【3.7.4 开源代码同步】新增断言异常类和断言工具类，优化JWT工具类，更新文件类型白名单，切换undertow配置，修改多个YAML配置文件

2026-02-04 17:45:34 +08:00 · 2025-03-30 17:51:55 +08:00
parent 4fb53637aa
commit 9191a8b620
50 changed files with 679 additions and 930 deletions
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/init/CodeTemplateInitListener.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/init/CodeTemplateInitListener.java
@ -26,8 +26,11 @@ public class CodeTemplateInitListener implements ApplicationListener<Application
    @Override
    public void onApplicationEvent(ApplicationReadyEvent event) {
        try {
-            log.info(" Init Code Generate Template [ 检测如果是JAR启动环境，Copy模板到config目录 ] ");
+            long startTime = System.currentTimeMillis(); // 记录开始时间
+            log.info(" Init Code Generate Template [ 检测如果是JAR启动，Copy模板到config目录 ] ");
            this.initJarConfigCodeGeneratorTemplate();
+            long endTime = System.currentTimeMillis(); // 记录结束时间
+            log.info(" Init Code Generate Template completed in " + (endTime - startTime) + " ms"); // 计算并记录耗时
        } catch (Exception e) {
            e.printStackTrace();
        }
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/init/TomcatFactoryConfig.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/init/TomcatFactoryConfig.java
@ -1,33 +1,33 @@
-package org.jeecg.config.init;
-
-import org.apache.catalina.Context;
-import org.apache.tomcat.util.scan.StandardJarScanner;
-import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * @Description: TomcatFactoryConfig
- * @author: scott
- * @date: 2021年01月25日 11:40
- */
-@Configuration
-public class TomcatFactoryConfig {
-    /**
-     * tomcat-embed-jasper引用后提示jar找不到的问题
-     */
-    @Bean
-    public TomcatServletWebServerFactory tomcatFactory() {
-        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
-            @Override
-            protected void postProcessContext(Context context) {
-                ((StandardJarScanner) context.getJarScanner()).setScanManifest(false);
-            }
-        };
-        factory.addConnectorCustomizers(connector -> {
-            connector.setProperty("relaxedPathChars", "[]{}");
-            connector.setProperty("relaxedQueryChars", "[]{}");
-        });
-        return factory;
-    }
-}
+//package org.jeecg.config.init;
+//
+//import org.apache.catalina.Context;
+//import org.apache.tomcat.util.scan.StandardJarScanner;
+//import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+//import org.springframework.context.annotation.Bean;
+//import org.springframework.context.annotation.Configuration;
+//
+///**
+// * @Description: TomcatFactoryConfig
+// * @author: scott
+// * @date: 2021年01月25日 11:40
+// */
+//@Configuration
+//public class TomcatFactoryConfig {
+//    /**
+//     * tomcat-embed-jasper引用后提示jar找不到的问题
+//     */
+//    @Bean
+//    public TomcatServletWebServerFactory tomcatFactory() {
+//        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory() {
+//            @Override
+//            protected void postProcessContext(Context context) {
+//                ((StandardJarScanner) context.getJarScanner()).setScanManifest(false);
+//            }
+//        };
+//        factory.addConnectorCustomizers(connector -> {
+//            connector.setProperty("relaxedPathChars", "[]{}");
+//            connector.setProperty("relaxedQueryChars", "[]{}");
+//        });
+//        return factory;
+//    }
+//}
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
@ -88,8 +88,10 @@ public class LoginController {
        }
        String lowerCaseCaptcha = captcha.toLowerCase();
 		// 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
-        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
-		String realKey = Md5Util.md5Encode(origin, "utf-8");
+		//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10775]验证码可以复用 #7674------------
+		String keyPrefix = Md5Util.md5Encode(sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret(), "utf-8");
+		String realKey = keyPrefix + lowerCaseCaptcha;
+		//update-end---author:chenrui ---date:20250107  for：[QQYUN-10775]验证码可以复用 #7674------------
 		Object checkCode = redisUtil.get(realKey);
 		//当进入登录页时，有一定几率出现验证码错误 #1714
 		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
@ -533,10 +535,12 @@ public class LoginController {
 			
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 			// 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
-			String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
-			String realKey = Md5Util.md5Encode(origin, "utf-8");
+			//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10775]验证码可以复用 #7674------------
+			String keyPrefix = Md5Util.md5Encode(key+jeecgBaseConfig.getSignatureSecret(), "utf-8");
+			String realKey = keyPrefix + lowerCaseCode;
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-            
+			redisUtil.removeAll(keyPrefix);
+			//update-end---author:chenrui ---date:20250107  for：[QQYUN-10775]验证码可以复用 #7674------------
 			redisUtil.set(realKey, lowerCaseCode, 60);
 			log.info("获取验证码，Redis key = {}，checkCode = {}", realKey, code);
 			//返回前端
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java
@ -101,7 +101,13 @@ public class SysRoleController {
 	public Result<IPage<SysRole>> queryPageList(SysRole role,
 									  @RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
 									  @RequestParam(name="pageSize", defaultValue="10") Integer pageSize,
+									  @RequestParam(name="isMultiTranslate", required = false) Boolean isMultiTranslate,
 									  HttpServletRequest req) {
+        //update-begin---author:wangshuai---date:2025-03-26---for:【issues/7948】角色解决根据id查询回显不对---
+        if(null != isMultiTranslate && isMultiTranslate){
+            pageSize = 100;
+        }
+        //update-end---author:wangshuai---date:2025-03-26---for:【issues/7948】角色解决根据id查询回显不对---
 		Result<IPage<SysRole>> result = new Result<IPage<SysRole>>();
 		//QueryWrapper<SysRole> queryWrapper = QueryGenerator.initQueryWrapper(role, req.getParameterMap());
 		//IPage<SysRole> pageList = sysRoleService.page(page, queryWrapper);
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
@ -23,7 +23,11 @@ import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
-import org.jeecg.modules.system.service.*;
+import org.jeecg.modules.system.service.ISysTenantPackService;
+import org.jeecg.modules.system.service.ISysTenantService;
+import org.jeecg.modules.system.service.ISysUserService;
+import org.jeecg.modules.system.service.ISysUserTenantService;
+import org.jeecg.modules.system.service.ISysDepartService;
 import org.jeecg.modules.system.vo.SysUserTenantVo;
 import org.jeecg.modules.system.vo.tenant.TenantDepartAuthInfo;
 import org.jeecg.modules.system.vo.tenant.TenantPackModel;
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDepartMapper.xml
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysDepartMapper.xml
@ -136,7 +136,7 @@
    
    <!--根据用户id获取用户id和部门名称-->
    <select id="getUserDepartByTenantUserId" resultType="org.jeecg.modules.system.vo.SysUserDepVo">
-        SELECT sd.depart_name, sud.user_id
+        SELECT sd.depart_name, sud.user_id, sd.id as deptId, sd.parent_id
        FROM sys_depart sd
        RIGHT JOIN sys_user_depart sud on sd.id = sud.dep_id and sd.del_flag = 0
        WHERE sud.user_id IN
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysRoleMapper.xml
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysRoleMapper.xml
@ -23,6 +23,20 @@
                </otherwise>
            </choose>
        </if>
+        <!--增加id查询 for:【issues/7948】角色解决根据id查询回显不对-->
+        <if test="role.id!='' and role.id!=null">
+            <choose>
+                <when test="role.id.indexOf(',') != -1">
+                    AND id in
+                    <foreach item="item" index="index" collection="role.id.split(',')" open="(" separator="," close=")">
+                        #{item}
+                    </foreach>
+                </when>
+                <otherwise>
+                    AND id = #{role.id}
+                </otherwise>
+            </choose>
+        </if>
       order by create_time desc
    </select>
   
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysTenantMapper.xml
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysTenantMapper.xml
@ -43,8 +43,7 @@
    <select id="queryTenantPackUserCount" resultType="org.jeecg.modules.system.vo.tenant.TenantPackUserCount">
        SELECT pack_code, count(*) as user_count FROM sys_tenant_pack a 
        join sys_tenant_pack_user b on a.id = b.pack_id
-        join sys_user_tenant sut on a.tenant_id = sut.tenant_id and b.user_id = sut.user_id and sut.status = 1
-        where a.tenant_id = #{tenantId} 
+        where a.tenant_id = #{tenantId} and b.tenant_id = #{tenantId}
        and a.pack_code in ('superAdmin', 'accountAdmin', 'appAdmin')
        and b.status = 1
        group by a.pack_code
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysTenantPackService.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysTenantPackService.java
@ -1,7 +1,7 @@
 package org.jeecg.modules.system.service;

-import com.baomidou.mybatisplus.extension.service.IService;
 import org.jeecg.modules.system.entity.SysTenantPack;
+import com.baomidou.mybatisplus.extension.service.IService;
 import org.jeecg.modules.system.entity.SysTenantPackUser;

 import java.util.List;
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysCommentServiceImpl.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysCommentServiceImpl.java
@ -26,6 +26,7 @@ import org.jeecg.modules.system.vo.SysCommentVO;
 import org.jeecg.modules.system.vo.UserAvatar;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.FileCopyUtils;
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
@ -1,7 +1,6 @@
 package org.jeecg.modules.system.service.impl;

 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
-import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.constant.TenantConstant;
@ -10,6 +9,7 @@ import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.modules.aop.TenantLog;
 import org.jeecg.modules.system.entity.SysPackPermission;
+import org.jeecg.modules.system.entity.SysTenant;
 import org.jeecg.modules.system.entity.SysTenantPack;
 import org.jeecg.modules.system.entity.SysTenantPackUser;
 import org.jeecg.modules.system.mapper.SysPackPermissionMapper;
@ -20,6 +20,8 @@ import org.jeecg.modules.system.service.ISysTenantPackService;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.springframework.transaction.annotation.Transactional;

 import java.util.Arrays;
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java
@ -55,6 +55,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
 import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
@ -265,7 +266,13 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
    @CacheEvict(value={CacheConstant.SYS_USERS_CACHE}, allEntries=true)
 	@Transactional(rollbackFor = Exception.class)
 	public boolean deleteUser(String userId) {
-		//1.删除用户
+		//update-begin---author:wangshuai---date:2024-01-16---for:【QQYUN-7974】admin用户禁止删除---
+		//1.验证当前用户是管理员账号 admin
+		//验证用户是否为管理员
+		this.checkUserAdminRejectDel(userId);
+		//update-end---author:wangshuai---date:2024-01-16---for:【QQYUN-7974】admin用户禁止删除---
+		
+		//2.删除用户
 		this.removeById(userId);
 		return false;
 	}
@ -274,7 +281,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
    @CacheEvict(value={CacheConstant.SYS_USERS_CACHE}, allEntries=true)
 	@Transactional(rollbackFor = Exception.class)
 	public boolean deleteBatchUsers(String userIds) {
-		//1.删除用户
+		//1.验证当前用户是管理员账号 admin
+		this.checkUserAdminRejectDel(userIds);
+		//2.删除用户
 		this.removeByIds(Arrays.asList(userIds.split(",")));
 		return false;
 	}
@ -875,7 +884,6 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		SysUserTenant userTenant = new SysUserTenant();
 		userTenant.setStatus(CommonConstant.USER_TENANT_QUIT);
 		userTenantMapper.update(userTenant,query);
-		//update-end---author:wangshuai ---date:20230111  for：[QQYUN-3951]租户用户离职重构------------
    }

    @Override
@ -1901,7 +1909,6 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		}
 	}

-
 	@Override
 	public void changePhone(JSONObject json, String username) {
 		String smscode = json.getString("smscode");
@ -1935,7 +1942,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 			userMapper.updateById(sysUser);
 		}
 	}
-
+	
 	/**
 	 * 验证手机号
 	 *
@ -1955,7 +1962,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		//验证完成之后清空手机验证码
 		redisUtil.removeAll(phoneKey);
 	}
-
+	
 	@Override
 	public void sendChangePhoneSms(JSONObject jsonObject, String username, String ipAddress) {
 		String type = jsonObject.getString("type");
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/vo/SysUserDepVo.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/vo/SysUserDepVo.java
@ -12,4 +12,13 @@ import lombok.Data;
 public class SysUserDepVo {
    private String userId;
    private String departName;
+    /**
+     * 部门id
+     */
+    private String deptId;
+
+    /**
+     * 部门的父级id
+     */
+    private String parentId;
 }