替换sas的注解

# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java

.gitignore

@@ -13,5 +13,6 @@ os_del.cmd
 os_del_doc.cmd
 .svn
 derby.log
+*.log
 .cursor
 .history

README-AI.md

@@ -3,6 +3,9 @@ AIGC应用平台介绍
 
 一个全栈式 AI 开发平台，旨在帮助开发者快速构建和部署个性化的 AI 应用。
 
+> JDK说明：AI流程编排引擎暂时不支持jdk21，所以目前只能使用jdk8或者jdk17启动项目。
+
+
 JeecgBoot平台的AIGC功能模块，是一套类似`Dify`的`AIGC应用开发平台`+`知识库问答`，是一款基于LLM大语言模型AI应用平台和 RAG 的知识库问答系统。
 其直观的界面结合了 AI 流程编排、RAG 管道、知识库管理、模型管理、对接向量库、实时运行可观察等，让您可以快速从原型到生产，拥有AI服务能力。
 

README-EN.md

@@ -7,12 +7,12 @@
 JEECG BOOT AI Low Code Platform
 ===============
 
-Current version: 3.9.0 (Release date: 2025-12-01)
+Current version: 3.8.3 (Release date: 2025-10-09)
 
 
 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/zhangdaiscott/jeecg-boot/blob/master/LICENSE)
 [![](https://img.shields.io/badge/Author-guojusoft-orange.svg)](http://www.jeecg.com)
-[![](https://img.shields.io/badge/version-3.9.0-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
+[![](https://img.shields.io/badge/version-3.8.2-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/zhangdaiscott/jeecg-boot)
 

README-Enterprise.md

@@ -0,0 +1,124 @@
+
+JeecgBoot低代码平台(商业版介绍)
+===============
+
+
+
+项目介绍
+-----------------------------------
+
+<h3 align="center">企业级AI低代码平台</h3>
+
+
+JeecgBoot是一款集成AI应用的，基于BPM流程的低代码平台，旨在帮助企业快速实现低代码开发和构建个性化AI应用！前后端分离架构Ant Design&Vue3，SpringBoot，SpringCloud Alibaba，Mybatis-plus，Shiro。强大的代码生成器让前后端代码一键生成，无需写任何代码！ 引领AI低代码开发模式: AI生成->OnlineCoding-> 代码生成-> 手工MERGE， 帮助Java项目解决80%的重复工作，让开发更多关注业务，提高效率、节省成本，同时又不失灵活性！低代码能力：Online表单、表单设计、流程设计、Online报表、大屏/仪表盘设计、报表设计; AI应用平台功能：AI知识库问答、AI模型管理、AI流程编排、AI聊天等，支持含ChatGPT、DeepSeek、Ollama等多种AI大模型
+
+JeecgBoot 提供了一系列 `低代码能力`，实现`真正的零代码`在线开发：Online表单开发、Online报表、复杂报表设计、打印设计、在线图表设计、仪表盘设计、大屏设计、移动图表能力、表单设计器、在线设计流程、流程自动化配置、插件能力（可插拔）
+
+`AI赋能低代码:` 目前提供了AI应用、AI模型管理、AI流程编排、AI对话助手，AI建表、AI写文章、AI知识库问答、AI字段建议等功能;支持各种AI大模型ChatGPT、DeepSeek、Ollama、智普、千问等.
+
+`JEECG宗旨是:` 简单功能由OnlineCoding配置实现，做到`零代码开发`；复杂功能由代码生成器生成进行手工Merge 实现`低代码开发`，既保证了`智能`又兼顾`灵活`；实现了低代码开发的同时又支持灵活编码，解决了当前低代码产品普遍不灵活的弊端！
+
+`JEECG业务流程:` 采用工作流来实现、扩展出任务接口，供开发编写业务逻辑，表单提供多种解决方案： 表单设计器、online配置表单、编码表单。同时实现了流程与表单的分离设计（松耦合）、并支持任务节点灵活配置，既保证了公司流程的保密性，又减少了开发人员的工作量。
+
+
+
+#### JeecgBoot商业版与同类产品区别
+-----------------------------------
+
+- 灵活性：jeecgboot基于开源技术栈，设计初考虑到可插拔性和集成灵活性，确保平台的智能性与灵活性，避免因平台过于庞大而导致的扩展困难。
+- 流程管理：支持一个表单挂接多个流程，同时一个流程可以连接多个表单，增强了流程的灵活性和复杂性管理。
+- 符合中国国情的流程：针对中国市场的特定需求，jeecgboot能够实现各种符合中国国情的业务流程。
+- 强大的表单设计器：jeecgboot的表单设计器与敲敲云共享，具备高质量和智能化的特点，能够满足零代码应用的需求，业内同类产品中不多见。
+- 报表功能：自主研发的报表工具，拥有独立知识产权，功能上比业内老牌产品如帆软更智能，操作简便。
+- BI产品整合：提供大屏、仪表盘、门户等功能，完美解决这些需求，并支持移动面板的设计与渲染。
+- 自主研发的模块：jeecgboot的所有模块均为自主研发，具有独立的知识产权。
+- 颗粒度和功能细致：在功能细致度和颗粒度上，jeecgboot远超同类产品，尤其在零代码能力方面表现突出。
+- 零代码应用管理：最新版支持与敲敲云的零代码应用管理能力的集成，使得jeecgboot既具备低代码，又具备零代码的应用能力，业内独一无二。
+- 强大的代码生成器：作为开源代码生成器的先锋，jeecgboot在代码生成的智能化和在线低代码与代码生成的结合方面，优势明显。
+- 精细化权限管理：提供行级和列级的数据权限控制，满足企业在ERP和OA领域对权限管理的严格需求。
+- 多平台支持的APP：目前采用uniapp3实现，支持小程序、H5、App及鸿蒙、鸿蒙Next、Electron桌面应用等多种终端。
+
+> 综上所述，jeecgboot不仅在功能上具备丰富性和灵活性，还在技术架构、权限管理和用户体验等方面展现出明显的优势，是一个综合性能强大的低代码平台。
+
+
+
+商业版演示
+-----------------------------------
+
+JeecgBoot vs 敲敲云
+> - JeecgBoot是低代码产品拥有系列低代码能力，比如流程设计、表单设计、大屏设计，代码生成器，适合半开发模式（开发+低代码结合），也可以集成零代码应用管理模块.
+> - 敲敲云是零代码产品，完全不写代码，通过配置搭建业务系统，其在jeecgboot基础上研发而成，删除了online、代码生成、OA等需要编码功能，只保留应用管理功能和聊天、日程、文件三个OA组件.
+
+
+- JeecgBoot低代码：  https://boot3.jeecg.com
+- 敲敲云零代码：https://app.qiaoqiaoyun.com
+- APP演示(多端): http://jeecg.com/appIndex
+
+
+### 流程视频介绍
+
+[![](https://jeecgos.oss-cn-beijing.aliyuncs.com/files/flow_video.png)](https://www.bilibili.com/video/BV1Nk4y1o7Qc)
+
+
+
+### 商业版功能简述
+
+> 详细的功能介绍，[请联系官方](https://jeecg.com/vip)
+
+```
+│─更多商业功能
+│  ├─流程设计器
+│  ├─简流设计器(类钉钉版)
+│  ├─门户设计（NEW）
+│  ├─表单设计器
+│  ├─大屏设计器
+│  └─我的任务
+│  └─历史流程
+│  └─历史流程
+│  └─流程实例管理
+│  └─流程监听管理
+│  └─流程表达式
+│  └─我发起的流程
+│  └─我的抄送
+│  └─流程委派、抄送、跳转
+│  └─OA办公组件
+│  └─零代码应用管理（无需编码，在线搭建应用系统）
+│  ├─积木报表企业版（含jimureport、jimubi）
+│  ├─AI流程设计器源码
+│  ├─Online全模块功能和源码
+│  ├─AI写文章（CMS）
+│  ├─AI表单字段建议（表单设计器）
+│  ├─OA办公协同组件
+│  ├─在线聊天功能
+│  ├─设计表单移动适配
+│  ├─设计表单支持外部填报
+│  ├─设计表单AI字段建议
+│  ├─设计表单视图功能(支持多种类型含日历、表格、看板、甘特图)
+│  └─。。。
+   
+```
+
+
+
+
+##### 流程设计
+![](https://oscimg.oschina.net/oscnet/up-981ce174e4fbb48c8a2ce4ccfd7372e2994.png)
+
+![](https://oscimg.oschina.net/oscnet/up-1dc0d052149ec675f3e4fad632b82b48add.png)
+
+![](https://oscimg.oschina.net/oscnet/up-de31bc2f9d9b8332c554b0954cc73d79593.png)
+
+![输入图片说明](https://static.oschina.net/uploads/img/201907/05165142_yyQ7.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160917_9Ftz.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160633_u59G.png "在这里输入图片标题")
+
+
+
+##### 表单设计器
+![](https://oscimg.oschina.net/oscnet/up-5f8cb657615714b02190b355e59f60c5937.png)
+
+![](https://oscimg.oschina.net/oscnet/up-d9659b2f324e33218476ec98c9b400e6508.png)
+
+![](https://oscimg.oschina.net/oscnet/up-4868615395272d3206dbb960ade02dbc291.png)

README.md

@@ -2,13 +2,13 @@
 JeecgBoot AI低代码平台
 ===============
 
-当前最新版本： 3.9.0（发布日期：2025-12-01） 
+当前最新版本： 3.8.3（发布日期：2025-10-09） 
 
 
 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/jeecgboot/JeecgBoot/blob/master/LICENSE)
 [![](https://img.shields.io/badge/Author-北京国炬软件-orange.svg)](https://jeecg.com)
 [![](https://img.shields.io/badge/blog-技术博客-orange.svg)](https://jeecg.blog.csdn.net)
-[![](https://img.shields.io/badge/version-3.9.0-brightgreen.svg)](https://github.com/jeecgboot/JeecgBoot)
+[![](https://img.shields.io/badge/version-3.8.3-brightgreen.svg)](https://github.com/jeecgboot/JeecgBoot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/jeecgboot/JeecgBoot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/jeecgboot/JeecgBoot)
 
@@ -19,17 +19,14 @@ JeecgBoot AI低代码平台
 
 <h3 align="center">企业级AI低代码平台</h3>
 
-JeecgBoot 是一款融合代码生成与AI应用的低代码开发平台，助力企业快速实现低代码开发和构建AI应用。平台支持MCP和插件扩展，提供聊天式业务操作(如“一句话创建用户”)，大幅提升开发效率与用户便捷性。
-
+JeecgBoot 是一款基于BPM流程和代码生成的AI低代码平台，助力企业快速实现低代码开发和构建AI应用。
 采用前后端分离架构（Ant Design&Vue3，SpringBoot3，SpringCloud Alibaba，Mybatis-plus），强大代码生成器实现前后端一键生成，无需手写代码。 
 平台引领AI低代码开发模式：AI生成→在线编码→代码生成→手工合并，解决Java项目80%重复工作，提升效率，节省成本，兼顾灵活性。 
 具备强大且颗粒化的权限控制，支持按钮权限和数据权限设置，满足大型业务系统需求。功能涵盖在线表单、表单设计、流程设计、门户设计、报表与大屏设计、OA办公、AI应用、AI知识库、大模型管理、AI流程编排、AI聊天，支持ChatGPT、DeepSeek、Ollama等多种AI大模型。
 
-`傻瓜式报表:` JimuReport是一款自主研发的强大开源企业级Web报表工具。它通过零编码的拖拽式操作，赋能用户如同搭积木般轻松构建各类复杂报表，全面满足企业数据可视化与分析需求，助力企业级数据产品的高效打造与应用。
+`AI赋能报表:` 积木报表是一款自主研发的强大开源企业级Web报表与大屏工具。它通过零编码的拖拽式操作，赋能用户如同搭积木般轻松构建各类复杂报表和数据大屏，全面满足企业数据可视化与分析需求，助力企业级数据产品的高效打造与应用。
 
-`傻瓜式大屏:` JimuBI一款自主研发的强大的大屏和仪表盘设计工具。专注数字孪生与数据可视化，支持交互式大屏、仪表盘、门户和移动端，实现“一次开发，多端适配”。 大屏设计类Word风格，支持多屏切换，自由拖拽，轻松打造炫酷动态界面。
-
-`成熟AI应用功能:` 提供一套完善AI应用平台: 涵盖AI应用管理、AI模型管理、智能对话助手、知识库问答、流程编排与设计器、AI建表、MCP插件配置等功能。平台兼容主流大模型，包括ChatGPT、DeepSeek、Ollama、智普、千问等，助力企业高效构建智能化应用，推动低代码开发与AI深度融合。
+`AI赋能低代码:` 提供完善成熟的AI应用平台，涵盖AI应用管理、AI模型管理、智能对话助手、知识库问答、流程编排与设计器、AI建表等多项功能。平台兼容多种主流大模型，包括ChatGPT、DeepSeek、Ollama、智普、千问等，助力企业高效构建智能化应用，推动低代码开发与AI深度融合。
 
 `JEECG宗旨是:` JEECG旨在通过OnlineCoding平台实现简单功能的零代码快速搭建，同时针对复杂功能采用代码生成器生成代码并手工合并，打造智能且灵活的低代码开发模式，有效解决了当前低代码产品普遍缺乏灵活性的问题，提升开发效率的同时兼顾系统的扩展性和定制化能力。
 
@@ -53,16 +50,15 @@ JeecgBoot低代码平台兼容所有J2EE项目开发，支持信创国产化，
 版本说明
 -----------------------------------
 
-|下载 | SpringBoot3.5 + Shiro                                   |SpringBoot3.5+ SpringAuthorizationServer | SpringBoot3.5 + Sa-Token | SpringBoot2.7(JDK17/JDK8) |
-|------|---------------------------------------------------------|----------------------------|-------------------|--------------------------------------------|
-| Github | [`main`](https://github.com/jeecgboot/JeecgBoot)        | [`springboot3_sas`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3_sas) 分支  |  [`springboot3-satoken`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3-satoken) 分支|[`springboot2`](https://github.com/jeecgboot/JeecgBoot/tree/springboot2) 分支|
-| Gitee | [`main`](https://github.com/jeecgboot/JeecgBoot) | [`springboot3_sas`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3_sas) 分支|  [`springboot3-satoken`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3-satoken) 分支|[`springboot2`](https://github.com/jeecgboot/JeecgBoot/tree/springboot2)     分支 |
+|下载 | SpringBoot3.5 + Shiro  |SpringBoot3.5+ SpringAuthorizationServer | SpringBoot3.5 + Sa-Token | SpringBoot2.7(JDK17/JDK8) |
+|------|----------------|----------------------------|-------------------|--------------------------------------------|
+| Github |  [`springboot3`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3) | [`springboot3_sas`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3_sas) 分支  |  [`springboot3-satoken`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3-satoken) 分支|[`master`](https://github.com/jeecgboot/JeecgBoot) 分支|
+| Gitee |  [`springboot3`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3/)      | [`springboot3_sas`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3_sas) 分支|  [`springboot3-satoken`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3-satoken) 分支|[`master`](https://gitee.com/jeecg/JeecgBoot)     分支 |
 
 
-- `jeecg-boot` 是后端JAVA源码项目Springboot3+Shiro+Mybatis+SpringCloudAlibaba（支持单体和微服务切换）.
+- `jeecg-boot` 是后端JAVA源码项目Springboot3+SpringCloudAlibaba（支持单体和微服务切换）.
 - `jeecgboot-vue3` 是前端VUE3源码项目（vue3+vite6+ts最新技术栈）.
 - `JeecgUniapp`  是[配套APP框架](https://github.com/jeecgboot/JeecgUniapp) 适配多个终端，支持APP、小程序、H5、鸿蒙、鸿蒙Next.
-- `jeecg-boot-starter`  是[jeecg-boot对应的底层封装starter](https://github.com/jeecgboot/jeecg-boot-starter) ：微服务启动、xxljob、分布式锁starter、rabbitmq、分布式事务、分库分表shardingsphere等.
 - 参考 [文档](https://help.jeecg.com/ui/2dev/mini) 可以删除不需要的demo，制作一个精简版本
 
 
@@ -232,6 +228,20 @@ JeecgBoot平台提供了一套完善的AI应用管理系统模块，是一套类
 
 
 
+
+
+开源版与企业版区别?
+-----------------------------------
+
+ - JeecgBoot开源版采用 [Apache-2.0 license](LICENSE) 协议附加补充条款：允许商用使用，不会造成侵权行为，允许基于本平台软件开展业务系统开发（但在任何情况下，您不得使用本软件开发可能被认为与本软件竞争的软件).
+ - 商业版与开源版主要区别在于商业版提供了技术支持 和 更多的企业级功能(例如：Online图表、流程监控、流程设计、流程审批、表单设计器、表单视图、积木报表企业版、OA办公、商业APP、零代码应用、Online模块源码等功能). [更多商业功能介绍，点击查看](README-Enterprise.md)
+ - JeecgBoot未来发展方向是：零代码平台的建设，也就是团队的另外一款产品 [敲敲云零代码](https://www.qiaoqiaoyun.com) ，无需编码即可通过拖拽快速搭建企业级应用，与JeecgBoot低代码平台形成互补，满足从简单业务到复杂系统的全场景开发需求，目前已经开源，[欢迎下载](https://qiaoqiaoyun.com/downloadCode)
+
+
+
+
+
+
 ### Jeecg Boot 产品功能蓝图
 ![功能蓝图](https://jeecgos.oss-cn-beijing.aliyuncs.com/upload/test/Jeecg-Boot-lantu202005_1590912449914.jpg "在这里输入图片标题")
 

jeecg-boot/.gitignore

@@ -13,3 +13,4 @@ os_del.cmd
 os_del_doc.cmd
 .svn
 derby.log
+*.log

jeecg-boot/README.md

@@ -2,12 +2,12 @@
 JeecgBoot 低代码开发平台
 ===============
 
-当前最新版本： 3.9.0（发布日期：2025-12-01） 
+当前最新版本： 3.8.3（发布日期：2025-10-09） 
 
 
 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/zhangdaiscott/jeecg-boot/blob/master/LICENSE)
 [![](https://img.shields.io/badge/Author-北京国炬软件-orange.svg)](http://jeecg.com/aboutusIndex)
-[![](https://img.shields.io/badge/version-3.9.0-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
+[![](https://img.shields.io/badge/version-3.8.3-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/zhangdaiscott/jeecg-boot)
 

jeecg-boot/db/增量SQL/sas升级脚本.sql

@@ -0,0 +1,45 @@
+CREATE TABLE `oauth2_registered_client` (
+  `id` varchar(100) NOT NULL,
+  `client_id` varchar(100) NOT NULL,
+  `client_id_issued_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `client_secret` varchar(200) DEFAULT NULL,
+  `client_secret_expires_at` timestamp NULL DEFAULT NULL,
+  `client_name` varchar(200) NOT NULL,
+  `client_authentication_methods` varchar(1000) NOT NULL,
+  `authorization_grant_types` varchar(1000) NOT NULL,
+  `redirect_uris` varchar(1000) DEFAULT NULL,
+  `post_logout_redirect_uris` varchar(1000) DEFAULT NULL,
+  `scopes` varchar(1000) NOT NULL,
+  `client_settings` varchar(2000) NOT NULL,
+  `token_settings` varchar(2000) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+INSERT INTO `oauth2_registered_client`
+(`id`,
+`client_id`,
+`client_id_issued_at`,
+`client_secret`,
+`client_secret_expires_at`,
+`client_name`,
+`client_authentication_methods`,
+`authorization_grant_types`,
+`redirect_uris`,
+`post_logout_redirect_uris`,
+`scopes`,
+`client_settings`,
+`token_settings`)
+VALUES
+('3eacac0e-0de9-4727-9a64-6bdd4be2ee1f',
+'jeecg-client',
+now(),
+'secret',
+null,
+'3eacac0e-0de9-4727-9a64-6bdd4be2ee1f',
+'client_secret_basic',
+'refresh_token,authorization_code,password,app,phone,social',
+'http://127.0.0.1:8080/jeecg-',
+'http://127.0.0.1:8080/',
+'*',
+'{"@class":"java.util.Collections$UnmodifiableMap","settings.client.require-proof-key":false,"settings.client.require-authorization-consent":true}',
+'{"@class":"java.util.Collections$UnmodifiableMap","settings.token.reuse-refresh-tokens":true,"settings.token.id-token-signature-algorithm":["org.springframework.security.oauth2.jose.jws.SignatureAlgorithm","RS256"],"settings.token.access-token-time-to-live":["java.time.Duration",300000.000000000],"settings.token.access-token-format":{"@class":"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat","value":"self-contained"},"settings.token.refresh-token-time-to-live":["java.time.Duration",3600.000000000],"settings.token.authorization-code-time-to-live":["java.time.Duration",300000.000000000],"settings.token.device-code-time-to-live":["java.time.Duration",300000.000000000]}');

jeecg-boot/docker-compose.yml

@@ -63,7 +63,6 @@ services:
     build:
       context: ./jeecg-module-system/jeecg-system-start
     restart: on-failure
-    mac_address: 02:42:ac:11:00:02
     depends_on:
       - jeecg-boot-mysql
       - jeecg-boot-redis

jeecg-boot/jeecg-boot-base-core/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>org.jeecgframework.boot3</groupId>
 		<artifactId>jeecg-boot-parent</artifactId>
-		<version>3.9.0</version>
+		<version>3.8.3</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>jeecg-boot-base-core</artifactId>
@@ -44,12 +44,6 @@
 		<dependency>
 			<groupId>org.jeecgframework.boot3</groupId>
 			<artifactId>jeecg-boot-common</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-logging</groupId>
-					<artifactId>commons-logging</artifactId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 		<!--集成springmvc框架并实现自动配置 -->
 		<dependency>
@@ -179,6 +173,7 @@
 			<artifactId>DmDialect-for-hibernate5.0</artifactId>
 			<version>${dm8.version}</version>
 		</dependency>
+
 		<!-- Quartz定时任务 -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -192,78 +187,28 @@
 			<version>${java-jwt.version}</version>
 		</dependency>
 
-		<!--shiro-->
+
 		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-spring-boot-starter</artifactId>
-			<classifier>jakarta</classifier>
-			<version>${shiro.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.apache.shiro</groupId>
-					<artifactId>shiro-spring</artifactId>
-				</exclusion>
-			</exclusions>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-spring</artifactId>
-			<classifier>jakarta</classifier>
-			<version>${shiro.version}</version>
-			<!-- 排除仍使用了javax.servlet的依赖 -->
-			<exclusions>
-				<exclusion>
-					<groupId>org.apache.shiro</groupId>
-					<artifactId>shiro-core</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.shiro</groupId>
-					<artifactId>shiro-web</artifactId>
-				</exclusion>
-			</exclusions>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
 		</dependency>
-		<!-- 引入适配jakarta的依赖包 -->
+		<!-- 添加spring security cas支持 -->
 		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-core</artifactId>
-			<classifier>jakarta</classifier>
-			<version>${shiro.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>commons-beanutils</groupId>
-					<artifactId>commons-beanutils</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-web</artifactId>
-			<classifier>jakarta</classifier>
-			<version>${shiro.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.apache.shiro</groupId>
-					<artifactId>shiro-core</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<!-- shiro-redis -->
-		<dependency>
-			<groupId>org.crazycake</groupId>
-			<artifactId>shiro-redis</artifactId>
-			<version>${shiro-redis.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.apache.shiro</groupId>
-					<artifactId>shiro-core</artifactId>
-				</exclusion>
-				<exclusion>
-					<artifactId>checkstyle</artifactId>
-					<groupId>com.puppycrawl.tools</groupId>
-				</exclusion>
-			</exclusions>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-cas</artifactId>
 		</dependency>
 
+
+		<!--	<dependency>
+			<groupId>com.github.xiaoymin</groupId>
+			<artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
+			<version>${knife4j-spring-boot-starter.version}</version>
+		</dependency>-->
+		<!-- knife4j 升级springboot3.4.5报错 -->
 		<dependency>
 			<groupId>com.github.xiaoymin</groupId>
 			<artifactId>knife4j-openapi3-ui</artifactId>
@@ -295,8 +240,8 @@
 
 		<!-- AutoPoi Excel工具类-->
 		<dependency>
-			<groupId>org.jeecgframework</groupId>
-			<artifactId>autopoi-spring-boot-3-starter</artifactId>
+			<groupId>org.jeecgframework.boot3</groupId>
+			<artifactId>autopoi-web</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>xerces</groupId>
@@ -314,14 +259,6 @@
 					<artifactId>checker-qual</artifactId>
 					<groupId>org.checkerframework</groupId>
 				</exclusion>
-				<exclusion>
-					<groupId>com.google.errorprone</groupId>
-					<artifactId>error_prone_annotations</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.apache.commons</groupId>
-					<artifactId>commons-compress</artifactId>
-				</exclusion>
 			</exclusions>
 		</dependency>
 
@@ -379,21 +316,5 @@
 			<groupId>org.jeecgframework.boot3</groupId>
 			<artifactId>jeecg-boot-starter-chatgpt</artifactId>
 		</dependency>
-        <!-- 腾讯云 -->
-        <dependency>
-            <groupId>com.tencentcloudapi</groupId>
-            <artifactId>tencentcloud-sdk-java-sms</artifactId>
-            <version>${tencentcloud-sdk-java-sms.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>javax.xml.bind</groupId>
-					<artifactId>jaxb-api</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>com.squareup.okio</groupId>
-					<artifactId>okio</artifactId>
-				</exclusion>
-			</exclusions>
-        </dependency>
 	</dependencies>
 </project>

jeecg-boot/jeecg-boot-base-core/src/main/java/org/apache/shiro/SecurityUtils.java

@@ -0,0 +1,21 @@
+package org.apache.shiro;
+
+import org.apache.shiro.subject.Subject;
+
+/**
+ * 兼容处理Online功能使用处理，请勿修改
+ * @author eightmonth@qq.com
+ * @date 2024/4/29 14:05
+ */
+public class SecurityUtils {
+
+
+    public static Subject getSubject() {
+        return new Subject() {
+            @Override
+            public Object getPrincipal() {
+                return Subject.super.getPrincipal();
+            }
+        };
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/apache/shiro/subject/Subject.java

@@ -0,0 +1,14 @@
+package org.apache.shiro.subject;
+
+import org.jeecg.config.security.utils.SecureUtil;
+
+/**
+ * 兼容处理Online功能使用处理，请勿修改
+ * @author eightmonth@qq.com
+ * @date 2024/4/29 14:18
+ */
+public interface Subject {
+    default Object getPrincipal() {
+        return SecureUtil.currentUser();
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java

@@ -1,5 +1,6 @@
 package org.jeecg.common.api;
 
+import com.alibaba.fastjson.JSONObject;
 import org.jeecg.common.api.dto.AiragFlowDTO;
 import org.jeecg.common.system.vo.*;
 
@@ -65,6 +66,13 @@ public interface CommonAPI {
      */
     public String getUserIdByName(String username);
 
+    /**
+     * 5根据用户手机号查询用户信息
+     * @param username
+     * @return
+     */
+    public LoginUser getUserByPhone(String phone);
+
 
     /**
      * 6字典表的 翻译
@@ -132,6 +140,7 @@ public interface CommonAPI {
      */
     Map<String, List<DictModel>> translateManyDict(String dictCodes, String keys);
 
+    //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
     /**
      * 15 字典表的 翻译，可批量
      * @param table
@@ -142,6 +151,7 @@ public interface CommonAPI {
      * @return
      */
     List<DictModel> translateDictFromTableByKeys(String table, String text, String code, String keys, String dataSource);
+    //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
 
     /**
      * 16 运行AIRag流程
@@ -154,4 +164,31 @@ public interface CommonAPI {
      */
     Object runAiragFlow(AiragFlowDTO airagFlowDTO);
 
+    /**
+     * 登录加载系统字典
+     * @return
+     */
+    Map<String,List<DictModel>> queryAllDictItems();
+
+    /**
+     * 查询SysDepart集合
+     * @param userId
+     * @return
+     */
+    List<SysDepartModel> queryUserDeparts(String userId);
+
+    /**
+     * 根据用户名设置部门ID
+     * @param username
+     * @param orgCode
+     */
+    void updateUserDepart(String username,String orgCode,Integer loginTenantId);
+
+    /**
+     * 设置登录租户
+     * @param username
+     * @return
+     */
+    JSONObject setLoginTenant(String username);
+
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/ApprovalCommentDTO.java

@@ -1,48 +0,0 @@
-package org.jeecg.common.api.dto;
-
-import lombok.Data;
-
-import java.io.Serializable;
-import java.util.Date;
-
-/**
- * 流程审批意见DTO
- * @author scott
- * @date 2025-01-29
- */
-@Data
-public class ApprovalCommentDTO implements Serializable {
-    
-    private static final long serialVersionUID = 1L;
-    
-    /**
-     * 任务ID
-     */
-    private String taskId;
-    
-    /**
-     * 任务名称
-     */
-    private String taskName;
-    
-    /**
-     * 审批人ID
-     */
-    private String approverId;
-    
-    /**
-     * 审批人姓名
-     */
-    private String approverName;
-    
-    /**
-     * 审批意见
-     */
-    private String approvalComment;
-    
-    /**
-     * 审批时间
-     */
-    private Date approvalTime;
-}
-

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/OnlineAuthDTO.java

@@ -30,10 +30,12 @@ public class OnlineAuthDTO implements Serializable {
      */
     private String onlineFormUrl;
 
+    //update-begin---author:chenrui ---date:20240123  for：[QQYUN-7992]【online】工单申请下的online表单，未配置online表单开发菜单，操作报错无权限------------
     /**
      * online工单的地址
      */
     private String onlineWorkOrderUrl;
+    //update-end---author:chenrui ---date:20240123  for：[QQYUN-7992]【online】工单申请下的online表单，未配置online表单开发菜单，操作报错无权限------------
 
     public OnlineAuthDTO(){
 

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/PushMessageDTO.java

@@ -1,55 +0,0 @@
-package org.jeecg.common.api.dto;
-
-import lombok.AllArgsConstructor;
-import lombok.Builder;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Map;
-
-/**
- * 移动端消息推送
- * @author liusq
- * @date 2025/11/12 14:11
- */
-@Builder
-@AllArgsConstructor
-@NoArgsConstructor
-@Data
-public class PushMessageDTO implements Serializable {
-
-
-    private static final long serialVersionUID = 7431775881170684867L;
-
-    /**
-     * 消息标题
-     */
-    private String title;
-
-    /**
-     * 消息内容
-     */
-    private String content;
-
-    /**
-     * 推送形式：all：全推送 single：单用户推送
-     */
-    private String pushType;
-
-    /**
-     * 用户名usernameList
-     */
-    List<String> usernames;
-
-    /**
-     * 用户名idList
-     */
-    List<String> userIds;
-
-    /**
-     * 消息附加参数
-     */
-    Map<String,Object> payload;
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java

@@ -1,5 +1,6 @@
 package org.jeecg.common.aspect;
 
+import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.alibaba.fastjson.serializer.PropertyFilter;
 import org.apache.shiro.SecurityUtils;
@@ -15,12 +16,14 @@ import org.jeecg.common.aspect.annotation.AutoLog;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.enums.ModuleType;
 import org.jeecg.common.constant.enums.OperateTypeEnum;
+import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.IpUtils;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.springframework.core.StandardReflectionParameterNameDiscoverer;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.multipart.MultipartFile;
@@ -100,7 +103,7 @@ public class AutoLogAspect {
         //设置IP地址
         dto.setIp(IpUtils.getIpAddr(request));
         //获取登录用户信息
-        LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+        LoginUser sysUser = SecureUtil.currentUser();
         if(sysUser!=null){
             dto.setUserid(sysUser.getUsername());
             dto.setUsername(sysUser.getRealname());
@@ -121,8 +124,9 @@ public class AutoLogAspect {
         if (operateType > 0) {
             return operateType;
         }
-        // 代码逻辑说明: 阿里云代码扫描规范(不允许任何魔法值出现在代码中)------------
+        //update-begin---author:wangshuai ---date:20220331  for：阿里云代码扫描规范(不允许任何魔法值出现在代码中)------------
         return OperateTypeEnum.getTypeByMethodName(methodName);
+        //update-end---author:wangshuai ---date:20220331  for：阿里云代码扫描规范(不允许任何魔法值出现在代码中)------------
     }
 
     /**
@@ -142,15 +146,14 @@ public class AutoLogAspect {
             //  https://my.oschina.net/mengzhang6/blog/2395893
             Object[] arguments  = new Object[paramsArray.length];
             for (int i = 0; i < paramsArray.length; i++) {
-                if (paramsArray[i] instanceof BindingResult || paramsArray[i] instanceof ServletRequest || paramsArray[i] instanceof ServletResponse || paramsArray[i] instanceof MultipartFile || paramsArray[i] instanceof MultipartFile[]) {
+                if (paramsArray[i] instanceof BindingResult || paramsArray[i] instanceof ServletRequest || paramsArray[i] instanceof ServletResponse || paramsArray[i] instanceof MultipartFile) {
                     //ServletRequest不能序列化，从入参里排除，否则报异常：java.lang.IllegalStateException: It is illegal to call this method if the current request is not in asynchronous mode (i.e. isAsyncStarted() returns false)
                     //ServletResponse不能序列化 从入参里排除，否则报异常：java.lang.IllegalStateException: getOutputStream() has already been called for this response
-                    //MultipartFile和MultipartFile[]不能序列化，从入参里排除
                     continue;
                 }
                 arguments[i] = paramsArray[i];
             }
-            // 代码逻辑说明: 日志数据太长的直接过滤掉
+            //update-begin-author:taoyan date:20200724 for:日志数据太长的直接过滤掉
             PropertyFilter profilter = new PropertyFilter() {
                 @Override
                 public boolean apply(Object o, String name, Object value) {
@@ -165,13 +168,14 @@ public class AutoLogAspect {
                 }
             };
             params = JSONObject.toJSONString(arguments, profilter);
+            //update-end-author:taoyan date:20200724 for:日志数据太长的直接过滤掉
         } else {
             MethodSignature signature = (MethodSignature) joinPoint.getSignature();
             Method method = signature.getMethod();
             // 请求的方法参数值
             Object[] args = joinPoint.getArgs();
             // 请求的方法参数名称
-            StandardReflectionParameterNameDiscoverer u= new StandardReflectionParameterNameDiscoverer();
+            StandardReflectionParameterNameDiscoverer u=new StandardReflectionParameterNameDiscoverer();
             String[] paramNames = u.getParameterNames(method);
             if (args != null && paramNames != null) {
                 for (int i = 0; i < args.length; i++) {

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/DictAspect.java

@@ -105,24 +105,29 @@ public class DictAspect {
                 Map<String, List<String>> dataListMap = new HashMap<>(5);
                 //取出结果集
                 List<Object> records=((IPage) ((Result) result).getResult()).getRecords();
-                // 代码逻辑说明: 【VUEN-1230】 判断是否含有字典注解,没有注解返回-----
+                //update-begin--Author:zyf -- Date:20220606 ----for：【VUEN-1230】 判断是否含有字典注解,没有注解返回-----
                 Boolean hasDict= checkHasDict(records);
                 if(!hasDict){
                     return result;
                 }
 
                 log.debug(" __ 进入字典翻译切面 DictAspect —— " );
+                //update-end--Author:zyf -- Date:20220606 ----for：【VUEN-1230】 判断是否含有字典注解,没有注解返回-----
                 for (Object record : records) {
                     String json="{}";
                     try {
+                        //update-begin--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                         //解决@JsonFormat注解解析不了的问题详见SysAnnouncement类的@JsonFormat
                          json = objectMapper.writeValueAsString(record);
+                        //update-end--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                     } catch (JsonProcessingException e) {
                         log.error("json解析失败"+e.getMessage(),e);
                     }
-                    // 代码逻辑说明: 【issues/3303】restcontroller返回json数据后key顺序错乱 -----
+                    //update-begin--Author:scott -- Date:20211223 ----for：【issues/3303】restcontroller返回json数据后key顺序错乱 -----
                     JSONObject item = JSONObject.parseObject(json, Feature.OrderedField);
+                    //update-end--Author:scott -- Date:20211223 ----for：【issues/3303】restcontroller返回json数据后key顺序错乱 -----
 
+                    //update-begin--Author:scott -- Date:20190603 ----for：解决继承实体字段无法翻译问题------
                     //for (Field field : record.getClass().getDeclaredFields()) {
                     // 遍历所有字段，把字典Code取出来，放到 map 里
                     for (Field field : oConvertUtils.getAllFields(record)) {
@@ -130,6 +135,7 @@ public class DictAspect {
                         if (oConvertUtils.isEmpty(value)) {
                             continue;
                         }
+                    //update-end--Author:scott  -- Date:20190603 ----for：解决继承实体字段无法翻译问题------
                         if (field.getAnnotation(Dict.class) != null) {
                             if (!dictFieldList.contains(field)) {
                                 dictFieldList.add(field);
@@ -137,22 +143,26 @@ public class DictAspect {
                             String code = field.getAnnotation(Dict.class).dicCode();
                             String text = field.getAnnotation(Dict.class).dicText();
                             String table = field.getAnnotation(Dict.class).dictTable();
-                            // 代码逻辑说明: [issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                            //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                             String dataSource = field.getAnnotation(Dict.class).ds();
+                            //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                             List<String> dataList;
                             String dictCode = code;
                             if (!StringUtils.isEmpty(table)) {
-                                // 代码逻辑说明: [issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                                 dictCode = String.format("%s,%s,%s,%s", table, text, code, dataSource);
+                                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                             }
                             dataList = dataListMap.computeIfAbsent(dictCode, k -> new ArrayList<>());
                             this.listAddAllDeduplicate(dataList, Arrays.asList(value.split(",")));
                         }
                         //date类型默认转换string格式化日期
+                        //update-begin--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                         //if (JAVA_UTIL_DATE.equals(field.getType().getName())&&field.getAnnotation(JsonFormat.class)==null&&item.get(field.getName())!=null){
                             //SimpleDateFormat aDate=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                             // item.put(field.getName(), aDate.format(new Date((Long) item.get(field.getName()))));
                         //}
+                        //update-end--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                     }
                     items.add(item);
                 }
@@ -166,12 +176,15 @@ public class DictAspect {
                         String code = field.getAnnotation(Dict.class).dicCode();
                         String text = field.getAnnotation(Dict.class).dicText();
                         String table = field.getAnnotation(Dict.class).dictTable();
+                        //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                         // 自定义的字典表数据源
                         String dataSource = field.getAnnotation(Dict.class).ds();
+                        //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                         String fieldDictCode = code;
                         if (!StringUtils.isEmpty(table)) {
-                            // 代码逻辑说明: [issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                            //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                             fieldDictCode = String.format("%s,%s,%s,%s", table, text, code, dataSource);
+                            //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                         }
 
                         String value = record.getString(field.getName());
@@ -273,20 +286,25 @@ public class DictAspect {
                 String[] arr = dictCode.split(",");
                 String table = arr[0], text = arr[1], code = arr[2];
                 String values = String.join(",", needTranslDataTable);
+                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                 // 自定义的数据源
                 String dataSource = null;
                 if (arr.length > 3) {
                     dataSource = arr[3];
                 }
+                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                 log.debug("translateDictFromTableByKeys.dictCode:" + dictCode);
                 log.debug("translateDictFromTableByKeys.values:" + values);
+                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                 
-                // 代码逻辑说明: 微服务下为空报错没有参数需要传递空字符串---
+                //update-begin---author:wangshuai---date:2024-01-09---for:微服务下为空报错没有参数需要传递空字符串---
                 if(null == dataSource){
                     dataSource = "";
                 }
+                //update-end---author:wangshuai---date:2024-01-09---for:微服务下为空报错没有参数需要传递空字符串---
                 
                 List<DictModel> texts = commonApi.translateDictFromTableByKeys(table, text, code, values, dataSource);
+                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                 log.debug("translateDictFromTableByKeys.result:" + texts);
                 List<DictModel> list = translText.computeIfAbsent(dictCode, k -> new ArrayList<>());
                 list.addAll(texts);
@@ -295,8 +313,10 @@ public class DictAspect {
                 for (DictModel dict : texts) {
                     String redisKey = String.format("sys:cache:dictTable::SimpleKey [%s,%s]", dictCode, dict.getValue());
                     try {
+                        // update-begin-author:taoyan date:20211012 for: 字典表翻译注解缓存未更新 issues/3061
                         // 保留5分钟
                         redisTemplate.opsForValue().set(redisKey, dict.getText(), 300, TimeUnit.SECONDS);
+                        // update-end-author:taoyan date:20211012 for: 字典表翻译注解缓存未更新 issues/3061
                     } catch (Exception e) {
                         log.warn(e.getMessage(), e);
                     }
@@ -380,7 +400,7 @@ public class DictAspect {
             if (k.trim().length() == 0) {
                 continue; //跳过循环
             }
-            // 代码逻辑说明: !56 优化微服务应用下存在表字段需要字典翻译时加载缓慢问题-----
+            //update-begin--Author:scott -- Date:20210531 ----for： !56 优化微服务应用下存在表字段需要字典翻译时加载缓慢问题-----
             if (!StringUtils.isEmpty(table)){
                 log.debug("--DictAspect------dicTable="+ table+" ,dicText= "+text+" ,dicCode="+code);
                 String keyString = String.format("sys:cache:dictTable::SimpleKey [%s,%s,%s,%s]",table,text,code,k.trim());
@@ -405,6 +425,7 @@ public class DictAspect {
                     tmpValue = commonApi.translateDict(code, k.trim());
                 }
             }
+            //update-end--Author:scott -- Date:20210531 ----for： !56 优化微服务应用下存在表字段需要字典翻译时加载缓慢问题-----
 
             if (tmpValue != null) {
                 if (!"".equals(textValue.toString())) {

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/PermissionDataAspect.java

@@ -57,6 +57,7 @@ public class PermissionDataAspect {
         String requestMethod = request.getMethod();
         String requestPath = request.getRequestURI().substring(request.getContextPath().length());
         requestPath = filterUrl(requestPath);
+        //update-begin-author:taoyan date:20211027 for:JTC-132【online报表权限】online报表带参数的菜单配置数据权限无效
         //先判断是否online报表请求
         if(requestPath.indexOf(UrlMatchEnum.CGREPORT_DATA.getMatchUrl())>=0 || requestPath.indexOf(UrlMatchEnum.CGREPORT_ONLY_DATA.getMatchUrl())>=0){
             // 获取地址栏参数
@@ -65,6 +66,7 @@ public class PermissionDataAspect {
                 requestPath+="?"+urlParamString;
             }
         }
+        //update-end-author:taoyan date:20211027 for:JTC-132【online报表权限】online报表带参数的菜单配置数据权限无效
         log.debug("拦截请求 >> {} ; 请求类型 >> {} . ", requestPath, requestMethod);
         String username = JwtUtil.getUserNameByToken(request);
         //查询数据权限信息

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/annotation/Dict.java

@@ -41,6 +41,7 @@ public @interface Dict {
     String dictTable() default "";
 
 
+    //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
     /**
      * 方法描述: 数据字典表所在数据源名称
      * 作    者： chenrui
@@ -49,4 +50,5 @@ public @interface Dict {
      * @return 返回类型： String
      */
     String ds() default "";
+    //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/CommonConstant.java

@@ -90,24 +90,7 @@ public interface CommonConstant {
     /** 登录用户Shiro权限缓存KEY前缀 */
     public static String PREFIX_USER_SHIRO_CACHE  = "shiro:cache:org.jeecg.config.shiro.ShiroRealm.authorizationCache:";
     /** 登录用户Token令牌缓存KEY前缀 */
-    String PREFIX_USER_TOKEN  = "prefix_user_token:";
-    /** 登录用户Token令牌作废提示信息，比如 “不允许同一账号多地同时登录，会往这个变量存提示信息” */
-    String PREFIX_USER_TOKEN_ERROR_MSG  = "prefix_user_token:error:msg_";
-
-    /**============================== 【是否允许同一账号多地同时登录】登录客户端类型常量 ==============================*/
-    /** 客户端类型：PC端 */
-    String CLIENT_TYPE_PC = "PC";
-    /** 客户端类型：APP端 */
-    String CLIENT_TYPE_APP = "APP";
-    /** 客户端类型：手机号登录 */
-    String CLIENT_TYPE_PHONE = "PHONE";
-    String PREFIX_USER_TOKEN_PC = "prefix_user_token:single_login:pc:";
-    /** 单点登录：用户在APP端的Token缓存KEY前缀 (username -> token) */
-    String PREFIX_USER_TOKEN_APP = "prefix_user_token:single_login:app:";
-    /** 单点登录：用户在手机号登录的Token缓存KEY前缀 (username -> token) */
-    String PREFIX_USER_TOKEN_PHONE = "prefix_user_token:single_login:phone:";
-    /**============================== 【是否允许同一账号多地同时登录】登录客户端类型常量 ==============================*/
-    
+    String PREFIX_USER_TOKEN  = "token::jeecg-client::";
 //    /** Token缓存时间：3600秒即一小时 */
 //    int  TOKEN_EXPIRE_TIME  = 3600;
 
@@ -325,10 +308,6 @@ public interface CommonConstant {
      */
     String SYS_ROLE_ADMIN = "admin";
 
-    /**
-     * 考勤补卡业务状态 （0：处理中）
-     */
-    String SIGN_PATCH_BIZ_STATUS_0 = "0";
     /**
      * 考勤补卡业务状态 （1：同意  2：不同意）
      */
@@ -612,6 +591,7 @@ public interface CommonConstant {
     String ORDER_TYPE_DESC = "DESC";
 
 
+   //update-begin---author:scott ---date:2023-09-10  for：积木报表常量----
    /**
     * 报表允许设计开发的角色
     */
@@ -626,7 +606,9 @@ public interface CommonConstant {
     * 数据隔离模式： 按照租户隔离
     */
    public static final String SAAS_MODE_TENANT = "tenant";
+   //update-end---author:scott ---date::2023-09-10  for：积木报表常量----
  
+   //update-begin---author:wangshuai---date:2024-04-07---for:修改手机号常量---
    /**
     * 修改手机号短信验证码redis-key的前缀
     */
@@ -651,6 +633,7 @@ public interface CommonConstant {
     * 修改手机号
     */
    String UPDATE_PHONE = "updatePhone";
+   //update-end---author:wangshuai---date:2024-04-07---for:修改手机号常量---
     
    /**
     * 修改手机号验证码请求次数超出
@@ -726,19 +709,4 @@ public interface CommonConstant {
      * 部门名称redisKey(全路径)
      */
     String DEPART_NAME_REDIS_KEY_PRE = "sys:cache:departPathName:";
-
-    /**
-     * 默认用户排序值
-     */
-    Integer DEFAULT_USER_SORT = 1000;
-
-    /**
-     * 发送短信方式：腾讯
-     */
-    String SMS_SEND_TYPE_TENCENT = "tencent";
-
-    /**
-     * 发送短信方式：阿里云
-     */
-    String SMS_SEND_TYPE_ALI_YUN = "aliyun";
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/ProvinceCityArea.java

@@ -39,18 +39,20 @@ public class ProvinceCityArea {
             this.initAreaList();
             if(areaList!=null && areaList.size()>0){
                 for(int i=areaList.size()-1;i>=0;i--){
-                    // 代码逻辑说明: VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
+                    //update-begin-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                     String areaText = areaList.get(i).getText();
                     String cityText = areaList.get(i).getAheadText();
                     if(text.indexOf(areaText)>=0 && (cityText!=null && text.indexOf(cityText)>=0)){
                         return areaList.get(i).getId();
                     }
+                    //update-end-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                 }
             }
         }
         return null;
     }
 
+    // update-begin-author:sunjianlei date:20220121 for:【JTC-704】数据导入错误 省市区组件，文件中为北京市，导入后，导为了山西省
     /**
      * 获取省市区code，精准匹配
      * @param texts 文本数组，省，市，区
@@ -115,6 +117,7 @@ public class ProvinceCityArea {
         }
         return null;
     }
+    // update-end-author:sunjianlei date:20220121 for:【JTC-704】数据导入错误 省市区组件，文件中为北京市，导入后，导为了山西省
 
     public void getAreaByCode(String code,List<String> ls){
         for(Area area: areaList){
@@ -151,8 +154,9 @@ public class ProvinceCityArea {
                             for(String areaKey:areaJson.keySet()){
                                 //System.out.println("········"+areaKey);
                                 Area area = new Area(areaKey,areaJson.getString(areaKey),cityKey);
-                                // 代码逻辑说明: VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
+                                //update-begin-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                                 area.setAheadText(cityJson.getString(cityKey));
+                                //update-end-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                                 this.areaList.add(area);
                             }
                         }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/NoticeTypeEnum.java

@@ -23,11 +23,7 @@ public enum NoticeTypeEnum {
     /**
      * 督办
      */
-    NOTICE_TYPE_SUPERVISE("督办管理", "supe"),
-    /**
-     * 考勤
-     */
-    NOTICE_TYPE_ATTENDANCE("考勤消息", "attendance");
+    NOTICE_TYPE_SUPERVISE("督办管理", "supe");
 
     /**
      * 文件类型名称

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/UniPushTypeEnum.java

@@ -1,82 +0,0 @@
-package org.jeecg.common.constant.enums;
-
-import org.jeecg.common.util.oConvertUtils;
-
-/**
- * UniPush 消息推送枚举
- * @author: jeecg-boot
- */
-public enum UniPushTypeEnum {
-    /**
-     * 聊天
-     */
-    CHAT("chat", "聊天消息", "收到%s发来的聊天消息"),
-    /**
-     * 流程跳转到我的任务
-     */
-    BPM("bpm_task", "待办任务", "收到%s待办任务"),
-
-    /**
-     * 流程抄送任务
-     */
-    BPM_VIEW("bpm_cc", "知会任务", "收到%s知会任务"),
-    /**
-     * 系统消息
-     */
-    SYS_MSG("system", "系统消息", "收到一条系统通告");
-
-    /**
-     * 业务类型(chat:聊天 bpm_task:流程 bpm_cc:流程抄送)
-     */
-    private String type;
-    /**
-     * 消息标题
-     */
-    private String title;
-    /**
-     * 消息内容
-     */
-    private String content;
-
-    UniPushTypeEnum(String type, String title, String content) {
-        this.type = type;
-        this.title = title;
-        this.content = content;
-    }
-
-    public String getType() {
-        return type;
-    }
-
-    public void setType(String type) {
-        this.type = type;
-    }
-
-    public String getTitle() {
-        return title ;
-    }
-
-    public void setTitle(String openType) {
-        this.title = openType;
-    }
-
-    public String getContent() {
-        return content;
-    }
-
-    public void setContent(String content) {
-        this.content = content;
-    }
-
-    public static UniPushTypeEnum getByType(String type) {
-        if (oConvertUtils.isEmpty(type)) {
-            return null;
-        }
-        for (UniPushTypeEnum val : values()) {
-            if (val.getType().equals(type)) {
-                return val;
-            }
-        }
-        return null;
-    }
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/desensitization/aspect/SensitiveDataAspect.java

@@ -73,7 +73,7 @@ public class SensitiveDataAspect {
             SensitiveInfoUtil.handleNestedObject(result, entity, isEncode);
         }
         long endTime=System.currentTimeMillis();
-        log.debug((isEncode ? "加密操作，" : "解密操作，") + "Aspect程序耗时：" + (endTime - startTime) + "ms");
+        log.info((isEncode ? "加密操作，" : "解密操作，") + "Aspect程序耗时：" + (endTime - startTime) + "ms");
 
         return result;
     }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/es/JeecgElasticsearchTemplate.java

@@ -387,7 +387,7 @@ public class JeecgElasticsearchTemplate {
             data.remove("id");
             bodySb.append(data.toJSONString()).append("\n");
         }
-        //System.out.println("+-+-+-: bodySb.toString(): " + bodySb.toString());
+        System.out.println("+-+-+-: bodySb.toString(): " + bodySb.toString());
         HttpHeaders headers = RestUtil.getHeaderApplicationJson();
         RestUtil.request(url, HttpMethod.PUT, headers, null, bodySb, JSONObject.class);
         return true;

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java

@@ -6,8 +6,6 @@ import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.UnauthorizedException;
 import org.jeecg.common.api.dto.LogDTO;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
@@ -24,6 +22,8 @@ import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.data.redis.connection.PoolException;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.util.CollectionUtils;
 import org.springframework.validation.ObjectError;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -47,9 +47,27 @@ import java.util.stream.Collectors;
 @RestControllerAdvice
 @Slf4j
 public class JeecgBootExceptionHandler {
-
-	@Resource
+    
+    @Resource
 	BaseCommonService baseCommonService;
+    
+	/**
+	 * 验证码错误异常
+	 */
+
+	@ExceptionHandler(JeecgCaptchaException.class)
+	@ResponseStatus(HttpStatus.OK)
+	public Result<?> handleJeecgCaptchaException(JeecgCaptchaException e) {
+		log.error(e.getMessage(), e);
+		return Result.error(e.getCode(), e.getMessage());
+	}
+
+	@ExceptionHandler(AuthenticationException.class)
+	@ResponseStatus(HttpStatus.OK)
+	public Result<?> handleJeecgCaptchaException(AuthenticationException e) {
+		log.error(e.getMessage(), e);
+		return Result.error(401, e.getMessage());
+	}
 
 	@ExceptionHandler(MethodArgumentNotValidException.class)
 	public Result<?> handleValidationExceptions(MethodArgumentNotValidException e) {
@@ -112,8 +130,8 @@ public class JeecgBootExceptionHandler {
 		return Result.error("数据库中已存在该记录");
 	}
 
-	@ExceptionHandler({UnauthorizedException.class, AuthorizationException.class})
-	public Result<?> handleAuthorizationException(AuthorizationException e){
+    @ExceptionHandler(AccessDeniedException.class)
+    public Result<?> handleAuthorizationException(AccessDeniedException e){
 		log.error(e.getMessage(), e);
 		return Result.noauth("没有权限，请联系管理员分配权限！");
 	}
@@ -121,12 +139,13 @@ public class JeecgBootExceptionHandler {
 	@ExceptionHandler(Exception.class)
 	public Result<?> handleException(Exception e){
 		log.error(e.getMessage(), e);
-		// 代码逻辑说明: 处理Sentinel限流自定义异常
+		//update-begin---author:zyf ---date:20220411  for：处理Sentinel限流自定义异常
 		Throwable throwable = e.getCause();
 		SentinelErrorInfoEnum errorInfoEnum = SentinelErrorInfoEnum.getErrorByException(throwable);
 		if (ObjectUtil.isNotEmpty(errorInfoEnum)) {
 			return Result.error(errorInfoEnum.getError());
 		}
+		//update-end---author:zyf ---date:20220411  for：处理Sentinel限流自定义异常
 		addSysLog(e);
 		return Result.error("操作失败，"+e.getMessage());
 	}
@@ -223,6 +242,7 @@ public class JeecgBootExceptionHandler {
 		return Result.error("校验失败，存在SQL注入风险！" + msg);
 	}
 
+	//update-begin---author:chenrui ---date:20240423  for：[QQYUN-8732]把错误的日志都抓取了 方便后续处理，单独弄个日志类型------------
 	/**
 	 * 添加异常新系统日志
 	 * @param e 异常
@@ -241,6 +261,7 @@ public class JeecgBootExceptionHandler {
         } catch (NullPointerException | BeansException ignored) {
         }
         if (null != request) {
+			//update-begin---author:chenrui ---date:20250408  for：[QQYUN-11716]上传大图片失败没有精确提示------------
 			//请求的参数
 			if (!isTooBigException(e)) {
 				// 文件上传过大异常时不能获取参数,否则会报错
@@ -249,6 +270,7 @@ public class JeecgBootExceptionHandler {
 					log.setMethod(oConvertUtils.mapToString(request.getParameterMap()));
 				}
 			}
+			//update-end---author:chenrui ---date:20250408  for：[QQYUN-11716]上传大图片失败没有精确提示------------
             // 请求地址
             log.setRequestUrl(request.getRequestURI());
             //设置IP地址
@@ -272,6 +294,7 @@ public class JeecgBootExceptionHandler {
 
         baseCommonService.addLog(log);
     }
+	//update-end---author:chenrui ---date:20240423  for：[QQYUN-8732]把错误的日志都抓取了 方便后续处理，单独弄个日志类型------------
 
 	/**
 	 * 是否文件过大异常

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgCaptchaException.java

@@ -0,0 +1,28 @@
+package org.jeecg.common.exception;
+
+import lombok.Data;
+
+/**
+ * @author kezhijie@wuhandsj.com
+ * @date 2024/1/2 11:38
+ */
+@Data
+public class JeecgCaptchaException extends RuntimeException{
+
+    private Integer code;
+
+    private static final long serialVersionUID = -9093410345065209053L;
+
+    public JeecgCaptchaException(Integer code, String message) {
+        super(message);
+        this.code = code;
+    }
+
+    public JeecgCaptchaException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public JeecgCaptchaException(Throwable cause) {
+        super(cause);
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java

@@ -1,5 +1,6 @@
 package org.jeecg.common.system.base.controller;
 
+import com.alibaba.fastjson.JSON;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
@@ -12,6 +13,7 @@ import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecgframework.poi.excel.ExcelImportUtil;
 import org.jeecgframework.poi.excel.def.NormalExcelConstants;
 import org.jeecgframework.poi.excel.entity.ExportParams;
@@ -20,6 +22,7 @@ import org.jeecgframework.poi.excel.entity.enmus.ExcelType;
 import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.jeecgframework.poi.handler.inter.IExcelExportServer;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
 import org.springframework.web.servlet.ModelAndView;
@@ -52,7 +55,7 @@ public class JeecgController<T, S extends IService<T>> {
     protected ModelAndView exportXls(HttpServletRequest request, T object, Class<T> clazz, String title) {
         // Step.1 组装查询条件
         QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
-        LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+        LoginUser sysUser = SecureUtil.currentUser();
 
         // 过滤选中数据
         String selections = request.getParameter("selections");
@@ -68,16 +71,12 @@ public class JeecgController<T, S extends IService<T>> {
         //此处设置的filename无效 ,前端会重更新设置一下
         mv.addObject(NormalExcelConstants.FILE_NAME, title);
         mv.addObject(NormalExcelConstants.CLASS, clazz);
-        // 代码逻辑说明: 【QQYUN-13930】统一改成导出xlsx格式---
-        ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title, ExcelType.XSSF);
+        //update-begin--Author:liusq  Date:20210126 for：图片导出报错，ImageBasePath未设置--------------------
+        ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title);
         exportParams.setImageBasePath(jeecgBaseConfig.getPath().getUpload());
+        //update-end--Author:liusq  Date:20210126 for：图片导出报错，ImageBasePath未设置----------------------
         mv.addObject(NormalExcelConstants.PARAMS,exportParams);
         mv.addObject(NormalExcelConstants.DATA_LIST, exportList);
-        // 代码逻辑说明: 【issues/9052】BasicTable列表页导出excel可以指定列---
-        String exportFields = request.getParameter(NormalExcelConstants.EXPORT_FIELDS);
-        if(oConvertUtils.isNotEmpty(exportFields)){
-            mv.addObject(NormalExcelConstants.EXPORT_FIELDS, exportFields);
-        }
         return mv;
     }
     /**
@@ -94,16 +93,18 @@ public class JeecgController<T, S extends IService<T>> {
     protected ModelAndView exportXlsSheet(HttpServletRequest request, T object, Class<T> clazz, String title,String exportFields,Integer pageNum) {
         // Step.1 组装查询条件
         QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
-        LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+        LoginUser sysUser = SecureUtil.currentUser();
         // Step.2 计算分页sheet数据
         double total = service.count();
         int count = (int)Math.ceil(total/pageNum);
+        //update-begin-author:liusq---date:20220629--for: 多sheet导出根据选择导出写法调整 ---
         // Step.3  过滤选中数据
         String selections = request.getParameter("selections");
         if (oConvertUtils.isNotEmpty(selections)) {
             List<String> selectionList = Arrays.asList(selections.split(","));
             queryWrapper.in("id",selectionList);
         }
+        //update-end-author:liusq---date:20220629--for: 多sheet导出根据选择导出写法调整 ---
         // Step.4 多sheet处理
         List<Map<String, Object>> listMap = new ArrayList<Map<String, Object>>();
         for (int i = 1; i <=count ; i++) {
@@ -222,15 +223,16 @@ public class JeecgController<T, S extends IService<T>> {
             params.setNeedSave(true);
             try {
                 List<T> list = ExcelImportUtil.importExcel(file.getInputStream(), clazz, params);
-                // 代码逻辑说明: 批量插入数据
+                //update-begin-author:taoyan date:20190528 for:批量插入数据
                 long start = System.currentTimeMillis();
                 service.saveBatch(list);
                 //400条 saveBatch消耗时间1592毫秒  循环插入消耗时间1947毫秒
                 //1200条  saveBatch消耗时间3687毫秒 循环插入消耗时间5212毫秒
                 log.info("消耗时间" + (System.currentTimeMillis() - start) + "毫秒");
+                //update-end-author:taoyan date:20190528 for:批量插入数据
                 return Result.ok("文件导入成功！数据行数：" + list.size());
             } catch (Exception e) {
-                // 代码逻辑说明: 导入数据重复增加提示
+                //update-begin-author:taoyan date:20211124 for: 导入数据重复增加提示
                 String msg = e.getMessage();
                 log.error(msg, e);
                 if(msg!=null && msg.indexOf("Duplicate entry")>=0){
@@ -238,6 +240,7 @@ public class JeecgController<T, S extends IService<T>> {
                 }else{
                     return Result.error("文件导入失败:" + e.getMessage());
                 }
+                //update-end-author:taoyan date:20211124 for: 导入数据重复增加提示
             } finally {
                 try {
                     file.getInputStream().close();

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java

@@ -97,6 +97,7 @@ public class QueryGenerator {
 		return queryWrapper;
 	}
 	
+	//update-begin---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
 	/**
 	 * 获取查询条件构造器QueryWrapper实例 通用查询条件已被封装完成
 	 * @param searchObj 查询实体
@@ -111,6 +112,7 @@ public class QueryGenerator {
 		log.debug("---查询条件构造器初始化完成,耗时:"+(System.currentTimeMillis()-start)+"毫秒----");
 		return queryWrapper;
 	}
+	//update-end---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
 
 	/**
 	 * 组装Mybatis Plus 查询条件
@@ -140,6 +142,7 @@ public class QueryGenerator {
 		}
 		
 		String name, type, column;
+		// update-begin--Author:taoyan  Date:20200923 for：issues/1671 如果字段加注解了@TableField(exist = false),不走DB查询-------
 		//定义实体字段和数据库字段名称的映射 高级查询中 只能获取实体字段 如果设置TableField注解 那么查询条件会出问题
 		Map<String,String> fieldColumnMap = new HashMap<>(5);
 		for (int i = 0; i < origDescriptors.length; i++) {
@@ -185,7 +188,7 @@ public class QueryGenerator {
 						queryWrapper.and(j -> j.like(field,vals[0]));
 					}
 				}else {
-					// 代码逻辑说明: [TV360X-378]增加自定义字段查询规则功能------------
+					//update-begin---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
 					QueryRuleEnum rule;
 					if(null != customRuleMap && customRuleMap.containsKey(name)) {
 						// 有自定义规则,使用自定义规则.
@@ -194,6 +197,7 @@ public class QueryGenerator {
 						//根据参数值带什么关键字符串判断走什么类型的查询
 						 rule = convert2Rule(value);
 					}
+					//update-end---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
 					value = replaceValue(rule,value);
 					// add -begin 添加判断为字符串时设为全模糊查询
 					//if( (rule==null || QueryRuleEnum.EQ.equals(rule)) && "class java.lang.String".equals(type)) {
@@ -213,6 +217,7 @@ public class QueryGenerator {
 				
 		//高级查询
 		doSuperQuery(queryWrapper, parameterMap, fieldColumnMap);
+		// update-end--Author:taoyan  Date:20200923 for：issues/1671 如果字段加注解了@TableField(exist = false),不走DB查询-------
 		
 	}
 
@@ -255,16 +260,16 @@ public class QueryGenerator {
 		}
 		
 		if(oConvertUtils.isNotEmpty(column)){
-			log.debug("单字段排序规则>> column:" + column + ",排序方式:" + order);
+			log.info("单字段排序规则>> column:" + column + ",排序方式:" + order);
 		}
 
 		// 1. 列表多字段排序优先
 		if(parameterMap!=null&& parameterMap.containsKey("sortInfoString")) {
 			// 多字段排序
 			String sortInfoString = parameterMap.get("sortInfoString")[0];
-			log.debug("多字段排序规则>> sortInfoString:" + sortInfoString);
+			log.info("多字段排序规则>> sortInfoString:" + sortInfoString);
 			List<OrderItem> orderItemList = SqlConcatUtil.getQueryConditionOrders(column, order, sortInfoString);
-			log.debug(orderItemList.toString());
+			log.info(orderItemList.toString());
 			if (orderItemList != null && !orderItemList.isEmpty()) {
 				for (OrderItem item : orderItemList) {
 					// 一、获取排序数据库字段
@@ -316,11 +321,13 @@ public class QueryGenerator {
 			return;
 		}
 		
+		//update-begin-author:scott date:2022-11-07 for:避免用户自定义表无默认字段{创建时间}，导致排序报错
 		//TODO 避免用户自定义表无默认字段创建时间，导致排序报错
 		if(DataBaseConstant.CREATE_TIME.equals(column) && !fieldColumnMap.containsKey(DataBaseConstant.CREATE_TIME)){
 			column = "id";
 			log.warn("检测到实体里没有字段createTime，改成采用ID排序！");
 		}
+		//update-end-author:scott date:2022-11-07 for:避免用户自定义表无默认字段{创建时间}，导致排序报错
 		
 		if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
 			//字典字段，去掉字典翻译文本后缀
@@ -328,12 +335,15 @@ public class QueryGenerator {
 				column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX));
 			}
 
+			//update-begin-author:taoyan date:2022-5-16 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 			//判断column是不是当前实体的
 			log.debug("当前字段有："+ allFields);
 			if (!allColumnExist(column, allFields)) {
 				throw new JeecgBootException("请注意，将要排序的列字段不存在：" + column);
 			}
+			//update-end-author:taoyan date:2022-5-16 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 
+			//update-begin-author:scott date:2022-10-10 for:【jeecg-boot/issues/I5FJU6】doMultiFieldsOrder() 多字段排序方法存在问题
 			//多字段排序方法没有读取 MybatisPlus 注解 @TableField 里 value 的值
 			if (column.contains(",")) {
 				List<String> columnList = Arrays.asList(column.split(","));
@@ -344,10 +354,12 @@ public class QueryGenerator {
 			}else{
 				column = fieldColumnMap.get(column);
 			}
+			//update-end-author:scott date:2022-10-10 for:【jeecg-boot/issues/I5FJU6】doMultiFieldsOrder() 多字段排序方法存在问题
 
 			//SQL注入check
 			SqlInjectionUtil.filterContentMulti(column);
 
+			//update-begin--Author:scott  Date:20210531 for：36 多条件排序无效问题修正-------
 			// 排序规则修改
 			// 将现有排序 _ 前端传递排序条件{....,column: 'column1,column2',order: 'desc'} 翻译成sql "column1,column2 desc"
 			// 修改为 _ 前端传递排序条件{....,column: 'column1,column2',order: 'desc'} 翻译成sql "column1 desc,column2 desc"
@@ -356,9 +368,11 @@ public class QueryGenerator {
 			} else {
 				queryWrapper.orderByDesc(SqlInjectionUtil.getSqlInjectSortFields(column.split(",")));
 			}
+			//update-end--Author:scott  Date:20210531 for：36 多条件排序无效问题修正-------
 		}
 	}
 
+	//update-begin-author:taoyan date:2022-5-23 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 	/**
 	 * 多字段排序 判断所传字段是否存在
 	 * @return
@@ -378,6 +392,7 @@ public class QueryGenerator {
 		}
 		return exist;
 	}
+	//update-end-author:taoyan date:2022-5-23 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 	
 	/**
 	 * 高级查询
@@ -390,14 +405,14 @@ public class QueryGenerator {
 			String superQueryParams = parameterMap.get(SUPER_QUERY_PARAMS)[0];
 			String superQueryMatchType = parameterMap.get(SUPER_QUERY_MATCH_TYPE) != null ? parameterMap.get(SUPER_QUERY_MATCH_TYPE)[0] : MatchTypeEnum.AND.getValue();
             MatchTypeEnum matchType = MatchTypeEnum.getByValue(superQueryMatchType);
-            // 代码逻辑说明: 高级查询的条件要用括号括起来，防止和用户的其他条件冲突 -------
+            // update-begin--Author:sunjianlei  Date:20200325 for：高级查询的条件要用括号括起来，防止和用户的其他条件冲突 -------
             try {
                 superQueryParams = URLDecoder.decode(superQueryParams, "UTF-8");
                 List<QueryCondition> conditions = JSON.parseArray(superQueryParams, QueryCondition.class);
                 if (conditions == null || conditions.size() == 0) {
                     return;
                 }
-				// 代码逻辑说明: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
+				// update-begin-author:sunjianlei date:20220119 for: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
 				List<QueryCondition> filterConditions = conditions.stream().filter(
 						rule -> (oConvertUtils.isNotEmpty(rule.getField())
 													&& oConvertUtils.isNotEmpty(rule.getRule())
@@ -408,6 +423,7 @@ public class QueryGenerator {
 				if (filterConditions.size() == 0) {
 					return;
 				}
+				// update-end-author:sunjianlei date:20220119 for: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
                 log.debug("---高级查询参数-->" + filterConditions);
 
                 queryWrapper.and(andWrapper -> {
@@ -422,14 +438,14 @@ public class QueryGenerator {
 
                             log.debug("SuperQuery ==> " + rule.toString());
 
-                            // 代码逻辑说明: 【高级查询】 oracle 日期等于查询报错
+                            //update-begin-author:taoyan date:20201228 for: 【高级查询】 oracle 日期等于查询报错
 							Object queryValue = rule.getVal();
                             if("date".equals(rule.getType())){
 								queryValue = DateUtils.str2Date(rule.getVal(),DateUtils.date_sdf.get());
 							}else if("datetime".equals(rule.getType())){
 								queryValue = DateUtils.str2Date(rule.getVal(), DateUtils.datetimeFormat.get());
 							}
-							// 代码逻辑说明: 【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
+							// update-begin--author:sunjianlei date:20210702 for：【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
 							String dbType = rule.getDbType();
 							if (oConvertUtils.isNotEmpty(dbType)) {
 								try {
@@ -462,8 +478,9 @@ public class QueryGenerator {
 									log.error("高级查询值转换失败：", e);
 								}
 							}
-							// 代码逻辑说明: 【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
+							// update-begin--author:sunjianlei date:20210702 for：【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
                             addEasyQuery(andWrapper, fieldColumnMap.get(rule.getField()), QueryRuleEnum.getByValue(rule.getRule()), queryValue);
+							//update-end-author:taoyan date:20201228 for: 【高级查询】 oracle 日期等于查询报错
 
                             // 如果拼接方式是OR，就拼接OR
                             if (MatchTypeEnum.OR == matchType && i < (filterConditions.size() - 1)) {
@@ -479,6 +496,7 @@ public class QueryGenerator {
                 log.error("--高级查询拼接失败：" + e.getMessage());
                 e.printStackTrace();
             }
+            // update-end--Author:sunjianlei  Date:20200325 for：高级查询的条件要用括号括起来，防止和用户的其他条件冲突 -------
 		}
 		//log.info(" superQuery getCustomSqlSegment: "+ queryWrapper.getCustomSqlSegment());
 	}
@@ -490,7 +508,7 @@ public class QueryGenerator {
 	 */
 	public static QueryRuleEnum convert2Rule(Object value) {
 		// 避免空数据
-		// 代码逻辑说明: 查询条件输入空格导致return null后续判断导致抛出null异常
+		// update-begin-author:taoyan date:20210629 for: 查询条件输入空格导致return null后续判断导致抛出null异常
 		if (value == null) {
 			return QueryRuleEnum.EQ;
 		}
@@ -498,8 +516,10 @@ public class QueryGenerator {
 		if (val.length() == 0) {
 			return QueryRuleEnum.EQ;
 		}
+		// update-end-author:taoyan date:20210629 for: 查询条件输入空格导致return null后续判断导致抛出null异常
 		QueryRuleEnum rule =null;
 
+		//update-begin--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284-------------------
 		//TODO 此处规则，只适用于 le lt ge gt
 		// step 2 .>= =<
         int length2 = 2;
@@ -515,12 +535,14 @@ public class QueryGenerator {
 				rule = QueryRuleEnum.getByValue(val.substring(0, 1));
 			}
 		}
+		//update-end--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284---------------------
 
 		// step 3 like
-		// 代码逻辑说明: /issues/3382 默认带*就走模糊，但是如果只有一个*，那么走等于查询
+		//update-begin-author:taoyan for: /issues/3382 默认带*就走模糊，但是如果只有一个*，那么走等于查询
 		if(rule == null && val.equals(STAR)){
 			rule = QueryRuleEnum.EQ;
 		}
+		//update-end-author:taoyan for: /issues/3382  默认带*就走模糊，但是如果只有一个*，那么走等于查询
 		if (rule == null && val.contains(STAR)) {
 			if (val.startsWith(STAR) && val.endsWith(STAR)) {
 				rule = QueryRuleEnum.LIKE;
@@ -545,10 +567,12 @@ public class QueryGenerator {
 			rule = QueryRuleEnum.EQ_WITH_ADD;
 		}
 
+		//update-begin--Author:taoyan  Date:20201229 for：initQueryWrapper组装sql查询条件错误 #284---------------------
 		//特殊处理：Oracle的表达式to_date('xxx','yyyy-MM-dd')含有逗号，会被识别为in查询，转为等于查询
 		if(rule == QueryRuleEnum.IN && val.indexOf(YYYY_MM_DD)>=0 && val.indexOf(TO_DATE)>=0){
 			rule = QueryRuleEnum.EQ;
 		}
+		//update-end--Author:taoyan  Date:20201229 for：initQueryWrapper组装sql查询条件错误 #284---------------------
 
 		return rule != null ? rule : QueryRuleEnum.EQ;
 	}
@@ -568,10 +592,11 @@ public class QueryGenerator {
 			return value;
 		}
 		String val = (value + "").toString().trim();
-		// 代码逻辑说明: 查询条件的值为等号（=）bug #3443
+		//update-begin-author:taoyan date:20220302 for: 查询条件的值为等号（=）bug #3443
 		if(QueryRuleEnum.EQ.getValue().equals(val)){
 			return val;
 		}
+		//update-end-author:taoyan date:20220302 for: 查询条件的值为等号（=）bug #3443
 		if (rule == QueryRuleEnum.LIKE) {
 			value = val.substring(1, val.length() - 1);
 			//mysql 模糊查询之特殊字符下划线 （_、\）
@@ -589,19 +614,21 @@ public class QueryGenerator {
 		} else if (rule == QueryRuleEnum.EQ_WITH_ADD) {
 			value = val.replaceAll("\\+\\+", COMMA);
 		}else {
-			// 代码逻辑说明: initQueryWrapper组装sql查询条件错误 #284-------------------
+			//update-begin--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284-------------------
 			if(val.startsWith(rule.getValue())){
 				//TODO 此处逻辑应该注释掉-> 如果查询内容中带有查询匹配规则符号，就会被截取的（比如：>=您好）
 				value = val.replaceFirst(rule.getValue(),"");
 			}else if(val.startsWith(rule.getCondition()+QUERY_SEPARATE_KEYWORD)){
 				value = val.replaceFirst(rule.getCondition()+QUERY_SEPARATE_KEYWORD,"").trim();
 			}
+			//update-end--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284-------------------
 		}
 		return value;
 	}
 	
 	private static void addQueryByRule(QueryWrapper<?> queryWrapper,String name,String type,String value,QueryRuleEnum rule) throws ParseException {
 		if(oConvertUtils.isNotEmpty(value)) {
+			//update-begin--Author:sunjianlei  Date:20220104 for：【JTC-409】修复逗号分割情况下没有转换类型，导致类型严格的数据库查询报错 -------------------
 			// 针对数字类型字段，多值查询
 			if(value.contains(COMMA)){
 				Object[] temp = Arrays.stream(value.split(COMMA)).map(v -> {
@@ -617,6 +644,7 @@ public class QueryGenerator {
 			}
 			Object temp = QueryGenerator.parseByType(value, type, rule);
 			addEasyQuery(queryWrapper, name, rule, temp);
+			//update-end--Author:sunjianlei  Date:20220104 for：【JTC-409】修复逗号分割情况下没有转换类型，导致类型严格的数据库查询报错 -------------------
 		}
 	}
 
@@ -731,12 +759,13 @@ public class QueryGenerator {
 			}else if(value instanceof String[]) {
 				queryWrapper.in(name, (Object[]) value);
 			}
-			// 代码逻辑说明: 【bug】in 类型多值查询 不适配postgresql #1671
+			//update-begin-author:taoyan date:20200909 for:【bug】in 类型多值查询 不适配postgresql #1671
 			else if(value.getClass().isArray()) {
 				queryWrapper.in(name, (Object[])value);
 			}else {
 				queryWrapper.in(name, value);
 			}
+			//update-end-author:taoyan date:20200909 for:【bug】in 类型多值查询 不适配postgresql #1671
 			break;
 		case LIKE:
 			queryWrapper.like(name, value);
@@ -753,7 +782,7 @@ public class QueryGenerator {
 		case NOT_RIGHT_LIKE:
 			queryWrapper.notLikeRight(name, value);
 			break;
-		// 代码逻辑说明: [TV360X-378]下拉多框根据条件查询不出来:增加自定义字段查询规则功能------------
+		//update-begin---author:chenrui ---date:20240527  for：[TV360X-378]下拉多框根据条件查询不出来:增加自定义字段查询规则功能------------
 		case LIKE_WITH_OR:
 			final String nameFinal = name;
 			Object[] vals;
@@ -762,7 +791,7 @@ public class QueryGenerator {
 			} else if (value instanceof String[]) {
 				vals = (Object[]) value;
 			}
-			// 代码逻辑说明: 【bug】in 类型多值查询 不适配postgresql #1671
+			//update-begin-author:taoyan date:20200909 for:【bug】in 类型多值查询 不适配postgresql #1671
 			else if (value.getClass().isArray()) {
 				vals = (Object[]) value;
 			} else {
@@ -777,6 +806,7 @@ public class QueryGenerator {
 				}
 			});
 			break;
+		//update-end---author:chenrui ---date:20240527  for：[TV360X-378]下拉多框根据条件查询不出来:增加自定义字段查询规则功能------------
 		default:
 			log.info("--查询规则未匹配到---");
 			break;
@@ -790,8 +820,10 @@ public class QueryGenerator {
 	private static boolean judgedIsUselessField(String name) {
 		return "class".equals(name) || "ids".equals(name)
 				|| "page".equals(name) || "rows".equals(name)
+//// update-begin--author:sunjianlei date:20240808 for：【TV360X-2009】取消过滤 sort、order 字段，防止前端排序报错 ------
 //// https://github.com/jeecgboot/JeecgBoot/issues/6937
 //				|| "sort".equals(name) || "order".equals(name)
+//// update-end----author:sunjianlei date:20240808 for：【TV360X-2009】取消过滤 sort、order 字段，防止前端排序报错 ------
 				;
 	}
 
@@ -804,12 +836,13 @@ public class QueryGenerator {
 	public static Map<String, SysPermissionDataRuleModel> getRuleMap() {
 		Map<String, SysPermissionDataRuleModel> ruleMap = new HashMap<>(5);
 		List<SysPermissionDataRuleModel> list = null;
-		// 代码逻辑说明: QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
+		//update-begin-author:taoyan date:2023-6-1 for:QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
 		try {
 			list = JeecgDataAutorUtils.loadDataSearchConditon();
 		}catch (Exception e){
 			log.error("根据request对象获取权限数据失败，可能是定时任务中执行的。", e);
 		}
+		//update-end-author:taoyan date:2023-6-1 for:QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
 		if(list != null&&list.size()>0){
 			if(list.get(0)==null){
 				return ruleMap;
@@ -846,8 +879,9 @@ public class QueryGenerator {
 					addEasyQuery(queryWrapper, name, rule, DateUtils.str2Date(dateStr,DateUtils.datetimeFormat.get()));
 				}
 			}else {
-				// 代码逻辑说明: [issues/7481]多租户模式下 数据权限使用变量：#{tenant_id} 报错------------
+				//update-begin---author:chenrui ---date:20241125  for：[issues/7481]多租户模式下 数据权限使用变量：#{tenant_id} 报错------------
 				addEasyQuery(queryWrapper, name, rule, NumberUtils.parseNumber(converRuleValue(dataRule.getRuleValue()), propertyType));
+				//update-end---author:chenrui ---date:20241125  for：[issues/7481]多租户模式下 数据权限使用变量：#{tenant_id} 报错------------
 			}
 		}
 	}
@@ -901,8 +935,9 @@ public class QueryGenerator {
 			return null;
 		}
 		Set<String> varParams = new HashSet<String>();
-		// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+		//update-begin---author:chenrui ---date:20250108  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		String regex = "#\\{\\[*\\w+]*}";
+		//update-end---author:chenrui ---date:20250108  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		
 		Pattern p = Pattern.compile(regex);
 		Matcher m = p.matcher(sql);
@@ -958,8 +993,9 @@ public class QueryGenerator {
 				Class propType = origDescriptors[i].getPropertyType();
 				boolean isString = propType.equals(String.class);
 				Object value;
-				// 代码逻辑说明: [TV360X-539]数据权限，配置日期等于条件时后端报转换错误------------
+				//update-begin---author:chenrui ---date:20240527  for：[TV360X-539]数据权限，配置日期等于条件时后端报转换错误------------
 				if(isString || Date.class.equals(propType)) {
+				//update-end---author:chenrui ---date:20240527  for：[TV360X-539]数据权限，配置日期等于条件时后端报转换错误------------
 					value = converRuleValue(dataRule.getRuleValue());
 				}else {
 					value = NumberUtils.parseNumber(dataRule.getRuleValue(),propType);

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java

@@ -1,5 +1,7 @@
 package org.jeecg.common.system.util;
 
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson2.JSONObject;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
@@ -10,9 +12,9 @@ import com.google.common.base.Joiner;
 
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Date;
-import java.util.Objects;
+import java.util.*;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
@@ -20,7 +22,7 @@ import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
 
 import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.SecurityUtils;
+import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.DataBaseConstant;
@@ -32,6 +34,22 @@ import org.jeecg.common.system.vo.SysUserCacheInfo;
 import org.jeecg.common.util.DateUtils;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.security.self.SelfAuthenticationProvider;
+import org.jeecg.config.security.self.SelfAuthenticationToken;
+import org.jeecg.config.security.utils.SecureUtil;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 
 /**
  * @Author Scott
@@ -41,36 +59,37 @@ import org.jeecg.common.util.oConvertUtils;
 @Slf4j
 public class JwtUtil {
 
-	/**PC端，Token有效期为7天（Token在reids中缓存时间为两倍）*/
-	public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000L;
-	/**APP端，Token有效期为30天（Token在reids中缓存时间为两倍）*/
-	public static final long APP_EXPIRE_TIME = (30 * 12) * 60 * 60 * 1000L;
+	/**Token有效期为7天（Token在reids中缓存时间为两倍）*/
+	public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000;
 	static final String WELL_NUMBER = SymbolConstant.WELL_NUMBER + SymbolConstant.LEFT_CURLY_BRACKET;
 
+	public static final String DEFAULT_CLIENT = "jeecg-client";
+
     /**
      *
      * @param response
      * @param code
      * @param errorMsg
      */
-	public static void responseError(HttpServletResponse response, Integer code, String errorMsg) {
-		try {
-			Result jsonResult = new Result(code, errorMsg);
-			jsonResult.setSuccess(false);
-			
-			// 设置响应头和内容类型
-			response.setStatus(code);
-			response.setHeader("Content-type", "text/html;charset=UTF-8");
-			response.setContentType("application/json;charset=UTF-8");
-			// 使用 ObjectMapper 序列化为 JSON 字符串
-			ObjectMapper objectMapper = new ObjectMapper();
-			String json = objectMapper.writeValueAsString(jsonResult);
-			response.getWriter().write(json);
-			response.getWriter().flush();
-		} catch (IOException e) {
+    public static void responseError(ServletResponse response, Integer code, String errorMsg) {
+		HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+		// issues/I4YH95浏览器显示乱码问题
+		httpServletResponse.setHeader("Content-type", "text/html;charset=UTF-8");
+		response.setContentType("application/json;charset=UTF-8");
+        Result jsonResult = new Result(code, errorMsg);
+		jsonResult.setSuccess(false);
+        OutputStream os = null;
+        try {
+            os = httpServletResponse.getOutputStream();
+			httpServletResponse.setCharacterEncoding("UTF-8");
+			httpServletResponse.setStatus(code);
+            os.write(new ObjectMapper().writeValueAsString(jsonResult).getBytes("UTF-8"));
+            os.flush();
+            os.close();
+        } catch (IOException e) {
 			log.error(e.getMessage(), e);
-		}
-	}
+        }
+    }
 
 	/**
 	 * 校验token是否正确
@@ -82,13 +101,12 @@ public class JwtUtil {
 	public static boolean verify(String token, String username, String secret) {
 		try {
 			// 根据密码生成JWT效验器
-			Algorithm algorithm = Algorithm.HMAC256(secret);
-			JWTVerifier verifier = JWT.require(algorithm).withClaim("username", username).build();
+			JwtDecoder jwtDecoder = SpringContextUtils.getBean(JwtDecoder.class);
 			// 效验TOKEN
-			DecodedJWT jwt = verifier.verify(token);
+			jwtDecoder.decode(token);
 			return true;
 		} catch (Exception e) {
-			log.warn("Token验证失败：" + e.getMessage(),e);
+			log.error(e.getMessage(), e);
 			return false;
 		}
 	}
@@ -109,82 +127,26 @@ public class JwtUtil {
 	}
 
 	/**
-	 * 生成签名,5min后过期
+	 * 生成token
 	 *
 	 * @param username 用户名
 	 * @param secret   用户的密码
 	 * @return 加密的token
-	 * @deprecated 请使用sign(String username, String secret, String clientType)方法代替
 	 */
-	@Deprecated
 	public static String sign(String username, String secret) {
-		Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
-		Algorithm algorithm = Algorithm.HMAC256(secret);
-		// 附带username信息
-		return JWT.create().withClaim("username", username).withExpiresAt(date).sign(algorithm);
+		Map<String, Object> additionalParameter = new HashMap<>();
+		additionalParameter.put("username", username);
 
-	}
+		RegisteredClientRepository registeredClientRepository = SpringContextUtils.getBean(RegisteredClientRepository.class);
+		SelfAuthenticationProvider selfAuthenticationProvider = SpringContextUtils.getBean(SelfAuthenticationProvider.class);
 
+		OAuth2ClientAuthenticationToken client = new OAuth2ClientAuthenticationToken(Objects.requireNonNull(registeredClientRepository.findByClientId("jeecg-client")), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, null);
+		client.setAuthenticated(true);
+		SelfAuthenticationToken selfAuthenticationToken = new SelfAuthenticationToken(client, additionalParameter);
+		selfAuthenticationToken.setAuthenticated(true);
+		OAuth2AccessTokenAuthenticationToken accessToken = (OAuth2AccessTokenAuthenticationToken) selfAuthenticationProvider.authenticate(selfAuthenticationToken);
+		return accessToken.getAccessToken().getTokenValue();
 
-	/**
-	 * 生成签名,5min后过期
-	 *
-	 * @param username 用户名
-	 * @param secret   用户的密码
-	 * @param expireTime 过期时间
-	 * @return 加密的token
-	 * @deprecated 请使用sign(String username, String secret, String clientType)方法代替
-	 */
-	@Deprecated
-	public static String sign(String username, String secret, Long expireTime) {
-		Date date = new Date(System.currentTimeMillis() + expireTime);
-		Algorithm algorithm = Algorithm.HMAC256(secret);
-		// 附带username信息
-		return JWT.create().withClaim("username", username).withExpiresAt(date).sign(algorithm);
-
-	}
-
-	/**
-	 * 生成签名，根据客户端类型自动选择过期时间
-	 * for [JHHB-1030]【鉴权】移动端用户token到期后续期时间变成pc端时长
-	 *
-	 * @param username 用户名
-	 * @param secret   用户的密码
-	 * @param clientType 客户端类型（PC或APP）
-	 * @return 加密的token
-	 */
-	public static String sign(String username, String secret, String clientType) {
-		// 根据客户端类型选择对应的过期时间
-		long expireTime = CommonConstant.CLIENT_TYPE_APP.equalsIgnoreCase(clientType) 
-			? APP_EXPIRE_TIME 
-			: EXPIRE_TIME;
-		Date date = new Date(System.currentTimeMillis() + expireTime);
-		Algorithm algorithm = Algorithm.HMAC256(secret);
-		// 附带username和clientType信息
-		return JWT.create()
-			.withClaim("username", username)
-			.withClaim("clientType", clientType)
-			.withExpiresAt(date)
-			.sign(algorithm);
-	}
-
-	/**
-	 * 从token中获取客户端类型
-	 * for [JHHB-1030]【鉴权】移动端用户token到期后续期时间变成pc端时长
-	 *
-	 * @param token JWT token
-	 * @return 客户端类型，如果不存在则返回PC（兼容旧token）
-	 */
-	public static String getClientType(String token) {
-		try {
-			DecodedJWT jwt = JWT.decode(token);
-			String clientType = jwt.getClaim("clientType").asString();
-			// 如果clientType为空，返回默认值PC（兼容旧token）
-			return oConvertUtils.isNotEmpty(clientType) ? clientType : CommonConstant.CLIENT_TYPE_PC;
-		} catch (JWTDecodeException e) {
-			log.warn("解析token中的clientType失败，使用默认值PC：" + e.getMessage());
-			return CommonConstant.CLIENT_TYPE_PC;
-		}
 	}
 
 	/**
@@ -248,7 +210,7 @@ public class JwtUtil {
 		//2.通过shiro获取登录用户信息
 		LoginUser sysUser = null;
 		try {
-			sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+			sysUser = SecureUtil.currentUser();
 		} catch (Exception e) {
 			log.warn("SecurityUtils.getSubject() 获取用户信息异常：" + e.getMessage());
 		}
@@ -266,6 +228,7 @@ public class JwtUtil {
 		} else {
 			key = key;
 		}
+		//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		// 是否存在字符串标志
 		boolean multiStr;
 		if(oConvertUtils.isNotEmpty(key) && key.trim().matches("^\\[\\w+]$")){
@@ -274,6 +237,7 @@ public class JwtUtil {
 		} else {
             multiStr = false;
         }
+		//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		//替换为当前系统时间(年月日)
 		if (key.equals(DataBaseConstant.SYS_DATE)|| key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) {
 			returnValue = DateUtils.formatDate();
@@ -342,17 +306,20 @@ public class JwtUtil {
 			if(user==null){
 				//TODO 暂时使用用户登录部门，存在逻辑缺陷，不是用户所拥有的部门
 				returnValue = sysUser.getOrgCode();
-				// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+				//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 				returnValue = multiStr ? "'" + returnValue + "'" : returnValue;
+				//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 			}else{
 				if(user.isOneDepart()) {
 					returnValue = user.getSysMultiOrgCode().get(0);
-					// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+					//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 					returnValue = multiStr ? "'" + returnValue + "'" : returnValue;
+					//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 				}else {
-					// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+					//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 					returnValue = user.getSysMultiOrgCode().stream()
 							.filter(Objects::nonNull)
+							//update-begin---author:chenrui ---date:20250224  for：[issues/7288]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 							.map(orgCode -> {
 								if (multiStr) {
 									return "'" + orgCode + "'";
@@ -360,7 +327,9 @@ public class JwtUtil {
 									return orgCode;
 								}
 							})
+							//update-end---author:chenrui ---date:20250224  for：[issues/7288]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 							.collect(Collectors.joining(", "));
+					//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 				}
 			}
 		}
@@ -374,7 +343,7 @@ public class JwtUtil {
 			}
 		}
 
-		// 代码逻辑说明: 多租户ID作为系统变量
+		//update-begin-author:taoyan date:20210330 for:多租户ID作为系统变量
 		else if (key.equals(TenantConstant.TENANT_ID) || key.toLowerCase().equals(TenantConstant.TENANT_ID_TABLE)){
 			try {
 				returnValue = SpringContextUtils.getHttpServletRequest().getHeader(CommonConstant.TENANT_ID);
@@ -382,6 +351,7 @@ public class JwtUtil {
 				log.warn("获取系统租户异常：" + e.getMessage());
 			}
 		}
+		//update-end-author:taoyan date:20210330 for:多租户ID作为系统变量
 		if(returnValue!=null){returnValue = returnValue + moshi;}
 		return returnValue;
 	}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/ResourceUtil.java

@@ -67,13 +67,13 @@ public class ResourceUtil {
             synchronized (ResourceUtil.class) {
                 if (!initialized) {
                     long startTime = System.currentTimeMillis();
-                    log.debug("【枚举字典加载】开始初始化枚举字典数据...");
+                    log.info("【枚举字典加载】开始初始化枚举字典数据...");
 
                     initEnumDictData();
                     initialized = true;
 
                     long endTime = System.currentTimeMillis();
-                    log.debug("【枚举字典加载】枚举字典数据初始化完成，共加载 {} 个字典，总耗时: {}ms", enumDictData.size(), endTime - startTime);
+                    log.info("【枚举字典加载】枚举字典数据初始化完成，共加载 {} 个字典，总耗时: {}ms", enumDictData.size(), endTime - startTime);
                 }
             }
         }
@@ -103,7 +103,7 @@ public class ResourceUtil {
         }
 
         long scanEndTime = System.currentTimeMillis();
-        log.debug("【枚举字典加载】文件扫描完成，总共找到 {} 个枚举类文件，扫描耗时: {}ms", allResources.size(), scanEndTime - scanStartTime);
+        log.info("【枚举字典加载】文件扫描完成，总共找到 {} 个枚举类文件，扫描耗时: {}ms", allResources.size(), scanEndTime - scanStartTime);
 
         MetadataReaderFactory readerFactory = new CachingMetadataReaderFactory(resourcePatternResolver);
 
@@ -126,7 +126,7 @@ public class ResourceUtil {
         }
 
         long processEndTime = System.currentTimeMillis();
-        log.debug("【枚举字典加载】处理完成，实际处理 {} 个带注解的枚举类，处理耗时: {}ms", processedCount, processEndTime - processStartTime);
+        log.info("【枚举字典加载】处理完成，实际处理 {} 个带注解的枚举类，处理耗时: {}ms", processedCount, processEndTime - processStartTime);
     }
 
     /**

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/SqlConcatUtil.java

@@ -150,7 +150,7 @@ public class SqlConcatUtil {
     }
 
     private static String getInConditionValue(Object value,boolean isString) {
-        // 代码逻辑说明: 查询条件如果输入,导致sql报错
+        //update-begin-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
         String[] temp = value.toString().split(",");
         if(temp.length==0){
             return "('')";
@@ -168,6 +168,7 @@ public class SqlConcatUtil {
         }else {
             return "("+value.toString()+")";
         }
+        //update-end-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
     }
 
     /**
@@ -214,6 +215,7 @@ public class SqlConcatUtil {
                 }
             }else {
 
+                //update-begin-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
                 // 走到这里说明 value不带有任何模糊查询的标识(*或者%)
                 if (ruleEnum == QueryRuleEnum.LEFT_LIKE) {
                     if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
@@ -234,6 +236,7 @@ public class SqlConcatUtil {
                         return "'%" + str + "%'";
                     }
                 }
+                //update-end-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
 
             }
         }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/LoginUser.java

@@ -1,13 +1,18 @@
 package org.jeecg.common.system.vo;
 
+import com.alibaba.fastjson2.JSON;
 import com.fasterxml.jackson.annotation.JsonFormat;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.experimental.Accessors;
 import org.jeecg.common.desensitization.annotation.SensitiveField;
 import org.springframework.format.annotation.DateTimeFormat;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
 
+import java.io.Serializable;
 import java.util.Date;
+import java.util.Set;
 
 /**
  * <p>
@@ -20,8 +25,10 @@ import java.util.Date;
 @Data
 @EqualsAndHashCode(callSuper = false)
 @Accessors(chain = true)
-public class LoginUser {
+public class LoginUser implements Serializable {
 
+
+	private static final long serialVersionUID = -7143159031677245866L;
 	/**
 	 * 登录人id
 	 */
@@ -148,4 +155,30 @@ public class LoginUser {
 	 * 主岗位
 	 */
 	private String mainDepPostId;
+
+    @SensitiveField
+    private String salt;
+
+    @Override
+    public String toString() {
+        // 重新构建对象过滤一些敏感字段
+        LoginUser loginUser = new LoginUser();
+        loginUser.setId(id);
+        loginUser.setUsername(username);
+        loginUser.setRealname(realname);
+        loginUser.setOrgCode(orgCode);
+        loginUser.setSex(sex);
+        loginUser.setEmail(email);
+        loginUser.setPhone(phone);
+        loginUser.setDelFlag(delFlag);
+        loginUser.setStatus(status);
+        loginUser.setActivitiSync(activitiSync);
+        loginUser.setUserIdentity(userIdentity);
+        loginUser.setDepartIds(departIds);
+        loginUser.setPost(post);
+        loginUser.setTelephone(telephone);
+        loginUser.setRelTenantIds(relTenantIds);
+        loginUser.setClientId(clientId);
+        return JSON.toJSONString(loginUser);
+    }
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/DySmsHelper.java

@@ -10,9 +10,7 @@ import com.aliyuncs.exceptions.ClientException;
 import com.aliyuncs.profile.DefaultProfile;
 import com.aliyuncs.profile.IClientProfile;
 import org.apache.commons.lang3.StringUtils;
-import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.enums.DySmsEnum;
-import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.JeecgSmsTemplateConfig;
 import org.jeecg.config.StaticConfig;
 import org.slf4j.Logger;
@@ -63,21 +61,17 @@ public class DySmsHelper {
     
     
     public static boolean sendSms(String phone, JSONObject templateParamJson, DySmsEnum dySmsEnum) throws ClientException {
-        JeecgBaseConfig config = SpringContextUtils.getBean(JeecgBaseConfig.class);
-        String smsSendType = config.getSmsSendType();
-        if(oConvertUtils.isNotEmpty(smsSendType) && CommonConstant.SMS_SEND_TYPE_TENCENT.equals(smsSendType)){
-            return TencentSms.sendTencentSms(phone, templateParamJson, config.getTencent(), dySmsEnum);
-        }
-        //可自助调整超时时间
+    	//可自助调整超时时间
         System.setProperty("sun.net.client.defaultConnectTimeout", "10000");
         System.setProperty("sun.net.client.defaultReadTimeout", "10000");
 
-        // 代码逻辑说明: 配置类数据获取
+        //update-begin-author：taoyan date:20200811 for:配置类数据获取
         StaticConfig staticConfig = SpringContextUtils.getBean(StaticConfig.class);
         //logger.info("阿里大鱼短信秘钥 accessKeyId：" + staticConfig.getAccessKeyId());
         //logger.info("阿里大鱼短信秘钥 accessKeySecret："+ staticConfig.getAccessKeySecret());
         setAccessKeyId(staticConfig.getAccessKeyId());
         setAccessKeySecret(staticConfig.getAccessKeySecret());
+        //update-end-author：taoyan date:20200811 for:配置类数据获取
         
         //初始化acsClient,暂不支持region化
         IClientProfile profile = DefaultProfile.getProfile("cn-hangzhou", accessKeyId, accessKeySecret);
@@ -87,7 +81,7 @@ public class DySmsHelper {
         //验证json参数
         validateParam(templateParamJson,dySmsEnum);
 
-        // 代码逻辑说明: 【QQYUN-9422】短信模板管理，阿里云---
+        //update-begin---author:wangshuai---date:2024-11-05---for:【QQYUN-9422】短信模板管理，阿里云---
         String templateCode = dySmsEnum.getTemplateCode();
         JeecgSmsTemplateConfig baseConfig = SpringContextUtils.getBean(JeecgSmsTemplateConfig.class);
         if(baseConfig != null && CollectionUtil.isNotEmpty(baseConfig.getTemplateCode())){
@@ -103,6 +97,7 @@ public class DySmsHelper {
             logger.info("yml中读取签名名称{}",baseConfig.getSignature());
             signName = baseConfig.getSignature();
         }
+        //update-end---author:wangshuai---date:2024-11-05---for:【QQYUN-9422】短信模板管理，阿里云---
         
         //组装请求对象-具体描述见控制台-文档部分内容
         SendSmsRequest request = new SendSmsRequest();

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/FileDownloadUtils.java

@@ -1,7 +1,7 @@
 package org.jeecg.common.util;
 
-import cn.hutool.core.io.IoUtil;
 import jakarta.servlet.http.HttpServletResponse;
+import cn.hutool.core.io.IoUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream;

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/HTMLUtils.java

@@ -38,12 +38,14 @@ public class HTMLUtils {
      * @return
      */
     public static String parseMarkdown(String markdownContent) {
+        //update-begin---author:wangshuai---date:2024-06-26---for:【TV360X-1344】JDK17 邮箱发送失败，需要换写法---
         /*PegDownProcessor pdp = new PegDownProcessor();
         return pdp.markdownToHtml(markdownContent);*/
         Parser parser = Parser.builder().build();
         Node document = parser.parse(markdownContent);
         HtmlRenderer renderer = HtmlRenderer.builder().build();
         return renderer.render(document);
+        //update-end---author:wangshuai---date:2024-06-26---for:【TV360X-1344】JDK17 邮箱发送失败，需要换写法---
     }
 
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MinioUtil.java

@@ -161,10 +161,11 @@ public class MinioUtil {
     public static String getObjectUrl(String bucketName, String objectName, Integer expires) {
         initMinio(minioUrl, minioName,minioPass);
         try{
-            // 代码逻辑说明: 获取文件外链报错提示method不能为空，导致文件下载和预览失败----
+            //update-begin---author:liusq  Date:20220121  for：获取文件外链报错提示method不能为空，导致文件下载和预览失败----
             GetPresignedObjectUrlArgs objectArgs = GetPresignedObjectUrlArgs.builder().object(objectName)
                     .bucket(bucketName)
                     .expiry(expires).method(Method.GET).build();
+            //update-begin---author:liusq  Date:20220121  for：获取文件外链报错提示method不能为空，导致文件下载和预览失败----
             String url = minioClient.getPresignedObjectUrl(objectArgs);
             return URLDecoder.decode(url,"UTF-8");
         }catch (Exception e){

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MyCommonsMultipartFile.java

@@ -1,78 +0,0 @@
-package org.jeecg.common.util;
-
-import org.apache.commons.fileupload.FileItem;
-import org.springframework.web.multipart.MultipartFile;
-
-import java.io.*;
-
-/**
- * @date 2025-09-04
- * @author scott
- * 
- * 升级springboot3 无法使用 CommonsMultipartFile
- * 自定义 MultipartFile 实现类，支持从 FileItem 构造
- */
-public class MyCommonsMultipartFile implements MultipartFile {
-
-    private final byte[] fileContent;
-    private final String fileName;
-    private final String contentType;
-
-    // 新增构造方法，支持 FileItem 参数
-    public MyCommonsMultipartFile(FileItem fileItem) throws IOException {
-        this.fileName = fileItem.getName();
-        this.contentType = fileItem.getContentType();
-        try (InputStream inputStream = fileItem.getInputStream()) {
-            this.fileContent = inputStream.readAllBytes();
-        }
-    }
-    
-    // 现有构造方法
-    public MyCommonsMultipartFile(InputStream inputStream, String fileName, String contentType) throws IOException {
-        this.fileName = fileName;
-        this.contentType = contentType;
-        this.fileContent = inputStream.readAllBytes();
-    }
-
-    @Override
-    public String getName() {
-        return fileName;
-    }
-
-    @Override
-    public String getOriginalFilename() {
-        return fileName;
-    }
-
-    @Override
-    public String getContentType() {
-        return contentType;
-    }
-
-    @Override
-    public boolean isEmpty() {
-        return fileContent.length == 0;
-    }
-
-    @Override
-    public long getSize() {
-        return fileContent.length;
-    }
-
-    @Override
-    public byte[] getBytes() {
-        return fileContent;
-    }
-
-    @Override
-    public InputStream getInputStream() {
-        return new ByteArrayInputStream(fileContent);
-    }
-
-    @Override
-    public void transferTo(File dest) throws IOException {
-        try (OutputStream os = new FileOutputStream(dest)) {
-            os.write(fileContent);
-        }
-    }
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/PasswordUtil.java

@@ -99,8 +99,9 @@ public class PasswordUtil {
 			Cipher cipher = Cipher.getInstance(ALGORITHM);
 
 			cipher.init(Cipher.ENCRYPT_MODE, key, parameterSpec);
-			// 代码逻辑说明: 中文作为用户名时，加密的密码windows和linux会得到不同的结果 gitee/issues/IZUD7
+			//update-begin-author:sccott date:20180815 for:中文作为用户名时，加密的密码windows和linux会得到不同的结果 gitee/issues/IZUD7
 			encipheredData = cipher.doFinal(plaintext.getBytes("utf-8"));
+			//update-end-author:sccott date:20180815 for:中文作为用户名时，加密的密码windows和linux会得到不同的结果 gitee/issues/IZUD7
 		} catch (Exception e) {
 		}
 		return bytesToHexString(encipheredData);

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/RestUtil.java

@@ -56,12 +56,14 @@ public class RestUtil {
     private final static RestTemplate RT;
 
     static {
-        // 解决[issues/8859]online表单java增强失效------------
+        //update-begin---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
         // 使用 Apache HttpClient 避免 JDK HttpURLConnection 的 too many bytes written 问题
         HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+        //update-end---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
         requestFactory.setConnectTimeout(30000);
         requestFactory.setReadTimeout(30000);
         RT = new RestTemplate(requestFactory);
+        //update-begin---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
         // 解决乱码问题（替换 StringHttpMessageConverter 为 UTF-8）
         for (int i = 0; i < RT.getMessageConverters().size(); i++) {
             if (RT.getMessageConverters().get(i) instanceof StringHttpMessageConverter) {
@@ -69,6 +71,7 @@ public class RestUtil {
                 break;
             }
         }
+        //update-end---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
     }
 
     public static RestTemplate getRestTemplate() {
@@ -223,16 +226,6 @@ public class RestUtil {
         if (variables != null && !variables.isEmpty()) {
             url += ("?" + asUrlVariables(variables));
         }
-        // 解决[issues/8951]从jeecgboot 3.8.2 升级到 3.8.3 在线表单java增强功能报错------------
-        // Content-Length 强制设置（解决可能出现的截断问题）
-        if (StringUtils.isNotEmpty(body)) {
-            int contentLength = body.getBytes(StandardCharsets.UTF_8).length;
-            String current = headers.getFirst(HttpHeaders.CONTENT_LENGTH);
-            if (current == null || !current.equals(String.valueOf(contentLength))) {
-                headers.setContentLength(contentLength);
-                log.info(" RestUtil  --- request --- 修正/设置 Content-Length = " + contentLength + (current!=null?" (原值="+current+")":""));
-            }
-        }
         // 发送请求
         HttpEntity<String> request = new HttpEntity<>(body, headers);
         return RT.exchange(url, method, request, responseType);
@@ -267,11 +260,13 @@ public class RestUtil {
         // 创建自定义RestTemplate（如果需要设置超时）
         RestTemplate restTemplate = RT;
         if (timeout > 0) {
-            // 代码逻辑说明: [issues/8859]online表单java增强失效------------
+            //update-begin---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
             HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+            //update-end---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
             requestFactory.setConnectTimeout(timeout);
             requestFactory.setReadTimeout(timeout);
             restTemplate = new RestTemplate(requestFactory);
+            //update-begin---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
             // 解决乱码问题（替换 StringHttpMessageConverter 为 UTF-8）
             for (int i = 0; i < restTemplate.getMessageConverters().size(); i++) {
                 if (restTemplate.getMessageConverters().get(i) instanceof StringHttpMessageConverter) {
@@ -279,6 +274,7 @@ public class RestUtil {
                     break;
                 }
             }
+            //update-end---author:chenrui ---date:20251011  for：[issues/8859]online表单java增强失效------------
         }
 
         // 请求体
@@ -296,21 +292,11 @@ public class RestUtil {
             url += ("?" + asUrlVariables(variables));
         }
 
-        // Content-Length 强制设置（解决可能出现的截断问题）
-        if (StringUtils.isNotEmpty(body) && !headers.containsKey(HttpHeaders.CONTENT_LENGTH)) {
-            int contentLength = body.getBytes(StandardCharsets.UTF_8).length;
-            String current = headers.getFirst(HttpHeaders.CONTENT_LENGTH);
-            if (current == null || !current.equals(String.valueOf(contentLength))) {
-                headers.setContentLength(contentLength);
-                log.info(" RestUtil  --- request(timeout) --- 修正/设置 Content-Length = " + contentLength + (current!=null?" (原值="+current+")":""));
-            }
-        }
-
         // 发送请求
         HttpEntity<String> request = new HttpEntity<>(body, headers);
         return restTemplate.exchange(url, method, request, responseType);
     }
-
+    
     /**
      * 获取JSON请求头
      */

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/ShiroThreadPoolExecutor.java

@@ -1,17 +1,14 @@
 package org.jeecg.common.util;
 
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadContext;
-
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import java.util.concurrent.*;
 
 /**
  * @date 2025-09-04
  * @author scott
- * 
- * @Description: 支持shiro的API，获取当前登录人方法的线程池
+ *
+ * @Description: 支持Spring Security的API，获取当前登录人方法的线程池
  */
 public class ShiroThreadPoolExecutor extends ThreadPoolExecutor {
 
@@ -21,16 +18,14 @@ public class ShiroThreadPoolExecutor extends ThreadPoolExecutor {
 
     @Override
     public void execute(Runnable command) {
-        Subject subject = SecurityUtils.getSubject();
-        SecurityManager securityManager = SecurityUtils.getSecurityManager();
+        SecurityContext context = SecurityContextHolder.getContext();
         super.execute(() -> {
+            SecurityContext previousContext = SecurityContextHolder.getContext();
             try {
-                ThreadContext.bind(securityManager);
-                ThreadContext.bind(subject);
+                SecurityContextHolder.setContext(context);
                 command.run();
             } finally {
-                ThreadContext.unbindSubject();
-                ThreadContext.unbindSecurityManager();
+                SecurityContextHolder.setContext(previousContext);
             }
         });
     }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java

@@ -335,12 +335,13 @@ public class SqlInjectionUtil {
 			return table;
 		}
 
-		// 代码逻辑说明: 表单设计器列表翻译存在表名带条件，导致翻译出问题----
+		//update-begin---author:scott ---date:2024-05-28  for：表单设计器列表翻译存在表名带条件，导致翻译出问题----
 		int index = table.toLowerCase().indexOf(" where ");
 		if (index != -1) {
 			table = table.substring(0, index);
 			log.info("截掉where之后的新表名：" + table);
 		}
+		//update-end---author:scott ---date::2024-05-28  for：表单设计器列表翻译存在表名带条件，导致翻译出问题----
 
 		table = table.trim();
 		/**

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TencentSms.java

@@ -1,184 +0,0 @@
-package org.jeecg.common.util;
-
-import com.alibaba.fastjson.JSONObject;
-import com.tencentcloudapi.common.Credential;
-import com.tencentcloudapi.common.exception.TencentCloudSDKException;
-import com.tencentcloudapi.common.profile.ClientProfile;
-import com.tencentcloudapi.common.profile.HttpProfile;
-import com.tencentcloudapi.sms.v20210111.SmsClient;
-import com.tencentcloudapi.sms.v20210111.models.SendSmsRequest;
-import com.tencentcloudapi.sms.v20210111.models.SendSmsResponse;
-import com.tencentcloudapi.sms.v20210111.models.SendStatus;
-import org.apache.commons.lang3.StringUtils;
-import org.jeecg.common.constant.enums.DySmsEnum;
-import org.jeecg.config.JeecgSmsTemplateConfig;
-import org.jeecg.config.tencent.JeecgTencent;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-/**
- * @Description: 腾讯发送短信
- * @author: wangshuai
- * @date: 2025/11/4 19:27
- */
-public class TencentSms {
-
-    private final static Logger logger = LoggerFactory.getLogger(TencentSms.class);
-
-    /**
-     * 发送腾讯短信
-     *
-     * @param phone
-     * @param templateParamJson
-     * @param tencent
-     * @param dySmsEnum
-     * @return
-     */
-    public static boolean sendTencentSms(String phone, JSONObject templateParamJson, JeecgTencent tencent, DySmsEnum dySmsEnum) {
-        //获取客户端链接
-        SmsClient client = getSmsClient(tencent);
-        //构建腾讯云短信发送请求
-        SendSmsRequest req = buildSendSmsRequest(phone, templateParamJson, dySmsEnum, tencent);
-        try {
-            //发送短信
-            SendSmsResponse resp = client.SendSms(req);
-            // 处理响应
-            SendStatus[] statusSet = resp.getSendStatusSet();
-            if (statusSet != null && statusSet.length > 0) {
-                SendStatus status = statusSet[0];
-                if ("Ok".equals(status.getCode())) {
-                    logger.info("短信发送成功，手机号：{}", phone);
-                    return true;
-                } else {
-                    logger.error("短信发送失败，手机号：{}，错误码：{}，错误信息：{}",
-                            phone, status.getCode(), status.getMessage());
-                }
-            }
-        } catch (TencentCloudSDKException e) {
-            logger.error("短信发送失败{}", e.getMessage());
-        }
-        return false;
-    }
-
-    /**
-     * 获取sms客户端
-     *
-     * @param tencent 腾讯云配置
-     * @return SmsClient对象
-     */
-    private static SmsClient getSmsClient(JeecgTencent tencent) {
-        Credential cred = new Credential(tencent.getSecretId(), tencent.getSecretKey());
-        // 实例化一个http选项，可选的，没有特殊需求可以跳过
-        HttpProfile httpProfile = new HttpProfile();
-        //指定接入地域域名*/
-        httpProfile.setEndpoint(tencent.getEndpoint());
-        //实例化一个客户端配置对象
-        ClientProfile clientProfile = new ClientProfile();
-        clientProfile.setHttpProfile(httpProfile);
-        //实例化要请求产品的client对象，第二个参数是地域信息
-        return new SmsClient(cred, tencent.getRegion(), clientProfile);
-    }
-
-    /**
-     * 构建腾讯云短信发送请求
-     *
-     * @param phone             手机号码
-     * @param templateParamJson 模板参数JSON对象
-     * @param dySmsEnum         短信枚举配置
-     * @param tencent           腾讯云配置
-     * @return 构建好的SendSmsRequest对象
-     */
-    private static SendSmsRequest buildSendSmsRequest(
-            String phone,
-            JSONObject templateParamJson,
-            DySmsEnum dySmsEnum,
-            JeecgTencent tencent) {
-
-        SendSmsRequest req = new SendSmsRequest();
-
-        // 1. 设置短信应用ID
-        String sdkAppId = tencent.getSdkAppId();
-        req.setSmsSdkAppId(sdkAppId);
-        // 2. 设置短信签名
-        String signName = getSmsSignName(dySmsEnum);
-        req.setSignName(signName);
-        // 3. 设置模板ID
-        String templateId = getSmsTemplateId(dySmsEnum);
-        req.setTemplateId(templateId);
-        // 4. 设置模板参数
-        String[] templateParams = extractTemplateParams(templateParamJson);
-        req.setTemplateParamSet(templateParams);
-        // 5. 设置手机号码
-        String[] phoneNumberSet = { phone };
-        req.setPhoneNumberSet(phoneNumberSet);
-
-        logger.debug("构建短信请求完成 - 应用ID: {}, 签名: {}, 模板ID: {}, 手机号: {}",
-                sdkAppId, signName, templateId, phone);
-
-        return req;
-    }
-
-    /**
-     * 获取短信签名名称
-     *
-     * @param dySmsEnum 腾讯云对象
-     */
-    private static String getSmsSignName(DySmsEnum dySmsEnum) {
-        JeecgSmsTemplateConfig baseConfig = SpringContextUtils.getBean(JeecgSmsTemplateConfig.class);
-        String signName = dySmsEnum.getSignName();
-
-        if (StringUtils.isNotEmpty(baseConfig.getSignature())) {
-            logger.debug("yml中读取签名名称: {}", baseConfig.getSignature());
-            signName = baseConfig.getSignature();
-        }
-
-        return signName;
-    }
-
-    /**
-     * 获取短信模板ID
-     *
-     * @param dySmsEnum 腾讯云对象
-     */
-    private static String getSmsTemplateId(DySmsEnum dySmsEnum) {
-        JeecgSmsTemplateConfig baseConfig = SpringContextUtils.getBean(JeecgSmsTemplateConfig.class);
-        String templateCode = dySmsEnum.getTemplateCode();
-
-        if (StringUtils.isNotEmpty(baseConfig.getSignature())) {
-            Map<String, String> smsTemplate = baseConfig.getTemplateCode();
-            if (smsTemplate.containsKey(templateCode) &&
-                    StringUtils.isNotEmpty(smsTemplate.get(templateCode))) {
-                templateCode = smsTemplate.get(templateCode);
-                logger.debug("yml中读取短信模板ID: {}", templateCode);
-            }
-        }
-        return templateCode;
-    }
-
-    /**
-     * 从JSONObject中提取模板参数（按原始顺序）
-     *
-     * @param templateParamJson 模板参数
-     */
-    private static String[] extractTemplateParams(JSONObject templateParamJson) {
-        if (templateParamJson == null || templateParamJson.isEmpty()) {
-            return new String[0];
-        }
-        List<String> params = new ArrayList<>();
-        for (String key : templateParamJson.keySet()) {
-            Object value = templateParamJson.get(key);
-            if (value != null) {
-                params.add(value.toString());
-            } else {
-                // 处理null值
-                params.add("");
-            }
-        }
-        logger.debug("提取模板参数: {}", params);
-        return params.toArray(new String[0]);
-    }
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TokenUtils.java

@@ -1,5 +1,6 @@
 package org.jeecg.common.util;
 
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.jeecg.common.api.CommonAPI;
@@ -11,8 +12,6 @@ import org.jeecg.common.exception.JeecgBoot401Exception;
 import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
 
-import jakarta.servlet.http.HttpServletRequest;
-
 /**
  * @Author scott
  * @Date 2019/9/23 14:12
@@ -110,8 +109,8 @@ public class TokenUtils {
         }
 
         // 查询用户信息
-        LoginUser user = TokenUtils.getLoginUser(username, commonApi, redisUtil);
-        //LoginUser user = commonApi.getUserByName(username);
+        //LoginUser user = TokenUtils.getLoginUser(username, commonApi, redisUtil);
+        LoginUser user = commonApi.getUserByName(username);
         if (user == null) {
             throw new JeecgBoot401Exception("用户不存在!");
         }
@@ -121,9 +120,7 @@ public class TokenUtils {
         }
         // 校验token是否超时失效 & 或者账号密码是否错误
         if (!jwtTokenRefresh(token, username, user.getPassword(), redisUtil)) {
-            // 用户登录Token过期提示信息
-            String userLoginTokenErrorMsg = oConvertUtils.getString(redisUtil.get(CommonConstant.PREFIX_USER_TOKEN_ERROR_MSG + token));
-            throw new JeecgBoot401Exception(oConvertUtils.isEmpty(userLoginTokenErrorMsg)? CommonConstant.TOKEN_IS_INVALID_MSG: userLoginTokenErrorMsg);
+            throw new JeecgBoot401Exception(CommonConstant.TOKEN_IS_INVALID_MSG);
         }
         return true;
     }
@@ -141,15 +138,10 @@ public class TokenUtils {
         if (oConvertUtils.isNotEmpty(cacheToken)) {
             // 校验token有效性
             if (!JwtUtil.verify(cacheToken, userName, passWord)) {
-                // 从token中解析客户端类型，保持续期时使用相同的客户端类型
-                String clientType = JwtUtil.getClientType(token);
-                String newAuthorization = JwtUtil.sign(userName, passWord, clientType);
-                // 根据客户端类型设置对应的缓存有效时间
-                long expireTime = CommonConstant.CLIENT_TYPE_APP.equalsIgnoreCase(clientType) 
-                    ? JwtUtil.APP_EXPIRE_TIME * 2 / 1000 
-                    : JwtUtil.EXPIRE_TIME * 2 / 1000;
+                String newAuthorization = JwtUtil.sign(userName, passWord);
+                // 设置Toekn缓存有效时间
                 redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, newAuthorization);
-                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, expireTime);
+                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
             }
             return true;
         }
@@ -169,10 +161,11 @@ public class TokenUtils {
         //【重要】此处通过redis原生获取缓存用户，是为了解决微服务下system服务挂了，其他服务互调不通问题---
         if (redisUtil.hasKey(loginUserKey)) {
             try {
-                loginUser = (LoginUser) redisUtil.get(loginUserKey);
+                Object obj = redisUtil.get(loginUserKey);
+                loginUser = (LoginUser) obj;
                 //解密用户
                 SensitiveInfoUtil.handlerObject(loginUser, false);
-            } catch (IllegalAccessException e) {
+            } catch (Exception e) {
                 e.printStackTrace();
             }
         } else {

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/dynamic/db/FreemarkerParseFactory.java

@@ -54,10 +54,11 @@ public class FreemarkerParseFactory {
         //classic_compatible设置，解决报空指针错误
         SQL_CONFIG.setClassicCompatible(true);
 
-        // 解决freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
+        //update-begin-author:taoyan date:2022-8-10 for: freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
         //https://ackcent.com/in-depth-freemarker-template-injection/
         TPL_CONFIG.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
         SQL_CONFIG.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
+        //update-end-author:taoyan date:2022-8-10 for: freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
     }
 
     /**
@@ -72,12 +73,13 @@ public class FreemarkerParseFactory {
                 return false;
             }
         } catch (Exception e) {
-            // 代码逻辑说明: 解决问题 - 错误提示sql文件不存在，实际问题是sql freemarker用法错误-----
+            //update-begin--Author:scott  Date:20180320 for：解决问题 - 错误提示sql文件不存在，实际问题是sql freemarker用法错误-----
             if (e instanceof ParseException) {
                 log.error(e.getMessage(), e.fillInStackTrace());
                 throw new Exception(e);
             }
             log.debug("----isExistTemplate----" + e.toString());
+            //update-end--Author:scott  Date:20180320 for：解决问题 - 错误提示sql文件不存在，实际问题是sql freemarker用法错误------
             return false;
         }
         return true;

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/encryption/AesEncryptUtil.java

@@ -1,107 +1,123 @@
 package org.jeecg.common.util.encryption;
 
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.lang.codec.Base64;
-import org.jeecg.common.util.oConvertUtils;
 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 
 /**
- * AES 工具 (兼容历史 NoPadding + 新 PKCS5Padding)
+ * @Description: AES 加密
+ * @author: jeecg-boot
+ * @date: 2022/3/30 11:48
  */
-@Slf4j
 public class AesEncryptUtil {
 
-    private static final String KEY = EncryptedString.key;
-    private static final String IV  = EncryptedString.iv;
+    /**
+     * 使用AES-128-CBC加密模式 key和iv可以相同
+     */
+    private static String KEY = EncryptedString.key;
+    private static String IV = EncryptedString.iv;
 
-    /* -------- 新版：CBC + PKCS5Padding (与前端 CryptoJS Pkcs7 兼容) -------- */
-    private static String decryptPkcs5(String cipherBase64) throws Exception {
-        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-        SecretKeySpec ks = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
-        IvParameterSpec ivSpec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
-        cipher.init(Cipher.DECRYPT_MODE, ks, ivSpec);
-        byte[] plain = cipher.doFinal(Base64.decode(cipherBase64));
-        return new String(plain, StandardCharsets.UTF_8);
-    }
+    /**
+     * 加密方法
+     * @param data  要加密的数据
+     * @param key 加密key
+     * @param iv 加密iv
+     * @return 加密的结果
+     * @throws Exception
+     */
+    public static String encrypt(String data, String key, String iv) throws Exception {
+        try {
 
-    /* -------- 旧版：CBC + NoPadding (手工补 0) -------- */
-    private static String decryptLegacyNoPadding(String cipherBase64) throws Exception {
-        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
-        SecretKeySpec ks = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
-        IvParameterSpec ivSpec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
-        cipher.init(Cipher.DECRYPT_MODE, ks, ivSpec);
-        byte[] data = cipher.doFinal(Base64.decode(cipherBase64));
-        return new String(data, StandardCharsets.UTF_8)
-                .replace("\u0000",""); // 旧填充 0
-    }
-
-    /* -------- 兼容入口：登录使用 -------- */
-    public static String resolvePassword(String input){
-        if(oConvertUtils.isEmpty(input)){
-            return input;
-        }
-        // 1. 先尝试新版
-        try{
-            String p = decryptPkcs5(input);
-            return clean(p);
-        }catch(Exception ignore){
-            //log.debug("【AES解密】Password not AES PKCS5 cipher, try legacy.");
-        }
-
-        // 2. 回退旧版
-        try{
-            String legacy = decryptLegacyNoPadding(input);
-            return clean(legacy);
-        }catch(Exception e){
-            log.debug("【AES解密】Password not AES cipher, raw used.");
-        }
-
-        // 3. 视为明文
-        return input;
-    }
-
-    /* -------- 可选：统一清理尾部不可见控制字符 -------- */
-    private static String clean(String s){
-        if(s==null) return null;
-        // 去除结尾控制符/空白（不影响中间合法空格）
-        return s.replaceAll("[\\p{Cntrl}]+","").trim();
-    }
-
-    /* -------- 若仍需要旧接口，可保留 (不建议再用于新前端) -------- */
-    @Deprecated
-    public static String desEncrypt(String data) throws Exception {
-        return decryptLegacyNoPadding(data);
-    }
-
-    /* 加密（若前端不再使用，可忽略；保留旧实现避免影响历史） */
-    @Deprecated
-    public static String encrypt(String data) throws Exception {
-        try{
+            //"算法/模式/补码方式"NoPadding PkcsPadding
             Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
             int blockSize = cipher.getBlockSize();
-            byte[] dataBytes = data.getBytes(StandardCharsets.UTF_8);
+
+            byte[] dataBytes = data.getBytes();
             int plaintextLength = dataBytes.length;
             if (plaintextLength % blockSize != 0) {
-                plaintextLength += (blockSize - (plaintextLength % blockSize));
+                plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
             }
+
             byte[] plaintext = new byte[plaintextLength];
             System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
-            SecretKeySpec keyspec = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
-            IvParameterSpec ivspec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
+
+            SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
+            IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
+
             cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
             byte[] encrypted = cipher.doFinal(plaintext);
-            return Base64.encodeToString(encrypted);
-        }catch(Exception e){
-            throw new IllegalStateException("legacy encrypt error", e);
+
+            return Base64.getEncoder().encodeToString(encrypted);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
         }
     }
 
-//    public static void main(String[] args) throws Exception {
-//        // 前端 CBC/Pkcs7 密文测试
-//        String frontCipher = encrypt("sa"); // 仅验证管道是否可用（旧方式）
-//        System.out.println(resolvePassword(frontCipher));
+    /**
+     * 解密方法
+     * @param data 要解密的数据
+     * @param key  解密key
+     * @param iv 解密iv
+     * @return 解密的结果
+     * @throws Exception
+     */
+    public static String desEncrypt(String data, String key, String iv) throws Exception {
+        //update-begin-author:taoyan date:2022-5-23 for:VUEN-1084 【vue3】online表单测试发现的新问题 6、解密报错 ---解码失败应该把异常抛出去，在外面处理
+        byte[] encrypted1 = Base64.getDecoder().decode(data);
+
+        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
+        SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
+        IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
+
+        cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
+
+        byte[] original = cipher.doFinal(encrypted1);
+        String originalString = new String(original);
+        //加密解码后的字符串会出现\u0000
+        return originalString.replaceAll("\\u0000", "");
+        //update-end-author:taoyan date:2022-5-23 for:VUEN-1084 【vue3】online表单测试发现的新问题 6、解密报错 ---解码失败应该把异常抛出去，在外面处理
+    }
+
+    /**
+     * 使用默认的key和iv加密
+     * @param data
+     * @return
+     * @throws Exception
+     */
+    public static String encrypt(String data) throws Exception {
+        return encrypt(data, KEY, IV);
+    }
+
+    /**
+     * 使用默认的key和iv解密
+     * @param data
+     * @return
+     * @throws Exception
+     */
+    public static String desEncrypt(String data) throws Exception {
+        return desEncrypt(data, KEY, IV);
+    }
+
+
+
+//    /**
+//     * 测试
+//     */
+//    public static void main(String args[]) throws Exception {
+//        String test1 = "sa";
+//        String test =new String(test1.getBytes(),"UTF-8");
+//        String data = null;
+//        String key =  KEY;
+//        String iv = IV;
+//        // /g2wzfqvMOeazgtsUVbq1kmJawROa6mcRAzwG1/GeJ4=
+//        data = encrypt(test, key, iv);
+//        System.out.println("数据："+test);
+//        System.out.println("加密："+data);
+//        String jiemi =desEncrypt(data, key, iv).trim();
+//        System.out.println("解密："+jiemi);
 //    }
-}
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/filter/SsrfFileTypeFilter.java

@@ -194,7 +194,7 @@ public class SsrfFileTypeFilter {
      */
 
     private static String getFileType(MultipartFile file, String customPath) throws Exception {
-        // 代码逻辑说明: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
+        //update-begin-author:liusq date:20230404 for: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
         String fileExtendName = null;
         InputStream is = null;
         try {
@@ -234,6 +234,7 @@ public class SsrfFileTypeFilter {
                 is.close();
             }
         }
+        //update-end-author:liusq date:20230404 for: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
     }
 
     /**

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oConvertUtils.java

@@ -11,10 +11,6 @@ import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.springframework.beans.BeanUtils;
 
 import jakarta.servlet.http.HttpServletRequest;
-import org.springframework.beans.BeanWrapper;
-import org.springframework.beans.BeanWrapperImpl;
-
-import java.beans.PropertyDescriptor;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
@@ -27,7 +23,6 @@ import java.sql.Date;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import java.util.stream.Stream;
 
 /**
  * 
@@ -568,8 +563,10 @@ public class oConvertUtils {
 			return "";
 		} else if (!name.contains(SymbolConstant.UNDERLINE)) {
 			// 不含下划线，仅将首字母小写
-			// 代码逻辑说明: TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
+			//update-begin--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
+			//update-begin--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 			return name.substring(0, 1).toLowerCase() + name.substring(1).toLowerCase();
+			//update-end--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 		}
 		// 用下划线将原始字符串分割
 		String[] camels = name.split("_");
@@ -614,6 +611,7 @@ public class oConvertUtils {
 		return result.substring(0, result.length() - 1);
 	}
 	
+	//update-begin--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 	/**
 	 * 将下划线大写方式命名的字符串转换为驼峰式。(首字母写)
 	 * 如果转换前的下划线大写方式命名的字符串为空，则返回空字符串。</br>
@@ -646,6 +644,7 @@ public class oConvertUtils {
 		}
 		return result.toString();
 	}
+	//update-end--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 	
 	/**
 	 * 将驼峰命名转化成下划线
@@ -983,18 +982,17 @@ public class oConvertUtils {
 
 
 	/**
-	 * 判断 sourceList中的元素是否在targetList中出现
-	 * 
+	 * 判断 list1中的元素是否在list2中出现
 	 * QQYUN-5326【简流】获取组织人员 单/多 筛选条件 没有部门筛选
-	 * @param sourceList 源列表，要检查的元素列表
-	 * @param targetList 目标列表，用于匹配的列表
-	 * @return 如果sourceList中有任何元素在targetList中存在则返回true，否则返回false
+	 * @param list1
+	 * @param list2
+	 * @return
 	 */
-	public static boolean isInList(List<String> sourceList, List<String> targetList){
-		for(String sourceItem: sourceList){
+	public static boolean isInList(List<String> list1, List<String> list2){
+		for(String str1: list1){
 			boolean flag = false;
-			for(String targetItem: targetList){
-				if(sourceItem.equals(targetItem)){
+			for(String str2: list2){
+				if(str1.equals(str2)){
 					flag = true;
 					break;
 				}
@@ -1006,35 +1004,6 @@ public class oConvertUtils {
 		return false;
 	}
 
-	/**
-	 * 判断 sourceList中的所有元素是否都在targetList中存在
-	 * @param sourceList 源列表，要检查的元素列表
-	 * @param targetList 目标列表，用于匹配的列表
-	 * @return 如果sourceList中的所有元素都在targetList中存在则返回true，否则返回false
-	 */
-	public static boolean isAllInList(List<String> sourceList, List<String> targetList){
-		if(sourceList == null || sourceList.isEmpty()){
-			return true; // 空列表视为所有元素都存在
-		}
-		if(targetList == null || targetList.isEmpty()){
-			return false; // 目标列表为空，源列表非空时返回false
-		}
-
-		for(String sourceItem: sourceList){
-			boolean found = false;
-			for(String targetItem: targetList){
-				if(sourceItem.equals(targetItem)){
-					found = true;
-					break;
-				}
-			}
-			if(!found){
-				return false; // 有任何一个元素不在目标列表中，返回false
-			}
-		}
-		return true; // 所有元素都找到了
-	}
-	
 	/**
 	 * 计算文件大小转成MB
 	 * @param uploadCount
@@ -1199,37 +1168,5 @@ public class oConvertUtils {
 	public static boolean isEffectiveTenant(String tenantId) {
 		return MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && isNotEmpty(tenantId) && !("0").equals(tenantId);
 	}
-
-    /**
-     * 复制源对象的非空属性到目标对象（同名属性）
-     * 
-     * @param source 源对象（页面）
-     * @param target 目标对象（数据库实体）
-     */
-    public static void copyNonNullFields(Object source, Object target) {
-        if (source == null || target == null) {
-            return;
-        }
-        // 获取源对象的非空属性名数组
-        String[] nullPropertyNames = getNullPropertyNames(source);
-        // 复制：忽略源对象的空属性，仅覆盖目标对象的对应非空属性
-        BeanUtils.copyProperties(source, target, nullPropertyNames);
-    }
-
-    /**
-     * 获取源对象中值为 null 的属性名数组
-     * 
-     * @param source 
-     */
-    private static String[] getNullPropertyNames(Object source) {
-        BeanWrapper beanWrapper = new BeanWrapperImpl(source);
-        //获取类的属性
-        PropertyDescriptor[] propertyDescriptors = beanWrapper.getPropertyDescriptors();
-        // 过滤出值为 null 的属性名
-        return Stream.of(propertyDescriptors)
-                .map(PropertyDescriptor::getName)
-                .filter(name -> beanWrapper.getPropertyValue(name) == null)
-                .toArray(String[]::new);
-    }
 	
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oss/OssBootUtil.java

@@ -124,8 +124,9 @@ public class OssBootUtil {
             if (!fileDir.endsWith(SymbolConstant.SINGLE_SLASH)) {
                 fileDir = fileDir.concat(SymbolConstant.SINGLE_SLASH);
             }
-            // 代码逻辑说明: 过滤上传文件夹名特殊字符，防止攻击
+            //update-begin-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击
             fileDir=StrAttackFilter.filter(fileDir);
+            //update-end-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击
             fileUrl = fileUrl.append(fileDir + fileName);
 
             if (oConvertUtils.isNotEmpty(staticDomain) && staticDomain.toLowerCase().startsWith(CommonConstant.STR_HTTP)) {
@@ -262,8 +263,9 @@ public class OssBootUtil {
                 newBucket = bucket;
             }
             initOss(endPoint, accessKeyId, accessKeySecret);
-            // 代码逻辑说明: 替换objectName前缀，防止key不一致导致获取不到文件----
+            //update-begin---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
             objectName = OssBootUtil.replacePrefix(objectName,bucket);
+            //update-end---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
             OSSObject ossObject = ossClient.getObject(newBucket,objectName);
             inputStream = new BufferedInputStream(ossObject.getObjectContent());
         }catch (Exception e){
@@ -291,8 +293,9 @@ public class OssBootUtil {
     public static String getObjectUrl(String bucketName, String objectName, Date expires) {
         initOss(endPoint, accessKeyId, accessKeySecret);
         try{
-            // 代码逻辑说明: 替换objectName前缀，防止key不一致导致获取不到文件----
+            //update-begin---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
             objectName = OssBootUtil.replacePrefix(objectName,bucketName);
+            //update-end---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
             if(ossClient.doesObjectExist(bucketName,objectName)){
                 URL url = ossClient.generatePresignedUrl(bucketName,objectName,expires);
                 //log.info("原始url : {}", url.toString());

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java

@@ -63,7 +63,7 @@ public abstract class AbstractQueryBlackListHandler {
         if(list==null){
             return true;
         }
-        log.debug("  获取sql信息 ：{} ", list.toString());
+        log.info("  获取sql信息 ：{} ", list.toString());
         boolean flag = checkTableAndFieldsName(list);
         if(flag == false){
             return false;

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/AutoPoiDictConfig.java

@@ -60,15 +60,17 @@ public class AutoPoiDictConfig implements AutoPoiDictServiceI {
 
 
 		for (DictModel t : dictList) {
-			// 代码逻辑说明: [issues/4917]excel 导出异常---
+			//update-begin---author:liusq   Date:20230517  for：[issues/4917]excel 导出异常---
 			if(t!=null && t.getText()!=null && t.getValue()!=null){
-				// 代码逻辑说明: [issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
+			//update-end---author:liusq     Date:20230517  for：[issues/4917]excel 导出异常---
+				//update-begin---author:scott   Date:20211220  for：[issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
 				if(t.getValue().contains(EXCEL_SPLIT_TAG)){
 					String val = t.getValue().replace(EXCEL_SPLIT_TAG,TEMP_EXCEL_SPLIT_TAG);
 					dictReplaces.add(t.getText() + EXCEL_SPLIT_TAG + val);
 				}else{
 					dictReplaces.add(t.getText() + EXCEL_SPLIT_TAG + t.getValue());
 				}
+				//update-end---author:20211220     Date:20211220  for：[issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
 			}
 		}
 		if (dictReplaces != null && dictReplaces.size() != 0) {

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/JeecgBaseConfig.java

@@ -1,11 +1,9 @@
 package org.jeecg.config;
 
-import lombok.Getter;
-import lombok.Setter;
-import org.jeecg.config.tencent.JeecgTencent;
 import org.jeecg.config.vo.*;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Role;
 import org.springframework.stereotype.Component;
 
@@ -42,10 +40,6 @@ public class JeecgBaseConfig {
      */
     private Firewall firewall;
     
-    /**
-     * shiro拦截排除
-     */
-    private Shiro shiro;
     /**
      * 上传文件配置
      */
@@ -76,35 +70,7 @@ public class JeecgBaseConfig {
     /**
      * 百度开放API配置
      */
-    private BaiduApi baiduApi;
-
-    /**
-     * minio配置
-     */
-    @Getter
-    @Setter
-    private JeecgMinio minio;
-
-    /**
-     * oss配置
-     */
-    @Getter
-    @Setter
-    private JeecgOSS oss;
-
-    /**
-     * 短信发送方式 aliyun阿里云短信 tencent腾讯云短信
-     */
-    @Getter
-    @Setter
-    private String smsSendType = "aliyun";
-    
-    /**
-     * 腾讯配置
-     */
-    @Getter
-    @Setter
-    private JeecgTencent tencent;
+    private BaiduApi baiduApi;    
 
     public String getCustomResourcePrefixPath() {
         return customResourcePrefixPath;
@@ -138,14 +104,6 @@ public class JeecgBaseConfig {
         this.signatureSecret = signatureSecret;
     }
 
-    public Shiro getShiro() {
-        return shiro;
-    }
-
-    public void setShiro(Shiro shiro) {
-        this.shiro = shiro;
-    }
-
     public Path getPath() {
         return path;
     }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger2Config.java

@@ -95,11 +95,13 @@
 //        List<Parameter> pars = new ArrayList<>();
 //        tokenPar.name(CommonConstant.X_ACCESS_TOKEN).description("token").modelRef(new ModelRef("string")).parameterType("header").required(false).build();
 //        pars.add(tokenPar.build());
+//        //update-begin-author:liusq---date:2024-08-15--for:  开启多租户时，全局参数增加租户id
 //        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
 //            ParameterBuilder tenantPar = new ParameterBuilder();
 //            tenantPar.name(CommonConstant.TENANT_ID).description("租户ID").modelRef(new ModelRef("string")).parameterType("header").required(false).build();
 //            pars.add(tenantPar.build());
 //        }
+//        //update-end-author:liusq---date:2024-08-15--for: 开启多租户时，全局参数增加租户id
 //
 //        return pars;
 //    }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger3Config.java

@@ -12,7 +12,6 @@ import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.constant.CommonConstant;
 import org.springdoc.core.customizers.OperationCustomizer;
 import org.springdoc.core.filters.GlobalOpenApiMethodFilter;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -23,24 +22,18 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.Arrays;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * @author eightmonth
  */
 @Slf4j
 @Configuration
-@ConditionalOnProperty(prefix = "knife4j", name = "production", havingValue = "false", matchIfMissing = true)
 @PropertySource("classpath:config/default-spring-doc.properties")
 public class Swagger3Config implements WebMvcConfigurer {
-
-    // 路径匹配结果缓存，避免重复计算
-    private static final Map<String, Boolean> EXCLUDED_PATHS_CACHE = new ConcurrentHashMap<>();
     // 定义不需要注入安全要求的路径集合
-    private static final Set<String> excludedPaths = new HashSet<>(Arrays.asList(
-            "/sys/randomImage/**",
+    Set<String> excludedPaths = new HashSet<>(Arrays.asList(
+            "/sys/randomImage/{key}",
             "/sys/login",
             "/sys/phoneLogin",
             "/sys/mLogin",
@@ -50,20 +43,7 @@ public class Swagger3Config implements WebMvcConfigurer {
             "/sys/thirdLogin/**",
             "/sys/user/register"
     ));
-    // 预处理通配符模式，提高匹配效率
-    private static final Set<String> wildcardPatterns = new HashSet<>();
-    private static final Set<String> exactPatterns = new HashSet<>();
-    static {
-        // 初始化时分离精确匹配和通配符匹配
-        for (String pattern : excludedPaths) {
-            if (pattern.endsWith("/**")) {
-                wildcardPatterns.add(pattern.substring(0, pattern.length() - 3));
-            } else {
-                exactPatterns.add(pattern);
-            }
-        }
-    }
-    
+
     /**
      *
      * 显示swagger-ui.html文档展示页，还必须注入swagger资源：
@@ -117,18 +97,19 @@ public class Swagger3Config implements WebMvcConfigurer {
 
         return fullPath.toString();
     }
-
-
+    
+    
     private boolean isExcludedPath(String path) {
-        // 使用缓存避免重复计算
-        return EXCLUDED_PATHS_CACHE.computeIfAbsent(path, p -> {
-            // 精确匹配
-            if (exactPatterns.contains(p)) {
-                return true;
-            }
-            // 通配符匹配
-            return wildcardPatterns.stream().anyMatch(p::startsWith);
-        });
+        return excludedPaths.stream()
+                .anyMatch(pattern -> {
+                    if (pattern.endsWith("/**")) {
+                        // 处理通配符匹配
+                        String basePath = pattern.substring(0, pattern.length() - 3);
+                        return path.startsWith(basePath);
+                    }
+                    // 精确匹配
+                    return pattern.equals(path);
+                });
     }
     
     @Bean
@@ -136,7 +117,7 @@ public class Swagger3Config implements WebMvcConfigurer {
         return new OpenAPI()
                 .info(new Info()
                         .title("JeecgBoot 后台服务API接口文档")
-                        .version("3.9.0")
+                        .version("3.8.3")
                         .contact(new Contact().name("北京国炬信息技术有限公司").url("www.jeccg.com").email("jeecgos@163.com"))
                         .description("后台API接口")
                         .termsOfService("NO terms of service")

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/UndertowCustomizer.java

@@ -0,0 +1,19 @@
+//package org.jeecg.config;
+//
+//import io.undertow.server.DefaultByteBufferPool;
+//import io.undertow.websockets.jsr.WebSocketDeploymentInfo;
+//import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
+//import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+//import org.springframework.stereotype.Component;
+//
+//@Component
+//public class UndertowCustomizer implements WebServerFactoryCustomizer<UndertowServletWebServerFactory> {
+//    @Override
+//    public void customize(UndertowServletWebServerFactory factory) {
+//        factory.addDeploymentInfoCustomizers(deploymentInfo -> {
+//            WebSocketDeploymentInfo webSocketDeploymentInfo = new WebSocketDeploymentInfo();
+//            webSocketDeploymentInfo.setBuffers(new DefaultByteBufferPool(false, 1024));
+//            deploymentInfo.addServletContextAttribute("io.undertow.websockets.jsr.WebSocketDeploymentInfo", webSocketDeploymentInfo);
+//        });
+//    }
+//}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/WebMvcConfiguration.java

@@ -142,6 +142,7 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
         return objectMapper;
     }
 
+    //update-begin---author:chenrui ---date:20240514  for：[QQYUN-9247]系统监控功能优化------------
 //    /**
 //     * SpringBootAdmin的Httptrace不见了
 //     * https://blog.csdn.net/u013810234/article/details/110097201
@@ -150,6 +151,7 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
 //    public InMemoryHttpTraceRepository getInMemoryHttpTrace(){
 //        return new InMemoryHttpTraceRepository();
 //    }
+    //update-end---author:chenrui ---date:20240514  for：[QQYUN-9247]系统监控功能优化------------
 
 
     /**
@@ -163,7 +165,7 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
         // 确保在应用启动早期就配置MeterFilter，避免警告
         if (null != meterRegistryPostProcessor && null != prometheusMeterRegistry) {
             meterRegistryPostProcessor.postProcessAfterInitialization(prometheusMeterRegistry, "prometheusMeterRegistry");
-            log.info("PrometheusMeterRegistry 配置完成");
+            log.info("PrometheusMeterRegistry配置完成");
         }
     }
 

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java

@@ -1,6 +1,9 @@
 package org.jeecg.config.firewall.interceptor;
 
 import com.alibaba.fastjson.JSON;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.CommonAPI;
@@ -14,9 +17,6 @@ import org.jeecg.config.JeecgBaseConfig;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 
-import jakarta.annotation.Resource;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Set;

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisInterceptor.java

@@ -6,13 +6,13 @@ import org.apache.ibatis.executor.Executor;
 import org.apache.ibatis.mapping.MappedStatement;
 import org.apache.ibatis.mapping.SqlCommandType;
 import org.apache.ibatis.plugin.*;
-import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.config.TenantContext;
 import org.jeecg.common.constant.TenantConstant;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.security.utils.SecureUtil;
 import org.springframework.stereotype.Component;
 
 import java.lang.reflect.Field;
@@ -129,18 +129,20 @@ public class MybatisInterceptor implements Interceptor {
 			Field[] fields = null;
 			if (parameter instanceof ParamMap) {
 				ParamMap<?> p = (ParamMap<?>) parameter;
-				// 代码逻辑说明: 批量更新报错issues/IZA3Q--
+				//update-begin-author:scott date:20190729 for:批量更新报错issues/IZA3Q--
                 String et = "et";
 				if (p.containsKey(et)) {
 					parameter = p.get(et);
 				} else {
 					parameter = p.get("param1");
 				}
+				//update-end-author:scott date:20190729 for:批量更新报错issues/IZA3Q-
 
-				// 代码逻辑说明: 更新指定字段时报错 issues/#516-
+				//update-begin-author:scott date:20190729 for:更新指定字段时报错 issues/#516-
 				if (parameter == null) {
 					return invocation.proceed();
 				}
+				//update-end-author:scott date:20190729 for:更新指定字段时报错 issues/#516-
 
 				fields = oConvertUtils.getAllFields(parameter);
 			} else {
@@ -182,6 +184,7 @@ public class MybatisInterceptor implements Interceptor {
 		// TODO Auto-generated method stub
 	}
 
+	//update-begin--Author:scott  Date:20191213 for：关于使用Quzrtz 开启线程任务， #465
     /**
      * 获取登录用户
      * @return
@@ -189,12 +192,13 @@ public class MybatisInterceptor implements Interceptor {
 	private LoginUser getLoginUser() {
 		LoginUser sysUser = null;
 		try {
-			sysUser = SecurityUtils.getSubject().getPrincipal() != null ? (LoginUser) SecurityUtils.getSubject().getPrincipal() : null;
+			sysUser = SecureUtil.currentUser() != null ? SecureUtil.currentUser() : null;
 		} catch (Exception e) {
 			//e.printStackTrace();
 			sysUser = null;
 		}
 		return sysUser;
 	}
+	//update-end--Author:scott  Date:20191213 for：关于使用Quzrtz 开启线程任务， #465
 
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/ClientService.java

@@ -0,0 +1,90 @@
+package org.jeecg.config.security;
+
+import lombok.AllArgsConstructor;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
+import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
+import org.springframework.stereotype.Component;
+
+import java.time.Duration;
+import java.util.Set;
+
+/**
+ * spring authorization server 注册客户端便捷工具类
+ * @author eightmonth@qq.com
+ * @date 2024/3/7 11:22
+ */
+@Component
+@AllArgsConstructor
+public class ClientService {
+
+    private RegisteredClientRepository registeredClientRepository;
+
+    /**
+     * 修改客户端token有效期
+     * 认证码、设备码有效期与accessToken有效期保持一致
+     */
+    public void updateTokenValidation(String clientId, Long accessTokenValidation, Long refreshTokenValidation){
+        RegisteredClient registeredClient = findByClientId(clientId);
+        RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
+        TokenSettings tokenSettings = TokenSettings.builder()
+                .idTokenSignatureAlgorithm(SignatureAlgorithm.RS256)
+                .accessTokenTimeToLive(Duration.ofSeconds(accessTokenValidation))
+                .accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED)
+                .reuseRefreshTokens(true)
+                .refreshTokenTimeToLive(Duration.ofSeconds(refreshTokenValidation))
+                .authorizationCodeTimeToLive(Duration.ofSeconds(accessTokenValidation))
+                .deviceCodeTimeToLive(Duration.ofSeconds(accessTokenValidation))
+                .build();
+        builder.tokenSettings(tokenSettings);
+        registeredClientRepository.save(builder.build());
+    }
+
+    /**
+     * 修改客户端授权类型
+     * @param clientId
+     * @param grantTypes
+     */
+    public void updateGrantType(String clientId, Set<AuthorizationGrantType> grantTypes) {
+        RegisteredClient registeredClient = findByClientId(clientId);
+        RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
+        for (AuthorizationGrantType grantType : grantTypes) {
+            builder.authorizationGrantType(grantType);
+        }
+        registeredClientRepository.save(builder.build());
+    }
+
+    /**
+     * 修改客户端重定向uri
+     * @param clientId
+     * @param redirectUris
+     */
+    public void updateRedirectUris(String clientId, String redirectUris) {
+        RegisteredClient registeredClient = findByClientId(clientId);
+        RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
+        builder.redirectUri(redirectUris);
+        registeredClientRepository.save(builder.build());
+    }
+
+    /**
+     * 修改客户端授权范围
+     * @param clientId
+     * @param scopes
+     */
+    public void updateScopes(String clientId, Set<String> scopes) {
+        RegisteredClient registeredClient = findByClientId(clientId);
+        RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
+        for (String scope : scopes) {
+            builder.scope(scope);
+        }
+        registeredClientRepository.save(builder.build());
+    }
+
+    public RegisteredClient findByClientId(String clientId) {
+        return registeredClientRepository.findByClientId(clientId);
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/CopyTokenFilter.java

@@ -0,0 +1,80 @@
+package org.jeecg.config.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.*;
+
+/**
+ * 仪盘表请求query体携带的token
+ * @author eightmonth
+ * @date 2024/7/3 14:04
+ */
+@Slf4j
+@Component
+@Order(value = Integer.MIN_VALUE)
+public class CopyTokenFilter extends OncePerRequestFilter {
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        // 以下为undertow定制代码，如切换其它servlet容器，需要同步更换
+        String token = request.getHeader("Authorization");
+        String bearerToken = request.getParameter("token");
+        String headerBearerToken = request.getHeader("X-Access-Token");
+        String finalToken;
+
+        log.debug("【仪盘表请求query体携带的token】CopyTokenFilter token: {}, bearerToken: {}, headerBearerToken: {}", token, bearerToken, headerBearerToken);
+
+        if (StringUtils.hasText(token)) {
+            finalToken = "bearer " + token;
+        } else if (StringUtils.hasText(bearerToken)) {
+            finalToken = "bearer " + bearerToken;
+        } else if (StringUtils.hasText(headerBearerToken)) {
+            finalToken = "bearer " + headerBearerToken;
+        } else {
+            finalToken = null;
+        }
+
+        if (finalToken != null) {
+            HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
+                @Override
+                public String getHeader(String name) {
+                    if ("Authorization".equalsIgnoreCase(name)) {
+                        return finalToken;
+                    }
+                    return super.getHeader(name);
+                }
+
+                @Override
+                public Enumeration<String> getHeaders(String name) {
+                    if ("Authorization".equalsIgnoreCase(name)) {
+                        return Collections.enumeration(Collections.singleton(finalToken));
+                    }
+                    return super.getHeaders(name);
+                }
+
+                @Override
+                public Enumeration<String> getHeaderNames() {
+                    List<String> names = Collections.list(super.getHeaderNames());
+                    if (!names.contains("Authorization")) {
+                        names.add("Authorization");
+                    }
+                    return Collections.enumeration(names);
+                }
+            };
+            filterChain.doFilter(wrapper, response);
+        } else {
+            filterChain.doFilter(request, response);
+        }
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgAuthenticationConvert.java

@@ -0,0 +1,34 @@
+package org.jeecg.config.security;
+
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.system.vo.LoginUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+
+/**
+ * token只存储用户名与过期时间
+ * 这里通过取用户名转全量用户信息存储到Security中
+ * @author eightmonth@qq.com
+ * @date 2024/7/15 11:05
+ */
+@Component
+public class JeecgAuthenticationConvert implements Converter<Jwt, AbstractAuthenticationToken> {
+
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+
+    @Override
+    public AbstractAuthenticationToken convert(Jwt source) {
+        String username = source.getClaims().get("username").toString();
+        LoginUser loginUser = commonAPI.getUserByName(username);
+        return new UsernamePasswordAuthenticationToken(loginUser, null, new ArrayList<>());
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgOAuth2AccessTokenGenerator.java

@@ -0,0 +1,135 @@
+package org.jeecg.config.security;
+
+import org.jeecg.common.system.util.JwtUtil;
+import org.springframework.lang.Nullable;
+import org.springframework.security.oauth2.core.ClaimAccessor;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
+import org.springframework.security.oauth2.jwt.JwsHeader;
+import org.springframework.security.oauth2.jwt.JwtClaimsSet;
+import org.springframework.security.oauth2.jwt.JwtEncoder;
+import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.token.*;
+import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.time.temporal.Temporal;
+import java.time.temporal.TemporalUnit;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * @author eightmonth@qq.com
+ * @date 2024/7/11 17:10
+ */
+public class JeecgOAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OAuth2AccessToken> {
+    private final JwtEncoder jwtEncoder;
+
+    private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer;
+
+    public JeecgOAuth2AccessTokenGenerator(JwtEncoder jwtEncoder) {
+        this.jwtEncoder = jwtEncoder;
+    }
+
+    @Nullable
+    @Override
+    public OAuth2AccessToken generate(OAuth2TokenContext context) {
+        if (!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
+            return null;
+        }
+
+        String issuer = null;
+        if (context.getAuthorizationServerContext() != null) {
+            issuer = context.getAuthorizationServerContext().getIssuer();
+        }
+        RegisteredClient registeredClient = context.getRegisteredClient();
+
+        Instant issuedAt = Instant.now();
+        Instant expiresAt = issuedAt.plusMillis(JwtUtil.EXPIRE_TIME);
+
+        OAuth2TokenClaimsSet.Builder claimsBuilder = OAuth2TokenClaimsSet.builder();
+        if (StringUtils.hasText(issuer)) {
+            claimsBuilder.issuer(issuer);
+        }
+        claimsBuilder
+                .subject(context.getPrincipal().getName())
+                .audience(Collections.singletonList(registeredClient.getClientId()))
+                .issuedAt(issuedAt)
+                .expiresAt(expiresAt)
+                .notBefore(issuedAt)
+                .id(UUID.randomUUID().toString());
+        if (!CollectionUtils.isEmpty(context.getAuthorizedScopes())) {
+            claimsBuilder.claim(OAuth2ParameterNames.SCOPE, context.getAuthorizedScopes());
+        }
+
+        if (this.accessTokenCustomizer != null) {
+            OAuth2TokenClaimsContext.Builder accessTokenContextBuilder = OAuth2TokenClaimsContext.with(claimsBuilder)
+                    .registeredClient(context.getRegisteredClient())
+                    .principal(context.getPrincipal())
+                    .authorizationServerContext(context.getAuthorizationServerContext())
+                    .authorizedScopes(context.getAuthorizedScopes())
+                    .tokenType(context.getTokenType())
+                    .authorizationGrantType(context.getAuthorizationGrantType());
+            if (context.getAuthorization() != null) {
+                accessTokenContextBuilder.authorization(context.getAuthorization());
+            }
+            if (context.getAuthorizationGrant() != null) {
+                accessTokenContextBuilder.authorizationGrant(context.getAuthorizationGrant());
+            }
+
+            OAuth2TokenClaimsContext accessTokenContext = accessTokenContextBuilder.build();
+            this.accessTokenCustomizer.customize(accessTokenContext);
+        }
+
+
+        OAuth2TokenClaimsSet accessTokenClaimsSet = claimsBuilder.build();
+        OAuth2AuthorizationGrantAuthenticationToken oAuth2ResourceOwnerBaseAuthenticationToken = context.getAuthorizationGrant();
+        String username = (String) oAuth2ResourceOwnerBaseAuthenticationToken.getAdditionalParameters().get("username");
+        String tokenValue = jwtEncoder.encode(JwtEncoderParameters.from(JwsHeader.with(SignatureAlgorithm.ES256).keyId("jeecg").build(),
+                JwtClaimsSet.builder().claim("username", username).expiresAt(expiresAt).build())).getTokenValue();
+
+        //此处可以做改造将tokenValue随机数换成用户信息，方便后续多系统token互通认证（通过解密token得到username）
+        return new OAuth2AccessTokenClaims(OAuth2AccessToken.TokenType.BEARER, tokenValue,
+                accessTokenClaimsSet.getIssuedAt(), accessTokenClaimsSet.getExpiresAt(), context.getAuthorizedScopes(),
+                accessTokenClaimsSet.getClaims());
+    }
+
+    /**
+     * Sets the {@link OAuth2TokenCustomizer} that customizes the
+     * {@link OAuth2TokenClaimsContext#getClaims() claims} for the
+     * {@link OAuth2AccessToken}.
+     * @param accessTokenCustomizer the {@link OAuth2TokenCustomizer} that customizes the
+     * claims for the {@code OAuth2AccessToken}
+     */
+    public void setAccessTokenCustomizer(OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer) {
+        Assert.notNull(accessTokenCustomizer, "accessTokenCustomizer cannot be null");
+        this.accessTokenCustomizer = accessTokenCustomizer;
+    }
+
+    private static final class OAuth2AccessTokenClaims extends OAuth2AccessToken implements ClaimAccessor {
+
+        private final Map<String, Object> claims;
+
+        private OAuth2AccessTokenClaims(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt,
+                                        Set<String> scopes, Map<String, Object> claims) {
+            super(tokenType, tokenValue, issuedAt, expiresAt, scopes);
+            this.claims = claims;
+        }
+
+        @Override
+        public Map<String, Object> getClaims() {
+            return this.claims;
+        }
+
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java

@@ -0,0 +1,104 @@
+package org.jeecg.config.security;
+
+import cn.hutool.core.util.ArrayUtil;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.config.security.utils.SecureUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.stereotype.Service;
+import org.springframework.util.PatternMatchUtils;
+import org.springframework.util.StringUtils;
+
+import java.util.Arrays;
+import java.util.Objects;
+import java.util.Set;
+
+/**
+ * spring authorization server自定义权限处理，根据@PreAuthorize注解，判断当前用户是否具备权限
+ * @author EightMonth
+ * @date 2024/1/10 17:00
+ */
+@Service("jps")
+@Slf4j
+public class JeecgPermissionService {
+    private final String SPLIT = "::";
+    private final String PERM_PREFIX = "jps" + SPLIT;
+
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+    @Autowired
+    private RedisUtil redisUtil;
+
+    /**
+     * 判断接口是否有任意xxx，xxx权限
+     * @param permissions 权限
+     * @return {boolean}
+     */
+    public boolean requiresPermissions(String... permissions) {
+        if (ArrayUtil.isEmpty(permissions)) {
+            return false;
+        }
+        LoginUser loginUser = SecureUtil.currentUser();
+
+        Object cache = redisUtil.get(buildKey("permission", loginUser.getId()));
+        Set<String> permissionList;
+        if (Objects.nonNull(cache)) {
+            permissionList = (Set<String>) cache;
+        } else {
+            permissionList = commonAPI.queryUserAuths(loginUser.getId());
+            redisUtil.set(buildKey("permission", loginUser.getId()), permissionList);
+        }
+
+        boolean pass = permissionList.stream().filter(StringUtils::hasText)
+                .anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x));
+        if (!pass) {
+            log.error("权限不足，缺少权限："+ Arrays.toString(permissions));
+        }
+        return pass;
+    }
+
+    /**
+     * 判断接口是否有任意xxx，xxx角色
+     * @param roles 角色
+     * @return {boolean}
+     */
+    public boolean requiresRoles(String... roles) {
+        if (ArrayUtil.isEmpty(roles)) {
+            return false;
+        }
+        LoginUser loginUser = SecureUtil.currentUser();
+
+        Object cache = redisUtil.get(buildKey("role", loginUser.getUsername()));
+        Set<String> roleList;
+        if (Objects.nonNull(cache)) {
+            roleList = (Set<String>) cache;
+        } else {
+            roleList = commonAPI.queryUserRoles(loginUser.getUsername());
+            redisUtil.set(buildKey("role", loginUser.getUsername()), roleList);
+        }
+
+        boolean pass = roleList.stream().filter(StringUtils::hasText)
+                .anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x));
+        if (!pass) {
+            log.error("权限不足，缺少角色：" + Arrays.toString(roles));
+        }
+        return pass;
+    }
+
+    /**
+     * 由于缓存key是以人的维度，角色列表、权限列表在值中，jeecg是以权限列表绑定在角色上，形成的权限集合
+     * 权限发生变更时，需要清理全部人的权限缓存
+     */
+    public void clearCache() {
+        redisUtil.removeAll(PERM_PREFIX);
+    }
+
+    private String buildKey(String type, String username) {
+        return PERM_PREFIX + type + SPLIT + username;
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgRedisOAuth2AuthorizationConsentService.java

@@ -0,0 +1,54 @@
+package org.jeecg.config.security;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
+import org.springframework.stereotype.Component;
+import org.springframework.util.Assert;
+
+import java.util.concurrent.TimeUnit;
+
+/**
+ * spring authorization server 自定义redis保存授权范围信息
+ */
+@Component
+@RequiredArgsConstructor
+public class JeecgRedisOAuth2AuthorizationConsentService implements OAuth2AuthorizationConsentService {
+
+	private final RedisTemplate<String, Object> redisTemplate;
+
+	private final static Long TIMEOUT = 10L;
+
+	@Override
+	public void save(OAuth2AuthorizationConsent authorizationConsent) {
+		Assert.notNull(authorizationConsent, "authorizationConsent cannot be null");
+
+		redisTemplate.opsForValue().set(buildKey(authorizationConsent), authorizationConsent, TIMEOUT,
+				TimeUnit.MINUTES);
+
+	}
+
+	@Override
+	public void remove(OAuth2AuthorizationConsent authorizationConsent) {
+		Assert.notNull(authorizationConsent, "authorizationConsent cannot be null");
+		redisTemplate.delete(buildKey(authorizationConsent));
+	}
+
+	@Override
+	public OAuth2AuthorizationConsent findById(String registeredClientId, String principalName) {
+		Assert.hasText(registeredClientId, "registeredClientId cannot be empty");
+		Assert.hasText(principalName, "principalName cannot be empty");
+		return (OAuth2AuthorizationConsent) redisTemplate.opsForValue()
+				.get(buildKey(registeredClientId, principalName));
+	}
+
+	private static String buildKey(String registeredClientId, String principalName) {
+		return "token:consent:" + registeredClientId + ":" + principalName;
+	}
+
+	private static String buildKey(OAuth2AuthorizationConsent authorizationConsent) {
+		return buildKey(authorizationConsent.getRegisteredClientId(), authorizationConsent.getPrincipalName());
+	}
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgRedisOAuth2AuthorizationService.java

@@ -0,0 +1,192 @@
+package org.jeecg.config.security;
+
+import cn.hutool.core.collection.CollUtil;
+import jakarta.annotation.PostConstruct;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.RedisSerializer;
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2RefreshToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.stereotype.Component;
+import org.springframework.util.Assert;
+
+import java.time.temporal.ChronoUnit;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * spring authorization server自定义redis保存认证信息
+ * @author EightMonth
+ */
+@Component
+public class JeecgRedisOAuth2AuthorizationService implements OAuth2AuthorizationService{
+
+	private final static Long TIMEOUT = 10L;
+
+	private static final String AUTHORIZATION = "token";
+
+	private final RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
+
+	@Autowired
+	private RedisConnectionFactory redisConnectionFactory;
+
+	/**
+	 * 因为保存sas的认证信息至redis，无法使用jeecg对redisTemplate的某些设置。
+	 * 如果在使用时修改redisTemplate属性，会发生线程安全问题，最终容易引起系统无法正常运行。
+	 * 所以重新建了一个redis client给到sas操作redis，并且该redis实例不注入spring 容器中
+	 */
+	@PostConstruct
+	public void initSasRedis()  {
+		redisTemplate.setValueSerializer(RedisSerializer.java());
+		redisTemplate.setConnectionFactory(redisConnectionFactory);
+		redisTemplate.afterPropertiesSet();
+	}
+
+	@Override
+	public void save(OAuth2Authorization authorization) {
+		Assert.notNull(authorization, "authorization cannot be null");
+
+		if (isState(authorization)) {
+			String token = authorization.getAttribute("state");
+			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.STATE, token), authorization, TIMEOUT,
+					TimeUnit.MINUTES);
+		}
+
+		if (isCode(authorization)) {
+			OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
+					.getToken(OAuth2AuthorizationCode.class);
+			OAuth2AuthorizationCode authorizationCodeToken = authorizationCode.getToken();
+			long between = ChronoUnit.MINUTES.between(authorizationCodeToken.getIssuedAt(),
+					authorizationCodeToken.getExpiresAt());
+			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.CODE, authorizationCodeToken.getTokenValue()),
+					authorization, between, TimeUnit.MINUTES);
+		}
+
+		if (isRefreshToken(authorization)) {
+			OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
+			long between = ChronoUnit.SECONDS.between(refreshToken.getIssuedAt(), refreshToken.getExpiresAt());
+			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.REFRESH_TOKEN, refreshToken.getTokenValue()),
+					authorization, between, TimeUnit.SECONDS);
+		}
+
+		if (isAccessToken(authorization)) {
+			OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
+			long between = ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt());
+			redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.ACCESS_TOKEN, accessToken.getTokenValue()),
+					authorization, between, TimeUnit.SECONDS);
+
+			// 扩展记录 access-token 、username 的关系 1::token::username::admin::xxx
+			String tokenUsername = String.format("%s::%s::%s", AUTHORIZATION, authorization.getPrincipalName(), accessToken.getTokenValue());
+			redisTemplate.opsForValue().set(tokenUsername, accessToken.getTokenValue(), between, TimeUnit.SECONDS);
+		}
+	}
+
+	@Override
+	public void remove(OAuth2Authorization authorization) {
+		Assert.notNull(authorization, "authorization cannot be null");
+
+		List<String> keys = new ArrayList<>();
+		if (isState(authorization)) {
+			String token = authorization.getAttribute("state");
+			keys.add(buildKey(OAuth2ParameterNames.STATE, token));
+		}
+
+		if (isCode(authorization)) {
+			OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
+					.getToken(OAuth2AuthorizationCode.class);
+			OAuth2AuthorizationCode authorizationCodeToken = authorizationCode.getToken();
+			keys.add(buildKey(OAuth2ParameterNames.CODE, authorizationCodeToken.getTokenValue()));
+		}
+
+		if (isRefreshToken(authorization)) {
+			OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
+			keys.add(buildKey(OAuth2ParameterNames.REFRESH_TOKEN, refreshToken.getTokenValue()));
+		}
+
+		if (isAccessToken(authorization)) {
+			OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
+			keys.add(buildKey(OAuth2ParameterNames.ACCESS_TOKEN, accessToken.getTokenValue()));
+
+			// 扩展记录 access-token 、username 的关系 1::token::username::admin::xxx
+			String key = String.format("%s::%s::%s", AUTHORIZATION, authorization.getPrincipalName(), accessToken.getTokenValue());
+			keys.add(key);
+		}
+
+		redisTemplate.delete(keys);
+	}
+
+	@Override
+	@Nullable
+	public OAuth2Authorization findById(String id) {
+		throw new UnsupportedOperationException();
+	}
+
+	@Override
+	@Nullable
+	public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType) {
+		Assert.hasText(token, "token cannot be empty");
+		Assert.notNull(tokenType, "tokenType cannot be empty");
+		return (OAuth2Authorization) redisTemplate.opsForValue().get(buildKey(tokenType.getValue(), token));
+	}
+
+	private String buildKey(String type, String id) {
+		return String.format("%s::%s::%s", AUTHORIZATION, type, id);
+	}
+
+	private static boolean isState(OAuth2Authorization authorization) {
+		return Objects.nonNull(authorization.getAttribute("state"));
+	}
+
+	private static boolean isCode(OAuth2Authorization authorization) {
+		OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
+				.getToken(OAuth2AuthorizationCode.class);
+		return Objects.nonNull(authorizationCode);
+	}
+
+	private static boolean isRefreshToken(OAuth2Authorization authorization) {
+		return Objects.nonNull(authorization.getRefreshToken());
+	}
+
+	private static boolean isAccessToken(OAuth2Authorization authorization) {
+		return Objects.nonNull(authorization.getAccessToken());
+	}
+
+	/**
+	 * 扩展方法根据 username 查询是否存在存储的
+	 * @param authentication
+	 * @return
+	 */
+	public void removeByUsername(Authentication authentication) {
+		// 根据 username查询对应access-token
+		String authenticationName = authentication.getName();
+
+		// 扩展记录 access-token 、username 的关系 1::token::username::admin::xxx
+		String tokenUsernameKey = String.format("%s::%s::*", AUTHORIZATION, authenticationName);
+		Set<String> keys = redisTemplate.keys(tokenUsernameKey);
+		if (CollUtil.isEmpty(keys)) {
+			return;
+		}
+
+		List<Object> tokenList = redisTemplate.opsForValue().multiGet(keys);
+
+		for (Object token : tokenList) {
+			// 根据token 查询存储的 OAuth2Authorization
+			OAuth2Authorization authorization = this.findByToken((String) token, OAuth2TokenType.ACCESS_TOKEN);
+			// 根据 OAuth2Authorization 删除相关令牌
+			this.remove(authorization);
+		}
+
+	}
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/LoginType.java

@@ -0,0 +1,38 @@
+package org.jeecg.config.security;
+
+/**
+ * 登录模式
+ * @author EightMonth
+ * @date 2024/1/10 17:43
+ */
+public class LoginType {
+
+    /**
+     * 密码模式
+     */
+    public static final String PASSWORD = "password";
+
+
+    /**
+     * 手机号+验证码模式
+     */
+    public static final String PHONE = "phone";
+
+
+    /**
+     * app登录
+     */
+    public static final String APP = "app";
+
+    /**
+     * 扫码登录
+     */
+    public static final String SCAN = "scan";
+
+    /**
+     * 所有联合登录，比如github\钉钉\企业微信\微信
+     */
+    public static final String SOCIAL = "social";
+
+    public static final String SELF = "self";
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/RedisTokenValidationFilter.java

@@ -0,0 +1,49 @@
+package org.jeecg.config.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.AllArgsConstructor;
+import org.jeecg.common.system.util.JwtUtil;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
+import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Objects;
+
+/**
+ * 当用户被强退时，使客户端token失效
+ * @author eightmonth@qq.com
+ * @date 2024/3/7 17:30
+ */
+@Component
+@AllArgsConstructor
+public class RedisTokenValidationFilter extends OncePerRequestFilter {
+    private OAuth2AuthorizationService authorizationService;
+    private JwtDecoder jwtDecoder;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        // 从请求中获取token
+        DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
+        String token = defaultBearerTokenResolver.resolve(request);
+
+
+        if (Objects.nonNull(token)) {
+            // 检查认证信息是否已被清除，如果已被清除，则令该token失效
+            OAuth2Authorization oAuth2Authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
+            if (Objects.isNull(oAuth2Authorization)) {
+                throw new OAuth2AuthenticationException(BearerTokenErrors.invalidToken("认证信息已失效，请重新登录"));
+            }
+        }
+        filterChain.doFilter(request, response);
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java

@@ -0,0 +1,310 @@
+package org.jeecg.config.security;
+
+import com.nimbusds.jose.jwk.Curve;
+import com.nimbusds.jose.jwk.ECKey;
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
+import com.nimbusds.jose.jwk.source.JWKSource;
+import com.nimbusds.jose.proc.SecurityContext;
+import lombok.AllArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.system.util.JwtUtil;
+import org.jeecg.config.security.app.AppGrantAuthenticationConvert;
+import org.jeecg.config.security.app.AppGrantAuthenticationProvider;
+import org.jeecg.config.security.password.PasswordGrantAuthenticationConvert;
+import org.jeecg.config.security.password.PasswordGrantAuthenticationProvider;
+import org.jeecg.config.security.phone.PhoneGrantAuthenticationConvert;
+import org.jeecg.config.security.phone.PhoneGrantAuthenticationProvider;
+import org.jeecg.config.security.social.SocialGrantAuthenticationConvert;
+import org.jeecg.config.security.social.SocialGrantAuthenticationProvider;
+import org.jeecg.config.shiro.ignore.InMemoryIgnoreAuth;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.MediaType;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
+import org.springframework.security.oauth2.server.authorization.token.*;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.CollectionUtils;
+import org.springframework.web.cors.CorsConfiguration;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.SecureRandom;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.util.Arrays;
+import java.util.stream.Collectors;
+
+/**
+ * spring authorization server核心配置
+ * @author eightmonth@qq.com
+ * @date 2024/1/2 9:29
+ */
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity
+@AllArgsConstructor
+@Slf4j
+public class SecurityConfig {
+
+    private JdbcTemplate jdbcTemplate;
+    private OAuth2AuthorizationService authorizationService;
+    private JeecgAuthenticationConvert jeecgAuthenticationConvert;
+
+    @Bean
+    @Order(1)
+    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
+            throws Exception {
+        // 使用新的配置方式替代弃用的applyDefaultSecurity
+        http.securityMatcher(new AntPathRequestMatcher("/oauth2/**"))
+                .authorizeHttpRequests(authorize ->
+                        authorize.anyRequest().authenticated()
+                )
+                .csrf(csrf -> csrf.disable())
+                .with(new OAuth2AuthorizationServerConfigurer(), oauth2 -> {
+                    oauth2
+                            .tokenEndpoint(tokenEndpoint -> tokenEndpoint
+                                    .accessTokenRequestConverter(new PasswordGrantAuthenticationConvert())
+                                    .authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator()))
+                            )
+                            .tokenEndpoint(tokenEndpoint -> tokenEndpoint
+                                    .accessTokenRequestConverter(new PhoneGrantAuthenticationConvert())
+                                    .authenticationProvider(new PhoneGrantAuthenticationProvider(authorizationService, tokenGenerator()))
+                            )
+                            .tokenEndpoint(tokenEndpoint -> tokenEndpoint
+                                    .accessTokenRequestConverter(new AppGrantAuthenticationConvert())
+                                    .authenticationProvider(new AppGrantAuthenticationProvider(authorizationService, tokenGenerator()))
+                            )
+                            .tokenEndpoint(tokenEndpoint -> tokenEndpoint
+                                    .accessTokenRequestConverter(new SocialGrantAuthenticationConvert())
+                                    .authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator()))
+                            )
+                            //开启OpenID Connect 1.0（其中oidc为OpenID Connect的缩写）。 访问 /.well-known/openid-configuration即可获取认证信息
+                            .oidc(Customizer.withDefaults());
+                });
+
+        //请求接口异常处理：无Token和Token无效的情况
+        http.exceptionHandling(exceptions -> exceptions
+                .authenticationEntryPoint((request, response, authException) -> {
+                    // 记录详细的异常信息 - 未认证
+                    log.error("接口访问失败(未认证)，请求路径：{}，错误信息：{}", request.getRequestURI(), authException.getMessage(), authException);
+                    JwtUtil.responseError(response, 401, "Token格式错误或已过期");
+                })
+                .accessDeniedHandler((request, response, accessDeniedException) -> {
+                    // 记录详细的异常信息 - token无效或权限不足
+                    log.error("接口访问失败(token无效或权限不足)，请求路径：{}，错误信息：{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
+                    JwtUtil.responseError(response, 403, "权限不足");
+                })
+        );
+
+        return http.build();
+    }
+
+    @Bean
+    @Order(2)
+    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
+            throws Exception {
+        http
+                //设置所有请求都需要认证，未认证的请求都被重定向到login页面进行登录
+                .authorizeHttpRequests((authorize) -> authorize
+                        .requestMatchers(InMemoryIgnoreAuth.get().stream().map(AntPathRequestMatcher::antMatcher).toList().toArray(new AntPathRequestMatcher[0])).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/cas/client/validateLogin")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/randomImage/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/checkCaptcha")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/login")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/mLogin")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/logout")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/thirdLogin/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/getEncryptedString")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/sms")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/phoneLogin")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/checkOnlyUser")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/register")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/phoneVerification")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/passwordChange")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/auth/2step-code")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/common/static/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/common/pdf/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/generic/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/getLoginQrcode/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/getQrcodeToken/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/checkAuth")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/doc.html")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.js")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.css")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.html")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.svg")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.pdf")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.jpg")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.png")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.gif")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.ico")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.ttf")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.woff")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.woff2")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/druid/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/swagger-ui.html")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/swagger**/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/webjars/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/v3/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/WW_verify*")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/annountCement/show/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/api/getUserInfo")).permitAll()
+
+                        //积木报表排除
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/jmreport/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.js.map")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.css.map")).permitAll()
+                        //积木BI大屏和仪表盘排除
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/view")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getLoginUser")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/page/queryById")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/page/addVisitsNumber")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/page/queryTemplateList")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/share/view/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getAllChartData")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalData")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/mock/json/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/jimubi/view")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/jimubi/share/view/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getMapDataByCode")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalDataByCompId")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/queryAllById")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getDictByCodes")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/dragChannelSocket/**")).permitAll()
+                        //大屏模板例子
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/test/bigScreen/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/websocket/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/newsWebsocket/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/vxeSocket/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/test/seata/**")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/openapi/call/**")).permitAll()
+                        // APP版本信息
+                        .requestMatchers(AntPathRequestMatcher.antMatcher("/sys/version/app3version")).permitAll()
+                        .anyRequest().authenticated()
+                )
+                .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
+                .cors(cors -> cors
+                        .configurationSource(req -> {
+                            CorsConfiguration config = new CorsConfiguration();
+                            config.applyPermitDefaultValues();
+                            config.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+                            return config;
+                        }))
+                .csrf(AbstractHttpConfigurer::disable)
+                // 配置OAuth2资源服务器，并添加JWT异常处理
+                .oauth2ResourceServer(oauth2 -> oauth2
+                        .jwt(jwt -> jwt.jwtAuthenticationConverter(jeecgAuthenticationConvert))
+                        .authenticationEntryPoint((request, response, authException) -> {
+                            // 处理JWT解析失败的情况
+                            log.error("JWT验证失败，请求路径：{}，错误信息：{}", request.getRequestURI(), authException.getMessage(), authException);
+                            JwtUtil.responseError(response, 401, "Token格式错误或已过期");
+                        })
+                        .accessDeniedHandler((request, response, accessDeniedException) -> {
+                            // 处理权限不足的情况
+                            log.error("权限验证失败，请求路径：{}，错误信息：{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
+                            JwtUtil.responseError(response, 403, "权限不足");
+                        })
+                )
+                // 全局异常处理
+                .exceptionHandling(exceptions -> exceptions
+                        .authenticationEntryPoint((request, response, authException) -> {
+                            // 记录详细的异常信息 - 未认证
+                            log.error("接口访问失败(未认证)，请求路径：{}，错误信息：{}", request.getRequestURI(), authException.getMessage(), authException);
+                            JwtUtil.responseError(response, 401, "Token格式错误或已过期");
+                        })
+                        .accessDeniedHandler((request, response, accessDeniedException) -> {
+                            // 记录详细的异常信息 - token无效或权限不足
+                            log.error("接口访问失败(token无效或权限不足)，请求路径：{}，错误信息：{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
+                            JwtUtil.responseError(response, 403, "权限不足");
+                        })
+                );
+        return http.build();
+    }
+
+    /**
+     * 数据库保存注册客户端信息
+     */
+    @Bean
+    public RegisteredClientRepository registeredClientRepository() {
+        return new JdbcRegisteredClientRepository(jdbcTemplate);
+    }
+
+    /**
+     *配置 JWK，为JWT(id_token)提供加密密钥，用于加密/解密或签名/验签
+     * JWK详细见：https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key-41
+     */
+    @Bean
+    @SneakyThrows
+    public JWKSource<SecurityContext> jwkSource() {
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
+        // 如果不设置secureRandom，会存在一个问题，当应用重启后，原有的token将会全部失效，因为重启的keyPair与之前已经不同
+        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
+        // 重要！生产环境需要修改！
+        secureRandom.setSeed("jeecg".getBytes());
+        keyPairGenerator.initialize(256, secureRandom);
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+        ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
+        ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
+
+        ECKey jwk = new ECKey.Builder(Curve.P_256, publicKey)
+                .privateKey(privateKey)
+                .keyID("jeecg")
+                .build();
+        JWKSet jwkSet = new JWKSet(jwk);
+        return new ImmutableJWKSet<>(jwkSet);
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return NoOpPasswordEncoder.getInstance();
+    }
+
+    /**
+     * 配置jwt解析器
+     */
+    @Bean
+    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
+        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
+    }
+
+    /**
+     *配置token生成器
+     */
+    @Bean
+    OAuth2TokenGenerator<?> tokenGenerator() {
+        JwtGenerator jwtGenerator = new JwtGenerator(new NimbusJwtEncoder(jwkSource()));
+        OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
+        OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
+        return new DelegatingOAuth2TokenGenerator(
+                new JeecgOAuth2AccessTokenGenerator(new NimbusJwtEncoder(jwkSource())),
+                new OAuth2RefreshTokenGenerator()
+        );
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationConvert.java

@@ -0,0 +1,81 @@
+package org.jeecg.config.security.app;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.jeecg.config.security.LoginType;
+import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * APP模式认证转换器
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+public class AppGrantAuthenticationConvert implements AuthenticationConverter {
+    @Override
+    public Authentication convert(HttpServletRequest request) {
+
+        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
+        if (!LoginType.APP.equals(grantType)) {
+            return null;
+        }
+
+        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
+
+        //从request中提取请求参数，然后存入MultiValueMap<String, String>
+        MultiValueMap<String, String> parameters = getParameters(request);
+
+        // username (REQUIRED)
+        String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
+        if (!StringUtils.hasText(username) ||
+                parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
+            throw new OAuth2AuthenticationException("无效请求，用户名不能为空！");
+        }
+        String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
+        if (!StringUtils.hasText(password) ||
+                parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) {
+            throw new OAuth2AuthenticationException("无效请求，密码不能为空！");
+        }
+
+        //收集要传入PasswordGrantAuthenticationToken构造方法的参数，
+        //该参数接下来在PasswordGrantAuthenticationProvider中使用
+        Map<String, Object> additionalParameters = new HashMap<>();
+        //遍历从request中提取的参数，排除掉grant_type、client_id、code等字段参数，其他参数收集到additionalParameters中
+        parameters.forEach((key, value) -> {
+            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
+                    !key.equals(OAuth2ParameterNames.CLIENT_ID) &&
+                    !key.equals(OAuth2ParameterNames.CODE)) {
+                additionalParameters.put(key, value.get(0));
+            }
+        });
+
+        //返回自定义的PasswordGrantAuthenticationToken对象
+        return new PasswordGrantAuthenticationToken(clientPrincipal, additionalParameters);
+
+    }
+
+    /**
+     *从request中提取请求参数，然后存入MultiValueMap<String, String>
+     */
+    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
+        Map<String, String[]> parameterMap = request.getParameterMap();
+        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
+        parameterMap.forEach((key, values) -> {
+            if (values.length > 0) {
+                for (String value : values) {
+                    parameters.add(key, value);
+                }
+            }
+        });
+        return parameters;
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationProvider.java

@@ -0,0 +1,320 @@
+package org.jeecg.config.security.app;
+
+import com.alibaba.fastjson.JSONObject;
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CacheConstant;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.exception.JeecgCaptchaException;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.system.vo.SysDepartModel;
+import org.jeecg.common.util.Md5Util;
+import org.jeecg.common.util.PasswordUtil;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
+import org.jeecg.modules.base.service.BaseCommonService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import java.security.Principal;
+import java.time.Instant;
+import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * APP模式认证处理器，负责处理该认证模式下的核心逻辑
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+@Slf4j
+public class AppGrantAuthenticationProvider implements AuthenticationProvider {
+
+    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+
+    private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+    @Autowired
+    private RedisUtil redisUtil;
+    @Autowired
+    private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
+    private BaseCommonService baseCommonService;
+
+    public AppGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        AppGrantAuthenticationToken appGrantAuthenticationToken =  (AppGrantAuthenticationToken) authentication;
+        Map<String, Object> additionalParameter = appGrantAuthenticationToken.getAdditionalParameters();
+
+        // 授权类型
+        AuthorizationGrantType authorizationGrantType = appGrantAuthenticationToken.getGrantType();
+        // 用户名
+        String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
+        // 密码
+        String password = (String) additionalParameter.get(OAuth2ParameterNames.PASSWORD);
+        //请求参数权限范围
+        String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
+        //请求参数权限范围专场集合
+        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
+        // 验证码
+        String captcha = (String) additionalParameter.get("captcha");
+        String checkKey = (String) additionalParameter.get("checkKey");
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(appGrantAuthenticationToken);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        // 检查登录失败次数
+        if(isLoginFailOvertimes(username)){
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "该用户登录失败次数过多，请于10分钟后再次登录！");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        if(captcha==null){
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "验证码无效");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+        String lowerCaseCaptcha = captcha.toLowerCase();
+        // 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
+        String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret();
+        String realKey = Md5Util.md5Encode(origin, "utf-8");
+        Object checkCode = redisUtil.get(realKey);
+        //当进入登录页时，有一定几率出现验证码错误 #1714
+        if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "验证码错误");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "非法登录");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        // 通过用户名获取用户信息
+        LoginUser loginUser = commonAPI.getUserByName(username);
+        //update-begin---author:eightmonth ---date:2024-04-30  for：【6168】master分支切sas分支登录发生错误-----------
+        if (Objects.isNull(loginUser) || !StringUtils.hasText(loginUser.getSalt())) {
+            redisUtil.del(CacheConstant.SYS_USERS_CACHE+"::"+username);
+            loginUser = commonAPI.getUserByName(username);
+        }
+        //update-end---author:eightmonth ---date::2024-04-30  for：【6168】master分支切sas分支登录发生错误--------------
+        // 检查用户可行性
+        checkUserIsEffective(loginUser);
+
+        // 不使用spring security passwordEncoder针对密码进行匹配，使用自有加密匹配，针对 spring security使用noop传输
+        password = PasswordUtil.encrypt(username, password, loginUser.getSalt());
+        if (!password.equals(loginUser.getPassword())) {
+            addLoginFailOvertimes(username);
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "用户名或密码不正确");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
+
+        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+                .registeredClient(registeredClient)
+                .principal(usernamePasswordAuthenticationToken)
+                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
+                .authorizationGrantType(authorizationGrantType)
+                .authorizedScopes(requestScopeSet)
+                .authorizationGrant(appGrantAuthenticationToken);
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
+                .principalName(clientPrincipal.getName())
+                .authorizedScopes(requestScopeSet)
+                .attribute(Principal.class.getName(), username)
+                .authorizationGrantType(authorizationGrantType);
+
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "无法生成访问token，请联系管理系。");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) -> {
+                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
+            });
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+        // ----- Refresh token -----
+        OAuth2RefreshToken refreshToken = null;
+        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
+                // 不向公共客户端颁发刷新令牌
+                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
+
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                Map<String, Object> map = new HashMap<>();
+                map.put("message", "无法生成刷新token，请联系管理员。");
+                return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+            }
+
+            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(refreshToken);
+        }
+
+        OAuth2Authorization authorization = authorizationBuilder.build();
+
+        // 保存认证信息至redis
+        authorizationService.save(authorization);
+
+        // 登录成功，删除redis中的验证码
+        redisUtil.del(realKey);
+        redisUtil.del(CommonConstant.LOGIN_FAIL + username);
+        baseCommonService.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
+
+        JSONObject addition = new JSONObject(new LinkedHashMap<>());
+        addition.put("token", accessToken.getTokenValue());
+        // 设置租户
+        JSONObject jsonObject = commonAPI.setLoginTenant(username);
+        addition.putAll(jsonObject.getInnerMap());
+
+        // 设置登录用户信息
+        addition.put("userInfo", loginUser);
+        addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
+
+        List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
+        addition.put("departs", departs);
+        if (departs == null || departs.size() == 0) {
+            addition.put("multi_depart", 0);
+        } else if (departs.size() == 1) {
+            commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
+            addition.put("multi_depart", 1);
+        } else {
+            //查询当前是否有登录部门
+            if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
+                commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
+            }
+            addition.put("multi_depart", 2);
+        }
+
+        // 兼容原有shiro登录结果处理
+        Map<String, Object> map = new HashMap<>();
+        map.put("result", addition);
+        map.put("code", 200);
+        map.put("success", true);
+        map.put("timestamp", System.currentTimeMillis());
+
+        // 返回access_token、refresh_token以及其它信息给到前端
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return AppGrantAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
+        OAuth2ClientAuthenticationToken clientPrincipal = null;
+        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
+            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
+        }
+        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
+            return clientPrincipal;
+        }
+        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
+    }
+
+    /**
+     * 登录失败超出次数5 返回true
+     * @param username
+     * @return
+     */
+    private boolean isLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        if(failTime!=null){
+            Integer val = Integer.parseInt(failTime.toString());
+            if(val>5){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 记录登录失败次数
+     * @param username
+     */
+    private void addLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        Integer val = 0;
+        if(failTime!=null){
+            val = Integer.parseInt(failTime.toString());
+        }
+        // 10分钟
+        redisUtil.set(key, ++val, 10);
+    }
+
+    /**
+     * 校验用户是否有效
+     */
+    private void checkUserIsEffective(LoginUser loginUser) {
+        //情况1：根据用户信息查询，该用户不存在
+        if (Objects.isNull(loginUser)) {
+            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户不存在，请注册");
+        }
+        //情况2：根据用户信息查询，该用户已注销
+        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
+            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已注销");
+        }
+        //情况3：根据用户信息查询，该用户已冻结
+        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已冻结");
+        }
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationToken.java

@@ -0,0 +1,21 @@
+package org.jeecg.config.security.app;
+
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
+
+import java.util.Map;
+
+/**
+ * APP模式认证专用token类型，方法spring authorization server进行认证流转，配合convert使用
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+public class AppGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
+
+    public AppGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
+        super(new AuthorizationGrantType(LoginType.APP), clientPrincipal, additionalParameters);
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationConvert.java

@@ -0,0 +1,82 @@
+package org.jeecg.config.security.password;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 密码模式认证转换器
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+public class PasswordGrantAuthenticationConvert implements AuthenticationConverter {
+    @Override
+    public Authentication convert(HttpServletRequest request) {
+
+        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
+        if (!LoginType.PASSWORD.equals(grantType)) {
+            return null;
+        }
+
+        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
+
+        //从request中提取请求参数，然后存入MultiValueMap<String, String>
+        MultiValueMap<String, String> parameters = getParameters(request);
+
+        // username (REQUIRED)
+        String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
+        if (!StringUtils.hasText(username) ||
+                parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
+            throw new OAuth2AuthenticationException("无效请求，用户名不能为空！");
+        }
+        String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
+        if (!StringUtils.hasText(password) ||
+                parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) {
+            throw new OAuth2AuthenticationException("无效请求，密码不能为空！");
+        }
+
+        //收集要传入PasswordGrantAuthenticationToken构造方法的参数，
+        //该参数接下来在PasswordGrantAuthenticationProvider中使用
+        Map<String, Object> additionalParameters = new HashMap<>();
+        //遍历从request中提取的参数，排除掉grant_type、client_id、code等字段参数，其他参数收集到additionalParameters中
+        parameters.forEach((key, value) -> {
+            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
+                    !key.equals(OAuth2ParameterNames.CLIENT_ID) &&
+                    !key.equals(OAuth2ParameterNames.CODE)) {
+                additionalParameters.put(key, value.get(0));
+            }
+        });
+
+        //返回自定义的PasswordGrantAuthenticationToken对象
+        return new PasswordGrantAuthenticationToken(clientPrincipal, additionalParameters);
+
+    }
+
+    /**
+     *从request中提取请求参数，然后存入MultiValueMap<String, String>
+     */
+    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
+        Map<String, String[]> parameterMap = request.getParameterMap();
+        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
+        parameterMap.forEach((key, values) -> {
+            if (values.length > 0) {
+                for (String value : values) {
+                    parameters.add(key, value);
+                }
+            }
+        });
+        return parameters;
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationProvider.java

@@ -0,0 +1,319 @@
+package org.jeecg.config.security.password;
+
+import com.alibaba.fastjson.JSONObject;
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CacheConstant;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.exception.JeecgCaptchaException;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.system.vo.SysDepartModel;
+import org.jeecg.common.util.Md5Util;
+import org.jeecg.common.util.PasswordUtil;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.modules.base.service.BaseCommonService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import java.security.Principal;
+import java.time.Instant;
+import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * 密码模式认证处理器，负责处理该认证模式下的核心逻辑
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+@Slf4j
+public class PasswordGrantAuthenticationProvider implements AuthenticationProvider {
+
+    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+
+    private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+    @Autowired
+    private RedisUtil redisUtil;
+    @Autowired
+    private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
+    private BaseCommonService baseCommonService;
+
+    public PasswordGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        PasswordGrantAuthenticationToken passwordGrantAuthenticationToken =  (PasswordGrantAuthenticationToken) authentication;
+        Map<String, Object> additionalParameter = passwordGrantAuthenticationToken.getAdditionalParameters();
+
+        // 授权类型
+        AuthorizationGrantType authorizationGrantType = passwordGrantAuthenticationToken.getGrantType();
+        // 用户名
+        String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
+        // 密码
+        String password = (String) additionalParameter.get(OAuth2ParameterNames.PASSWORD);
+        //请求参数权限范围
+        String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
+        //请求参数权限范围专场集合
+        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
+        // 验证码
+        String captcha = (String) additionalParameter.get("captcha");
+        String checkKey = (String) additionalParameter.get("checkKey");
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(passwordGrantAuthenticationToken);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        // 检查登录失败次数
+        if(isLoginFailOvertimes(username)){
+            throw new JeecgBootException("该用户登录失败次数过多，请于10分钟后再次登录！");
+        }
+
+        if(captcha==null){
+            throw new JeecgBootException("验证码无效");
+        }
+        String lowerCaseCaptcha = captcha.toLowerCase();
+        // 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
+        String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret();
+        String realKey = Md5Util.md5Encode(origin, "utf-8");
+        Object checkCode = redisUtil.get(realKey);
+        //当进入登录页时，有一定几率出现验证码错误 #1714
+        if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "验证码错误");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "非法登录");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        // 通过用户名获取用户信息
+        LoginUser loginUser = commonAPI.getUserByName(username);
+        //update-begin---author:eightmonth ---date:2024-04-30  for：【6168】master分支切sas分支登录发生错误-----------
+        if (Objects.isNull(loginUser) || !StringUtils.hasText(loginUser.getSalt())) {
+            redisUtil.del(CacheConstant.SYS_USERS_CACHE+"::"+username);
+            loginUser = commonAPI.getUserByName(username);
+        }
+        //update-end---author:eightmonth ---date::2024-04-30  for：【6168】master分支切sas分支登录发生错误--------------
+        // 检查用户可行性
+        checkUserIsEffective(loginUser);
+
+        // 不使用spring security passwordEncoder针对密码进行匹配，使用自有加密匹配，针对 spring security使用noop传输
+        password = PasswordUtil.encrypt(username, password, loginUser.getSalt());
+        if (!password.equals(loginUser.getPassword())) {
+            addLoginFailOvertimes(username);
+
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "用户名或密码不正确");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
+
+        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+                .registeredClient(registeredClient)
+                .principal(usernamePasswordAuthenticationToken)
+                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
+                .authorizationGrantType(authorizationGrantType)
+                .authorizedScopes(requestScopeSet)
+                .authorizationGrant(passwordGrantAuthenticationToken);
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
+                .principalName(clientPrincipal.getName())
+                .authorizedScopes(requestScopeSet)
+                .attribute(Principal.class.getName(), username)
+                .authorizationGrantType(authorizationGrantType);
+
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "无法生成访问token，请联系管理系。");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) -> {
+                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
+            });
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+        // ----- Refresh token -----
+        OAuth2RefreshToken refreshToken = null;
+        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
+                // 不向公共客户端颁发刷新令牌
+                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
+
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                Map<String, Object> map = new HashMap<>();
+                map.put("message", "无法生成访问token，请联系管理系。");
+                return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+            }
+
+            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(refreshToken);
+        }
+
+        OAuth2Authorization authorization = authorizationBuilder.build();
+
+        // 保存认证信息至redis
+        authorizationService.save(authorization);
+
+        // 登录成功，删除redis中的验证码
+        redisUtil.del(realKey);
+        redisUtil.del(CommonConstant.LOGIN_FAIL + username);
+        baseCommonService.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
+
+        JSONObject addition = new JSONObject(new LinkedHashMap<>());
+        addition.put("token", accessToken.getTokenValue());
+
+        // 设置租户
+        JSONObject jsonObject = commonAPI.setLoginTenant(username);
+        addition.putAll(jsonObject.getInnerMap());
+
+        // 设置登录用户信息
+        addition.put("userInfo", loginUser);
+        addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
+
+        List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
+        addition.put("departs", departs);
+        if (departs == null || departs.size() == 0) {
+            addition.put("multi_depart", 0);
+        } else if (departs.size() == 1) {
+            commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
+            addition.put("multi_depart", 1);
+        } else {
+            //查询当前是否有登录部门
+            if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
+                commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
+            }
+            addition.put("multi_depart", 2);
+        }
+
+        // 兼容原有shiro登录结果处理
+        Map<String, Object> map = new HashMap<>();
+        map.put("result", addition);
+        map.put("code", 200);
+        map.put("success", true);
+        map.put("timestamp", System.currentTimeMillis());
+
+        // 返回access_token、refresh_token以及其它信息给到前端
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return PasswordGrantAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
+        OAuth2ClientAuthenticationToken clientPrincipal = null;
+        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
+            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
+        }
+        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
+            return clientPrincipal;
+        }
+        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
+    }
+
+    /**
+     * 登录失败超出次数5 返回true
+     * @param username
+     * @return
+     */
+    private boolean isLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        if(failTime!=null){
+            Integer val = Integer.parseInt(failTime.toString());
+            if(val>5){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 记录登录失败次数
+     * @param username
+     */
+    private void addLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        Integer val = 0;
+        if(failTime!=null){
+            val = Integer.parseInt(failTime.toString());
+        }
+        // 10分钟
+        redisUtil.set(key, ++val, 10);
+    }
+
+    /**
+     * 校验用户是否有效
+     */
+    private void checkUserIsEffective(LoginUser loginUser) {
+        //情况1：根据用户信息查询，该用户不存在
+        if (Objects.isNull(loginUser)) {
+            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户不存在，请注册");
+        }
+        //情况2：根据用户信息查询，该用户已注销
+        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
+            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已注销");
+        }
+        //情况3：根据用户信息查询，该用户已冻结
+        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已冻结");
+        }
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationToken.java

@@ -0,0 +1,21 @@
+package org.jeecg.config.security.password;
+
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
+
+import java.util.Map;
+
+/**
+ * 密码模式认证专用token类型，方法spring authorization server进行认证流转，配合convert使用
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+public class PasswordGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
+
+    public PasswordGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
+        super(new AuthorizationGrantType(LoginType.PASSWORD), clientPrincipal, additionalParameters);
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationConvert.java

@@ -0,0 +1,77 @@
+package org.jeecg.config.security.phone;
+
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.AllArgsConstructor;
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 手机号模式认证转换器
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+@AllArgsConstructor
+public class PhoneGrantAuthenticationConvert implements AuthenticationConverter {
+    @Override
+    public Authentication convert(HttpServletRequest request) {
+
+        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
+        if (!LoginType.PHONE.equals(grantType)) {
+            return null;
+        }
+
+        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
+
+        //从request中提取请求参数，然后存入MultiValueMap<String, String>
+        MultiValueMap<String, String> parameters = getParameters(request);
+
+        // 验证码
+        String captcha = parameters.getFirst("captcha");
+        if (!StringUtils.hasText(captcha)) {
+            throw new OAuth2AuthenticationException("无效请求，验证码不能为空！");
+        }
+
+        //收集要传入PhoneGrantAuthenticationToken构造方法的参数，
+        //该参数接下来在PhoneGrantAuthenticationProvider中使用
+        Map<String, Object> additionalParameters = new HashMap<>();
+        //遍历从request中提取的参数，排除掉grant_type、client_id、code等字段参数，其他参数收集到additionalParameters中
+        parameters.forEach((key, value) -> {
+            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
+                    !key.equals(OAuth2ParameterNames.CLIENT_ID) &&
+                    !key.equals(OAuth2ParameterNames.CODE)) {
+                additionalParameters.put(key, value.get(0));
+            }
+        });
+
+        //返回自定义的PhoneGrantAuthenticationToken对象
+        return new PhoneGrantAuthenticationToken(clientPrincipal, additionalParameters);
+
+    }
+
+    /**
+     *从request中提取请求参数，然后存入MultiValueMap<String, String>
+     */
+    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
+        Map<String, String[]> parameterMap = request.getParameterMap();
+        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
+        parameterMap.forEach((key, values) -> {
+            if (values.length > 0) {
+                for (String value : values) {
+                    parameters.add(key, value);
+                }
+            }
+        });
+        return parameters;
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationProvider.java

@@ -0,0 +1,292 @@
+package org.jeecg.config.security.phone;
+
+import com.alibaba.fastjson.JSONObject;
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.exception.JeecgCaptchaException;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.system.vo.SysDepartModel;
+import org.jeecg.common.util.Md5Util;
+import org.jeecg.common.util.PasswordUtil;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
+import org.jeecg.modules.base.service.BaseCommonService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+
+import java.security.Principal;
+import java.time.Instant;
+import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * 手机号模式认证处理器，负责处理该认证模式下的核心逻辑
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+@Slf4j
+public class PhoneGrantAuthenticationProvider implements AuthenticationProvider {
+
+    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+
+    private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+    @Autowired
+    private RedisUtil redisUtil;
+    @Autowired
+    private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
+    private BaseCommonService baseCommonService;
+
+    public PhoneGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        PhoneGrantAuthenticationToken phoneGrantAuthenticationToken =  (PhoneGrantAuthenticationToken) authentication;
+        Map<String, Object> additionalParameter = phoneGrantAuthenticationToken.getAdditionalParameters();
+
+        // 授权类型
+        AuthorizationGrantType authorizationGrantType = phoneGrantAuthenticationToken.getGrantType();
+        // 手机号
+        String phone = (String) additionalParameter.get("mobile");
+
+        if(isLoginFailOvertimes(phone)){
+            throw new JeecgBootException("该用户登录失败次数过多，请于10分钟后再次登录！");
+        }
+
+        //请求参数权限范围
+        String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
+        //请求参数权限范围专场集合
+        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
+        // 验证码
+        String captcha = (String) additionalParameter.get("captcha");
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(phoneGrantAuthenticationToken);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        // 通过手机号获取用户信息
+        LoginUser loginUser = commonAPI.getUserByPhone(phone);
+        // 检查用户可行性
+        checkUserIsEffective(loginUser);
+
+
+        String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone;
+        Object code = redisUtil.get(redisKey);
+
+        if (!captcha.equals(code)) {
+            //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
+            addLoginFailOvertimes(phone);
+
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "手机验证码错误");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+
+        }
+
+        if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "非法登录");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+
+        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
+
+        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+                .registeredClient(registeredClient)
+                .principal(usernamePasswordAuthenticationToken)
+                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
+                .authorizationGrantType(authorizationGrantType)
+                .authorizedScopes(requestScopeSet)
+                .authorizationGrant(phoneGrantAuthenticationToken);
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
+                .principalName(clientPrincipal.getName())
+                .authorizedScopes(requestScopeSet)
+                .attribute(Principal.class.getName(), loginUser.getUsername())
+                .authorizationGrantType(authorizationGrantType);
+
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "无法生成刷新token，请联系管理员。");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+        }
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) -> {
+                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
+            });
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+        // ----- Refresh token -----
+        OAuth2RefreshToken refreshToken = null;
+        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
+                // 不向公共客户端颁发刷新令牌
+                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
+
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                Map<String, Object> map = new HashMap<>();
+                map.put("message", "无法生成刷新token，请联系管理员。");
+                return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+            }
+
+            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(refreshToken);
+        }
+
+        OAuth2Authorization authorization = authorizationBuilder.build();
+
+        // 保存认证信息至redis
+        authorizationService.save(authorization);
+
+        baseCommonService.addLog("用户名: " + loginUser.getUsername() + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
+
+        JSONObject addition = new JSONObject(new LinkedHashMap<>());
+        addition.put("token", accessToken.getTokenValue());
+        // 设置租户
+        JSONObject jsonObject = commonAPI.setLoginTenant(loginUser.getUsername());
+        addition.putAll(jsonObject.getInnerMap());
+
+        // 设置登录用户信息
+        addition.put("userInfo", loginUser);
+        addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
+
+        List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
+        addition.put("departs", departs);
+        if (departs == null || departs.size() == 0) {
+            addition.put("multi_depart", 0);
+        } else if (departs.size() == 1) {
+            commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
+            addition.put("multi_depart", 1);
+        } else {
+            //查询当前是否有登录部门
+            if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
+                commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
+            }
+            addition.put("multi_depart", 2);
+        }
+
+        // 兼容原有shiro登录结果处理
+        Map<String, Object> map = new HashMap<>();
+        map.put("result", addition);
+        map.put("code", 200);
+        map.put("success", true);
+        map.put("timestamp", System.currentTimeMillis());
+
+        // 返回access_token、refresh_token以及其它信息给到前端
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return PhoneGrantAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
+        OAuth2ClientAuthenticationToken clientPrincipal = null;
+        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
+            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
+        }
+        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
+            return clientPrincipal;
+        }
+        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
+    }
+
+    /**
+     * 登录失败超出次数5 返回true
+     * @param username
+     * @return
+     */
+    private boolean isLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        if(failTime!=null){
+            Integer val = Integer.parseInt(failTime.toString());
+            if(val>5){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 记录登录失败次数
+     * @param username
+     */
+    private void addLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        Integer val = 0;
+        if(failTime!=null){
+            val = Integer.parseInt(failTime.toString());
+        }
+        // 10分钟
+        redisUtil.set(key, ++val, 10);
+    }
+
+    /**
+     * 校验用户是否有效
+     */
+    private void checkUserIsEffective(LoginUser loginUser) {
+        //情况1：根据用户信息查询，该用户不存在
+        if (Objects.isNull(loginUser)) {
+            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户不存在，请注册");
+        }
+        //情况2：根据用户信息查询，该用户已注销
+        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
+            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已注销");
+        }
+        //情况3：根据用户信息查询，该用户已冻结
+        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已冻结");
+        }
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationToken.java

@@ -0,0 +1,21 @@
+package org.jeecg.config.security.phone;
+
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
+
+import java.util.Map;
+
+/**
+ * 手机号模式认证专用token类型，方法spring authorization server进行认证流转，配合convert使用
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+public class PhoneGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
+
+    public PhoneGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
+        super(new AuthorizationGrantType(LoginType.PHONE), clientPrincipal, additionalParameters);
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/self/SelfAuthenticationProvider.java

@@ -0,0 +1,187 @@
+package org.jeecg.config.security.self;
+
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.exception.JeecgBoot401Exception;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.modules.base.service.BaseCommonService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.stereotype.Component;
+import org.springframework.util.Assert;
+
+import java.security.Principal;
+import java.time.Instant;
+import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * 自用生成token处理器，不对外开放，外部请求无法通过该方式生成token
+ * @author eightmonth@qq.com
+ * @date 2024/3/19 11:40
+ */
+@Component
+public class SelfAuthenticationProvider implements AuthenticationProvider {
+
+    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+
+    private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+    @Autowired
+    private RedisUtil redisUtil;
+    @Autowired
+    private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
+    private BaseCommonService baseCommonService;
+
+    public SelfAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        SelfAuthenticationToken passwordGrantAuthenticationToken =  (SelfAuthenticationToken) authentication;
+        Map<String, Object> additionalParameter = passwordGrantAuthenticationToken.getAdditionalParameters();
+
+        // 授权类型
+        AuthorizationGrantType authorizationGrantType = passwordGrantAuthenticationToken.getGrantType();
+        // 用户名
+        String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
+        //请求参数权限范围
+        String requestScopesStr = "*";
+        //请求参数权限范围专场集合
+        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(passwordGrantAuthenticationToken);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        // 通过用户名获取用户信息
+//        LoginUser loginUser = commonAPI.getUserByName(username);
+        // 检查用户可行性
+//        checkUserIsEffective(loginUser);
+
+        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(username,clientPrincipal,new ArrayList<>());
+
+        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+                .registeredClient(registeredClient)
+                .principal(usernamePasswordAuthenticationToken)
+                .authorizationGrantType(authorizationGrantType)
+                .authorizedScopes(requestScopeSet)
+                .authorizationGrant(passwordGrantAuthenticationToken);
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
+                .principalName(clientPrincipal.getName())
+                .authorizedScopes(requestScopeSet)
+                .attribute(Principal.class.getName(), username)
+                .authorizationGrantType(authorizationGrantType);
+
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            throw new JeecgBoot401Exception("无法生成刷新token，请联系管理员。");
+        }
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) -> {
+                metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
+            });
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+//         ----- Refresh token -----
+        OAuth2RefreshToken refreshToken = null;
+        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
+                // 不向公共客户端颁发刷新令牌
+                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
+
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                Map<String, Object> map = new HashMap<>();
+                map.put("message", "无法生成刷新token，请联系管理员。");
+                return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+            }
+
+            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(refreshToken);
+        }
+
+        OAuth2Authorization authorization = authorizationBuilder.build();
+
+        // 保存认证信息至redis
+        authorizationService.save(authorization);
+
+        // 返回access_token、refresh_token以及其它信息给到前端
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return SelfAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
+        OAuth2ClientAuthenticationToken clientPrincipal = null;
+        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
+            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
+        }
+        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
+            return clientPrincipal;
+        }
+        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
+    }
+
+    /**
+     * 校验用户是否有效
+     */
+    private void checkUserIsEffective(LoginUser loginUser) {
+        //情况1：根据用户信息查询，该用户不存在
+        if (Objects.isNull(loginUser)) {
+            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户不存在，请注册");
+        }
+        //情况2：根据用户信息查询，该用户已注销
+        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
+            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已注销");
+        }
+        //情况3：根据用户信息查询，该用户已冻结
+        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已冻结");
+        }
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/self/SelfAuthenticationToken.java

@@ -0,0 +1,19 @@
+package org.jeecg.config.security.self;
+
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
+
+import java.util.Map;
+
+/**
+ * 自用生成token，不支持对外请求，仅为程序内部生成token
+ * @author eightmonth
+ * @date 2024/3/19 11:37
+ */
+public class SelfAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
+    public SelfAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
+        super(new AuthorizationGrantType(LoginType.SELF), clientPrincipal, additionalParameters);
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/social/SocialGrantAuthenticationConvert.java

@@ -0,0 +1,81 @@
+package org.jeecg.config.security.social;
+
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.AllArgsConstructor;
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.web.authentication.AuthenticationConverter;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 社交模式认证转换器，配合github、企业微信、钉钉、微信登录使用
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+@AllArgsConstructor
+public class SocialGrantAuthenticationConvert implements AuthenticationConverter {
+    @Override
+    public Authentication convert(HttpServletRequest request) {
+
+        String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
+        if (!LoginType.SOCIAL.equals(grantType)) {
+            return null;
+        }
+
+        Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
+
+        //从request中提取请求参数，然后存入MultiValueMap<String, String>
+        MultiValueMap<String, String> parameters = getParameters(request);
+
+        String token = parameters.getFirst("token");
+        if (!StringUtils.hasText(token)) {
+            throw new OAuth2AuthenticationException("无效请求，三方token不能为空！");
+        }
+
+        String source = parameters.getFirst("thirdType");
+        if (!StringUtils.hasText(source)) {
+            throw new OAuth2AuthenticationException("无效请求，三方来源不能为空！");
+        }
+
+        //收集要传入PhoneGrantAuthenticationToken构造方法的参数，
+        //该参数接下来在PhoneGrantAuthenticationProvider中使用
+        Map<String, Object> additionalParameters = new HashMap<>();
+        //遍历从request中提取的参数，排除掉grant_type、client_id、code等字段参数，其他参数收集到additionalParameters中
+        parameters.forEach((key, value) -> {
+            if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
+                    !key.equals(OAuth2ParameterNames.CLIENT_ID) &&
+                    !key.equals(OAuth2ParameterNames.CODE)) {
+                additionalParameters.put(key, value.get(0));
+            }
+        });
+
+        //返回自定义的PhoneGrantAuthenticationToken对象
+        return new SocialGrantAuthenticationToken(clientPrincipal, additionalParameters);
+
+    }
+
+    /**
+     *从request中提取请求参数，然后存入MultiValueMap<String, String>
+     */
+    private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
+        Map<String, String[]> parameterMap = request.getParameterMap();
+        MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
+        parameterMap.forEach((key, values) -> {
+            if (values.length > 0) {
+                for (String value : values) {
+                    parameters.add(key, value);
+                }
+            }
+        });
+        return parameters;
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/social/SocialGrantAuthenticationProvider.java

@@ -0,0 +1,278 @@
+package org.jeecg.config.security.social;
+
+import com.alibaba.fastjson.JSONObject;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.system.vo.SysDepartModel;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
+import org.jeecg.modules.base.service.BaseCommonService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.*;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
+import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
+import org.springframework.util.Assert;
+
+import java.security.Principal;
+import java.time.Instant;
+import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * 社交模式认证处理器，负责处理该认证模式下的核心逻辑，配合github、企业微信、钉钉、微信登录使用
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+@Slf4j
+public class SocialGrantAuthenticationProvider implements AuthenticationProvider {
+
+    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
+
+    private final OAuth2AuthorizationService authorizationService;
+    private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
+    @Lazy
+    @Autowired
+    private CommonAPI commonAPI;
+    @Autowired
+    private RedisUtil redisUtil;
+    @Autowired
+    private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
+    private BaseCommonService baseCommonService;
+
+    public SocialGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
+        Assert.notNull(authorizationService, "authorizationService cannot be null");
+        Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
+        this.authorizationService = authorizationService;
+        this.tokenGenerator = tokenGenerator;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        SocialGrantAuthenticationToken socialGrantAuthenticationToken =  (SocialGrantAuthenticationToken) authentication;
+        Map<String, Object> additionalParameter = socialGrantAuthenticationToken.getAdditionalParameters();
+
+        // 授权类型
+        AuthorizationGrantType authorizationGrantType = socialGrantAuthenticationToken.getGrantType();
+        // 三方token
+        String token = (String) additionalParameter.get("token");
+        // 三方来源
+        String source = (String) additionalParameter.get("thirdType");
+
+        //请求参数权限范围
+        String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
+        //请求参数权限范围专场集合
+        Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
+
+        DecodedJWT jwt = JWT.decode(token);
+        String username = jwt.getClaim("username").asString();
+
+        // 通过手机号获取用户信息
+        LoginUser loginUser = commonAPI.getUserByName(username);
+        // 检查用户可行性
+        checkUserIsEffective(loginUser);
+
+        OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(socialGrantAuthenticationToken);
+        RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
+
+        if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "非法登录");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+
+        }
+
+        //由于在上面已验证过用户名、密码，现在构建一个已认证的对象UsernamePasswordAuthenticationToken
+        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
+
+        DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
+                .registeredClient(registeredClient)
+                .principal(usernamePasswordAuthenticationToken)
+                .authorizationServerContext(AuthorizationServerContextHolder.getContext())
+                .authorizationGrantType(authorizationGrantType)
+                .authorizedScopes(requestScopeSet)
+                .authorizationGrant(socialGrantAuthenticationToken);
+
+        OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
+                .principalName(clientPrincipal.getName())
+                .authorizedScopes(requestScopeSet)
+                .attribute(Principal.class.getName(), loginUser.getUsername())
+                .authorizationGrantType(authorizationGrantType);
+
+
+        // ----- Access token -----
+        OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
+        OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
+        if (generatedAccessToken == null) {
+            Map<String, Object> map = new HashMap<>();
+            map.put("message", "无法生成访问token，请联系管理系。");
+            return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+
+        }
+        OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
+                generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
+                generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
+        if (generatedAccessToken instanceof ClaimAccessor) {
+            authorizationBuilder.token(accessToken, (metadata) -> {
+                    metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
+            });
+        } else {
+            authorizationBuilder.accessToken(accessToken);
+        }
+
+        // ----- Refresh token -----
+        OAuth2RefreshToken refreshToken = null;
+        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
+                // 不向公共客户端颁发刷新令牌
+                !clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
+
+            tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
+            OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
+            if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
+                Map<String, Object> map = new HashMap<>();
+                map.put("message", "无法生成刷新token，请联系管理员。");
+                return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
+            }
+
+            refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
+            authorizationBuilder.refreshToken(refreshToken);
+        }
+
+        OAuth2Authorization authorization = authorizationBuilder.build();
+
+        // 保存认证信息至redis
+        authorizationService.save(authorization);
+
+        baseCommonService.addLog("用户名: " + loginUser.getUsername() + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
+
+        JSONObject addition = new JSONObject(new LinkedHashMap<>());
+        addition.put("token", accessToken.getTokenValue());
+        // 设置租户
+        JSONObject jsonObject = commonAPI.setLoginTenant(loginUser.getUsername());
+        addition.putAll(jsonObject.getInnerMap());
+
+        // 设置登录用户信息
+        addition.put("userInfo", loginUser);
+        addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
+
+        List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
+        addition.put("departs", departs);
+        if (departs == null || departs.size() == 0) {
+            addition.put("multi_depart", 0);
+        } else if (departs.size() == 1) {
+            commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
+            addition.put("multi_depart", 1);
+        } else {
+            //查询当前是否有登录部门
+            if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
+                commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
+            }
+            addition.put("multi_depart", 2);
+        }
+
+        // 兼容原有shiro登录结果处理
+        Map<String, Object> map = new HashMap<>();
+        map.put("result", addition);
+        map.put("code", 200);
+        map.put("success", true);
+        map.put("timestamp", System.currentTimeMillis());
+
+
+        // 返回access_token、refresh_token以及其它信息给到前端
+        return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return SocialGrantAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
+        OAuth2ClientAuthenticationToken clientPrincipal = null;
+        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
+            clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
+        }
+        if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
+            return clientPrincipal;
+        }
+        throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
+    }
+
+    /**
+     * 登录失败超出次数5 返回true
+     * @param username
+     * @return
+     */
+    private boolean isLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        if(failTime!=null){
+            Integer val = Integer.parseInt(failTime.toString());
+            if(val>5){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 记录登录失败次数
+     * @param username
+     */
+    private void addLoginFailOvertimes(String username){
+        String key = CommonConstant.LOGIN_FAIL + username;
+        Object failTime = redisUtil.get(key);
+        Integer val = 0;
+        if(failTime!=null){
+            val = Integer.parseInt(failTime.toString());
+        }
+        // 10分钟
+        redisUtil.set(key, ++val, 10);
+    }
+
+    /**
+     * 校验用户是否有效
+     */
+    private void checkUserIsEffective(LoginUser loginUser) {
+        //情况1：根据用户信息查询，该用户不存在
+        if (Objects.isNull(loginUser)) {
+            baseCommonService.addLog("用户登录失败，用户不存在！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户不存在，请注册");
+        }
+        //情况2：根据用户信息查询，该用户已注销
+        //update-begin---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+        if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
+            //update-end---author:王帅   Date:20200601  for：if条件永远为falsebug------------
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已注销！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已注销");
+        }
+        //情况3：根据用户信息查询，该用户已冻结
+        if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
+            baseCommonService.addLog("用户登录失败，用户名:" + loginUser.getUsername() + "已冻结！", CommonConstant.LOG_TYPE_1, null);
+            throw new JeecgBootException("该用户已冻结");
+        }
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/social/SocialGrantAuthenticationToken.java

@@ -0,0 +1,21 @@
+package org.jeecg.config.security.social;
+
+import org.jeecg.config.security.LoginType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
+
+import java.util.Map;
+
+/**
+ * 社交模式认证专用token类型，方法spring authorization server进行认证流转，配合convert使用，配合github、企业微信、钉钉、微信登录使用
+ * @author EightMonth
+ * @date 2024/1/1
+ */
+public class SocialGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
+
+    public SocialGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
+        super(new AuthorizationGrantType(LoginType.SOCIAL), clientPrincipal, additionalParameters);
+    }
+
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/utils/SecureUtil.java

@@ -0,0 +1,23 @@
+package org.jeecg.config.security.utils;
+
+import com.alibaba.fastjson2.JSONObject;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.SpringContextUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+/**
+ * 认证信息工具类
+ * @author EightMonth
+ * @date 2024/1/10 17:03
+ */
+public class SecureUtil {
+
+    /**
+     * 通过当前认证信息获取用户信息
+     * @return
+     */
+    public static LoginUser currentUser() {
+        String name = SecurityContextHolder.getContext().getAuthentication().getName();
+        return JSONObject.parseObject(name, LoginUser.class);
+    }
+}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/JwtToken.java

@@ -1,28 +0,0 @@
-package org.jeecg.config.shiro;
- 
-import org.apache.shiro.authc.AuthenticationToken;
-
-/**
- * @Author Scott
- * @create 2018-07-12 15:19
- * @desc
- **/
-public class JwtToken implements AuthenticationToken {
-	
-	private static final long serialVersionUID = 1L;
-	private String token;
- 
-    public JwtToken(String token) {
-        this.token = token;
-    }
- 
-    @Override
-    public Object getPrincipal() {
-        return token;
-    }
- 
-    @Override
-    public Object getCredentials() {
-        return token;
-    }
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java

@@ -1,386 +0,0 @@
-package org.jeecg.config.shiro;
-
-import jakarta.annotation.Resource;
-import jakarta.servlet.DispatcherType;
-import jakarta.servlet.Filter;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
-import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
-import org.apache.shiro.mgt.DefaultSubjectDAO;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.spring.web.ShiroUrlPathHelper;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.crazycake.shiro.*;
-import org.jeecg.common.constant.CommonConstant;
-import org.jeecg.common.util.oConvertUtils;
-import org.jeecg.config.JeecgBaseConfig;
-import org.jeecg.config.shiro.filters.CustomShiroFilterFactoryBean;
-import org.jeecg.config.shiro.filters.JwtFilter;
-import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.*;
-import org.springframework.core.annotation.AnnotationUtils;
-import org.springframework.core.env.Environment;
-import org.springframework.core.type.filter.AnnotationTypeFilter;
-import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
-import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
-import org.springframework.web.bind.annotation.*;
-import org.springframework.web.filter.DelegatingFilterProxy;
-import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
-import redis.clients.jedis.HostAndPort;
-import redis.clients.jedis.JedisCluster;
-
-import java.lang.reflect.Method;
-import java.util.*;
-
-/**
- * @author: Scott
- * @date: 2018/2/7
- * @description: shiro 配置类
- */
-
-@Slf4j
-@Configuration
-public class ShiroConfig {
-
-    @Resource
-    private LettuceConnectionFactory lettuceConnectionFactory;
-    @Autowired
-    private Environment env;
-    @Resource
-    private JeecgBaseConfig jeecgBaseConfig;
-    @Autowired(required = false)
-    private RedisProperties redisProperties;
-    
-    /**
-     * Filter Chain定义说明
-     *
-     * 1、一个URL可以配置多个Filter，使用逗号分隔
-     * 2、当设置多个过滤器时，全部验证通过，才视为通过
-     * 3、部分过滤器可指定参数，如perms，roles
-     */
-    @Bean("shiroFilterFactoryBean")
-    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
-        CustomShiroFilterFactoryBean shiroFilterFactoryBean = new CustomShiroFilterFactoryBean();
-        shiroFilterFactoryBean.setSecurityManager(securityManager);
-        // 拦截器
-        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
-
-        //支持yml方式，配置拦截排除
-        if(jeecgBaseConfig!=null && jeecgBaseConfig.getShiro()!=null){
-            String shiroExcludeUrls = jeecgBaseConfig.getShiro().getExcludeUrls();
-            if(oConvertUtils.isNotEmpty(shiroExcludeUrls)){
-                String[] permissionUrl = shiroExcludeUrls.split(",");
-                for(String url : permissionUrl){
-                    filterChainDefinitionMap.put(url,"anon");
-                }
-            }
-        }
-
-        // 配置不会被拦截的链接 顺序判断
-        filterChainDefinitionMap.put("/sys/cas/client/validateLogin", "anon"); //cas验证登录
-        filterChainDefinitionMap.put("/sys/randomImage/**", "anon"); //登录验证码接口排除
-        filterChainDefinitionMap.put("/sys/checkCaptcha", "anon"); //登录验证码接口排除
-        filterChainDefinitionMap.put("/sys/smsCheckCaptcha", "anon"); //短信次数发送太多验证码排除
-        filterChainDefinitionMap.put("/sys/login", "anon"); //登录接口排除
-        filterChainDefinitionMap.put("/sys/mLogin", "anon"); //登录接口排除
-        filterChainDefinitionMap.put("/sys/logout", "anon"); //登出接口排除
-        filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //第三方登录
-        filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串
-        filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码
-        filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//手机登录
-        filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//校验用户是否存在
-        filterChainDefinitionMap.put("/sys/user/register", "anon");//用户注册
-        filterChainDefinitionMap.put("/sys/user/phoneVerification", "anon");//用户忘记密码验证手机号
-        filterChainDefinitionMap.put("/sys/user/passwordChange", "anon");//用户更改密码
-        filterChainDefinitionMap.put("/auth/2step-code", "anon");//登录验证码
-        filterChainDefinitionMap.put("/sys/common/static/**", "anon");//图片预览 &下载文件不限制token
-        filterChainDefinitionMap.put("/sys/common/pdf/**", "anon");//pdf预览
-
-        //filterChainDefinitionMap.put("/sys/common/view/**", "anon");//图片预览不限制token
-        //filterChainDefinitionMap.put("/sys/common/download/**", "anon");//文件下载不限制token
-        filterChainDefinitionMap.put("/generic/**", "anon");//pdf预览需要文件
-
-        filterChainDefinitionMap.put("/sys/getLoginQrcode/**", "anon"); //登录二维码
-        filterChainDefinitionMap.put("/sys/getQrcodeToken/**", "anon"); //监听扫码
-        filterChainDefinitionMap.put("/sys/checkAuth", "anon"); //授权接口排除
-        filterChainDefinitionMap.put("/openapi/call/**", "anon"); // 开放平台接口排除
-
-        // 代码逻辑说明: 排除静态资源后缀
-        filterChainDefinitionMap.put("/", "anon");
-        filterChainDefinitionMap.put("/doc.html", "anon");
-        filterChainDefinitionMap.put("/**/*.js", "anon");
-        filterChainDefinitionMap.put("/**/*.css", "anon");
-        filterChainDefinitionMap.put("/**/*.html", "anon");
-        filterChainDefinitionMap.put("/**/*.svg", "anon");
-        filterChainDefinitionMap.put("/**/*.pdf", "anon");
-        filterChainDefinitionMap.put("/**/*.jpg", "anon");
-        filterChainDefinitionMap.put("/**/*.png", "anon");
-        filterChainDefinitionMap.put("/**/*.gif", "anon");
-        filterChainDefinitionMap.put("/**/*.ico", "anon");
-        filterChainDefinitionMap.put("/**/*.ttf", "anon");
-        filterChainDefinitionMap.put("/**/*.woff", "anon");
-        filterChainDefinitionMap.put("/**/*.woff2", "anon");
-
-        filterChainDefinitionMap.put("/**/*.glb", "anon");
-        filterChainDefinitionMap.put("/**/*.wasm", "anon");
-
-        filterChainDefinitionMap.put("/druid/**", "anon");
-        filterChainDefinitionMap.put("/swagger-ui.html", "anon");
-        filterChainDefinitionMap.put("/swagger**/**", "anon");
-        filterChainDefinitionMap.put("/webjars/**", "anon");
-        filterChainDefinitionMap.put("/v3/**", "anon");
-
-        filterChainDefinitionMap.put("/sys/annountCement/show/**", "anon");
-
-        //积木报表排除
-        filterChainDefinitionMap.put("/jmreport/**", "anon");
-        filterChainDefinitionMap.put("/**/*.js.map", "anon");
-        filterChainDefinitionMap.put("/**/*.css.map", "anon");
-        
-        //积木BI大屏和仪表盘排除
-        filterChainDefinitionMap.put("/drag/view", "anon");
-        filterChainDefinitionMap.put("/drag/page/queryById", "anon");
-        filterChainDefinitionMap.put("/drag/page/addVisitsNumber", "anon");
-        filterChainDefinitionMap.put("/drag/page/queryTemplateList", "anon");
-        filterChainDefinitionMap.put("/drag/share/view/**", "anon");
-        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getAllChartData", "anon");
-        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getTotalData", "anon");
-        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getMapDataByCode", "anon");
-        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getTotalDataByCompId", "anon");
-        filterChainDefinitionMap.put("/drag/mock/json/**", "anon");
-        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getDictByCodes", "anon");
-        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/queryAllById", "anon");
-        filterChainDefinitionMap.put("/jimubi/view", "anon");
-        filterChainDefinitionMap.put("/jimubi/share/view/**", "anon");
-
-        //大屏模板例子
-        filterChainDefinitionMap.put("/test/bigScreen/**", "anon");
-        filterChainDefinitionMap.put("/bigscreen/template1/**", "anon");
-        filterChainDefinitionMap.put("/bigscreen/template2/**", "anon");
-        //filterChainDefinitionMap.put("/test/jeecgDemo/rabbitMqClientTest/**", "anon"); //MQ测试
-        //filterChainDefinitionMap.put("/test/jeecgDemo/html", "anon"); //模板页面
-        //filterChainDefinitionMap.put("/test/jeecgDemo/redis/**", "anon"); //redis测试
-
-        //websocket排除
-        filterChainDefinitionMap.put("/websocket/**", "anon");//系统通知和公告
-        filterChainDefinitionMap.put("/newsWebsocket/**", "anon");//CMS模块
-        filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTable无痕刷新示例
-        //App vue3版本查询版本接口
-        filterChainDefinitionMap.put("/sys/version/app3version", "anon");
-        //仪表盘（按钮通信）
-        filterChainDefinitionMap.put("/dragChannelSocket/**","anon");
-
-        //性能监控——安全隐患泄露TOEKN（durid连接池也有）
-        //filterChainDefinitionMap.put("/actuator/**", "anon");
-        //测试模块排除
-        filterChainDefinitionMap.put("/test/seata/**", "anon");
-
-        //错误路径排除
-        filterChainDefinitionMap.put("/error", "anon");
-        // 企业微信证书排除
-        filterChainDefinitionMap.put("/WW_verify*", "anon");
-
-        // 添加自己的过滤器并且取名为jwt
-        Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
-        //如果cloudServer为空 则说明是单体 需要加载跨域配置【微服务跨域切换】
-        Object cloudServer = env.getProperty(CommonConstant.CLOUD_SERVER_KEY);
-        filterMap.put("jwt", new JwtFilter(cloudServer==null));
-        shiroFilterFactoryBean.setFilters(filterMap);
-        // <!-- 过滤链定义，从上向下顺序执行，一般将/**放在最为下边
-        filterChainDefinitionMap.put("/**", "jwt");
-
-        // 未授权界面返回JSON
-        shiroFilterFactoryBean.setUnauthorizedUrl("/sys/common/403");
-        shiroFilterFactoryBean.setLoginUrl("/sys/common/403");
-        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
-        return shiroFilterFactoryBean;
-    }
-
-
-    /**
-     * spring过滤装饰器 <br/>
-     * 因为shiro的filter不支持异步请求,导致所有的异步请求都会报错. <br/>
-     * 所以需要用spring的FilterRegistrationBean再代理一下shiro的filter.为他扩展异步支持. <br/>
-     * 后续所有异步的接口都需要再这里增加registration.addUrlPatterns("/xxx/xxx");
-     * @return
-     * @author chenrui
-     * @date 2024/12/3 19:49
-     */
-    @Bean
-    public FilterRegistrationBean shiroFilterRegistration() {
-        FilterRegistrationBean registration = new FilterRegistrationBean();
-        registration.setFilter(new DelegatingFilterProxy("shiroFilterFactoryBean"));
-        registration.setEnabled(true);
-        // 代码逻辑说明: [issues/7491]运行耗时长，效率慢 
-        registration.addUrlPatterns("/test/ai/chat/send");
-        registration.addUrlPatterns("/airag/flow/run");
-        registration.addUrlPatterns("/airag/flow/debug");
-        registration.addUrlPatterns("/airag/chat/send");
-        registration.addUrlPatterns("/airag/app/debug");
-        registration.addUrlPatterns("/airag/app/prompt/generate");
-        registration.addUrlPatterns("/airag/chat/receive/**");
-        //支持异步
-        registration.setAsyncSupported(true);
-        registration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
-        return registration;
-    }
-
-    @Bean("securityManager")
-    public DefaultWebSecurityManager securityManager(ShiroRealm myRealm) {
-        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
-        securityManager.setRealm(myRealm);
-
-        /*
-         * 关闭shiro自带的session，详情见文档
-         * http://shiro.apache.org/session-management.html#SessionManagement-
-         * StatelessApplications%28Sessionless%29
-         */
-        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
-        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
-        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
-        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
-        securityManager.setSubjectDAO(subjectDAO);
-        //自定义缓存实现,使用redis
-        securityManager.setCacheManager(redisCacheManager());
-        return securityManager;
-    }
-
-    /**
-     * 下面的代码是添加注解支持
-     * @return
-     */
-    @Bean
-    @DependsOn("lifecycleBeanPostProcessor")
-    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
-        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
-        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
-        /**
-         * 解决重复代理问题 github#994
-         * 添加前缀判断 不匹配 任何Advisor
-         */
-        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
-        defaultAdvisorAutoProxyCreator.setAdvisorBeanNamePrefix("_no_advisor");
-        return defaultAdvisorAutoProxyCreator;
-    }
-
-    @Bean
-    public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
-        return new LifecycleBeanPostProcessor();
-    }
-
-    @Bean
-    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
-        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
-        advisor.setSecurityManager(securityManager);
-        return advisor;
-    }
-
-    /**
-     * cacheManager 缓存 redis实现
-     * 使用的是shiro-redis开源插件
-     *
-     * @return
-     */
-    public RedisCacheManager redisCacheManager() {
-        log.info("===============(1)创建缓存管理器RedisCacheManager");
-        RedisCacheManager redisCacheManager = new RedisCacheManager();
-        redisCacheManager.setRedisManager(redisManager());
-        //redis中针对不同用户缓存(此处的id需要对应user实体中的id字段,用于唯一标识)
-        redisCacheManager.setPrincipalIdFieldName("id");
-        //用户权限信息缓存时间
-        redisCacheManager.setExpire(200000);
-        return redisCacheManager;
-    }
-
-    /**
-     * RedisConfig在项目starter项目中
-     * jeecg-boot-starter-github\jeecg-boot-common\src\main\java\org\jeecg\common\modules\redis\config\RedisConfig.java
-     * 
-     * 配置shiro redisManager
-     * 使用的是shiro-redis开源插件
-     *
-     * @return
-     */
-    @Bean
-    public IRedisManager redisManager() {
-        log.info("===============(2)创建RedisManager,连接Redis..");
-        IRedisManager manager;
-        // sentinel cluster redis（【issues/5569】shiro集成 redis 不支持 sentinel 方式部署的redis集群 #5569）
-        if (Objects.nonNull(redisProperties)
-                && Objects.nonNull(redisProperties.getSentinel())
-                && !CollectionUtils.isEmpty(redisProperties.getSentinel().getNodes())) {
-            RedisSentinelManager sentinelManager = new RedisSentinelManager();
-            sentinelManager.setMasterName(redisProperties.getSentinel().getMaster());
-            sentinelManager.setHost(String.join(",", redisProperties.getSentinel().getNodes()));
-            sentinelManager.setPassword(redisProperties.getPassword());
-            sentinelManager.setDatabase(redisProperties.getDatabase());
-
-            return sentinelManager;
-        }
-        
-        // redis 单机支持，在集群为空，或者集群无机器时候使用 add by jzyadmin@163.com
-        if (lettuceConnectionFactory.getClusterConfiguration() == null || lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().isEmpty()) {
-            RedisManager redisManager = new RedisManager();
-            redisManager.setHost(lettuceConnectionFactory.getHostName() + ":" + lettuceConnectionFactory.getPort());
-            //(lettuceConnectionFactory.getPort());
-            redisManager.setDatabase(lettuceConnectionFactory.getDatabase());
-            redisManager.setTimeout(0);
-            if (!StringUtils.isEmpty(lettuceConnectionFactory.getPassword())) {
-                redisManager.setPassword(lettuceConnectionFactory.getPassword());
-            }
-            manager = redisManager;
-        }else{
-            // redis集群支持，优先使用集群配置
-            RedisClusterManager redisManager = new RedisClusterManager();
-            Set<HostAndPort> portSet = new HashSet<>();
-            lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().forEach(node -> portSet.add(new HostAndPort(node.getHost() , node.getPort())));
-            //update-begin--Author:scott Date:20210531 for：修改集群模式下未设置redis密码的bug issues/I3QNIC
-            if (oConvertUtils.isNotEmpty(lettuceConnectionFactory.getPassword())) {
-                JedisCluster jedisCluster = new JedisCluster(portSet, 2000, 2000, 5,
-                    lettuceConnectionFactory.getPassword(), new GenericObjectPoolConfig());
-                redisManager.setPassword(lettuceConnectionFactory.getPassword());
-                redisManager.setJedisCluster(jedisCluster);
-            } else {
-                JedisCluster jedisCluster = new JedisCluster(portSet);
-                redisManager.setJedisCluster(jedisCluster);
-            }
-            manager = redisManager;
-        }
-        return manager;
-    }
-
-    /**
-     * 解决 ShiroRequestMappingConfig 获取 requestMappingHandlerMapping Bean 冲突
-     * spring-boot-autoconfigure:3.4.5 和 spring-boot-actuator-autoconfigure:3.4.5
-     */
-    @Primary
-    @Bean
-    public RequestMappingHandlerMapping overridedRequestMappingHandlerMapping() {
-        RequestMappingHandlerMapping mapping = new RequestMappingHandlerMapping();
-        mapping.setUrlPathHelper(new ShiroUrlPathHelper());
-        return mapping;
-    }
-    
-    private List<String> rebuildUrl(String[] bases, String[] uris) {
-        List<String> urls = new ArrayList<>();
-        for (String base : bases) {
-            for (String uri : uris) {
-                urls.add(prefix(base)+prefix(uri));
-            }
-        }
-        return urls;
-    }
-
-    private String prefix(String seg) {
-        return seg.startsWith("/") ? seg : "/"+seg;
-    }
-
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java

@@ -1,239 +0,0 @@
-package org.jeecg.config.shiro;
-
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.SimpleAuthenticationInfo;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.jeecg.common.api.CommonAPI;
-import org.jeecg.common.config.TenantContext;
-import org.jeecg.common.constant.CacheConstant;
-import org.jeecg.common.constant.CommonConstant;
-import org.jeecg.common.system.util.JwtUtil;
-import org.jeecg.common.system.vo.LoginUser;
-import org.jeecg.common.util.RedisUtil;
-import org.jeecg.common.util.SpringContextUtils;
-import org.jeecg.common.util.TokenUtils;
-import org.jeecg.common.util.oConvertUtils;
-import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.Lazy;
-import org.springframework.context.annotation.Role;
-import org.springframework.stereotype.Component;
-
-import jakarta.annotation.Resource;
-import jakarta.servlet.http.HttpServletRequest;
-import java.util.Set;
-
-/**
- * @Description: 用户登录鉴权和获取用户授权
- * @Author: Scott
- * @Date: 2019-4-23 8:13
- * @Version: 1.1
- */
-@Component
-@Slf4j
-@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-public class ShiroRealm extends AuthorizingRealm {
-	@Lazy
-    @Resource
-    private CommonAPI commonApi;
-
-    @Lazy
-    @Resource
-    private RedisUtil redisUtil;
-
-    /**
-     * 必须重写此方法，不然Shiro会报错
-     */
-    @Override
-    public boolean supports(AuthenticationToken token) {
-        return token instanceof JwtToken;
-    }
-
-    /**
-     * 权限信息认证(包括角色以及权限)是用户访问controller的时候才进行验证(redis存储的此处权限信息)
-     * 触发检测用户权限时才会调用此方法，例如checkRole,checkPermission
-     *
-     * @param principals 身份信息
-     * @return AuthorizationInfo 权限信息
-     */
-    @Override
-    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-        log.debug("===============Shiro权限认证开始============ [ roles、permissions]==========");
-        String username = null;
-        String userId = null;
-        if (principals != null) {
-            LoginUser sysUser = (LoginUser) principals.getPrimaryPrincipal();
-            username = sysUser.getUsername();
-            userId = sysUser.getId();
-        }
-        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
-
-        // 设置用户拥有的角色集合，比如“admin,test”
-        Set<String> roleSet = commonApi.queryUserRolesById(userId);
-        //System.out.println(roleSet.toString());
-        info.setRoles(roleSet);
-
-        // 设置用户拥有的权限集合，比如“sys:role:add,sys:user:add”
-        Set<String> permissionSet = commonApi.queryUserAuths(userId);
-        info.addStringPermissions(permissionSet);
-        //System.out.println(permissionSet);
-        log.debug("===============Shiro权限认证成功==============");
-        return info;
-    }
-
-    /**
-     * 用户信息认证是在用户进行登录的时候进行验证(不存redis)
-     * 也就是说验证用户输入的账号和密码是否正确，错误抛出异常
-     *
-     * @param auth 用户登录的账号密码信息
-     * @return 返回封装了用户信息的 AuthenticationInfo 实例
-     * @throws AuthenticationException
-     */
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
-        log.debug("===============Shiro身份认证开始============doGetAuthenticationInfo==========");
-        String token = (String) auth.getCredentials();
-        if (token == null) {
-            HttpServletRequest req = SpringContextUtils.getHttpServletRequest();
-            log.info("————————身份认证失败——————————IP地址:  "+ oConvertUtils.getIpAddrByRequest(req) +"，URL:"+req.getRequestURI());
-            throw new AuthenticationException("token为空!");
-        }
-        // 校验token有效性
-        LoginUser loginUser = null;
-        try {
-            loginUser = this.checkUserTokenIsEffect(token);
-        } catch (AuthenticationException e) {
-            log.error("—————校验 check token 失败——————————"+ e.getMessage(), e);
-            // 重新抛出异常，让JwtFilter统一处理，避免返回两次错误响应
-            throw e;
-        }
-        return new SimpleAuthenticationInfo(loginUser, token, getName());
-    }
-
-    /**
-     * 校验token的有效性
-     *
-     * @param token
-     */
-    public LoginUser checkUserTokenIsEffect(String token) throws AuthenticationException {
-        // 解密获得username，用于和数据库进行对比
-        String username = JwtUtil.getUsername(token);
-        if (username == null) {
-            throw new AuthenticationException("Token非法无效!");
-        }
-
-        // 查询用户信息
-        log.debug("———校验token是否有效————checkUserTokenIsEffect——————— "+ token);
-        LoginUser loginUser = TokenUtils.getLoginUser(username, commonApi, redisUtil);
-        //LoginUser loginUser = commonApi.getUserByName(username);
-        if (loginUser == null) {
-            throw new AuthenticationException("用户不存在!");
-        }
-        // 判断用户状态
-        if (loginUser.getStatus() != 1) {
-            throw new AuthenticationException("账号已被锁定,请联系管理员!");
-        }
-        // 校验token是否超时失效 & 或者账号密码是否错误
-        if (!jwtTokenRefresh(token, username, loginUser.getPassword())) {
-            // 用户登录Token过期提示信息
-            String userLoginTokenErrorMsg = oConvertUtils.getString(redisUtil.get(CommonConstant.PREFIX_USER_TOKEN_ERROR_MSG + token));
-            throw new AuthenticationException(oConvertUtils.isEmpty(userLoginTokenErrorMsg)? CommonConstant.TOKEN_IS_INVALID_MSG: userLoginTokenErrorMsg);
-        }
-        // 代码逻辑说明: 校验用户的tenant_id和前端传过来的是否一致
-        String userTenantIds = loginUser.getRelTenantIds();
-        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && oConvertUtils.isNotEmpty(userTenantIds)){
-            String contextTenantId = TenantContext.getTenant();
-            log.debug("登录租户：" + contextTenantId);
-            log.debug("用户拥有那些租户：" + userTenantIds);
-             //登录用户无租户，前端header中租户ID值为 0
-            String str ="0";
-            if(oConvertUtils.isNotEmpty(contextTenantId) && !str.equals(contextTenantId)){
-                // 代码逻辑说明: /issues/I4O14W 用户租户信息变更判断漏洞
-                String[] arr = userTenantIds.split(",");
-                if(!oConvertUtils.isIn(contextTenantId, arr)){
-                    boolean isAuthorization = false;
-                    //========================================================================
-                    // 查询用户信息（如果租户不匹配从数据库中重新查询一次用户信息）
-                    String loginUserKey = CacheConstant.SYS_USERS_CACHE + "::" + username;
-                    redisUtil.del(loginUserKey);
-                    LoginUser loginUserFromDb = commonApi.getUserByName(username);
-                    if (oConvertUtils.isNotEmpty(loginUserFromDb.getRelTenantIds())) {
-                        String[] newArray = loginUserFromDb.getRelTenantIds().split(",");
-                        if (oConvertUtils.isIn(contextTenantId, newArray)) { 
-                            isAuthorization = true;
-                        }
-                    }
-                    //========================================================================
-
-                    //*********************************************
-                    if(!isAuthorization){
-                        log.info("租户异常——登录租户：" + contextTenantId);
-                        log.info("租户异常——用户拥有租户组：" + userTenantIds);
-                        throw new AuthenticationException("登录租户授权变更，请重新登陆!");
-                    }
-                    //*********************************************
-                }
-            }
-        }
-        return loginUser;
-    }
-
-    /**
-     * JWTToken刷新生命周期 （实现： 用户在线操作不掉线功能）
-     * 1、登录成功后将用户的JWT生成的Token作为k、v存储到cache缓存里面(这时候k、v值一样)，缓存有效期设置为Jwt有效时间的2倍
-     * 2、当该用户再次请求时，通过JWTFilter层层校验之后会进入到doGetAuthenticationInfo进行身份验证
-     * 3、当该用户这次请求jwt生成的token值已经超时，但该token对应cache中的k还是存在，则表示该用户一直在操作只是JWT的token失效了，程序会给token对应的k映射的v值重新生成JWTToken并覆盖v值，该缓存生命周期重新计算
-     * 4、当该用户这次请求jwt在生成的token值已经超时，并在cache中不存在对应的k，则表示该用户账户空闲超时，返回用户信息已失效，请重新登录。
-     * 注意： 前端请求Header中设置Authorization保持不变，校验有效性以缓存中的token为准。
-     *       用户过期时间 = Jwt有效时间 * 2。
-     *
-     * @param userName
-     * @param passWord
-     * @return
-     */
-    public boolean jwtTokenRefresh(String token, String userName, String passWord) {
-        String cacheToken = String.valueOf(redisUtil.get(CommonConstant.PREFIX_USER_TOKEN + token));
-        if (oConvertUtils.isNotEmpty(cacheToken)) {
-            // 校验token有效性
-            if (!JwtUtil.verify(cacheToken, userName, passWord)) {
-                // 从token中解析客户端类型，保持续期时使用相同的客户端类型
-                String clientType = JwtUtil.getClientType(token);
-                String newAuthorization = JwtUtil.sign(userName, passWord, clientType);
-                // 根据客户端类型设置对应的缓存有效时间
-                long expireTime = CommonConstant.CLIENT_TYPE_APP.equalsIgnoreCase(clientType) 
-                    ? JwtUtil.APP_EXPIRE_TIME * 2 / 1000 
-                    : JwtUtil.EXPIRE_TIME * 2 / 1000;
-                redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, newAuthorization);
-                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, expireTime);
-                log.debug("——————————用户在线操作，更新token保证不掉线—————————jwtTokenRefresh——————— "+ token);
-            }
-//			else {
-//				// 设置超时时间
-//				redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, cacheToken);
-//				redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000);
-//			}
-            return true;
-        }
-
-        //redis中不存在此TOEKN，说明token非法返回false
-        return false;
-    }
-
-    /**
-     * 清除当前用户的权限认证缓存
-     *
-     * @param principals 权限信息
-     */
-    @Override
-    public void clearCache(PrincipalCollection principals) {
-        super.clearCache(principals);
-        // 代码逻辑说明: 【TV360X-1320】分配权限必须退出重新登录才生效，造成很多用户困扰---
-        super.clearCachedAuthorizationInfo(principals);
-    }
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/CustomShiroFilterFactoryBean.java

@@ -1,77 +0,0 @@
-package org.jeecg.config.shiro.filters;
-
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.filter.InvalidRequestFilter;
-import org.apache.shiro.web.filter.mgt.DefaultFilter;
-import org.apache.shiro.web.filter.mgt.FilterChainManager;
-import org.apache.shiro.web.filter.mgt.FilterChainResolver;
-import org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver;
-import org.apache.shiro.web.mgt.WebSecurityManager;
-import org.apache.shiro.web.servlet.AbstractShiroFilter;
-import org.apache.shiro.mgt.SecurityManager;
-import org.springframework.beans.factory.BeanInitializationException;
-
-import jakarta.servlet.Filter;
-import java.util.Map;
-
-/**
- * 自定义ShiroFilterFactoryBean解决资源中文路径问题
- * @author: jeecg-boot
- */
-@Slf4j
-public class CustomShiroFilterFactoryBean extends ShiroFilterFactoryBean {
-    @Override
-    public Class getObjectType() {
-        return MySpringShiroFilter.class;
-    }
-
-    @Override
-    protected AbstractShiroFilter createInstance() throws Exception {
-
-        SecurityManager securityManager = getSecurityManager();
-        if (securityManager == null) {
-            String msg = "SecurityManager property must be set.";
-            throw new BeanInitializationException(msg);
-        }
-
-        if (!(securityManager instanceof WebSecurityManager)) {
-            String msg = "The security manager does not implement the WebSecurityManager interface.";
-            throw new BeanInitializationException(msg);
-        }
-
-        FilterChainManager manager = createFilterChainManager();
-        //Expose the constructed FilterChainManager by first wrapping it in a
-        // FilterChainResolver implementation. The AbstractShiroFilter implementations
-        // do not know about FilterChainManagers - only resolvers:
-        PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
-        chainResolver.setFilterChainManager(manager);
-
-        Map<String, Filter> filterMap = manager.getFilters();
-        Filter invalidRequestFilter = filterMap.get(DefaultFilter.invalidRequest.name());
-        if (invalidRequestFilter instanceof InvalidRequestFilter) {
-            //此处是关键,设置false跳过URL携带中文400，servletPath中文校验bug
-            ((InvalidRequestFilter) invalidRequestFilter).setBlockNonAscii(false);
-        }
-        //Now create a concrete ShiroFilter instance and apply the acquired SecurityManager and built
-        //FilterChainResolver.  It doesn't matter that the instance is an anonymous inner class
-        //here - we're just using it because it is a concrete AbstractShiroFilter instance that accepts
-        //injection of the SecurityManager and FilterChainResolver:
-        return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver);
-    }
-
-    private static final class MySpringShiroFilter extends AbstractShiroFilter {
-        protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) {
-            if (webSecurityManager == null) {
-                throw new IllegalArgumentException("WebSecurityManager property cannot be null.");
-            } else {
-                this.setSecurityManager(webSecurityManager);
-                if (resolver != null) {
-                    this.setFilterChainResolver(resolver);
-                }
-
-            }
-        }
-    }
-
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java

@@ -1,132 +0,0 @@
-package org.jeecg.config.shiro.filters;
-
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang.StringUtils;
-import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
-import org.jeecg.common.config.TenantContext;
-import org.jeecg.common.constant.CommonConstant;
-import org.jeecg.common.system.util.JwtUtil;
-import org.jeecg.common.util.oConvertUtils;
-import org.jeecg.config.shiro.JwtToken;
-import org.jeecg.config.shiro.ignore.InMemoryIgnoreAuth;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import jakarta.servlet.ServletRequest;
-import jakarta.servlet.ServletResponse;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
-/**
- * @Description: 鉴权登录拦截器
- * @Author: Scott
- * @Date: 2018/10/7
- **/
-@Slf4j
-public class JwtFilter extends BasicHttpAuthenticationFilter {
-
-    /**
-     * 默认开启跨域设置（使用单体）
-     * 微服务情况下，此属性设置为false
-     */
-    private boolean allowOrigin = true;
-
-    public JwtFilter(){}
-    public JwtFilter(boolean allowOrigin){
-        this.allowOrigin = allowOrigin;
-    }
-
-    /**
-     * 执行登录认证
-     *
-     * @param request
-     * @param response
-     * @param mappedValue
-     * @return
-     */
-    @Override
-    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
-        try {
-            // 判断当前路径是不是注解了@IngoreAuth路径，如果是，则放开验证
-            if (InMemoryIgnoreAuth.contains(((HttpServletRequest) request).getServletPath())) {
-                return true;
-            }
-            
-            executeLogin(request, response);
-            return true;
-        } catch (Exception e) {
-            // 使用异常中的具体错误信息，保留"不允许同一账号多地同时登录"等具体提示
-            String errorMsg = e.getMessage();
-            if (oConvertUtils.isEmpty(errorMsg)) {
-                errorMsg = CommonConstant.TOKEN_IS_INVALID_MSG;
-            }
-            JwtUtil.responseError((HttpServletResponse)response, 401, errorMsg);
-            return false;
-        }
-    }
-
-    /**
-     *
-     */
-    @Override
-    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
-        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
-        String token = httpServletRequest.getHeader(CommonConstant.X_ACCESS_TOKEN);
-        // 代码逻辑说明: JT-355 OA聊天添加token验证，获取token参数
-        if (oConvertUtils.isEmpty(token)) {
-            token = httpServletRequest.getParameter("token");
-        }
-
-        JwtToken jwtToken = new JwtToken(token);
-        // 提交给realm进行登入，如果错误他会抛出异常并被捕获
-        getSubject(request, response).login(jwtToken);
-        // 如果没有抛出异常则代表登入成功，返回true
-        return true;
-    }
-
-    /**
-     * 对跨域提供支持
-     */
-    @Override
-    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
-        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
-        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
-        if(allowOrigin){
-            httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, httpServletRequest.getHeader(HttpHeaders.ORIGIN));
-            // 允许客户端请求方法
-            httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,POST,OPTIONS,PUT,DELETE");
-            // 允许客户端提交的Header
-            String requestHeaders = httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
-            if (StringUtils.isNotEmpty(requestHeaders)) {
-                httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders);
-            }
-            // 允许客户端携带凭证信息(是否允许发送Cookie)
-            httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
-        }
-        // 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
-        if (RequestMethod.OPTIONS.name().equalsIgnoreCase(httpServletRequest.getMethod())) {
-            httpServletResponse.setStatus(HttpStatus.OK.value());
-            return false;
-        }
-        // 代码逻辑说明: 多租户用到
-        String tenantId = httpServletRequest.getHeader(CommonConstant.TENANT_ID);
-        TenantContext.setTenant(tenantId);
-
-        return super.preHandle(request, response);
-    }
-
-    /**
-     * JwtFilter中ThreadLocal需要及时清除 #3634
-     *
-     * @param request
-     * @param response
-     * @param exception
-     * @throws Exception
-     */
-    @Override
-    public void afterCompletion(ServletRequest request, ServletResponse response, Exception exception) throws Exception {
-        //log.info("------清空线程中多租户的ID={}------",TenantContext.getTenant());
-        TenantContext.clear();
-    }
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/ResourceCheckFilter.java

@@ -1,67 +0,0 @@
-package org.jeecg.config.shiro.filters;
-
-import jakarta.servlet.ServletRequest;
-import jakarta.servlet.ServletResponse;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.filter.AccessControlFilter;
-import lombok.extern.slf4j.Slf4j;
-
-/**
- * @Author Scott
- * @create 2019-02-01 15:56
- * @desc 鉴权请求URL访问权限拦截器
- */
-@Slf4j
-public class ResourceCheckFilter extends AccessControlFilter {
-
-    private String errorUrl;
-
-    public String getErrorUrl() {
-        return errorUrl;
-    }
-
-    public void setErrorUrl(String errorUrl) {
-        this.errorUrl = errorUrl;
-    }
-
-    /**
-     * 表示是否允许访问 ，如果允许访问返回true，否则false；
-     *
-     * @param servletRequest
-     * @param servletResponse
-     * @param o               表示写在拦截器中括号里面的字符串 mappedValue 就是 [urls] 配置中拦截器参数部分
-     * @return
-     * @throws Exception
-     */
-    @Override
-    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
-        Subject subject = getSubject(servletRequest, servletResponse);
-        String url = getPathWithinApplication(servletRequest);
-        log.info("当前用户正在访问的 url => " + url);
-        return subject.isPermitted(url);
-    }
-
-    /**
-     * onAccessDenied：表示当访问拒绝时是否已经处理了； 如果返回 true 表示需要继续处理； 如果返回 false
-     * 表示该拦截器实例已经处理了，将直接返回即可。
-     *
-     * @param servletRequest
-     * @param servletResponse
-     * @return
-     * @throws Exception
-     */
-    @Override
-    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        log.info("当 isAccessAllowed 返回 false 的时候，才会执行 method onAccessDenied ");
-
-        HttpServletRequest request = (HttpServletRequest) servletRequest;
-        HttpServletResponse response = (HttpServletResponse) servletResponse;
-        response.sendRedirect(request.getContextPath() + this.errorUrl);
-
-        // 返回 false 表示已经处理，例如页面跳转啥的，表示不在走以下的拦截器了（如果还有配置的话）
-        return false;
-    }
-
-}

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java

@@ -4,7 +4,6 @@ import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.config.shiro.IgnoreAuth;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
@@ -21,7 +20,6 @@ import java.util.stream.Collectors;
  * @date 2024/4/18 11:35
  */
 @Slf4j
-@Lazy(false)
 @Component
 @AllArgsConstructor
 public class IgnoreAuthPostProcessor implements InitializingBean {
@@ -35,15 +33,10 @@ public class IgnoreAuthPostProcessor implements InitializingBean {
         long startTime = System.currentTimeMillis();
         
         List<String> ignoreAuthUrls = new ArrayList<>();
-        
-        // 优化：直接从HandlerMethod过滤，避免重复扫描
-        requestMappingHandlerMapping.getHandlerMethods().values().stream()
-            .filter(handlerMethod -> handlerMethod.getMethod().isAnnotationPresent(IgnoreAuth.class))
-            .forEach(handlerMethod -> {
-                Class<?> clazz = handlerMethod.getBeanType();
-                Method method = handlerMethod.getMethod();
-                ignoreAuthUrls.addAll(processIgnoreAuthMethod(clazz, method));
-            });
+        Set<Class<?>> restControllers = requestMappingHandlerMapping.getHandlerMethods().values().stream().map(HandlerMethod::getBeanType).collect(Collectors.toSet());
+        for (Class<?> restController : restControllers) {
+            ignoreAuthUrls.addAll(postProcessRestController(restController));
+        }
 
         log.info("Init Token ignoreAuthUrls Config [ 集合 ]  ：{}", ignoreAuthUrls);
         if (!CollectionUtils.isEmpty(ignoreAuthUrls)) {
@@ -53,30 +46,44 @@ public class IgnoreAuthPostProcessor implements InitializingBean {
         // 计算方法的耗时
         long endTime = System.currentTimeMillis();
         long elapsedTime = endTime - startTime;
-        log.info("Init Token ignoreAuthUrls Config [ 耗时 ] ：" + elapsedTime + "ms");
+        log.info("Init Token ignoreAuthUrls Config [ 耗时 ] ：" + elapsedTime + "毫秒");
     }
 
-    // 优化：新方法处理单个@IgnoreAuth方法，减少重复注解检查
-    private List<String> processIgnoreAuthMethod(Class<?> clazz, Method method) {
+    private List<String> postProcessRestController(Class<?> clazz) {
+        List<String> ignoreAuthUrls = new ArrayList<>();
         RequestMapping base = clazz.getAnnotation(RequestMapping.class);
         String[] baseUrl = Objects.nonNull(base) ? base.value() : new String[]{};
-        
-        String[] uri = null;
-        if (method.isAnnotationPresent(RequestMapping.class)) {
-            uri = method.getAnnotation(RequestMapping.class).value();
-        } else if (method.isAnnotationPresent(GetMapping.class)) {
-            uri = method.getAnnotation(GetMapping.class).value();
-        } else if (method.isAnnotationPresent(PostMapping.class)) {
-            uri = method.getAnnotation(PostMapping.class).value();
-        } else if (method.isAnnotationPresent(PutMapping.class)) {
-            uri = method.getAnnotation(PutMapping.class).value();
-        } else if (method.isAnnotationPresent(DeleteMapping.class)) {
-            uri = method.getAnnotation(DeleteMapping.class).value();
-        } else if (method.isAnnotationPresent(PatchMapping.class)) {
-            uri = method.getAnnotation(PatchMapping.class).value();
+        Method[] methods = clazz.getDeclaredMethods();
+
+        for (Method method : methods) {
+            if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(RequestMapping.class)) {
+                RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(GetMapping.class)) {
+                GetMapping requestMapping = method.getAnnotation(GetMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PostMapping.class)) {
+                PostMapping requestMapping = method.getAnnotation(PostMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PutMapping.class)) {
+                PutMapping requestMapping = method.getAnnotation(PutMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(DeleteMapping.class)) {
+                DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PatchMapping.class)) {
+                PatchMapping requestMapping = method.getAnnotation(PatchMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            }
         }
-        
-        return uri != null ? rebuildUrl(baseUrl, uri) : Collections.emptyList();
+
+        return ignoreAuthUrls;
     }
 
     private List<String> rebuildUrl(String[] bases, String[] uris) {

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthConfiguration.java

@@ -41,7 +41,7 @@ public class SignAuthConfiguration implements WebMvcConfigurer {
         registry.addInterceptor(signAuthInterceptor()).addPathPatterns(signUrlsArray);
     }
 
-    // 代码逻辑说明: issues/I53J5E post请求X_SIGN签名拦截校验后报错, request body 为空
+    //update-begin-author:taoyan date:20220427 for: issues/I53J5E post请求X_SIGN签名拦截校验后报错, request body 为空
     @Bean
     public RequestBodyReserveFilter requestBodyReserveFilter(){
         return new RequestBodyReserveFilter();
@@ -66,5 +66,6 @@ public class SignAuthConfiguration implements WebMvcConfigurer {
         registration.addUrlPatterns(signUrlsArray);
         return registration;
     }
+    //update-end-author:taoyan date:20220427 for: issues/I53J5E post请求X_SIGN签名拦截校验后报错, request body 为空
 
 }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthInterceptor.java

@@ -33,7 +33,7 @@ public class SignAuthInterceptor implements HandlerInterceptor {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        log.debug("Sign Interceptor request URI = " + request.getRequestURI());
+        log.info("Sign Interceptor request URI = " + request.getRequestURI());
         HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
         //获取全部参数(包括URL和body上的)
         SortedMap<String, String> allParams = HttpUtils.getAllParams(requestWrapper);
@@ -79,7 +79,7 @@ public class SignAuthInterceptor implements HandlerInterceptor {
             log.debug("Sign 签名通过！Header Sign : {}",headerSign);
             return true;
         } else {
-            log.debug("sign allParams: {}", allParams);
+            log.info("sign allParams: {}", allParams);
             log.error("request URI = " + request.getRequestURI());
             log.error("Sign 签名校验失败！Header Sign : {}",headerSign);
             //校验失败返回前端

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/HttpUtils.java

@@ -41,19 +41,19 @@ public class HttpUtils {
         // 获取URL上最后带逗号的参数变量 sys/dict/getDictItems/sys_user,realname,username
         String pathVariable = request.getRequestURI().substring(request.getRequestURI().lastIndexOf("/") + 1);
         if (pathVariable.contains(SymbolConstant.COMMA)) {
-            log.debug(" pathVariable: {}",pathVariable);
+            log.info(" pathVariable: {}",pathVariable);
             String deString = URLDecoder.decode(pathVariable, "UTF-8");
           
             //https://www.52dianzi.com/category/article/37/565371.html
             if(deString.contains("%")){
                 try {
                     deString = URLDecoder.decode(deString, "UTF-8");
-                    log.debug("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
+                    log.info("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
                 } catch (Exception e) {
                     //e.printStackTrace();
                 }
             }
-            log.debug(" pathVariable decode: {}",deString);
+            log.info(" pathVariable decode: {}",deString);
             result.put(SignUtil.X_PATH_VARIABLE, deString);
         }
         // 获取URL上的参数
@@ -91,15 +91,15 @@ public class HttpUtils {
         // 获取URL上最后带逗号的参数变量 sys/dict/getDictItems/sys_user,realname,username
         String pathVariable = url.substring(url.lastIndexOf("/") + 1);
         if (pathVariable.contains(SymbolConstant.COMMA)) {
-            log.debug(" pathVariable: {}",pathVariable);
+            log.info(" pathVariable: {}",pathVariable);
             String deString = URLDecoder.decode(pathVariable, "UTF-8");
            
             //https://www.52dianzi.com/category/article/37/565371.html
             if(deString.contains("%")){
                 deString = URLDecoder.decode(deString, "UTF-8");
-                log.debug("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
+                log.info("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
             }
-            log.debug(" pathVariable decode: {}",deString);
+            log.info(" pathVariable decode: {}",deString);
             result.put(SignUtil.X_PATH_VARIABLE, deString);
         }
         // 获取URL上的参数
@@ -174,10 +174,11 @@ public class HttpUtils {
         String[] params = param.split("&");
         for (String s : params) {
             int index = s.indexOf("=");
-            // 代码逻辑说明: [issues/5879]数据查询传ds=“”造成的异常------------
+            //update-begin---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
             if (index != -1) {
                 result.put(s.substring(0, index), s.substring(index + 1));
             }
+            //update-end---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
         }
         return result;
     }
@@ -201,10 +202,11 @@ public class HttpUtils {
         String[] params = param.split("&");
         for (String s : params) {
             int index = s.indexOf("=");
-            // 代码逻辑说明: [issues/5879]数据查询传ds=“”造成的异常------------
+            //update-begin---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
             if (index != -1) {
                 result.put(s.substring(0, index), s.substring(index + 1));
             }
+            //update-end---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
         }
         return result;
     }

jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/SignUtil.java

@@ -34,7 +34,7 @@ public class SignUtil {
         }
         // 把参数加密
         String paramsSign = getParamsSign(params);
-        log.debug("Param Sign : {}", paramsSign);
+        log.info("Param Sign : {}", paramsSign);
         return !StringUtils.isEmpty(paramsSign) && headerSign.equals(paramsSign);
     }
 
@@ -47,7 +47,7 @@ public class SignUtil {
         //去掉 Url 里的时间戳
         params.remove("_t");
         String paramsJsonStr = JSONObject.toJSONString(params);
-        log.debug("Param paramsJsonStr : {}", paramsJsonStr);
+        log.info("Param paramsJsonStr : {}", paramsJsonStr);
         //设置签名秘钥
         JeecgBaseConfig jeecgBaseConfig = SpringContextUtils.getBean(JeecgBaseConfig.class);
         String signatureSecret = jeecgBaseConfig.getSignatureSecret();