]部门角色分配添加敏感日志------------
         return Result.ok("添加成功！");
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
@ -20,6 +20,7 @@ import org.jeecg.common.system.vo.DictQuery;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.*;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysDict;
 import org.jeecg.modules.system.entity.SysDictItem;
 import org.jeecg.modules.system.model.SysDictTree;
@ -38,6 +39,7 @@ import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@ -365,7 +367,7 @@ public class SysDictController {
 	 * @param sysDict
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:add")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:add')")
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
 	public Result<SysDict> add(@RequestBody SysDict sysDict) {
 		Result<SysDict> result = new Result<SysDict>();
@ -386,7 +388,7 @@ public class SysDictController {
 	 * @param sysDict
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:edit')")
 	@RequestMapping(value = "/edit", method = { RequestMethod.PUT,RequestMethod.POST })
 	public Result<SysDict> edit(@RequestBody SysDict sysDict) {
 		Result<SysDict> result = new Result<SysDict>();
@ -408,7 +410,7 @@ public class SysDictController {
 	 * @param id
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:delete')")
 	@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
 	public Result<SysDict> delete(@RequestParam(name="id",required=true) String id) {
@ -427,7 +429,7 @@ public class SysDictController {
 	 * @param ids
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	@CacheEvict(value= {CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
 	public Result<SysDict> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
@ -514,7 +516,7 @@ public class SysDictController {
 		// 注解对象Class
 		mv.addObject(NormalExcelConstants.CLASS, SysDictPage.class);
 		// 自定义表格参数
-		LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser user = SecureUtil.currentUser();
 		mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("数据字典列表", "导出人:"+user.getRealname(), "数据字典"));
 		// 导出数据列表
 		mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
@ -528,7 +530,7 @@ public class SysDictController {
 	 * @param
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:importExcel")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:importExcel')")
 	@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
 	public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
 		MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictItemController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictItemController.java
@ -20,6 +20,7 @@ import org.jeecg.modules.system.entity.SysDictItem;
 import org.jeecg.modules.system.service.ISysDictItemService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@ -74,7 +75,7 @@ public class SysDictItemController {
 	 * @功能：新增
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:item:add")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:item:add')")
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
 	@CacheEvict(value= {CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
 	public Result<SysDictItem> add(@RequestBody SysDictItem sysDictItem) {
@ -95,7 +96,7 @@ public class SysDictItemController {
 	 * @param sysDictItem
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:item:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:item:edit')")
 	@RequestMapping(value = "/edit",  method = { RequestMethod.PUT,RequestMethod.POST })
 	@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
 	public Result<SysDictItem> edit(@RequestBody SysDictItem sysDictItem) {
@ -119,7 +120,7 @@ public class SysDictItemController {
 	 * @param id
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:item:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:item:delete')")
 	@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
 	public Result<SysDictItem> delete(@RequestParam(name="id",required=true) String id) {
@ -141,7 +142,7 @@ public class SysDictItemController {
 	 * @param ids
 	 * @return
 	 */
-    @RequiresPermissions("system:dict:item:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:dict:item:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
 	public Result<SysDictItem> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysGatewayRouteController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysGatewayRouteController.java
@ -12,6 +12,7 @@ import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.modules.system.entity.SysGatewayRoute;
 import org.jeecg.modules.system.service.ISysGatewayRouteService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@ -67,7 +68,7 @@ public class SysGatewayRouteController extends JeecgController<SysGatewayRoute,
     * @param id
     * @return
     */
-    @RequiresPermissions("system:getway:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:getway:delete')")
    @RequestMapping(value = "/delete", method = RequestMethod.DELETE)
    public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
        sysGatewayRouteService.deleteById(id);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
@ -7,7 +7,6 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
@ -17,6 +16,7 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.Md5Util;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.model.SysPermissionTree;
@ -24,6 +24,7 @@ import org.jeecg.modules.system.model.TreeModel;
 import org.jeecg.modules.system.service.*;
 import org.jeecg.modules.system.util.PermissionDataUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
@ -241,7 +242,7 @@ public class SysPermissionController {
 		Result<JSONObject> result = new Result<JSONObject>();
 		try {
 			//直接获取当前用户不适用前端token
-			LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);
+			LoginUser loginUser = SecureUtil.currentUser();
 			if (oConvertUtils.isEmpty(loginUser)) {
 				return Result.error("请登录系统！");
 			}
@ -319,7 +320,7 @@ public class SysPermissionController {
 	public Result<?> getPermCode() {
 		try {
 			// 直接获取当前用户
-			LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+			LoginUser loginUser = SecureUtil.currentUser();
 			if (oConvertUtils.isEmpty(loginUser)) {
 				return Result.error("请登录系统！");
 			}
@ -360,7 +361,7 @@ public class SysPermissionController {
 	 * @param permission
 	 * @return
 	 */
-    @RequiresPermissions("system:permission:add")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:add')")
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
 	public Result<SysPermission> add(@RequestBody SysPermission permission) {
 		Result<SysPermission> result = new Result<SysPermission>();
@ -380,7 +381,7 @@ public class SysPermissionController {
 	 * @param permission
 	 * @return
 	 */
-    @RequiresPermissions("system:permission:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:edit')")
 	@RequestMapping(value = "/edit", method = { RequestMethod.PUT, RequestMethod.POST })
 	public Result<SysPermission> edit(@RequestBody SysPermission permission) {
 		Result<SysPermission> result = new Result<>();
@ -422,7 +423,7 @@ public class SysPermissionController {
 	 * @param id
 	 * @return
 	 */
-    @RequiresPermissions("system:permission:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:delete')")
 	@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	public Result<SysPermission> delete(@RequestParam(name = "id", required = true) String id) {
 		Result<SysPermission> result = new Result<>();
@ -441,7 +442,7 @@ public class SysPermissionController {
 	 * @param ids
 	 * @return
 	 */
-    @RequiresPermissions("system:permission:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	public Result<SysPermission> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
 		Result<SysPermission> result = new Result<>();
@ -549,7 +550,7 @@ public class SysPermissionController {
 	 * @return
 	 */
 	@RequestMapping(value = "/saveRolePermission", method = RequestMethod.POST)
-    @RequiresPermissions("system:permission:saveRole")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:saveRole')")
 	public Result<String> saveRolePermission(@RequestBody JSONObject json) {
 		long start = System.currentTimeMillis();
 		Result<String> result = new Result<>();
@ -559,7 +560,7 @@ public class SysPermissionController {
 			String lastPermissionIds = json.getString("lastpermissionIds");
 			this.sysRolePermissionService.saveRolePermission(roleId, permissionIds, lastPermissionIds);
 			//update-begin---author:wangshuai ---date:20220316  for：[VUEN-234]用户管理角色授权添加敏感日志------------
-            LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+            LoginUser loginUser = SecureUtil.currentUser();
 			baseCommonService.addLog("修改角色ID: "+roleId+" 的权限配置，操作人： " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
            //update-end---author:wangshuai ---date:20220316  for：[VUEN-234]用户管理角色授权添加敏感日志------------
 			result.success("保存成功！");
@ -877,7 +878,7 @@ public class SysPermissionController {
 	 * @param sysPermissionDataRule
 	 * @return
 	 */
-    @RequiresPermissions("system:permission:addRule")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:addRule')")
 	@RequestMapping(value = "/addPermissionRule", method = RequestMethod.POST)
 	public Result<SysPermissionDataRule> addPermissionRule(@RequestBody SysPermissionDataRule sysPermissionDataRule) {
 		Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -892,7 +893,7 @@ public class SysPermissionController {
 		return result;
 	}
-    @RequiresPermissions("system:permission:editRule")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:editRule')")
 	@RequestMapping(value = "/editPermissionRule", method = { RequestMethod.PUT, RequestMethod.POST })
 	public Result<SysPermissionDataRule> editPermissionRule(@RequestBody SysPermissionDataRule sysPermissionDataRule) {
 		Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -912,7 +913,7 @@ public class SysPermissionController {
 	 * @param id
 	 * @return
 	 */
-    @RequiresPermissions("system:permission:deleteRule")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:deleteRule')")
 	@RequestMapping(value = "/deletePermissionRule", method = RequestMethod.DELETE)
 	public Result<SysPermissionDataRule> deletePermissionRule(@RequestParam(name = "id", required = true) String id) {
 		Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -969,7 +970,7 @@ public class SysPermissionController {
 	 * @return
 	 */
 	@RequestMapping(value = "/saveDepartPermission", method = RequestMethod.POST)
-    @RequiresPermissions("system:permission:saveDepart")
+	@PreAuthorize("@jps.requiresPermissions('system:permission:saveDepart')")
 	public Result<String> saveDepartPermission(@RequestBody JSONObject json) {
 		long start = System.currentTimeMillis();
 		Result<String> result = new Result<>();
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPositionController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPositionController.java
@ -18,6 +18,7 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.ImportExcelUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysPosition;
 import org.jeecg.modules.system.entity.SysUser;
 import org.jeecg.modules.system.service.ISysPositionService;
@ -243,7 +244,7 @@ public class SysPositionController {
        //Step.2 AutoPoi 导出Excel
        ModelAndView mv = new ModelAndView(new JeecgEntityExcelView());
        List<SysPosition> pageList = sysPositionService.list(queryWrapper);
-        LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser user = SecureUtil.currentUser();
        //导出文件名称
        mv.addObject(NormalExcelConstants.FILE_NAME, "职务表列表");
        mv.addObject(NormalExcelConstants.CLASS, SysPosition.class);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java
@ -1,10 +1,8 @@
 package org.jeecg.modules.system.controller;
 import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@ -24,6 +22,7 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.model.TreeModel;
@ -35,6 +34,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
 import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@ -94,7 +94,7 @@ public class SysRoleController {
 	 * @param req
 	 * @return
 	 */
-	@RequiresPermissions("system:role:list")
+	@PreAuthorize("@jps.requiresPermissions('system:role:list')")
 	@RequestMapping(value = "/list", method = RequestMethod.GET)
 	public Result<IPage<SysRole>> queryPageList(SysRole role,
 									  @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@ -143,7 +143,7 @@ public class SysRoleController {
 	 * @return
 	 */
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
-    @RequiresPermissions("system:role:add")
+	@PreAuthorize("@jps.requiresPermissions('system:role:add')")
 	public Result<SysRole> add(@RequestBody SysRole role) {
 		Result<SysRole> result = new Result<SysRole>();
 		try {
@ -166,7 +166,7 @@ public class SysRoleController {
 	 * @param role
 	 * @return
 	 */
-    @RequiresPermissions("system:role:edit")
+	@PreAuthorize("@jps.requiresPermissions('system:role:edit')")
 	@RequestMapping(value = "/edit",method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<SysRole> edit(@RequestBody SysRole role) {
 		Result<SysRole> result = new Result<SysRole>();
@ -180,7 +180,7 @@ public class SysRoleController {
 			//如果是saas隔离的情况下，判断当前租户id是否是当前租户下的
 			if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
 				//获取当前用户
-				LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+				LoginUser sysUser = SecureUtil.currentUser();
 				Integer tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0);
 				String username = "admin";
 				if (!tenantId.equals(role.getTenantId()) && !username.equals(sysUser.getUsername())) {
@ -203,13 +203,13 @@ public class SysRoleController {
 	 * @param id
 	 * @return
 	 */
-    @RequiresPermissions("system:role:delete")
+	@PreAuthorize("@jps.requiresPermissions('system:role:delete')")
 	@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	public Result<?> delete(@RequestParam(name="id",required=true) String id) {
    	//如果是saas隔离的情况下，判断当前租户id是否是当前租户下的
    	if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
 			//获取当前用户
-			LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+			LoginUser sysUser = SecureUtil.currentUser();
 			int tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0);
 			Long getRoleCount = sysRoleService.getRoleCountByTenantId(id, tenantId);
 			String username = "admin";
@ -227,7 +227,7 @@ public class SysRoleController {
 	 * @param ids
 	 * @return
 	 */
-    @RequiresPermissions("system:role:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('system:role:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	public Result<SysRole> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		baseCommonService.addLog("删除角色操作，角色ids：" + ids, CommonConstant.LOG_TYPE_2, CommonConstant.OPERATE_TYPE_4);
@ -304,7 +304,7 @@ public class SysRoleController {
 	 *
 	 * @return
 	 */
-	@RequiresPermissions("system:role:queryallNoByTenant")
+	@PreAuthorize("@jps.requiresPermissions('system:role:queryallNoByTenant')")
 	@RequestMapping(value = "/queryallNoByTenant", method = RequestMethod.GET)
 	public Result<List<SysRole>> queryallNoByTenant() {
 		Result<List<SysRole>> result = new Result<>();
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
@ -23,6 +23,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.system.base.controller.JeecgController;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
@ -68,7 +69,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
     * @param sysRoleIndex
     * @return
     */
-    @RequiresPermissions("system:roleindex:add")
+    @PreAuthorize("@jps.requiresPermissions('system:roleindex:add')")
    @AutoLog(value = "角色首页配置-添加")
    @Operation(summary = "角色首页配置-添加")
    @PostMapping(value = "/add")
@ -84,7 +85,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
     * @param sysRoleIndex
     * @return
     */
-    @RequiresPermissions("system:roleindex:edit")
+    @PreAuthorize("@jps.requiresPermissions('system:roleindex:edit')")
    @AutoLog(value = "角色首页配置-编辑")
    @Operation(summary = "角色首页配置-编辑")
    @RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTableWhiteListController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTableWhiteListController.java
@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.vo.Result;
@ -14,6 +15,7 @@ import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.modules.system.entity.SysTableWhiteList;
 import org.jeecg.modules.system.service.ISysTableWhiteListService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 /**
@ -40,8 +42,8 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
     * @param req
     * @return
     */
    //@RequiresRoles("admin")
    @GetMapping(value = "/list")
    @PreAuthorize("@jps.requiresRoles('admin')")
    public Result<?> queryPageList(
            SysTableWhiteList sysTableWhiteList,
            @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@ -62,7 +64,7 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
     */
    @AutoLog(value = "系统表白名单-添加")
    @Operation(summary = "系统表白名单-添加")
-    //@RequiresRoles("admin")
+    @PreAuthorize("@jps.requiresRoles('admin')")
    @PostMapping(value = "/add")
    public Result<?> add(@RequestBody SysTableWhiteList sysTableWhiteList) {
        if (sysTableWhiteListService.add(sysTableWhiteList)) {
@ -80,7 +82,7 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
     */
    @AutoLog(value = "系统表白名单-编辑")
    @Operation(summary =  "系统表白名单-编辑")
-    //@RequiresRoles("admin")
+    @PreAuthorize("@jps.requiresRoles('admin')")
    @RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
    public Result<?> edit(@RequestBody SysTableWhiteList sysTableWhiteList) {
        if (sysTableWhiteListService.edit(sysTableWhiteList)) {
@ -98,7 +100,7 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
     */
    @AutoLog(value = "系统表白名单-通过id删除")
    @Operation(summary = "系统表白名单-通过id删除")
-    //@RequiresRoles("admin")
+    @PreAuthorize("@jps.requiresRoles('admin')")
    @DeleteMapping(value = "/delete")
    public Result<?> delete(@RequestParam(name = "id") String id) {
        if (sysTableWhiteListService.deleteByIds(id)) {
@ -116,7 +118,7 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
     */
    @AutoLog(value = "系统表白名单-批量删除")
    @Operation(summary =  "系统表白名单-批量删除")
-    //@RequiresRoles("admin")
+    @PreAuthorize("@jps.requiresRoles('admin')")
    @DeleteMapping(value = "/deleteBatch")
    public Result<?> deleteBatch(@RequestParam(name = "ids") String ids) {
        if (sysTableWhiteListService.deleteByIds(ids)) {
@ -134,7 +136,7 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
     */
    @AutoLog(value = "系统表白名单-通过id查询")
    @Operation(summary = "系统表白名单-通过id查询")
-    //@RequiresRoles("admin")
+    @PreAuthorize("@jps.requiresRoles('admin')")
    @GetMapping(value = "/queryById")
    public Result<?> queryById(@RequestParam(name = "id", required = true) String id) {
        SysTableWhiteList sysTableWhiteList = sysTableWhiteListService.getById(id);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
@ -8,7 +8,6 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.aspect.annotation.PermissionData;
@ -21,6 +20,7 @@ import org.jeecg.common.util.PasswordUtil;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.service.ISysTenantPackService;
@ -34,6 +34,7 @@ import org.jeecg.modules.system.vo.tenant.TenantPackModel;
 import org.jeecg.modules.system.vo.tenant.TenantPackUser;
 import org.jeecg.modules.system.vo.tenant.TenantPackUserCount;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
@ -75,7 +76,7 @@ public class SysTenantController {
     * @param req
     * @return
     */
-    @RequiresPermissions("system:tenant:list")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:list')")
    @PermissionData(pageComponent = "system/TenantList")
 	@RequestMapping(value = "/list", method = RequestMethod.GET)
 	public Result<IPage<SysTenant>> queryPageList(SysTenant sysTenant,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@ -114,7 +115,7 @@ public class SysTenantController {
     * @return
     */
    @GetMapping("/recycleBinPageList")
-    @RequiresPermissions("system:tenant:recycleBinPageList")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:recycleBinPageList')")
    public Result<IPage<SysTenant>> recycleBinPageList(SysTenant sysTenant,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
                                                   @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req){
        Result<IPage<SysTenant>> result = new Result<IPage<SysTenant>>();
@ -130,7 +131,7 @@ public class SysTenantController {
     * @param
     * @return
     */
-    @RequiresPermissions("system:tenant:add")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:add')")
    @RequestMapping(value = "/add", method = RequestMethod.POST)
    public Result<SysTenant> add(@RequestBody SysTenant sysTenant) {
        Result<SysTenant> result = new Result();
@ -154,7 +155,7 @@ public class SysTenantController {
     * @param
     * @return
     */
-    @RequiresPermissions("system:tenant:edit")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:edit')")
    @RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
    public Result<SysTenant> edit(@RequestBody SysTenant tenant) {
        Result<SysTenant> result = new Result();
@ -177,14 +178,14 @@ public class SysTenantController {
     * @param id
     * @return
     */
-    @RequiresPermissions("system:tenant:delete")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:delete')")
    @RequestMapping(value = "/delete", method ={RequestMethod.DELETE, RequestMethod.POST})
    public Result<?> delete(@RequestParam(name="id",required=true) String id) {
        //------------------------------------------------------------------
        //如果是saas隔离的情况下，判断当前租户id是否是当前租户下的
        if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
            //获取当前用户
-            LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+            LoginUser sysUser = SecureUtil.currentUser();;
            SysTenant sysTenant = sysTenantService.getById(id);
            String username = "admin";
@ -205,7 +206,7 @@ public class SysTenantController {
     * @param ids
     * @return
     */
-    @RequiresPermissions("system:tenant:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:deleteBatch')")
    @RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
    public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
        Result<?> result = new Result<>();
@ -220,7 +221,7 @@ public class SysTenantController {
                //如果是saas隔离的情况下，判断当前租户id是否是当前租户下的
                if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
                    //获取当前用户
-                    LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+                    LoginUser sysUser = SecureUtil.currentUser();
                    SysTenant sysTenant = sysTenantService.getById(id);
                    String username = "admin";
@ -255,7 +256,7 @@ public class SysTenantController {
        }
        //------------------------------------------------------------------------------------------------
        //获取登录用户信息
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】, admin给特权可以管理所有租户
        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
            Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
@ -280,7 +281,7 @@ public class SysTenantController {
     * 查询有效的 租户数据
     * @return
     */
-    @RequiresPermissions("system:tenant:queryList")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:queryList')")
    @RequestMapping(value = "/queryList", method = RequestMethod.GET)
    public Result<List<SysTenant>> queryList(@RequestParam(name="ids",required=false) String ids) {
        Result<List<SysTenant>> result = new Result<List<SysTenant>>();
@ -306,7 +307,7 @@ public class SysTenantController {
     * @return
     */
    @GetMapping(value = "/packList")
-    @RequiresPermissions("system:tenant:packList")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:packList')")
    public Result<IPage<SysTenantPack>> queryPackPageList(SysTenantPack sysTenantPack,
                                                          @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
                                                          @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
@ -328,7 +329,7 @@ public class SysTenantController {
     * @return
     */
    @PostMapping(value = "/addPackPermission")
-    @RequiresPermissions("system:tenant:add:pack")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:add:pack')")
    public Result<String> addPackPermission(@RequestBody SysTenantPack sysTenantPack) {
        sysTenantPackService.addPackPermission(sysTenantPack);
        return Result.ok("创建租户产品包成功");
@ -341,7 +342,7 @@ public class SysTenantController {
     * @return
     */
    @PutMapping(value = "/editPackPermission")
-    @RequiresPermissions("system:tenant:edit:pack")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:edit:pack')")
    public Result<String> editPackPermission(@RequestBody SysTenantPack sysTenantPack) {
        sysTenantPackService.editPackPermission(sysTenantPack);
        return Result.ok("修改租户产品包成功");
@ -354,7 +355,7 @@ public class SysTenantController {
     * @return
     */
    @DeleteMapping("/deletePackPermissions")
-    @RequiresPermissions("system:tenant:delete:pack")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:delete:pack')")
    public Result<String> deletePackPermissions(@RequestParam(value = "ids") String ids) {
        sysTenantPackService.deletePackPermissions(ids);
        return Result.ok("删除租户产品包成功");
@ -371,7 +372,7 @@ public class SysTenantController {
    public Result<Map<String,Object>> getCurrentUserTenant() {
        Result<Map<String,Object>> result = new Result<Map<String,Object>>();
        try {
-            LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+            LoginUser sysUser = SecureUtil.currentUser();
            //update-begin---author:wangshuai ---date:20221223  for：[QQYUN-3371]租户逻辑改造，改成关系表------------
            List<Integer> tenantIdList = relationService.getTenantIdsByUserId(sysUser.getId());
            Map<String,Object> map = new HashMap(5);
@ -397,7 +398,7 @@ public class SysTenantController {
     * @return
     */
    @PutMapping("/invitationUserJoin")
-    @RequiresPermissions("system:tenant:invitation:user")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:invitation:user')")
    public Result<String> invitationUserJoin(@RequestParam("ids") String ids,@RequestParam("phone") String phone){
        sysTenantService.invitationUserJoin(ids,phone);
        return Result.ok("邀请用户成功");
@ -412,7 +413,7 @@ public class SysTenantController {
     * @return
     */
    @RequestMapping(value = "/getTenantUserList", method = RequestMethod.GET)
-    @RequiresPermissions("system:tenant:user:list")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:user:list')")
    public Result<IPage<SysUser>> getTenantUserList(SysUser user,
                                                    @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
                                                    @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,
@ -433,12 +434,12 @@ public class SysTenantController {
     * @return
     */
    @PutMapping("/leaveTenant")
-    @RequiresPermissions("system:tenant:leave")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:leave')")
    public Result<String> leaveTenant(@RequestParam("userIds") String userIds,
                                      @RequestParam("tenantId") String tenantId){
        Result<String> result = new Result<>();
        //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
            Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
            if(loginSessionTenant!=null && !loginSessionTenant.equals(Integer.valueOf(tenantId))){
@ -484,7 +485,7 @@ public class SysTenantController {
    @PostMapping("/saveTenantJoinUser")
    public Result<Integer> saveTenantJoinUser(@RequestBody SysTenant sysTenant){
        Result<Integer> result = new Result<>();
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        Integer tenantId = sysTenantService.saveTenantJoinUser(sysTenant, sysUser.getId());
        result.setSuccess(true);
        result.setMessage("创建成功");
@ -498,7 +499,7 @@ public class SysTenantController {
     */
    @PostMapping("/joinTenantByHouseNumber")
    public Result<Integer> joinTenantByHouseNumber(@RequestBody SysTenant sysTenant){
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        Integer tenantId = sysTenantService.joinTenantByHouseNumber(sysTenant, sysUser.getId());
        Result<Integer> result = new Result<>();
        if(tenantId != 0){
@ -533,7 +534,7 @@ public class SysTenantController {
                                                                SysUser user,
                                                                HttpServletRequest req) {
        Page<SysUserTenantVo> page = new Page<SysUserTenantVo>(pageNo, pageSize);
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        String tenantId = oConvertUtils.getString(TenantContext.getTenant(), "0");
        IPage<SysUserTenantVo> list = relationService.getUserTenantPageList(page, Arrays.asList(userTenantStatus.split(SymbolConstant.COMMA)), user, Integer.valueOf(tenantId));
        return Result.ok(list);
@ -548,7 +549,7 @@ public class SysTenantController {
    @GetMapping("/getTenantListByUserId")
    //@RequiresPermissions("system:tenant:getTenantListByUserId")
    public Result<List<SysUserTenantVo>> getTenantListByUserId(@RequestParam(name = "userTenantStatus", required = false) String userTenantStatus) {
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        List<String> list = null;
        if (oConvertUtils.isNotEmpty(userTenantStatus)) {
            list = Arrays.asList(userTenantStatus.split(SymbolConstant.COMMA));
@ -581,7 +582,7 @@ public class SysTenantController {
    @PutMapping("/cancelTenant")
    //@RequiresPermissions("system:tenant:cancelTenant")
    public Result<String> cancelTenant(@RequestBody SysTenant sysTenant,HttpServletRequest request) {
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        SysTenant tenant = sysTenantService.getById(sysTenant.getId());
        if (null == tenant) {
            return Result.error("未找到当前租户信息");
@ -624,7 +625,7 @@ public class SysTenantController {
     */
    @PutMapping("/cancelApplyTenant")
    public Result<String> cancelApplyTenant(@RequestParam("tenantId") String tenantId){
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        sysTenantService.leaveTenant(sysUser.getId(),tenantId);
        return Result.ok("取消申请成功");
    }
@ -637,7 +638,7 @@ public class SysTenantController {
     * @return
     */
    @DeleteMapping("/deleteLogicDeleted")
-    @RequiresPermissions("system:tenant:deleteTenantLogic")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:deleteTenantLogic')")
    public Result<String> deleteTenantLogic(@RequestParam("ids") String ids){
        sysTenantService.deleteTenantLogic(ids);
        return Result.ok("彻底删除成功");
@ -649,7 +650,7 @@ public class SysTenantController {
     * @return
     */
    @PutMapping("/revertTenantLogic")
-    @RequiresPermissions("system:tenant:revertTenantLogic")
+    @PreAuthorize("@jps.requiresPermissions('system:tenant:revertTenantLogic')")
    public Result<String> revertTenantLogic(@RequestParam("ids") String ids){
        sysTenantService.revertTenantLogic(ids);
        return Result.ok("还原成功");
@ -663,7 +664,7 @@ public class SysTenantController {
     */
    @DeleteMapping("/exitUserTenant")
    public Result<String> exitUserTenant(@RequestBody SysTenant sysTenant,HttpServletRequest request){
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        //验证用户是否已存在
        Integer count = relationService.userTenantIzExist(sysUser.getId(),sysTenant.getId());
        if (count == 0) {
@ -885,7 +886,7 @@ public class SysTenantController {
    public Result<IPage<SysTenant>> getTenantPageListByUserId(SysUserTenantVo sysUserTenantVo,
                                                              @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
                                                              @RequestParam(name="pageSize", defaultValue="10") Integer pageSize) {
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        List<String> list = null;
        String userTenantStatus = sysUserTenantVo.getUserTenantStatus();
        if (oConvertUtils.isNotEmpty(userTenantStatus)) {
@ -903,7 +904,7 @@ public class SysTenantController {
    public Result<String> agreeOrRefuseJoinTenant(@RequestParam("tenantId") Integer tenantId, 
                                                  @RequestParam("status") String status){
        //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        String userId = sysUser.getId();
        SysTenant tenant = sysTenantService.getById(tenantId);
        if(null == tenant){
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
@ -7,7 +7,6 @@ import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import lombok.extern.slf4j.Slf4j;
@ -41,6 +40,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
 import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
@ -138,7 +138,7 @@ public class SysUserController {
     * @param req
     * @return
     */
-    @RequiresPermissions("system:user:listAll")
+    @PreAuthorize("@jps.requiresPermissions('system:user:listAll')")
    @RequestMapping(value = "/listAll", method = RequestMethod.GET)
    public Result<IPage<SysUser>> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
                                                   @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) {
@ -146,7 +146,7 @@ public class SysUserController {
        return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
    }
-    @RequiresPermissions("system:user:add")
+    @PreAuthorize("@jps.requiresPermissions('system:user:add')")
 	@RequestMapping(value = "/add", method = RequestMethod.POST)
 	public Result<SysUser> add(@RequestBody JSONObject jsonObject) {
 		Result<SysUser> result = new Result<SysUser>();
@ -176,7 +176,7 @@ public class SysUserController {
 		return result;
 	}
-    @RequiresPermissions("system:user:edit")
+    @PreAuthorize("@jps.requiresPermissions('system:user:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<SysUser> edit(@RequestBody JSONObject jsonObject) {
 		Result<SysUser> result = new Result<SysUser>();
@ -214,7 +214,7 @@ public class SysUserController {
 	/**
 	 * 删除用户
 	 */
-    @RequiresPermissions("system:user:delete")
+    @PreAuthorize("@jps.requiresPermissions('system:user:delete')")
 	@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
 	public Result<?> delete(@RequestParam(name="id",required=true) String id) {
 		baseCommonService.addLog("删除用户，id： " +id ,CommonConstant.LOG_TYPE_2, 3);
@ -225,7 +225,7 @@ public class SysUserController {
 	/**
 	 * 批量删除用户
 	 */
-    @RequiresPermissions("system:user:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('system:user:deleteBatch')")
 	@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
 	public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		baseCommonService.addLog("批量删除用户， ids： " +ids ,CommonConstant.LOG_TYPE_2, 3);
@ -238,7 +238,7 @@ public class SysUserController {
 	 * @param jsonObject
 	 * @return
 	 */
-    @RequiresPermissions("system:user:frozenBatch")
+    @PreAuthorize("@jps.requiresPermissions('system:user:frozenBatch')")
 	@RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT)
 	public Result<SysUser> frozenBatch(@RequestBody JSONObject jsonObject) {
 		Result<SysUser> result = new Result<SysUser>();
@ -262,7 +262,7 @@ public class SysUserController {
    }
-    @RequiresPermissions("system:user:queryById")
+    @PreAuthorize("@jps.requiresPermissions('system:user:queryById')")
    @RequestMapping(value = "/queryById", method = RequestMethod.GET)
    public Result<SysUser> queryById(@RequestParam(name = "id", required = true) String id) {
        Result<SysUser> result = new Result<SysUser>();
@ -276,7 +276,7 @@ public class SysUserController {
        return result;
    }
-    @RequiresPermissions("system:user:queryUserRole")
+    @PreAuthorize("@jps.requiresPermissions('system:user:queryUserRole')")
    @RequestMapping(value = "/queryUserRole", method = RequestMethod.GET)
    public Result<List<String>> queryUserRole(@RequestParam(name = "userid", required = true) String userid) {
        Result<List<String>> result = new Result<>();
@ -329,7 +329,7 @@ public class SysUserController {
    /**
     * 修改密码
     */
-    @RequiresPermissions("system:user:changepwd")
+    @PreAuthorize("@jps.requiresPermissions('system:user:changepwd')")
    @RequestMapping(value = "/changePassword", method = RequestMethod.PUT)
    public Result<?> changePassword(@RequestBody SysUser sysUser) {
        SysUser u = this.sysUserService.getOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUsername, sysUser.getUsername()));
@ -452,7 +452,7 @@ public class SysUserController {
     * @param request
     * @param sysUser
     */
-    @RequiresPermissions("system:user:export")
+    @PreAuthorize("@jps.requiresPermissions('system:user:export')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) {
        // Step.1 组装查询条件
@ -485,7 +485,7 @@ public class SysUserController {
     * @param response
     * @return
     */
-    @RequiresPermissions("system:user:import")
+    @PreAuthorize("@jps.requiresPermissions('system:user:import')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException {
        MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
@ -599,7 +599,7 @@ public class SysUserController {
 	/**
 	 * 首页用户重置密码
 	 */
-    @RequiresPermissions("system:user:updatepwd")
+    @PreAuthorize("@jps.requiresPermissions('system:user:updatepwd')")
    @RequestMapping(value = "/updatePassword", method = RequestMethod.PUT)
 	public Result<?> updatePassword(@RequestBody JSONObject json) {
 		String username = json.getString("username");
@ -640,7 +640,7 @@ public class SysUserController {
     * @param
     * @return
     */
-    @RequiresPermissions("system:user:addUserRole")
+    @PreAuthorize("@jps.requiresPermissions('system:user:addUserRole')")
    @RequestMapping(value = "/addSysUserRole", method = RequestMethod.POST)
    public Result<String> addSysUserRole(@RequestBody SysUserRoleVO sysUserRoleVO) {
        Result<String> result = new Result<String>();
@ -672,7 +672,7 @@ public class SysUserController {
     * @param
     * @return
     */
-    @RequiresPermissions("system:user:deleteRole")
+    @PreAuthorize("@jps.requiresPermissions('system:user:deleteRole')")
    @RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE)
    public Result<SysUserRole> deleteUserRole(@RequestParam(name="roleId") String roleId,
                                                    @RequestParam(name="userId",required=true) String userId
@ -696,7 +696,7 @@ public class SysUserController {
     * @param
     * @return
     */
-    @RequiresPermissions("system:user:deleteRoleBatch")
+    @PreAuthorize("@jps.requiresPermissions('system:user:deleteRoleBatch')")
    @RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE)
    public Result<SysUserRole> deleteUserRoleBatch(
            @RequestParam(name="roleId") String roleId,
@ -827,7 +827,7 @@ public class SysUserController {
    /**
     * 给指定部门添加对应的用户
     */
-    @RequiresPermissions("system:user:editDepartWithUser")
+    @PreAuthorize("@jps.requiresPermissions('system:user:editDepartWithUser')")
    @RequestMapping(value = "/editSysDepartWithUser", method = RequestMethod.POST)
    public Result<String> editSysDepartWithUser(@RequestBody SysDepartUsersVO sysDepartUsersVO) {
        Result<String> result = new Result<String>();
@ -856,7 +856,7 @@ public class SysUserController {
    /**
     *   删除指定机构的用户关系
     */
-    @RequiresPermissions("system:user:deleteUserInDepart")
+    @PreAuthorize("@jps.requiresPermissions('system:user:deleteUserInDepart')")
    @RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE)
    public Result<SysUserDepart> deleteUserInDepart(@RequestParam(name="depId") String depId,
                                                    @RequestParam(name="userId",required=true) String userId
@ -888,7 +888,7 @@ public class SysUserController {
    /**
     * 批量删除指定机构的用户关系
     */
-    @RequiresPermissions("system:user:deleteUserInDepartBatch")
+    @PreAuthorize("@jps.requiresPermissions('system:user:deleteUserInDepartBatch')")
    @RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE)
    public Result<SysUserDepart> deleteUserInDepartBatch(
            @RequestParam(name="depId") String depId,
@ -1263,7 +1263,7 @@ public class SysUserController {
     * @param userIds 被删除的用户ID，多个id用半角逗号分割
     * @return
     */
-    @RequiresPermissions("system:user:deleteRecycleBin")
+    @PreAuthorize("@jps.requiresPermissions('system:user:deleteRecycleBin')")
    @RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
    public Result deleteRecycleBin(@RequestParam("userIds") String userIds) {
        if (StringUtils.isNotBlank(userIds)) {
@ -1278,7 +1278,7 @@ public class SysUserController {
     * @param jsonObject
     * @return
     */
-    @RequiresRoles({"admin"})
+    @PreAuthorize("@jps.requiresRoles('admin')")
    @RequestMapping(value = "/appEdit", method = {RequestMethod.PUT,RequestMethod.POST})
    public Result<SysUser> appEdit(HttpServletRequest request,@RequestBody JSONObject jsonObject) {
        Result<SysUser> result = new Result<SysUser>();
@ -1668,7 +1668,7 @@ public class SysUserController {
     * @return
     */
    @PostMapping("/login/setting/userEdit")
-    @RequiresPermissions("system:user:setting:edit")
+    @PreAuthorize("@jps.requiresPermissions('system:user:setting:edit')")
    public Result<String> userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) {
        String username = JwtUtil.getUserNameByToken(request);
        SysUser user = sysUserService.getById(sysUser.getId());
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdAppController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdAppController.java
@ -17,6 +17,7 @@ import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysThirdAccount;
 import org.jeecg.modules.system.entity.SysThirdAppConfig;
 import org.jeecg.modules.system.service.ISysThirdAccountService;
@ -479,7 +480,7 @@ public class ThirdAppController {
     */
    @GetMapping("/getThirdAccountByUserId")
    public Result<List<SysThirdAccount>> getThirdAccountByUserId(@RequestParam(name="thirdType") String thirdType){
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        LambdaQueryWrapper<SysThirdAccount> query = new LambdaQueryWrapper<>();
        //根据id查询
        query.eq(SysThirdAccount::getSysUserId,sysUser.getId());
@ -510,7 +511,7 @@ public class ThirdAppController {
     */
    @DeleteMapping("/deleteThirdAccount")
    public Result<String> deleteThirdAccountById(@RequestBody SysThirdAccount sysThirdAccount){
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        if(!sysUser.getId().equals(sysThirdAccount.getSysUserId())){
            return Result.error("无权修改他人信息");
        }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/entity/SysDataLog.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/entity/SysDataLog.java
@ -10,6 +10,7 @@ import lombok.experimental.Accessors;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.springframework.format.annotation.DateTimeFormat;
 import org.springframework.security.core.context.SecurityContextHolder;
@ -95,7 +96,7 @@ public class SysDataLog implements Serializable {
     */
    public void autoSetCreateName() {
        try {
-            LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+            LoginUser sysUser = SecureUtil.currentUser();
            this.setCreateName(sysUser.getRealname());
        } catch (Exception e) {
            log.warn("SecurityUtils.getSubject() 获取用户信息异常：" + e.getMessage());
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysAnnouncementServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysAnnouncementServiceImpl.java
@ -10,6 +10,7 @@ import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysAnnouncement;
 import org.jeecg.modules.system.entity.SysAnnouncementSend;
 import org.jeecg.modules.system.mapper.SysAnnouncementMapper;
@ -145,7 +146,7 @@ public class SysAnnouncementServiceImpl extends ServiceImpl<SysAnnouncementMappe
 	@Override
 	public void completeAnnouncementSendInfo() {
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		String userId = sysUser.getId();
 		List<String> announcementIds = this.getNotSendedAnnouncementlist(userId);
 		List<SysAnnouncementSend> sysAnnouncementSendList = new ArrayList<>();
@ -195,7 +196,7 @@ public class SysAnnouncementServiceImpl extends ServiceImpl<SysAnnouncementMappe
 //			completeAnnouncementSendInfo();
 //		});
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		log.info(" 获取登录人 LoginUser id: {}", sysUser.getId());
 		Page<SysAnnouncement> page = new Page<SysAnnouncement>(pageNo,pageSize);
 		List<SysAnnouncement> list = baseMapper.queryAllMessageList(page, sysUser.getId(), fromUser, starFlag, beginDate, endDate);
@ -204,13 +205,13 @@ public class SysAnnouncementServiceImpl extends ServiceImpl<SysAnnouncementMappe
 	@Override
 	public void updateReaded(List<String> annoceIdList) {
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		sysAnnouncementSendMapper.updateReaded(sysUser.getId(), annoceIdList);
 	}
 	@Override
 	public void clearAllUnReadMessage() {
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		sysAnnouncementSendMapper.clearAllUnReadMessage(sysUser.getId());
 	}
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysBaseApiImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysBaseApiImpl.java
@ -17,7 +17,6 @@ import freemarker.template.TemplateException;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.dto.DataLogDTO;
 import org.jeecg.common.api.dto.OnlineAuthDTO;
 import org.jeecg.common.api.dto.message.*;
@ -39,6 +38,7 @@ import org.jeecg.common.util.dynamic.db.FreemarkerParseFactory;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.firewall.SqlInjection.IDictTableWhiteListHandler;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.message.entity.SysMessageTemplate;
 import org.jeecg.modules.message.handle.impl.DdSendMsgHandle;
 import org.jeecg.modules.message.handle.impl.EmailSendMsgHandle;
@ -159,6 +159,19 @@ public class SysBaseApiImpl implements ISysBaseAPI {
 		return user;
 	}
 	@Override
 	public LoginUser getUserByPhone(String phone) {
 		if (oConvertUtils.isEmpty(phone)) {
 			return null;
 		}
 		LoginUser loginUser = new LoginUser();
 		SysUser sysUser = sysUserService.getUserByPhone(phone);
 		BeanUtils.copyProperties(sysUser, loginUser);
 		return loginUser;
 	}
 	@Override
 	public String translateDictFromTable(String table, String text, String code, String key) {
 		return sysDictService.queryTableDictTextByKey(table, text, code, key);
@ -585,7 +598,7 @@ public class SysBaseApiImpl implements ISysBaseAPI {
 	public void updateSysAnnounReadFlag(String busType, String busId) {
 		SysAnnouncement announcement = sysAnnouncementMapper.selectOne(new QueryWrapper<SysAnnouncement>().eq("bus_type",busType).eq("bus_id",busId));
 		if(announcement != null){
-			LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+			LoginUser sysUser = SecureUtil.currentUser();
 			String userId = sysUser.getId();
 			LambdaUpdateWrapper<SysAnnouncementSend> updateWrapper = new UpdateWrapper().lambda();
 			updateWrapper.set(SysAnnouncementSend::getReadFlag, CommonConstant.HAS_READ_FLAG);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDepartServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDepartServiceImpl.java
@ -23,6 +23,7 @@ import org.jeecg.common.util.ImportExcelUtil;
 import org.jeecg.common.util.YouBianCodeUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.mapper.*;
 import org.jeecg.modules.system.model.DepartIdModel;
@ -836,7 +837,7 @@ public class SysDepartServiceImpl extends ServiceImpl<SysDepartMapper, SysDepart
     */
    @Override
    public List<SysDepart> getMyDepartList() {
-        LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser user = SecureUtil.currentUser();
        String userId = user.getId();
        //字典code集合
        List<String> list = new ArrayList<>();
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
@ -8,6 +8,7 @@ import org.jeecg.common.constant.TenantConstant;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.aop.TenantLog;
 import org.jeecg.modules.system.entity.SysPackPermission;
 import org.jeecg.modules.system.entity.SysTenant;
@ -135,7 +136,7 @@ public class SysTenantPackServiceImpl extends ServiceImpl<SysTenantPackMapper, S
        ISysTenantPackService currentService = SpringContextUtils.getApplicationContext().getBean(ISysTenantPackService.class);
        String packId = currentService.saveOne(superAdminPack);
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        SysTenantPackUser packUser = new SysTenantPackUser(tenantId, packId, sysUser.getId());
        packUser.setRealname(sysUser.getRealname());
        packUser.setPackName(superAdminPack.getPackName());
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantServiceImpl.java
@ -7,7 +7,6 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.dto.message.BusMessageDTO;
 import org.jeecg.common.api.dto.message.MessageDTO;
 import org.jeecg.common.api.vo.Result;
@ -21,6 +20,7 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.constant.enums.SysAnnmentTypeEnum;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.aop.TenantLog;
 import org.jeecg.modules.system.entity.*;
 import org.jeecg.modules.system.mapper.SysTenantMapper;
@ -31,11 +31,8 @@ import org.jeecg.modules.system.service.ISysTenantPackService;
 import org.jeecg.modules.system.service.ISysTenantService;
 import org.jeecg.modules.system.service.ISysUserService;
 import org.jeecg.modules.system.vo.tenant.*;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
@ -169,7 +166,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
        this.save(sysTenant);
        //update-begin---author:wangshuai ---date:20230710  for：【QQYUN-5723】1、把当前创建人加入到租户关系里面------------
        //当前登录人的id
-        LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser loginUser = SecureUtil.currentUser();
        this.saveTenantRelation(sysTenant.getId(),loginUser.getId());
        //update-end---author:wangshuai ---date:20230710  for：【QQYUN-5723】1、把当前创建人加入到租户关系里面------------
    }
@ -365,7 +362,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
    @Override
    public Result<String> invitationUser(String phone, String departId) {
        Result<String> result = new Result<>();
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        //1、查询用户信息,判断用户是否存在
        SysUser userByPhone = userService.getUserByPhone(phone);
@ -429,7 +426,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
        }
        TenantDepartAuthInfo info = new TenantDepartAuthInfo();
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        String userId = sysUser.getId();
        boolean superAdmin = false;
        // 查询pack表
@ -619,7 +616,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
        // 发消息
        SysUser user = userService.getById(sysTenantPackUser.getUserId());
        SysTenant sysTenant = this.baseMapper.querySysTenant(sysTenantPackUser.getTenantId());
-        LoginUser loginUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser loginUser = SecureUtil.currentUser();
        MessageDTO messageDTO = new MessageDTO();
        messageDTO.setToAll(false);
        messageDTO.setToUser(user.getUsername());
@ -788,7 +785,7 @@ public class SysTenantServiceImpl extends ServiceImpl<SysTenantMapper, SysTenant
    @Override
    public Long getApplySuperAdminCount() {
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        int tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0);
        return baseMapper.getApplySuperAdminCount(sysUser.getId(),tenantId);
    }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysThirdAccountServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysThirdAccountServiceImpl.java
@ -16,6 +16,7 @@ import org.jeecg.common.util.DateUtils;
 import org.jeecg.common.util.PasswordUtil;
 import org.jeecg.common.util.UUIDGenerator;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysRole;
 import org.jeecg.modules.system.entity.SysThirdAccount;
 import org.jeecg.modules.system.entity.SysUser;
@ -189,7 +190,7 @@ public class SysThirdAccountServiceImpl extends ServiceImpl<SysThirdAccountMappe
        String thirdUserUuid = sysThirdAccount.getThirdUserUuid();
        String thirdType = sysThirdAccount.getThirdType();
        //获取当前登录用户
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        //当前第三方用户已被其他用户所绑定
        SysThirdAccount oneByThirdUserId = this.getOneByUuidAndThirdType(thirdUserUuid, thirdType,CommonConstant.TENANT_ID_DEFAULT_VALUE);
        if(null != oneByThirdUserId){
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserDepartServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserDepartServiceImpl.java
@ -13,6 +13,7 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.system.entity.SysDepart;
 import org.jeecg.modules.system.entity.SysUser;
 import org.jeecg.modules.system.entity.SysUserDepart;
@ -211,7 +212,7 @@ public class SysUserDepartServiceImpl extends ServiceImpl<SysUserDepartMapper, S
        IPage<SysUser> pageList = null;
        // 部门ID不存在 直接查询用户表即可
        Page<SysUser> page = new Page<>(pageNo, pageSize);
-        LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+        LoginUser sysUser = SecureUtil.currentUser();
        if(oConvertUtils.isEmpty(departId)){
            LambdaQueryWrapper<SysUser> query = new LambdaQueryWrapper<>();
            query.eq(SysUser::getStatus,Integer.parseInt(CommonConstant.STATUS_1));
@ -249,7 +250,7 @@ public class SysUserDepartServiceImpl extends ServiceImpl<SysUserDepartMapper, S
 		IPage<SysUser> pageList = null;
 		// 部门ID不存在 直接查询用户表即可
 		Page<SysUser> page = new Page<>(pageNo, pageSize);
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		if(oConvertUtils.isNotEmpty(departId)){
 			// 有部门ID 需要走自定义sql
 			SysDepart sysDepart = sysDepartService.getById(departId);
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java
@ -31,6 +31,7 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.system.vo.SysUserCacheInfo;
 import org.jeecg.common.util.*;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.message.handle.impl.SystemSendMsgHandle;
 import org.jeecg.modules.system.entity.*;
@ -1480,7 +1481,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		//导出文件名称
 		mv.addObject(NormalExcelConstants.FILE_NAME, "用户列表");
 		mv.addObject(NormalExcelConstants.CLASS, AppExportUserVo.class);
-		LoginUser user = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser user = SecureUtil.currentUser();;
 		ExportParams exportParams = new ExportParams("导入规则：\n" +
 				"1、存在用户编号时，数据会根据用户编号进行匹配，匹配成功后只会更新职位和工号;\n" +
 				"2、不存在用户编号时，支持手机号、邮箱、姓名、部们、职位、工号导入,其中手机号必填;\n" +
@ -1788,7 +1789,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		userTenantMapper.insert(userTenant);
 		//update-begin---author:wangshuai ---date:20230710  for：【QQYUN-5731】导入用户时，没有提醒------------
 		//发送系统消息通知
-		LoginUser sysUser = JSON.parseObject(SecurityContextHolder.getContext().getAuthentication().getName(), LoginUser.class);;
+		LoginUser sysUser = SecureUtil.currentUser();
 		MessageDTO messageDTO = new MessageDTO();
 		String title = sysUser.getRealname() + " 邀请您加入 " + tenantName + "。";
 		messageDTO.setTitle(title);
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/one/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/one/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -87,7 +87,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-添加")
 	@Operation(summary="${tableVo.ftlDescription}-添加")
-	@RequiresPermissions("${entityPackage}:${tableName}:add")
+	@PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
 	@PostMapping(value = "/add")
 	public Result<String> add(@RequestBody ${entityName} ${entityName?uncap_first}) {
 	    <#if bpm_flag>
@ -105,7 +105,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-编辑")
 	@Operation(summary="${tableVo.ftlDescription}-编辑")
-	@RequiresPermissions("${entityPackage}:${tableName}:edit")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<String> edit(@RequestBody ${entityName} ${entityName?uncap_first}) {
 		${entityName?uncap_first}Service.updateById(${entityName?uncap_first});
@ -120,7 +120,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
 	@Operation(summary="${tableVo.ftlDescription}-通过id删除")
-	@RequiresPermissions("${entityPackage}:${tableName}:delete")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<String> delete(@RequestParam(name="id",required=true) String id) {
 		${entityName?uncap_first}Service.removeById(id);
@ -135,7 +135,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-批量删除")
 	@Operation(summary="${tableVo.ftlDescription}-批量删除")
-	@RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.${entityName?uncap_first}Service.removeByIds(Arrays.asList(ids.split(",")));
@ -165,7 +165,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
    * @param request
    * @param ${entityName?uncap_first}
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
        return super.exportXls(request, ${entityName?uncap_first}, ${entityName}.class, "${tableVo.ftlDescription}");
@ -178,7 +178,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
    * @param response
    * @return
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
        return super.importExcel(request, response, ${entityName}.class);
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -101,7 +101,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-添加")
 	@Operation(summary="${tableVo.ftlDescription}-添加")
-	@RequiresPermissions("${entityPackage}:${tableName}:add")
+	@PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
 	@PostMapping(value = "/add")
 	public Result<String> add(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -121,7 +121,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-编辑")
 	@Operation(summary="${tableVo.ftlDescription}-编辑")
-	@RequiresPermissions("${entityPackage}:${tableName}:edit")
+	@PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<String> edit(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -142,7 +142,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
 	@Operation(summary="${tableVo.ftlDescription}-通过id删除")
-	@RequiresPermissions("${entityPackage}:${tableName}:delete")
+	@PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<String> delete(@RequestParam(name="id",required=true) String id) {
 		${entityName?uncap_first}Service.delMain(id);
@ -157,7 +157,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-批量删除")
 	@Operation(summary="${tableVo.ftlDescription}-批量删除")
-	@RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+	@PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.${entityName?uncap_first}Service.delBatchMain(Arrays.asList(ids.split(",")));
@ -204,7 +204,7 @@ public class ${entityName}Controller {
    * @param request
    * @param ${entityName?uncap_first}
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
      // Step.1 组装查询条件查询数据
@ -248,7 +248,7 @@ public class ${entityName}Controller {
    * @param response
    * @return
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
      MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/tree/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/tree/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -207,7 +207,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-添加")
 	@Operation(summary="${tableVo.ftlDescription}-添加")
-    @RequiresPermissions("${entityPackage}:${tableName}:add")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
 	@PostMapping(value = "/add")
 	public Result<String> add(@RequestBody ${entityName} ${entityName?uncap_first}) {
 		${entityName?uncap_first}Service.add${entityName}(${entityName?uncap_first});
@ -222,7 +222,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-编辑")
 	@Operation(summary="${tableVo.ftlDescription}-编辑")
-    @RequiresPermissions("${entityPackage}:${tableName}:edit")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<String> edit(@RequestBody ${entityName} ${entityName?uncap_first}) {
 		${entityName?uncap_first}Service.update${entityName}(${entityName?uncap_first});
@ -237,7 +237,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
 	@Operation(summary="${tableVo.ftlDescription}-通过id删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:delete")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<String> delete(@RequestParam(name="id",required=true) String id) {
 		${entityName?uncap_first}Service.delete${entityName}(id);
@ -252,7 +252,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-批量删除")
 	@Operation(summary="${tableVo.ftlDescription}-批量删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.${entityName?uncap_first}Service.removeByIds(Arrays.asList(ids.split(",")));
@ -282,7 +282,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
    * @param request
    * @param ${entityName?uncap_first}
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
 		return super.exportXls(request, ${entityName?uncap_first}, ${entityName}.class, "${tableVo.ftlDescription}");
@ -295,7 +295,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
    * @param response
    * @return
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
 		return super.importExcel(request, response, ${entityName}.class);
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/erp/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/erp/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -91,7 +91,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
     */
    @AutoLog(value = "${tableVo.ftlDescription}-添加")
    @Operation(summary="${tableVo.ftlDescription}-添加")
-    @RequiresPermissions("${entityPackage}:${tableName}:add")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
    @PostMapping(value = "/add")
    public Result<String> add(@RequestBody ${entityName} ${entityName?uncap_first}) {
        ${entityName?uncap_first}Service.save(${entityName?uncap_first});
@ -105,7 +105,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
     */
    @AutoLog(value = "${tableVo.ftlDescription}-编辑")
    @Operation(summary="${tableVo.ftlDescription}-编辑")
-    @RequiresPermissions("${entityPackage}:${tableName}:edit")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
    @RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
    public Result<String> edit(@RequestBody ${entityName} ${entityName?uncap_first}) {
        ${entityName?uncap_first}Service.updateById(${entityName?uncap_first});
@ -119,7 +119,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
     */
    @AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
    @Operation(summary="${tableVo.ftlDescription}-通过id删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:delete")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
    @DeleteMapping(value = "/delete")
    public Result<String> delete(@RequestParam(name="id",required=true) String id) {
        ${entityName?uncap_first}Service.delMain(id);
@ -133,7 +133,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
     */
    @AutoLog(value = "${tableVo.ftlDescription}-批量删除")
    @Operation(summary="${tableVo.ftlDescription}-批量删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
    @DeleteMapping(value = "/deleteBatch")
    public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
        this.${entityName?uncap_first}Service.delBatchMain(Arrays.asList(ids.split(",")));
@ -144,7 +144,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
     * 导出
     * @return
     */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
        return super.exportXls(request, ${entityName?uncap_first}, ${entityName}.class, "${tableVo.ftlDescription}");
@ -154,7 +154,7 @@ public class ${entityName}Controller extends JeecgController<${entityName}, I${e
     * 导入
     * @return
     */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
        return super.importExcel(request, response, ${entityName}.class);
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/inner-table/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/inner-table/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -95,7 +95,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-添加")
 	@Operation(summary="${tableVo.ftlDescription}-添加")
-    @RequiresPermissions("${entityPackage}:${tableName}:add")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
 	@PostMapping(value = "/add")
 	public Result<String> add(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -112,7 +112,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-编辑")
 	@Operation(summary="${tableVo.ftlDescription}-编辑")
-    @RequiresPermissions("${entityPackage}:${tableName}:edit")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<String> edit(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -133,7 +133,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
 	@Operation(summary="${tableVo.ftlDescription}-通过id删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:delete")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<String> delete(@RequestParam(name="id",required=true) String id) {
 		${entityName?uncap_first}Service.delMain(id);
@ -148,7 +148,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-批量删除")
 	@Operation(summary="${tableVo.ftlDescription}-批量删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.${entityName?uncap_first}Service.delBatchMain(Arrays.asList(ids.split(",")));
@ -199,7 +199,7 @@ public class ${entityName}Controller {
    * @param request
    * @param ${entityName?uncap_first}
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
      // Step.1 组装查询条件查询数据
@ -243,7 +243,7 @@ public class ${entityName}Controller {
    * @param response
    * @return
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
      MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/jvxe/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/jvxe/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -102,7 +102,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-添加")
 	@Operation(summary="${tableVo.ftlDescription}-添加")
-    @RequiresPermissions("${entityPackage}:${tableName}:add")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
 	@PostMapping(value = "/add")
 	public Result<String> add(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -122,7 +122,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-编辑")
 	@Operation(summary="${tableVo.ftlDescription}-编辑")
-    @RequiresPermissions("${entityPackage}:${tableName}:edit")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<String> edit(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -143,7 +143,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
 	@Operation(summary="${tableVo.ftlDescription}-通过id删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:delete")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<String> delete(@RequestParam(name="id",required=true) String id) {
 		${entityName?uncap_first}Service.delMain(id);
@ -158,7 +158,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-批量删除")
 	@Operation(summary="${tableVo.ftlDescription}-批量删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.${entityName?uncap_first}Service.delBatchMain(Arrays.asList(ids.split(",")));
@ -205,7 +205,7 @@ public class ${entityName}Controller {
    * @param request
    * @param ${entityName?uncap_first}
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
      // Step.1 组装查询条件查询数据
@ -249,7 +249,7 @@ public class ${entityName}Controller {
    * @param response
    * @return
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
      MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
--- a/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/tab/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
+++ b/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/tab/onetomany/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
@ -95,7 +95,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-添加")
 	@Operation(summary="${tableVo.ftlDescription}-添加")
-    @RequiresPermissions("${entityPackage}:${tableName}:add")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:add')")
 	@PostMapping(value = "/add")
 	public Result<String> add(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -112,7 +112,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-编辑")
 	@Operation(summary="${tableVo.ftlDescription}-编辑")
-    @RequiresPermissions("${entityPackage}:${tableName}:edit")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:edit')")
 	@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
 	public Result<String> edit(@RequestBody ${entityName}Page ${entityName?uncap_first}Page) {
 		${entityName} ${entityName?uncap_first} = new ${entityName}();
@ -133,7 +133,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-通过id删除")
 	@Operation(summary="${tableVo.ftlDescription}-通过id删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:delete")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:delete')")
 	@DeleteMapping(value = "/delete")
 	public Result<String> delete(@RequestParam(name="id",required=true) String id) {
 		${entityName?uncap_first}Service.delMain(id);
@ -148,7 +148,7 @@ public class ${entityName}Controller {
 	 */
 	@AutoLog(value = "${tableVo.ftlDescription}-批量删除")
 	@Operation(summary="${tableVo.ftlDescription}-批量删除")
-    @RequiresPermissions("${entityPackage}:${tableName}:deleteBatch")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:deleteBatch')")
 	@DeleteMapping(value = "/deleteBatch")
 	public Result<String> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
 		this.${entityName?uncap_first}Service.delBatchMain(Arrays.asList(ids.split(",")));
@ -195,7 +195,7 @@ public class ${entityName}Controller {
    * @param request
    * @param ${entityName?uncap_first}
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:exportXls")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:exportXls')")
    @RequestMapping(value = "/exportXls")
    public ModelAndView exportXls(HttpServletRequest request, ${entityName} ${entityName?uncap_first}) {
      // Step.1 组装查询条件查询数据
@ -239,7 +239,7 @@ public class ${entityName}Controller {
    * @param response
    * @return
    */
-    @RequiresPermissions("${entityPackage}:${tableName}:importExcel")
+    @PreAuthorize("@jps.requiresPermissions('${entityPackage}:${tableName}:importExcel')")
    @RequestMapping(value = "/importExcel", method = RequestMethod.POST)
    public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
      MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
--- a/jeecg-server-cloud/jeecg-cloud-gateway/src/main/resources/application.yml
+++ b/jeecg-server-cloud/jeecg-cloud-gateway/src/main/resources/application.yml
@ -16,19 +16,21 @@ spring:
    allow-circular-references: true
  config:
    import:
-      - optional:nacos:jeecg-gateway-dev.yaml
+      - optional:nacos:${spring.application.name}-@profile.name@.yaml
  cloud:
    nacos:
      config:
-        server-addr: localhost:8848
+        server-addr: @config.server-addr@
-        namespace: public
+        group: @config.group@
-      #        username: @config.username@
+        namespace: @config.namespace@
-      #        password: @config.password@
+        username: @config.username@
        password: @config.password@
      discovery:
        server-addr: ${spring.cloud.nacos.config.server-addr}
-        namespace: public
+        group: @config.group@
-    #        username: @config.username@
+        namespace: @config.namespace@
-    #        password: @config.password@
+        username: @config.username@
        password: @config.password@
    gateway:
      discovery:
        locator:
@ -56,7 +58,7 @@ spring:
        flow:  # 指定数据源名称
          # 指定nacos数据源
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            # 指定配置文件
            dataId: ${spring.application.name}-flow-rules
            # 指定分组
@ -68,7 +70,7 @@ spring:
        #降级规则
        degrade:
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            dataId: ${spring.application.name}-degrade-rules
            groupId: SENTINEL_GROUP
            rule-type: degrade
@ -76,7 +78,7 @@ spring:
        #系统规则
        system:
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            dataId: ${spring.application.name}-system-rules
            groupId: SENTINEL_GROUP
            rule-type: system
@ -84,7 +86,7 @@ spring:
        #授权规则
        authority:
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            dataId: ${spring.application.name}-authority-rules
            groupId: SENTINEL_GROUP
            rule-type: authority
@ -92,7 +94,7 @@ spring:
        #热点参数
        param-flow:
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            dataId: ${spring.application.name}-param-rules
            groupId: SENTINEL_GROUP
            rule-type: param-flow
@ -100,7 +102,7 @@ spring:
        #网关流控规则
        gw-flow:
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            dataId: ${spring.application.name}-flow-rules
            groupId: SENTINEL_GROUP
            rule-type: gw-flow
@ -108,7 +110,7 @@ spring:
        #API流控规则
        gw-api-group:
          nacos:
-            server-addr: ${spring.cloud.nacos.config.server-addr}
+            server-addr: @config.server-addr@
            dataId: ${spring.application.name}-api-rules
            groupId: SENTINEL_GROUP
            rule-type: gw-api-group
--- a/jeecg-server-cloud/jeecg-cloud-nacos/src/main/resources/application.yml
+++ b/jeecg-server-cloud/jeecg-cloud-nacos/src/main/resources/application.yml
@ -12,7 +12,7 @@ spring:
 db:
  num: 1
  password:
-    '0': ${MYSQL-PWD:root}
+    '0': ${MYSQL-PWD:root@2023}
  url:
    '0': jdbc:mysql://${MYSQL-HOST:jeecg-boot-mysql}:${MYSQL-PORT:3306}/${MYSQL-DB:nacos}?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC&allowPublicKeyRetrieval=true
  user:
--- a/jeecg-server-cloud/jeecg-system-cloud-start/src/main/resources/application.yml
+++ b/jeecg-server-cloud/jeecg-system-cloud-start/src/main/resources/application.yml
@ -7,18 +7,18 @@ spring:
  cloud:
    nacos:
      config:
-        server-addr: @config.server-addr@
+        server-addr: localhost:8848
-        group: @config.group@
+#        group: @config.group@
-        namespace: @config.namespace@
+#        namespace: @config.namespace@
-        username: @config.username@
+#        username: @config.username@
-        password: @config.password@
+#        password: @config.password@
      discovery:
        server-addr: ${spring.cloud.nacos.config.server-addr}
-        group: @config.group@
+#        group: @config.group@
-        namespace: @config.namespace@
+#        namespace: @config.namespace@
-        username: @config.username@
+#        username: @config.username@
-        password: @config.password@
+#        password: @config.password@
  config:
    import:
      - optional:nacos:jeecg.yaml
-      - optional:nacos:jeecg-@profile.name@.yaml
+      - optional:nacos:jeecg-dev.yaml