v3.9.0 其他数据库脚本，增加aiflow调试接口权限

AI流程调试接口加权限，存在命令执行漏洞 #9144
解决AI流程两个严重问题
2025-12-08 17:12:28 +08:00 · 2025-12-02 12:19:35 +08:00 · 2025-12-01 15:18:34 +08:00 · 2025-12-01 15:13:18 +08:00 · 2025-12-01 15:13:11 +08:00 · 2025-12-01 13:52:23 +08:00
879 changed files with 130960 additions and 174480 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -10,6 +10,9 @@ assignees: getActivity
 ##### 版本号：


+##### 分支：
+
+
 ##### 问题描述：


--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -6,10 +6,12 @@ assignees: getActivity

 ---

-
 ##### 版本号：


+##### 分支：
+
+
 ##### 问题描述：


--- a/.gitignore
+++ b/.gitignore
@ -13,3 +13,5 @@ os_del.cmd
 os_del_doc.cmd
 .svn
 derby.log
+.cursor
+.history
--- a/README-EN.md
+++ b/README-EN.md
@ -7,12 +7,12 @@
 JEECG BOOT AI Low Code Platform
 ===============

-Current version: 3.8.2 (Release date: 2025-08-04)
+Current version: 3.9.0 (Release date: 2025-12-01)


 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/zhangdaiscott/jeecg-boot/blob/master/LICENSE)
 [![](https://img.shields.io/badge/Author-guojusoft-orange.svg)](http://www.jeecg.com)
-[![](https://img.shields.io/badge/version-3.8.2-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
+[![](https://img.shields.io/badge/version-3.9.0-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/zhangdaiscott/jeecg-boot)

--- a/README-Enterprise.md
+++ b/README-Enterprise.md
@ -10,7 +10,9 @@ JeecgBoot低代码平台(商业版介绍)
 <h3 align="center">企业级AI低代码平台</h3>


-JeecgBoot是一款集成AI应用的，基于BPM流程的低代码平台，旨在帮助企业快速实现低代码开发和构建个性化AI应用！前后端分离架构Ant Design&Vue3，SpringBoot，SpringCloud Alibaba，Mybatis-plus，Shiro。强大的代码生成器让前后端代码一键生成，无需写任何代码！ 引领AI低代码开发模式: AI生成->OnlineCoding-> 代码生成-> 手工MERGE， 帮助Java项目解决80%的重复工作，让开发更多关注业务，提高效率、节省成本，同时又不失灵活性！低代码能力：Online表单、表单设计、流程设计、Online报表、大屏/仪表盘设计、报表设计; AI应用平台功能：AI知识库问答、AI模型管理、AI流程编排、AI聊天等，支持含ChatGPT、DeepSeek、Ollama等多种AI大模型
+JeecgBoot是一款集成AI应用的，基于BPM流程的低代码平台，旨在帮助企业快速实现低代码开发和构建个性化AI应用，支持MCP和插件，实现聊天式业务操作（如 “一句话创建用户”）！
+
+前后端分离架构Ant Design&Vue3，SpringBoot，SpringCloud Alibaba，Mybatis-plus，Shiro。强大的代码生成器让前后端代码一键生成，无需写任何代码！ 引领AI低代码开发模式: AI生成->OnlineCoding-> 代码生成-> 手工MERGE， 帮助Java项目解决80%的重复工作，让开发更多关注业务，提高效率、节省成本，同时又不失灵活性！低代码能力：Online表单、表单设计、流程设计、Online报表、大屏/仪表盘设计、报表设计; AI应用平台功能：AI知识库问答、AI模型管理、AI流程编排、AI聊天等，支持含ChatGPT、DeepSeek、Ollama等多种AI大模型

 JeecgBoot 提供了一系列 `低代码能力`，实现`真正的零代码`在线开发：Online表单开发、Online报表、复杂报表设计、打印设计、在线图表设计、仪表盘设计、大屏设计、移动图表能力、表单设计器、在线设计流程、流程自动化配置、插件能力（可插拔）

--- a/README.md
+++ b/README.md
@ -2,13 +2,13 @@
 JeecgBoot AI低代码平台
 ===============

-当前最新版本： 3.8.3（发布日期：2025-09-22） 
+当前最新版本： 3.9.0（发布日期：2025-12-01） 


 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/jeecgboot/JeecgBoot/blob/master/LICENSE)
 [![](https://img.shields.io/badge/Author-北京国炬软件-orange.svg)](https://jeecg.com)
 [![](https://img.shields.io/badge/blog-技术博客-orange.svg)](https://jeecg.blog.csdn.net)
-[![](https://img.shields.io/badge/version-3.8.3-brightgreen.svg)](https://github.com/jeecgboot/JeecgBoot)
+[![](https://img.shields.io/badge/version-3.9.0-brightgreen.svg)](https://github.com/jeecgboot/JeecgBoot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/jeecgboot/JeecgBoot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/jeecgboot/JeecgBoot)

@ -19,16 +19,21 @@ JeecgBoot AI低代码平台

 <h3 align="center">企业级AI低代码平台</h3>

-JeecgBoot是一款企业级低代码平台集成了AI应用平台功能，旨在帮助开发者快速实现低代码开发和构建、部署个性化的 AI 应用。
-前后端分离架构Ant Design4、Vue3，SpringBoot2/3，SpringCloud Alibaba，Mybatis-plus，Shiro/SpringAuthorizationServer，强大的代码生成器让前后端代码一键生成，无需写任何代码；提供强大的报表和大屏工具，满足企业级数据产品需求！
-引领AI低代码开发模式: AI生成->OnlineCoding-> 代码生成-> 手工MERGE， 帮助Java项目解决80%的重复工作，让开发更多关注业务，提高效率、节省成本，同时又不失灵活性！低代码能力：Online表单、表单设计、流程设计、Online报表、大屏/仪表盘设计、报表设计; AI应用平台功能：AI知识库问答、AI模型管理、AI流程编排、AI聊天等，支持含ChatGPT、DeepSeek、Ollama等多种AI大模型
+JeecgBoot 是一款融合代码生成与AI应用的低代码开发平台，助力企业快速实现低代码开发和构建AI应用。平台支持MCP和插件扩展，提供聊天式业务操作(如“一句话创建用户”)，大幅提升开发效率与用户便捷性。

+采用前后端分离架构（Ant Design&Vue3，SpringBoot3，SpringCloud Alibaba，Mybatis-plus），强大代码生成器实现前后端一键生成，无需手写代码。 
+平台引领AI低代码开发模式：AI生成→在线编码→代码生成→手工合并，解决Java项目80%重复工作，提升效率，节省成本，兼顾灵活性。 
+具备强大且颗粒化的权限控制，支持按钮权限和数据权限设置，满足大型业务系统需求。功能涵盖在线表单、表单设计、流程设计、门户设计、报表与大屏设计、OA办公、AI应用、AI知识库、大模型管理、AI流程编排、AI聊天，支持ChatGPT、DeepSeek、Ollama等多种AI大模型。

-`AI赋能低代码:` 提供一套成熟AI应用平台功能：包含AI应用管理、AI模型管理、AI对话助手、AI知识库问答、AI流程编排、AI流程设计器，AI建表等功能; 支持各种AI大模型ChatGPT、DeepSeek、Ollama、智普、千问等.
+`傻瓜式报表:` JimuReport是一款自主研发的强大开源企业级Web报表工具。它通过零编码的拖拽式操作，赋能用户如同搭积木般轻松构建各类复杂报表，全面满足企业数据可视化与分析需求，助力企业级数据产品的高效打造与应用。

-`JEECG宗旨是:` 简单功能由OnlineCoding零代码搭建，做到`零代码开发`；复杂功能由代码生成器生成进行手工Merge 实现`低代码开发`，既保证了`智能`又兼顾`灵活`，解决了当前低代码产品普遍不灵活的弊端！
+`傻瓜式大屏:` JimuBI一款自主研发的强大的大屏和仪表盘设计工具。专注数字孪生与数据可视化，支持交互式大屏、仪表盘、门户和移动端，实现“一次开发，多端适配”。 大屏设计类Word风格，支持多屏切换，自由拖拽，轻松打造炫酷动态界面。

-`JEECG业务流程:` 采用工作流来实现、扩展出任务接口，供开发编写业务逻辑，表单提供多种解决方案： 表单设计器、online配置表单、编码表单。同时实现了流程与表单的分离设计（松耦合）、并支持任务节点灵活配置，既保证了公司流程的保密性，又减少了开发人员的工作量。
+`成熟AI应用功能:` 提供一套完善AI应用平台: 涵盖AI应用管理、AI模型管理、智能对话助手、知识库问答、流程编排与设计器、AI建表、MCP插件配置等功能。平台兼容主流大模型，包括ChatGPT、DeepSeek、Ollama、智普、千问等，助力企业高效构建智能化应用，推动低代码开发与AI深度融合。
+
+`JEECG宗旨是:` JEECG旨在通过OnlineCoding平台实现简单功能的零代码快速搭建，同时针对复杂功能采用代码生成器生成代码并手工合并，打造智能且灵活的低代码开发模式，有效解决了当前低代码产品普遍缺乏灵活性的问题，提升开发效率的同时兼顾系统的扩展性和定制化能力。
+
+`JEECG业务流程:` JEECG业务流程采用BPM工作流引擎实现业务审批，扩展任务接口供开发人员编写业务逻辑，表单提供表单设计器、在线配置表单和编码表单等多种解决方案。通过流程与表单的分离设计（松耦合）及任务节点的灵活配置，既保障了企业流程的安全性与保密性，又大幅降低了开发人员的工作量。



@ -36,8 +41,8 @@ JeecgBoot是一款企业级低代码平台集成了AI应用平台功能，旨在

 适用项目
 -----------------------------------
-JeecgBoot低代码平台，可以应用在任何J2EE项目的开发中，支持信创国产化。尤其适合SAAS项目、企业信息管理系统（MIS）、内部办公系统（OA）、企业资源计划系统（ERP）、客户关系管理系统（CRM）、AI知识库等，其半智能手工Merge的开发方式，可以显著提高开发效率70%以上，极大降低开发成本。
-又是一个全栈式 AI 开发平台，快速帮助企业构建和部署个性化的 AI 应用。
+JeecgBoot低代码平台兼容所有J2EE项目开发，支持信创国产化，特别适用于SAAS、企业信息管理系统（MIS）、内部办公系统（OA）、企业资源计划系统（ERP）、客户关系管理系统（CRM）及AI知识库等场景。其半智能手工Merge开发模式，可显著提升70%以上的开发效率，极大降低开发成本。同时，JeecgBoot还是一款全栈式AI开发平台，助力企业快速构建和部署个性化AI应用。。
+

 **信创兼容说明**
 - 操作系统：国产麒麟、银河麒麟等国产系统几乎都是基于 Linux 内核，因此它们具有良好的兼容性。
@ -48,15 +53,16 @@ JeecgBoot低代码平台，可以应用在任何J2EE项目的开发中，支持
 版本说明
 -----------------------------------

-|下载                                 | JDK17 + SpringBoot3.3 + Shiro                                               |JDK17 + SpringBoot3.3+ SpringAuthorizationServer   | JDK17/JDK8 + SpringBoot2.7 |
-|------|----------------------------------------------------|-----------------------------------------------------------------------------|--------------------------------------------|
-| Github |  [`springboot3`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3)  | [`springboot3_sas`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3_sas) 分支 |[`master`](https://github.com/jeecgboot/JeecgBoot) 分支|
-| Gitee |  [`springboot3`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3/)      | [`springboot3_sas`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3_sas) 分支 |[`master`](https://gitee.com/jeecg/JeecgBoot)     分支 |
+|下载 | SpringBoot3.5 + Shiro                                   |SpringBoot3.5+ SpringAuthorizationServer | SpringBoot3.5 + Sa-Token | SpringBoot2.7(JDK17/JDK8) |
+|------|---------------------------------------------------------|----------------------------|-------------------|--------------------------------------------|
+| Github | [`main`](https://github.com/jeecgboot/JeecgBoot)        | [`springboot3_sas`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3_sas) 分支  |  [`springboot3-satoken`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3-satoken) 分支|[`springboot2`](https://github.com/jeecgboot/JeecgBoot/tree/springboot2) 分支|
+| Gitee | [`main`](https://github.com/jeecgboot/JeecgBoot) | [`springboot3_sas`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3_sas) 分支|  [`springboot3-satoken`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3-satoken) 分支|[`springboot2`](https://github.com/jeecgboot/JeecgBoot/tree/springboot2)     分支 |


- `jeecg-boot` 是后端JAVA源码项目（支持单体和微服务切换）.
+- `jeecg-boot` 是后端JAVA源码项目Springboot3+Shiro+Mybatis+SpringCloudAlibaba（支持单体和微服务切换）.
 - `jeecgboot-vue3` 是前端VUE3源码项目（vue3+vite6+ts最新技术栈）.
 - `JeecgUniapp`  是[配套APP框架](https://github.com/jeecgboot/JeecgUniapp) 适配多个终端，支持APP、小程序、H5、鸿蒙、鸿蒙Next.
+- `jeecg-boot-starter`  是[jeecg-boot对应的底层封装starter](https://github.com/jeecgboot/jeecg-boot-starter) ：微服务启动、xxljob、分布式锁starter、rabbitmq、分布式事务、分库分表shardingsphere等.
 - 参考 [文档](https://help.jeecg.com/ui/2dev/mini) 可以删除不需要的demo，制作一个精简版本


@ -81,6 +87,7 @@ JeecgBoot低代码平台，可以应用在任何J2EE项目的开发中，支持
 - 官方网站：  [http://www.jeecg.com](http://www.jeecg.com)
 - 在线演示：  [平台演示](https://boot3.jeecg.com) | [APP演示](https://jeecg.com/appIndex)
 - 入门指南：  [快速入门](http://www.jeecg.com/doc/quickstart)  | [代码生成使用](https://help.jeecg.com/java/codegen/online) | [开发文档](https://help.jeecg.com)  | [AI应用手册](https://help.jeecg.com/aigc) | [视频教程](http://jeecg.com/doc/video)
+- AI编程实战视频：  [JEECG低代码与Cursor+GitHub Copilot实现AI高效编程实战](https://www.bilibili.com/video/BV11XyaBVEoH)
 - 技术支持：  [反馈问题](https://github.com/jeecgboot/JeecgBoot/issues/new?template=bug_report.md)    | [低代码体验一分钟](https://jeecg.blog.csdn.net/article/details/106079007) 
 - QQ交流群 ： 964611995、⑩716488839(满)、⑨808791225(满)、其他(满)

@ -102,7 +109,7 @@ JeecgBoot平台提供了一套完善的AI应用管理系统模块，是一套类

 为什么选择JeecgBoot?
 -----------------------------------
- 1.采用最新主流前后分离框架（Spring Boot3 + MyBatis + Shiro//SpringAuthorizationServer + Ant Design4 + Vue3），容易上手；代码生成器依赖性低，灵活的扩展能力，可快速实现二次开发。
+- 1.采用最新主流前后分离框架（Spring Boot3 + MyBatis + Shiro/SpringAuthorizationServer + Ant Design4 + Vue3），容易上手；代码生成器依赖性低，灵活的扩展能力，可快速实现二次开发。
 - 2.前端大版本换代，最新版采用 Vue3.0 + TypeScript + Vite6 + Ant Design Vue4 等新技术方案。
 - 3.支持微服务Spring Cloud Alibaba（Nacos、Gateway、Sentinel、Skywalking），提供简易机制，支持单体和微服务自由切换（这样可以满足各类项目需求）。
 - 4.开发效率高，支持在线建表和AI建表，提供强大代码生成器，单表、树列表、一对多、一对一等数据模型，增删改查功能一键生成，菜单配置直接使用。
@ -155,6 +162,9 @@ JeecgBoot平台提供了一套完善的AI应用管理系统模块，是一套类
 #### 前端

 - 前端环境要求：Node.js要求`Node 20+` 版本以上、pnpm 要求`9+` 版本以上
+
+ ` ( Vite 不再支持已结束生命周期（EOL）的 Node.js 18。现在需要使用 Node.js 20.19+ 或 22.12+)`
+
 - 依赖管理：node、npm、pnpm
 - 前端IDE建议：IDEA、WebStorm、Vscode
 - 采用 Vue3.0+TypeScript+Vite6+Ant-Design-Vue4等新技术方案，包括二次封装组件、utils、hooks、动态菜单、权限校验、按钮级别权限控制等功能
@ -164,16 +174,16 @@ JeecgBoot平台提供了一套完善的AI应用管理系统模块，是一套类
 #### 后端

 - IDE建议： IDEA (必须安装lombok插件 )
- 语言：Java 默认jdk17(支持jdk8、jdk21)
+- 语言：Java 默认jdk17(jdk21、jdk24)
 - 依赖管理：Maven
- 基础框架：Spring Boot 3.5.5/2.7.18
- 微服务框架： Spring Cloud Alibaba 2021.0.6.2
- 持久层框架：MybatisPlus 3.5.3.2
+- 基础框架：Spring Boot 3.5.5
+- 微服务框架： Spring Cloud Alibaba 2023.0.3.3
+- 持久层框架：MybatisPlus 3.5.12
 - 报表工具： JimuReport 2.1.3
- 安全框架：Apache Shiro/SpringAuthorizationServer，Jwt 4.5.0
+- 安全框架：Apache Shiro 2.0.4，Jwt 4.5.0
 - 微服务技术栈：Spring Cloud Alibaba、Nacos、Gateway、Sentinel、Skywalking
- 数据库连接池：阿里巴巴Druid 1.1.24
- AI大模型：支持 `ChatGPT` `DeepSeek`切换
+- 数据库连接池：阿里巴巴Druid 1.2.24
+- AI大模型：支持 `ChatGPT` `DeepSeek` `千问`等各种常规模式
 - 日志打印：logback
 - 缓存：Redis
 - 其他：autopoi, fastjson，poi，Swagger-ui，quartz, lombok（简化代码）等。
--- a/docker-compose-cloud.yml
+++ b/docker-compose-cloud.yml
@ -109,28 +109,33 @@ services:
 #    environment:
 #      RABBITMQ_DEFAULT_USER: guest
 #      RABBITMQ_DEFAULT_PASS: guest
-#  jeecg-boot-sentinel:
-#    restart: on-failure
-#    build:
-#      context: ./jeecg-visual/jeecg-cloud-sentinel
-#    ports:
-#      - 9000:9000
-#    depends_on:
-#      - jeecg-boot-nacos
-#      - jeecg-boot-demo
-#      - jeecg-boot-system
-#      - jeecg-boot-gateway
-#    container_name: jeecg-boot-sentinel
-#    hostname: jeecg-boot-sentinel
-#
-#  jeecg-boot-xxljob:
-#    build:
-#      context: ./jeecg-visual/jeecg-cloud-xxljob
-#    ports:
-#      - 9080:9080
-#    container_name: jeecg-boot-xxljob
-#    hostname: jeecg-boot-xxljob

+  jeecg-boot-sentinel:
+     restart: on-failure
+     build:
+       context: ./jeecg-boot/jeecg-server-cloud/jeecg-visual/jeecg-cloud-sentinel
+     ports:
+       - 9000:9000
+     depends_on:
+       - jeecg-boot-nacos
+       - jeecg-boot-demo
+       - jeecg-boot-system
+       - jeecg-boot-gateway
+     container_name: jeecg-boot-sentinel
+     hostname: jeecg-boot-sentinel
+     networks:
+       - jeecg-boot
+
+  jeecg-boot-xxljob:
+     build:
+       context: ./jeecg-boot/jeecg-server-cloud/jeecg-visual/jeecg-cloud-xxljob
+     ports:
+       - 9080:9080
+     container_name: jeecg-boot-xxljob
+     hostname: jeecg-boot-xxljob
+     networks:
+       - jeecg-boot
+       
  jeecg-vue:
    build:
      context: ./jeecgboot-vue3
--- a/jeecg-boot/README.md
+++ b/jeecg-boot/README.md
@ -2,12 +2,12 @@
 JeecgBoot 低代码开发平台
 ===============

-当前最新版本： 3.8.3（发布日期：2025-09-22） 
+当前最新版本： 3.9.0（发布日期：2025-12-01） 


 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/zhangdaiscott/jeecg-boot/blob/master/LICENSE)
 [![](https://img.shields.io/badge/Author-北京国炬软件-orange.svg)](http://jeecg.com/aboutusIndex)
-[![](https://img.shields.io/badge/version-3.8.3-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
+[![](https://img.shields.io/badge/version-3.9.0-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/zhangdaiscott/jeecg-boot)

@ -16,43 +16,127 @@ JeecgBoot 低代码开发平台
 项目介绍
 -----------------------------------

-<h3 align="center">Java Low Code Platform for Enterprise web applications</h3>
+<h3 align="center">企业级AI低代码平台</h3>
+
+JeecgBoot 是一款基于BPM流程和代码生成的AI低代码平台，助力企业快速实现低代码开发和构建AI应用。
+采用前后端分离架构（Ant Design&Vue3，SpringBoot3，SpringCloud Alibaba，Mybatis-plus），强大代码生成器实现前后端一键生成，无需手写代码。
+平台引领AI低代码开发模式：AI生成→在线编码→代码生成→手工合并，解决Java项目80%重复工作，提升效率，节省成本，兼顾灵活性。
+具备强大且颗粒化的权限控制，支持按钮权限和数据权限设置，满足大型业务系统需求。功能涵盖在线表单、表单设计、流程设计、门户设计、报表与大屏设计、OA办公、AI应用、AI知识库、大模型管理、AI流程编排、AI聊天，支持ChatGPT、DeepSeek、Ollama等多种AI大模型。
+
+`AI赋能报表:` 积木报表是一款自主研发的强大开源企业级Web报表与大屏工具。它通过零编码的拖拽式操作，赋能用户如同搭积木般轻松构建各类复杂报表和数据大屏，全面满足企业数据可视化与分析需求，助力企业级数据产品的高效打造与应用。
+
+`AI赋能低代码:` 提供完善成熟的AI应用平台，涵盖AI应用管理、AI模型管理、智能对话助手、知识库问答、流程编排与设计器、AI建表等多项功能。平台兼容多种主流大模型，包括ChatGPT、DeepSeek、Ollama、智普、千问等，助力企业高效构建智能化应用，推动低代码开发与AI深度融合。
+
+`JEECG宗旨是:` JEECG旨在通过OnlineCoding平台实现简单功能的零代码快速搭建，同时针对复杂功能采用代码生成器生成代码并手工合并，打造智能且灵活的低代码开发模式，有效解决了当前低代码产品普遍缺乏灵活性的问题，提升开发效率的同时兼顾系统的扩展性和定制化能力。
+
+`JEECG业务流程:` JEECG业务流程采用BPM工作流引擎实现业务审批，扩展任务接口供开发人员编写业务逻辑，表单提供表单设计器、在线配置表单和编码表单等多种解决方案。通过流程与表单的分离设计（松耦合）及任务节点的灵活配置，既保障了企业流程的安全性与保密性，又大幅降低了开发人员的工作量。
+
+
+适用项目
+-----------------------------------
+JeecgBoot低代码平台兼容所有J2EE项目开发，支持信创国产化，特别适用于SAAS、企业信息管理系统（MIS）、内部办公系统（OA）、企业资源计划系统（ERP）、客户关系管理系统（CRM）及AI知识库等场景。其半智能手工Merge开发模式，可显著提升70%以上的开发效率，极大降低开发成本。同时，JeecgBoot还是一款全栈式AI开发平台，助力企业快速构建和部署个性化AI应用。。
+
+
+**信创兼容说明**
+- 操作系统：国产麒麟、银河麒麟等国产系统几乎都是基于 Linux 内核，因此它们具有良好的兼容性。
+- 数据库：达梦、人大金仓、TiDB
+- 中间件：东方通 TongWeb、TongRDS，宝兰德 AppServer、CacheDB, [信创配置文档](https://help.jeecg.com/java/tongweb-deploy/)
+

-JeecgBoot 是一款基于代码生成器的`低代码开发平台`！前后端分离架构 SpringBoot2.x和3.x，SpringCloud，Ant Design Vue3，Mybatis-plus，Shiro，JWT，支持微服务。强大的代码生成器让前后端代码一键生成，实现低代码开发!  JeecgBoot 引领新的低代码开发模式(OnlineCoding-> 代码生成器-> 手工MERGE)， 帮助解决Java项目70%的重复工作，让开发更多关注业务。既能快速提高效率，节省研发成本，同时又不失灵活性！


 #### 项目说明

-| 项目名                | 说明                     | 
-|--------------------|------------------------|
-| `jeecg-boot`    | 后端源码JAVA（SpringBoot微服务架构）        |
-| `jeecgboot-vue3` | 前端源码VUE3（vue3+vite5+ts最新技术栈）  |
-
-
-
-技术文档
-----------------------------------
-
- 官方网站：  [http://www.jeecg.com](http://www.jeecg.com)
- 新手指南： [快速入门](http://www.jeecg.com/doc/quickstart)
- QQ交流群 ： 964611995、⑩716488839(满)、⑨808791225(满)、其他(满)
- 在线演示 ：  [在线演示](http://boot3.jeecg.com)   | [APP演示](http://jeecg.com/appIndex)
-> 演示系统的登录账号密码，请点击 [获取账号密码](http://jeecg.com/doc/demo) 获取 
+| 项目名                | 说明                                 | 
+|--------------------|------------------------------------|
+| `jeecg-boot`    | 后端源码JAVA（SpringBoot3微服务架构）         |
+| `jeecgboot-vue3` | 前端源码VUE3（vue3+vite6+antd4+ts最新技术栈） |



 启动项目
 -----------------------------------

- [IDEA启动前后端项目](https://help.jeecg.com/java/setup/idea/startup)
- [Docker一键启动前后端](https://help.jeecg.com/java/docker/quick)
+> 默认账号密码： admin/123456
+
+- [开发环境搭建](https://help.jeecg.com/java/setup/tools)
+- [IDEA启动前后端(单体模式)](https://help.jeecg.com/java/setup/idea/startup)
+- [Docker一键启动(单体模式)](https://help.jeecg.com/java/docker/quick)
+- [IDEA启动前后端(微服务方式)](https://help.jeecg.com/java/springcloud/switchcloud/monomer)
+- [Docker一键启动(微服务方式)](https://help.jeecg.com/java/docker/quickcloud)


-微服务启动
+技术文档
 -----------------------------------
- [单体快速切换微服务](https://help.jeecg.com/java/springcloud/switchcloud/monomer)
- [Docker启动微服务后台](https://help.jeecg.com/java/docker/springcloud)

+- 官方网站：  [http://www.jeecg.com](http://www.jeecg.com)
+- 在线演示：  [平台演示](https://boot3.jeecg.com) | [APP演示](https://jeecg.com/appIndex)
+- 入门指南：  [快速入门](http://www.jeecg.com/doc/quickstart)  | [代码生成使用](https://help.jeecg.com/java/codegen/online) | [开发文档](https://help.jeecg.com)  | [AI应用手册](https://help.jeecg.com/aigc) | [视频教程](http://jeecg.com/doc/video)
+- 技术支持：  [反馈问题](https://github.com/jeecgboot/JeecgBoot/issues/new?template=bug_report.md)    | [低代码体验一分钟](https://jeecg.blog.csdn.net/article/details/106079007)
+- QQ交流群 ： 964611995、⑩716488839(满)、⑨808791225(满)、其他(满)
+
+
+AI 应用平台介绍
+-----------------------------------
+
+一个全栈式 AI 开发平台，旨在帮助开发者快速构建和部署个性化的 AI 应用。
+
+JeecgBoot平台提供了一套完善的AI应用管理系统模块，是一套类似`Dify`的`AIGC应用开发平台`+`知识库问答`，是一款基于LLM大语言模型AI应用平台和 RAG 的知识库问答系统。
+其直观的界面结合了 AI 流程编排、RAG 管道、知识库管理、模型管理、对接向量库、实时运行可观察等，让您可以快速从原型到生产，拥有AI服务能力。
+
+- [详细专题介绍，请点击查看](README-AI.md)
+
+- AI视频介绍
+
+[![](https://jeecgos.oss-cn-beijing.aliyuncs.com/files/jeecg_aivideo.png)](https://www.bilibili.com/video/BV1zmd7YFE4w)
+
+
+为什么选择JeecgBoot?
+-----------------------------------
+- 1.采用最新主流前后分离框架（Spring Boot3 + MyBatis + Shiro/SpringAuthorizationServer + Ant Design4 + Vue3），容易上手；代码生成器依赖性低，灵活的扩展能力，可快速实现二次开发。
+- 2.前端大版本换代，最新版采用 Vue3.0 + TypeScript + Vite6 + Ant Design Vue4 等新技术方案。
+- 3.支持微服务Spring Cloud Alibaba（Nacos、Gateway、Sentinel、Skywalking），提供简易机制，支持单体和微服务自由切换（这样可以满足各类项目需求）。
+- 4.开发效率高，支持在线建表和AI建表，提供强大代码生成器，单表、树列表、一对多、一对一等数据模型，增删改查功能一键生成，菜单配置直接使用。
+- 5.代码生成器提供强大模板机制，支持自定义模板，目前提供四套风格模板（单表两套、树模型一套、一对多三套）。
+- 6.提供强大的报表和大屏可视化工具，支持丰富的数据源连接，能够通过拖拉拽方式快速制作报表、大屏和门户设计；支持多种图表类型：柱形图、折线图、散点图、饼图、环形图、面积图、漏斗图、进度图、仪表盘、雷达图、地图等。
+- 7.低代码能力：在线表单（无需编码，通过在线配置表单，实现表单的增删改查，支持单表、树、一对多、一对一等模型，实现人人皆可编码），在线配置零代码开发、所见即所得支持23种类控件。
+- 8.低代码能力：在线报表、在线图表（无需编码，通过在线配置方式，实现数据报表和图形报表，可以快速抽取数据，减轻开发压力，实现人人皆可编码）。
+- 9.Online支持在线增强开发，提供在线代码编辑器，支持代码高亮、代码提示等功能，支持多种语言（Java、SQL、JavaScript等）。
+- 10.封装完善的用户、角色、菜单、组织机构、数据字典、在线定时任务等基础功能，支持访问授权、按钮权限、数据权限等功能。
+- 11.前端UI提供丰富的组件库，支持各种常用组件，如表格、树形控件、下拉框、日期选择器等，满足各种复杂的业务需求 [UI组件库文档](https://help.jeecg.com/category/ui%E7%BB%84%E4%BB%B6%E5%BA%93)。
+- 12.提供APP配套框架，一份多代码多终端适配，一份代码多终端适配，小程序、H5、安卓、iOS、鸿蒙Next。
+- 13.新版APP框架采用Uniapp、Vue3.0、Vite、Wot-design-uni、TypeScript等最新技术栈，包括二次封装组件、路由拦截、请求拦截等功能。实现了与JeecgBoot完美对接：目前已经实现登录、用户信息、通讯录、公告、移动首页、九宫格、聊天、Online表单、仪表盘等功能，提供了丰富的组件。
+- 14.提供了一套成熟的AI应用平台功能，从AI模型、知识库到AI应用搭建，助力企业快速落地AI服务，加速智能化升级。
+- 15.AI能力：目前JeecgBoot支持AI大模型chatgpt和deepseek，现在最新版默认使用deepseek，速度更快质量更高。目前提供了AI对话助手、AI知识库、AI应用、AI建表、AI报表等功能。
+- 16.提供新行编辑表格JVXETable，轻松满足各种复杂ERP布局，拥有更高的性能、更灵活的扩展、更强大的功能。
+- 17.平台首页风格，提供多种组合模式，支持自定义风格；支持门户设计，支持自定义首页。
+- 18.常用共通封装，各种工具类（定时任务、短信接口、邮件发送、Excel导入导出等），基本满足80%项目需求。
+- 19.简易Excel导入导出，支持单表导出和一对多表模式导出，生成的代码自带导入导出功能。
+- 20.集成智能报表工具，报表打印、图像报表和数据导出非常方便，可极其方便地生成PDF、Excel、Word等报表。
+- 21.采用前后分离技术，页面UI风格精美，针对常用组件做了封装：时间、行表格控件、截取显示控件、报表组件、编辑器等。
+- 22.查询过滤器：查询功能自动生成，后台动态拼SQL追加查询条件；支持多种匹配方式（全匹配/模糊查询/包含查询/不匹配查询）。
+- 23.数据权限（精细化数据权限控制，控制到行级、列表级、表单字段级，实现不同人看不同数据，不同人对同一个页面操作不同字段）。
+- 24.接口安全机制，可细化控制接口授权，非常简便实现不同客户端只看自己数据等控制；也提供了基于AK和SK认证鉴权的OpenAPI功能。
+- 25.活跃的社区支持；近年来，随着网络威胁的日益增加，团队在安全和漏洞管理方面积累了丰富的经验，能够为企业提供全面的安全解决方案。
+- 26.权限控制采用RBAC（Role-Based Access Control，基于角色的访问控制）。
+- 27.页面校验自动生成（必须输入、数字校验、金额校验、时间空间等）。
+- 28.支持SaaS服务模式，提供SaaS多租户架构方案。
+- 29.分布式文件服务，集成MinIO、阿里OSS等优秀的第三方，提供便捷的文件上传与管理，同时也支持本地存储。
+- 30.主流数据库兼容，一套代码完全兼容MySQL、PostgreSQL、Oracle、SQL Server、MariaDB、达梦、人大金仓等主流数据库。
+- 31.集成工作流Flowable，并实现了只需在页面配置流程转向，可极大简化BPM工作流的开发；用BPM的流程设计器画出了流程走向，一个工作流基本就完成了，只需写很少量的Java代码。
+- 32.低代码能力：在线流程设计，采用开源Flowable流程引擎，实现在线画流程、自定义表单、表单挂靠、业务流转。
+- 33.多数据源：极其简易的使用方式，在线配置数据源配置，便捷地从其他数据抓取数据。
+- 34.提供单点登录CAS集成方案，项目中已经提供完善的对接代码。
+- 35.低代码能力：表单设计器，支持用户自定义表单布局，支持单表、一对多表单，支持select、radio、checkbox、textarea、date、popup、列表、宏等控件。
+- 36.专业接口对接机制，统一采用RESTful接口方式，集成Swagger-UI在线接口文档，JWT token安全验证，方便客户端对接。
+- 37.高级组合查询功能，在线配置支持主子表关联查询，可保存查询历史。
+- 38.提供各种系统监控，实时跟踪系统运行情况（监控Redis、Tomcat、JVM、服务器信息、请求追踪、SQL监控）。
+- 39.消息中心（支持短信、邮件、微信推送等）；集成WebSocket消息通知机制。
+- 40.支持多语言，提供国际化方案。
+- 41.数据变更记录日志，可记录数据每次变更内容，通过版本对比功能查看历史变化。
+- 42.提供简单易用的打印插件，支持谷歌、火狐、IE11+等各种浏览器。
+- 43.后端采用Maven分模块开发方式；前端支持菜单动态路由。
+- 44.提供丰富的示例代码，涵盖了常用的业务场景，便于学习和参考。


 技术架构：
@ -61,28 +145,33 @@ JeecgBoot 是一款基于代码生成器的`低代码开发平台`！前后端
 #### 后端

 - IDE建议： IDEA (必须安装lombok插件 )
- 语言：Java 8+ (支持17)
+- 语言：Java 默认jdk17(jdk21、jdk24)
 - 依赖管理：Maven
- 基础框架：Spring Boot 2.7.18
- 微服务框架： Spring Cloud Alibaba 2021.0.1.0
- 持久层框架：MybatisPlus 3.5.3.2
- 报表工具： JimuReport 1.9.4
- 安全框架：Apache Shiro 1.12.0，Jwt 3.11.0
+- 基础框架：Spring Boot 3.5.5
+- 微服务框架： Spring Cloud Alibaba 2023.0.3.3
+- 持久层框架：MybatisPlus 3.5.12
+- 报表工具： JimuReport 2.1.3
+- 安全框架：Apache Shiro 2.0.4，Jwt 4.5.0
 - 微服务技术栈：Spring Cloud Alibaba、Nacos、Gateway、Sentinel、Skywalking
- 数据库连接池：阿里巴巴Druid 1.1.24
+- 数据库连接池：阿里巴巴Druid 1.2.24
+- AI大模型：支持 `ChatGPT` `DeepSeek` `千问`等各种常规模式
 - 日志打印：logback
 - 缓存：Redis
 - 其他：autopoi, fastjson，poi，Swagger-ui，quartz, lombok（简化代码）等。
- 默认数据库脚本：MySQL5.7+
+- 默认提供MySQL5.7+数据库脚本
 - [其他数据库，需要自己转](https://my.oschina.net/jeecg/blog/4905722)


 #### 前端

- 前端IDE建议：WebStorm、Vscode
- 采用 Vue3.0+TypeScript+Vite+Ant-Design-Vue等新技术方案，包括二次封装组件、utils、hooks、动态菜单、权限校验、按钮级别权限控制等功能
- 最新技术栈：Vue3.0 + TypeScript + Vite5 + ant-design-vue4 + pinia + echarts + unocss + vxe-table + qiankun + es6
+- 前端环境要求：Node.js要求`Node 20+` 版本以上、pnpm 要求`9+` 版本以上
+  ` ( Vite 不再支持已结束生命周期（EOL）的 Node.js 18。现在需要使用 Node.js 20.19+ 或 22.12+)`
+
 - 依赖管理：node、npm、pnpm
+- 前端IDE建议：IDEA、WebStorm、Vscode
+- 采用 Vue3.0+TypeScript+Vite6+Ant-Design-Vue4等新技术方案，包括二次封装组件、utils、hooks、动态菜单、权限校验、按钮级别权限控制等功能
+- 最新技术栈：Vue3.0 + TypeScript + Vite6 + ant-design-vue4 + pinia + echarts + unocss + vxe-table + qiankun + es6
+



--- a/jeecg-boot/db/jeecgboot-mysql-5.7.sql
+++ b/jeecg-boot/db/jeecgboot-mysql-5.7.sql
--- a/jeecg-boot/db/tables_nacos.sql
+++ b/jeecg-boot/db/tables_nacos.sql
--- a/jeecg-boot/db/其他数据库脚本/jeecgboot-oracle11g.dmp
+++ b/jeecg-boot/db/其他数据库脚本/jeecgboot-oracle11g.dmp
--- a/jeecg-boot/db/其他数据库脚本/jeecgboot-oracle11g.sql
+++ b/jeecg-boot/db/其他数据库脚本/jeecgboot-oracle11g.sql
--- a/jeecg-boot/db/其他数据库脚本/jeecgboot-postgresql17.sql
+++ b/jeecg-boot/db/其他数据库脚本/jeecgboot-postgresql17.sql
--- a/jeecg-boot/db/其他数据库脚本/jeecgboot-sqlserver2017.sql
+++ b/jeecg-boot/db/其他数据库脚本/jeecgboot-sqlserver2017.sql
--- a/jeecg-boot/db/版本升级说明.md
+++ b/jeecg-boot/db/版本升级说明.md
@ -3,6 +3,7 @@
 > JeecgBoot属于平台级产品，每次升级改动较大，目前做不到平滑升级。

 ### 增量升级方案
+
 #### 1.代码合并
 本地通过svn或git做好主干，在分支上做业务开发，jeecg每次版本发布，可以手工覆盖主干的代码，对比合并代码；

@ -11,5 +12,12 @@
 - 其他库请手工执行SQL, 目录： `jeecg-module-system\jeecg-system-start\src\main\resources\flyway\sql\mysql`
 > 注意： 升级sql只提供mysql版本；如果有权限升级, 还需要手工角色授权，退出重新登录才好使。

-#### 3.兼容问题
+#### 3.其他数据库脚本说明
+  原先官方默认提供oracle和SqlServer的脚本，但是维护成本太高，未提供脚本的数据库，可以参考下面的文档自己转
+   https://my.oschina.net/jeecg/blog/4905722
+   （注意：定时任务的表qrtz_*，需要删掉用原始的脚本重新执行一下）
+   quartz-2.2.3-distribution.tar.gz放到百度网盘中，大家自己下载，执行所需数据库脚本
+   https://pan.baidu.com/s/1WrmZdUuAPg3iBwJ-LoHWyg?pwd=8mdz 
+
+#### 4.兼容问题
 每次发版，会针对不兼容地方重点说明。
--- a/jeecg-boot/docker-compose.yml
+++ b/jeecg-boot/docker-compose.yml
@ -63,6 +63,7 @@ services:
    build:
      context: ./jeecg-module-system/jeecg-system-start
    restart: on-failure
+    mac_address: 02:42:ac:11:00:02
    depends_on:
      - jeecg-boot-mysql
      - jeecg-boot-redis
--- a/jeecg-boot/jeecg-boot-base-core/pom.xml
+++ b/jeecg-boot/jeecg-boot-base-core/pom.xml
@ -2,9 +2,9 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<parent>
-		<groupId>org.jeecgframework.boot</groupId>
+		<groupId>org.jeecgframework.boot3</groupId>
 		<artifactId>jeecg-boot-parent</artifactId>
-		<version>3.8.3</version>
+		<version>3.9.0</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>jeecg-boot-base-core</artifactId>
@ -42,8 +42,14 @@
 	<dependencies>
 		<!--jeecg-tools-->
 		<dependency>
-			<groupId>org.jeecgframework.boot</groupId>
+			<groupId>org.jeecgframework.boot3</groupId>
 			<artifactId>jeecg-boot-common</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-logging</groupId>
+					<artifactId>commons-logging</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<!--集成springmvc框架并实现自动配置 -->
 		<dependency>
@ -98,7 +104,7 @@
 		<!-- mybatis-plus -->
 		<dependency>
 			<groupId>com.baomidou</groupId>
-			<artifactId>mybatis-plus-boot-starter</artifactId>
+			<artifactId>mybatis-plus-spring-boot3-starter</artifactId>
 			<version>${mybatis-plus.version}</version>
 		</dependency>
 		<dependency>
@ -107,22 +113,22 @@
 			<version>${mybatis-plus.version}</version>
 		</dependency>
 		<!-- minidao -->
-		<dependency>
-			<groupId>org.jeecgframework</groupId>
-			<artifactId>minidao-spring-boot-starter-jsqlparser-4.9</artifactId>
-		</dependency>
+        <dependency>
+            <groupId>org.jeecgframework.boot3</groupId>
+            <artifactId>minidao-spring-boot-starter-jsqlparser-4.9</artifactId>
+        </dependency>

 		<!-- druid -->
 		<dependency>
 			<groupId>com.alibaba</groupId>
-			<artifactId>druid-spring-boot-starter</artifactId>
+			<artifactId>druid-spring-boot-3-starter</artifactId>
 			<version>${druid.version}</version>
 		</dependency>

 		<!-- 动态数据源 -->
 		<dependency>
 			<groupId>com.baomidou</groupId>
-			<artifactId>dynamic-datasource-spring-boot-starter</artifactId>
+			<artifactId>dynamic-datasource-spring-boot3-starter</artifactId>
 			<version>${dynamic-datasource-spring-boot-starter.version}</version>
 		</dependency>

@ -173,7 +179,6 @@
 			<artifactId>DmDialect-for-hibernate5.0</artifactId>
 			<version>${dm8.version}</version>
 		</dependency>
-
 		<!-- Quartz定时任务 -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@ -191,7 +196,56 @@
 		<dependency>
 			<groupId>org.apache.shiro</groupId>
 			<artifactId>shiro-spring-boot-starter</artifactId>
+			<classifier>jakarta</classifier>
 			<version>${shiro.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.shiro</groupId>
+					<artifactId>shiro-spring</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.shiro</groupId>
+			<artifactId>shiro-spring</artifactId>
+			<classifier>jakarta</classifier>
+			<version>${shiro.version}</version>
+			<!-- 排除仍使用了javax.servlet的依赖 -->
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.shiro</groupId>
+					<artifactId>shiro-core</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.shiro</groupId>
+					<artifactId>shiro-web</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<!-- 引入适配jakarta的依赖包 -->
+		<dependency>
+			<groupId>org.apache.shiro</groupId>
+			<artifactId>shiro-core</artifactId>
+			<classifier>jakarta</classifier>
+			<version>${shiro.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-beanutils</groupId>
+					<artifactId>commons-beanutils</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.shiro</groupId>
+			<artifactId>shiro-web</artifactId>
+			<classifier>jakarta</classifier>
+			<version>${shiro.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.apache.shiro</groupId>
+					<artifactId>shiro-core</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<!-- shiro-redis -->
 		<dependency>
@ -210,12 +264,16 @@
 			</exclusions>
 		</dependency>

-		<!-- knife4j -->
 		<dependency>
 			<groupId>com.github.xiaoymin</groupId>
-			<artifactId>knife4j-openapi3-spring-boot-starter</artifactId>
+			<artifactId>knife4j-openapi3-ui</artifactId>
 			<version>${knife4j-spring-boot-starter.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springdoc</groupId>
+			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+			<version>2.7.0</version>
+		</dependency>

 		<!-- 代码生成器 -->
 		<!-- 如下载失败，请参考此文档  https://help.jeecg.com/java/setup/maven.html -->
@ -238,7 +296,7 @@
 		<!-- AutoPoi Excel工具类-->
 		<dependency>
 			<groupId>org.jeecgframework</groupId>
-			<artifactId>autopoi-web</artifactId>
+			<artifactId>autopoi-spring-boot-3-starter</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>xerces</groupId>
@ -256,6 +314,14 @@
 					<artifactId>checker-qual</artifactId>
 					<groupId>org.checkerframework</groupId>
 				</exclusion>
+				<exclusion>
+					<groupId>com.google.errorprone</groupId>
+					<artifactId>error_prone_annotations</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.commons</groupId>
+					<artifactId>commons-compress</artifactId>
+				</exclusion>
 			</exclusions>
 		</dependency>

@ -275,6 +341,16 @@
 		<dependency>
 			<groupId>com.xkcoding.justauth</groupId>
 			<artifactId>justauth-spring-boot-starter</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-autoconfigure</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.springframework.boot</groupId>
+					<artifactId>spring-boot-configuration-processor</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>com.squareup.okhttp3</groupId>
@ -300,8 +376,24 @@
 		</dependency>
 		<!-- chatgpt -->
 		<dependency>
-			<groupId>org.jeecgframework.boot</groupId>
+			<groupId>org.jeecgframework.boot3</groupId>
 			<artifactId>jeecg-boot-starter-chatgpt</artifactId>
 		</dependency>
+        <!-- 腾讯云 -->
+        <dependency>
+            <groupId>com.tencentcloudapi</groupId>
+            <artifactId>tencentcloud-sdk-java-sms</artifactId>
+            <version>${tencentcloud-sdk-java-sms.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>javax.xml.bind</groupId>
+					<artifactId>jaxb-api</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>com.squareup.okio</groupId>
+					<artifactId>okio</artifactId>
+				</exclusion>
+			</exclusions>
+        </dependency>
 	</dependencies>
-</project>
+</project>
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java
@ -132,7 +132,6 @@ public interface CommonAPI {
     */
    Map<String, List<DictModel>> translateManyDict(String dictCodes, String keys);

-    //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
    /**
     * 15 字典表的 翻译，可批量
     * @param table
@ -143,7 +142,6 @@ public interface CommonAPI {
     * @return
     */
    List<DictModel> translateDictFromTableByKeys(String table, String text, String code, String keys, String dataSource);
-    //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------

    /**
     * 16 运行AIRag流程
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/ApprovalCommentDTO.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/ApprovalCommentDTO.java
@ -0,0 +1,48 @@
+package org.jeecg.common.api.dto;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.Date;
+
+/**
+ * 流程审批意见DTO
+ * @author scott
+ * @date 2025-01-29
+ */
+@Data
+public class ApprovalCommentDTO implements Serializable {
+    
+    private static final long serialVersionUID = 1L;
+    
+    /**
+     * 任务ID
+     */
+    private String taskId;
+    
+    /**
+     * 任务名称
+     */
+    private String taskName;
+    
+    /**
+     * 审批人ID
+     */
+    private String approverId;
+    
+    /**
+     * 审批人姓名
+     */
+    private String approverName;
+    
+    /**
+     * 审批意见
+     */
+    private String approvalComment;
+    
+    /**
+     * 审批时间
+     */
+    private Date approvalTime;
+}
+
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/FileDownDTO.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/FileDownDTO.java
@ -2,7 +2,7 @@ package org.jeecg.common.api.dto;

 import lombok.Data;

-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.Serializable;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/OnlineAuthDTO.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/OnlineAuthDTO.java
@ -30,12 +30,10 @@ public class OnlineAuthDTO implements Serializable {
     */
    private String onlineFormUrl;

-    //update-begin---author:chenrui ---date:20240123  for：[QQYUN-7992]【online】工单申请下的online表单，未配置online表单开发菜单，操作报错无权限------------
    /**
     * online工单的地址
     */
    private String onlineWorkOrderUrl;
-    //update-end---author:chenrui ---date:20240123  for：[QQYUN-7992]【online】工单申请下的online表单，未配置online表单开发菜单，操作报错无权限------------

    public OnlineAuthDTO(){

--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/PushMessageDTO.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/PushMessageDTO.java
@ -0,0 +1,55 @@
+package org.jeecg.common.api.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 移动端消息推送
+ * @author liusq
+ * @date 2025/11/12 14:11
+ */
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+@Data
+public class PushMessageDTO implements Serializable {
+
+
+    private static final long serialVersionUID = 7431775881170684867L;
+
+    /**
+     * 消息标题
+     */
+    private String title;
+
+    /**
+     * 消息内容
+     */
+    private String content;
+
+    /**
+     * 推送形式：all：全推送 single：单用户推送
+     */
+    private String pushType;
+
+    /**
+     * 用户名usernameList
+     */
+    List<String> usernames;
+
+    /**
+     * 用户名idList
+     */
+    List<String> userIds;
+
+    /**
+     * 消息附加参数
+     */
+    Map<String,Object> payload;
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
@ -20,14 +20,14 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.IpUtils;
 import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
-import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
+import org.springframework.core.StandardReflectionParameterNameDiscoverer;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.multipart.MultipartFile;
-import javax.annotation.Resource;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.annotation.Resource;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.Date;

@ -121,9 +121,8 @@ public class AutoLogAspect {
        if (operateType > 0) {
            return operateType;
        }
-        //update-begin---author:wangshuai ---date:20220331  for：阿里云代码扫描规范(不允许任何魔法值出现在代码中)------------
+        // 代码逻辑说明: 阿里云代码扫描规范(不允许任何魔法值出现在代码中)------------
        return OperateTypeEnum.getTypeByMethodName(methodName);
-        //update-end---author:wangshuai ---date:20220331  for：阿里云代码扫描规范(不允许任何魔法值出现在代码中)------------
    }

    /**
@ -143,14 +142,15 @@ public class AutoLogAspect {
            //  https://my.oschina.net/mengzhang6/blog/2395893
            Object[] arguments  = new Object[paramsArray.length];
            for (int i = 0; i < paramsArray.length; i++) {
-                if (paramsArray[i] instanceof BindingResult || paramsArray[i] instanceof ServletRequest || paramsArray[i] instanceof ServletResponse || paramsArray[i] instanceof MultipartFile) {
+                if (paramsArray[i] instanceof BindingResult || paramsArray[i] instanceof ServletRequest || paramsArray[i] instanceof ServletResponse || paramsArray[i] instanceof MultipartFile || paramsArray[i] instanceof MultipartFile[]) {
                    //ServletRequest不能序列化，从入参里排除，否则报异常：java.lang.IllegalStateException: It is illegal to call this method if the current request is not in asynchronous mode (i.e. isAsyncStarted() returns false)
                    //ServletResponse不能序列化 从入参里排除，否则报异常：java.lang.IllegalStateException: getOutputStream() has already been called for this response
+                    //MultipartFile和MultipartFile[]不能序列化，从入参里排除
                    continue;
                }
                arguments[i] = paramsArray[i];
            }
-            //update-begin-author:taoyan date:20200724 for:日志数据太长的直接过滤掉
+            // 代码逻辑说明: 日志数据太长的直接过滤掉
            PropertyFilter profilter = new PropertyFilter() {
                @Override
                public boolean apply(Object o, String name, Object value) {
@ -165,14 +165,13 @@ public class AutoLogAspect {
                }
            };
            params = JSONObject.toJSONString(arguments, profilter);
-            //update-end-author:taoyan date:20200724 for:日志数据太长的直接过滤掉
        } else {
            MethodSignature signature = (MethodSignature) joinPoint.getSignature();
            Method method = signature.getMethod();
            // 请求的方法参数值
            Object[] args = joinPoint.getArgs();
            // 请求的方法参数名称
-            LocalVariableTableParameterNameDiscoverer u = new LocalVariableTableParameterNameDiscoverer();
+            StandardReflectionParameterNameDiscoverer u= new StandardReflectionParameterNameDiscoverer();
            String[] paramNames = u.getParameterNames(method);
            if (args != null && paramNames != null) {
                for (int i = 0; i < args.length; i++) {
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/DictAspect.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/DictAspect.java
@ -105,29 +105,24 @@ public class DictAspect {
                Map<String, List<String>> dataListMap = new HashMap<>(5);
                //取出结果集
                List<Object> records=((IPage) ((Result) result).getResult()).getRecords();
-                //update-begin--Author:zyf -- Date:20220606 ----for：【VUEN-1230】 判断是否含有字典注解,没有注解返回-----
+                // 代码逻辑说明: 【VUEN-1230】 判断是否含有字典注解,没有注解返回-----
                Boolean hasDict= checkHasDict(records);
                if(!hasDict){
                    return result;
                }

                log.debug(" __ 进入字典翻译切面 DictAspect —— " );
-                //update-end--Author:zyf -- Date:20220606 ----for：【VUEN-1230】 判断是否含有字典注解,没有注解返回-----
                for (Object record : records) {
                    String json="{}";
                    try {
-                        //update-begin--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                        //解决@JsonFormat注解解析不了的问题详见SysAnnouncement类的@JsonFormat
                         json = objectMapper.writeValueAsString(record);
-                        //update-end--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                    } catch (JsonProcessingException e) {
                        log.error("json解析失败"+e.getMessage(),e);
                    }
-                    //update-begin--Author:scott -- Date:20211223 ----for：【issues/3303】restcontroller返回json数据后key顺序错乱 -----
+                    // 代码逻辑说明: 【issues/3303】restcontroller返回json数据后key顺序错乱 -----
                    JSONObject item = JSONObject.parseObject(json, Feature.OrderedField);
-                    //update-end--Author:scott -- Date:20211223 ----for：【issues/3303】restcontroller返回json数据后key顺序错乱 -----

-                    //update-begin--Author:scott -- Date:20190603 ----for：解决继承实体字段无法翻译问题------
                    //for (Field field : record.getClass().getDeclaredFields()) {
                    // 遍历所有字段，把字典Code取出来，放到 map 里
                    for (Field field : oConvertUtils.getAllFields(record)) {
@ -135,7 +130,6 @@ public class DictAspect {
                        if (oConvertUtils.isEmpty(value)) {
                            continue;
                        }
-                    //update-end--Author:scott  -- Date:20190603 ----for：解决继承实体字段无法翻译问题------
                        if (field.getAnnotation(Dict.class) != null) {
                            if (!dictFieldList.contains(field)) {
                                dictFieldList.add(field);
@ -143,26 +137,22 @@ public class DictAspect {
                            String code = field.getAnnotation(Dict.class).dicCode();
                            String text = field.getAnnotation(Dict.class).dicText();
                            String table = field.getAnnotation(Dict.class).dictTable();
-                            //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                            // 代码逻辑说明: [issues/#5643]解决分布式下表字典跨库无法查询问题------------
                            String dataSource = field.getAnnotation(Dict.class).ds();
-                            //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                            List<String> dataList;
                            String dictCode = code;
                            if (!StringUtils.isEmpty(table)) {
-                                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                                // 代码逻辑说明: [issues/#5643]解决分布式下表字典跨库无法查询问题------------
                                dictCode = String.format("%s,%s,%s,%s", table, text, code, dataSource);
-                                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                            }
                            dataList = dataListMap.computeIfAbsent(dictCode, k -> new ArrayList<>());
                            this.listAddAllDeduplicate(dataList, Arrays.asList(value.split(",")));
                        }
                        //date类型默认转换string格式化日期
-                        //update-begin--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                        //if (JAVA_UTIL_DATE.equals(field.getType().getName())&&field.getAnnotation(JsonFormat.class)==null&&item.get(field.getName())!=null){
                            //SimpleDateFormat aDate=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                            // item.put(field.getName(), aDate.format(new Date((Long) item.get(field.getName()))));
                        //}
-                        //update-end--Author:zyf -- Date:20220531 ----for：【issues/#3629】 DictAspect Jackson序列化报错-----
                    }
                    items.add(item);
                }
@ -176,15 +166,12 @@ public class DictAspect {
                        String code = field.getAnnotation(Dict.class).dicCode();
                        String text = field.getAnnotation(Dict.class).dicText();
                        String table = field.getAnnotation(Dict.class).dictTable();
-                        //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                        // 自定义的字典表数据源
                        String dataSource = field.getAnnotation(Dict.class).ds();
-                        //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                        String fieldDictCode = code;
                        if (!StringUtils.isEmpty(table)) {
-                            //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                            // 代码逻辑说明: [issues/#5643]解决分布式下表字典跨库无法查询问题------------
                            fieldDictCode = String.format("%s,%s,%s,%s", table, text, code, dataSource);
-                            //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                        }

                        String value = record.getString(field.getName());
@ -286,25 +273,20 @@ public class DictAspect {
                String[] arr = dictCode.split(",");
                String table = arr[0], text = arr[1], code = arr[2];
                String values = String.join(",", needTranslDataTable);
-                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                // 自定义的数据源
                String dataSource = null;
                if (arr.length > 3) {
                    dataSource = arr[3];
                }
-                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                log.debug("translateDictFromTableByKeys.dictCode:" + dictCode);
                log.debug("translateDictFromTableByKeys.values:" + values);
-                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                
-                //update-begin---author:wangshuai---date:2024-01-09---for:微服务下为空报错没有参数需要传递空字符串---
+                // 代码逻辑说明: 微服务下为空报错没有参数需要传递空字符串---
                if(null == dataSource){
                    dataSource = "";
                }
-                //update-end---author:wangshuai---date:2024-01-09---for:微服务下为空报错没有参数需要传递空字符串---
                
                List<DictModel> texts = commonApi.translateDictFromTableByKeys(table, text, code, values, dataSource);
-                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                log.debug("translateDictFromTableByKeys.result:" + texts);
                List<DictModel> list = translText.computeIfAbsent(dictCode, k -> new ArrayList<>());
                list.addAll(texts);
@ -313,10 +295,8 @@ public class DictAspect {
                for (DictModel dict : texts) {
                    String redisKey = String.format("sys:cache:dictTable::SimpleKey [%s,%s]", dictCode, dict.getValue());
                    try {
-                        // update-begin-author:taoyan date:20211012 for: 字典表翻译注解缓存未更新 issues/3061
                        // 保留5分钟
                        redisTemplate.opsForValue().set(redisKey, dict.getText(), 300, TimeUnit.SECONDS);
-                        // update-end-author:taoyan date:20211012 for: 字典表翻译注解缓存未更新 issues/3061
                    } catch (Exception e) {
                        log.warn(e.getMessage(), e);
                    }
@ -400,7 +380,7 @@ public class DictAspect {
            if (k.trim().length() == 0) {
                continue; //跳过循环
            }
-            //update-begin--Author:scott -- Date:20210531 ----for： !56 优化微服务应用下存在表字段需要字典翻译时加载缓慢问题-----
+            // 代码逻辑说明: !56 优化微服务应用下存在表字段需要字典翻译时加载缓慢问题-----
            if (!StringUtils.isEmpty(table)){
                log.debug("--DictAspect------dicTable="+ table+" ,dicText= "+text+" ,dicCode="+code);
                String keyString = String.format("sys:cache:dictTable::SimpleKey [%s,%s,%s,%s]",table,text,code,k.trim());
@ -425,7 +405,6 @@ public class DictAspect {
                    tmpValue = commonApi.translateDict(code, k.trim());
                }
            }
-            //update-end--Author:scott -- Date:20210531 ----for： !56 优化微服务应用下存在表字段需要字典翻译时加载缓慢问题-----

            if (tmpValue != null) {
                if (!"".equals(textValue.toString())) {
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/PermissionDataAspect.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/PermissionDataAspect.java
@ -21,7 +21,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.List;

@ -57,7 +57,6 @@ public class PermissionDataAspect {
        String requestMethod = request.getMethod();
        String requestPath = request.getRequestURI().substring(request.getContextPath().length());
        requestPath = filterUrl(requestPath);
-        //update-begin-author:taoyan date:20211027 for:JTC-132【online报表权限】online报表带参数的菜单配置数据权限无效
        //先判断是否online报表请求
        if(requestPath.indexOf(UrlMatchEnum.CGREPORT_DATA.getMatchUrl())>=0 || requestPath.indexOf(UrlMatchEnum.CGREPORT_ONLY_DATA.getMatchUrl())>=0){
            // 获取地址栏参数
@ -66,7 +65,6 @@ public class PermissionDataAspect {
                requestPath+="?"+urlParamString;
            }
        }
-        //update-end-author:taoyan date:20211027 for:JTC-132【online报表权限】online报表带参数的菜单配置数据权限无效
        log.debug("拦截请求 >> {} ; 请求类型 >> {} . ", requestPath, requestMethod);
        String username = JwtUtil.getUserNameByToken(request);
        //查询数据权限信息
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/annotation/Dict.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/annotation/Dict.java
@ -41,7 +41,6 @@ public @interface Dict {
    String dictTable() default "";


-    //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
    /**
     * 方法描述: 数据字典表所在数据源名称
     * 作    者： chenrui
@ -50,5 +49,4 @@ public @interface Dict {
     * @return 返回类型： String
     */
    String ds() default "";
-    //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/CommonConstant.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/CommonConstant.java
@ -91,6 +91,23 @@ public interface CommonConstant {
    public static String PREFIX_USER_SHIRO_CACHE  = "shiro:cache:org.jeecg.config.shiro.ShiroRealm.authorizationCache:";
    /** 登录用户Token令牌缓存KEY前缀 */
    String PREFIX_USER_TOKEN  = "prefix_user_token:";
+    /** 登录用户Token令牌作废提示信息，比如 “不允许同一账号多地同时登录，会往这个变量存提示信息” */
+    String PREFIX_USER_TOKEN_ERROR_MSG  = "prefix_user_token:error:msg_";
+
+    /**============================== 【是否允许同一账号多地同时登录】登录客户端类型常量 ==============================*/
+    /** 客户端类型：PC端 */
+    String CLIENT_TYPE_PC = "PC";
+    /** 客户端类型：APP端 */
+    String CLIENT_TYPE_APP = "APP";
+    /** 客户端类型：手机号登录 */
+    String CLIENT_TYPE_PHONE = "PHONE";
+    String PREFIX_USER_TOKEN_PC = "prefix_user_token:single_login:pc:";
+    /** 单点登录：用户在APP端的Token缓存KEY前缀 (username -> token) */
+    String PREFIX_USER_TOKEN_APP = "prefix_user_token:single_login:app:";
+    /** 单点登录：用户在手机号登录的Token缓存KEY前缀 (username -> token) */
+    String PREFIX_USER_TOKEN_PHONE = "prefix_user_token:single_login:phone:";
+    /**============================== 【是否允许同一账号多地同时登录】登录客户端类型常量 ==============================*/
+    
 //    /** Token缓存时间：3600秒即一小时 */
 //    int  TOKEN_EXPIRE_TIME  = 3600;

@ -308,6 +325,10 @@ public interface CommonConstant {
     */
    String SYS_ROLE_ADMIN = "admin";

+    /**
+     * 考勤补卡业务状态 （0：处理中）
+     */
+    String SIGN_PATCH_BIZ_STATUS_0 = "0";
    /**
     * 考勤补卡业务状态 （1：同意  2：不同意）
     */
@ -591,7 +612,6 @@ public interface CommonConstant {
    String ORDER_TYPE_DESC = "DESC";


-   //update-begin---author:scott ---date:2023-09-10  for：积木报表常量----
   /**
    * 报表允许设计开发的角色
    */
@ -606,9 +626,7 @@ public interface CommonConstant {
    * 数据隔离模式： 按照租户隔离
    */
   public static final String SAAS_MODE_TENANT = "tenant";
-   //update-end---author:scott ---date::2023-09-10  for：积木报表常量----
 
-   //update-begin---author:wangshuai---date:2024-04-07---for:修改手机号常量---
   /**
    * 修改手机号短信验证码redis-key的前缀
    */
@ -633,7 +651,6 @@ public interface CommonConstant {
    * 修改手机号
    */
   String UPDATE_PHONE = "updatePhone";
-   //update-end---author:wangshuai---date:2024-04-07---for:修改手机号常量---
    
   /**
    * 修改手机号验证码请求次数超出
@ -709,4 +726,19 @@ public interface CommonConstant {
     * 部门名称redisKey(全路径)
     */
    String DEPART_NAME_REDIS_KEY_PRE = "sys:cache:departPathName:";
+
+    /**
+     * 默认用户排序值
+     */
+    Integer DEFAULT_USER_SORT = 1000;
+
+    /**
+     * 发送短信方式：腾讯
+     */
+    String SMS_SEND_TYPE_TENCENT = "tencent";
+
+    /**
+     * 发送短信方式：阿里云
+     */
+    String SMS_SEND_TYPE_ALI_YUN = "aliyun";
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/ProvinceCityArea.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/ProvinceCityArea.java
@ -39,20 +39,18 @@ public class ProvinceCityArea {
            this.initAreaList();
            if(areaList!=null && areaList.size()>0){
                for(int i=areaList.size()-1;i>=0;i--){
-                    //update-begin-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
+                    // 代码逻辑说明: VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                    String areaText = areaList.get(i).getText();
                    String cityText = areaList.get(i).getAheadText();
                    if(text.indexOf(areaText)>=0 && (cityText!=null && text.indexOf(cityText)>=0)){
                        return areaList.get(i).getId();
                    }
-                    //update-end-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                }
            }
        }
        return null;
    }

-    // update-begin-author:sunjianlei date:20220121 for:【JTC-704】数据导入错误 省市区组件，文件中为北京市，导入后，导为了山西省
    /**
     * 获取省市区code，精准匹配
     * @param texts 文本数组，省，市，区
@ -117,7 +115,6 @@ public class ProvinceCityArea {
        }
        return null;
    }
-    // update-end-author:sunjianlei date:20220121 for:【JTC-704】数据导入错误 省市区组件，文件中为北京市，导入后，导为了山西省

    public void getAreaByCode(String code,List<String> ls){
        for(Area area: areaList){
@ -154,9 +151,8 @@ public class ProvinceCityArea {
                            for(String areaKey:areaJson.keySet()){
                                //System.out.println("········"+areaKey);
                                Area area = new Area(areaKey,areaJson.getString(areaKey),cityKey);
-                                //update-begin-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
+                                // 代码逻辑说明: VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                                area.setAheadText(cityJson.getString(cityKey));
-                                //update-end-author:taoyan date:2022-5-24 for:VUEN-1088 online 导入 省市区导入后 导入数据错乱 北京市/市辖区/西城区-->山西省/晋城市/城区
                                this.areaList.add(area);
                            }
                        }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/NoticeTypeEnum.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/NoticeTypeEnum.java
@ -23,7 +23,11 @@ public enum NoticeTypeEnum {
    /**
     * 督办
     */
-    NOTICE_TYPE_SUPERVISE("督办管理", "supe");
+    NOTICE_TYPE_SUPERVISE("督办管理", "supe"),
+    /**
+     * 考勤
+     */
+    NOTICE_TYPE_ATTENDANCE("考勤消息", "attendance");

    /**
     * 文件类型名称
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/UniPushTypeEnum.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/UniPushTypeEnum.java
@ -0,0 +1,82 @@
+package org.jeecg.common.constant.enums;
+
+import org.jeecg.common.util.oConvertUtils;
+
+/**
+ * UniPush 消息推送枚举
+ * @author: jeecg-boot
+ */
+public enum UniPushTypeEnum {
+    /**
+     * 聊天
+     */
+    CHAT("chat", "聊天消息", "收到%s发来的聊天消息"),
+    /**
+     * 流程跳转到我的任务
+     */
+    BPM("bpm_task", "待办任务", "收到%s待办任务"),
+
+    /**
+     * 流程抄送任务
+     */
+    BPM_VIEW("bpm_cc", "知会任务", "收到%s知会任务"),
+    /**
+     * 系统消息
+     */
+    SYS_MSG("system", "系统消息", "收到一条系统通告");
+
+    /**
+     * 业务类型(chat:聊天 bpm_task:流程 bpm_cc:流程抄送)
+     */
+    private String type;
+    /**
+     * 消息标题
+     */
+    private String title;
+    /**
+     * 消息内容
+     */
+    private String content;
+
+    UniPushTypeEnum(String type, String title, String content) {
+        this.type = type;
+        this.title = title;
+        this.content = content;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public String getTitle() {
+        return title ;
+    }
+
+    public void setTitle(String openType) {
+        this.title = openType;
+    }
+
+    public String getContent() {
+        return content;
+    }
+
+    public void setContent(String content) {
+        this.content = content;
+    }
+
+    public static UniPushTypeEnum getByType(String type) {
+        if (oConvertUtils.isEmpty(type)) {
+            return null;
+        }
+        for (UniPushTypeEnum val : values()) {
+            if (val.getType().equals(type)) {
+                return val;
+            }
+        }
+        return null;
+    }
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/desensitization/aspect/SensitiveDataAspect.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/desensitization/aspect/SensitiveDataAspect.java
@ -73,7 +73,7 @@ public class SensitiveDataAspect {
            SensitiveInfoUtil.handleNestedObject(result, entity, isEncode);
        }
        long endTime=System.currentTimeMillis();
-        log.info((isEncode ? "加密操作，" : "解密操作，") + "Aspect程序耗时：" + (endTime - startTime) + "ms");
+        log.debug((isEncode ? "加密操作，" : "解密操作，") + "Aspect程序耗时：" + (endTime - startTime) + "ms");

        return result;
    }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/es/JeecgElasticsearchTemplate.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/es/JeecgElasticsearchTemplate.java
@ -387,7 +387,7 @@ public class JeecgElasticsearchTemplate {
            data.remove("id");
            bodySb.append(data.toJSONString()).append("\n");
        }
-        System.out.println("+-+-+-: bodySb.toString(): " + bodySb.toString());
+        //System.out.println("+-+-+-: bodySb.toString(): " + bodySb.toString());
        HttpHeaders headers = RestUtil.getHeaderApplicationJson();
        RestUtil.request(url, HttpMethod.PUT, headers, null, bodySb, JSONObject.class);
        return true;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
@ -1,6 +1,8 @@
 package org.jeecg.common.exception;

 import cn.hutool.core.util.ObjectUtil;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.shiro.SecurityUtils;
@ -33,8 +35,6 @@ import org.springframework.web.multipart.MaxUploadSizeExceededException;
 import org.springframework.web.multipart.MultipartException;
 import org.springframework.web.servlet.NoHandlerFoundException;

-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 import java.util.stream.Collectors;

@ -121,13 +121,12 @@ public class JeecgBootExceptionHandler {
 	@ExceptionHandler(Exception.class)
 	public Result<?> handleException(Exception e){
 		log.error(e.getMessage(), e);
-		//update-begin---author:zyf ---date:20220411  for：处理Sentinel限流自定义异常
+		// 代码逻辑说明: 处理Sentinel限流自定义异常
 		Throwable throwable = e.getCause();
 		SentinelErrorInfoEnum errorInfoEnum = SentinelErrorInfoEnum.getErrorByException(throwable);
 		if (ObjectUtil.isNotEmpty(errorInfoEnum)) {
 			return Result.error(errorInfoEnum.getError());
 		}
-		//update-end---author:zyf ---date:20220411  for：处理Sentinel限流自定义异常
 		addSysLog(e);
 		return Result.error("操作失败，"+e.getMessage());
 	}
@ -224,7 +223,6 @@ public class JeecgBootExceptionHandler {
 		return Result.error("校验失败，存在SQL注入风险！" + msg);
 	}

-	//update-begin---author:chenrui ---date:20240423  for：[QQYUN-8732]把错误的日志都抓取了 方便后续处理，单独弄个日志类型------------
 	/**
 	 * 添加异常新系统日志
 	 * @param e 异常
@ -243,7 +241,6 @@ public class JeecgBootExceptionHandler {
        } catch (NullPointerException | BeansException ignored) {
        }
        if (null != request) {
-			//update-begin---author:chenrui ---date:20250408  for：[QQYUN-11716]上传大图片失败没有精确提示------------
 			//请求的参数
 			if (!isTooBigException(e)) {
 				// 文件上传过大异常时不能获取参数,否则会报错
@ -252,7 +249,6 @@ public class JeecgBootExceptionHandler {
 					log.setMethod(oConvertUtils.mapToString(request.getParameterMap()));
 				}
 			}
-			//update-end---author:chenrui ---date:20250408  for：[QQYUN-11716]上传大图片失败没有精确提示------------
            // 请求地址
            log.setRequestUrl(request.getRequestURI());
            //设置IP地址
@ -276,7 +272,6 @@ public class JeecgBootExceptionHandler {

        baseCommonService.addLog(log);
    }
-	//update-end---author:chenrui ---date:20240423  for：[QQYUN-8732]把错误的日志都抓取了 方便后续处理，单独弄个日志类型------------

 	/**
 	 * 是否文件过大异常
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
@ -24,9 +24,9 @@ import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
 import org.springframework.web.servlet.ModelAndView;

-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.*;

@ -68,12 +68,16 @@ public class JeecgController<T, S extends IService<T>> {
        //此处设置的filename无效 ,前端会重更新设置一下
        mv.addObject(NormalExcelConstants.FILE_NAME, title);
        mv.addObject(NormalExcelConstants.CLASS, clazz);
-        //update-begin--Author:liusq  Date:20210126 for：图片导出报错，ImageBasePath未设置--------------------
-        ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title);
+        // 代码逻辑说明: 【QQYUN-13930】统一改成导出xlsx格式---
+        ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title, ExcelType.XSSF);
        exportParams.setImageBasePath(jeecgBaseConfig.getPath().getUpload());
-        //update-end--Author:liusq  Date:20210126 for：图片导出报错，ImageBasePath未设置----------------------
        mv.addObject(NormalExcelConstants.PARAMS,exportParams);
        mv.addObject(NormalExcelConstants.DATA_LIST, exportList);
+        // 代码逻辑说明: 【issues/9052】BasicTable列表页导出excel可以指定列---
+        String exportFields = request.getParameter(NormalExcelConstants.EXPORT_FIELDS);
+        if(oConvertUtils.isNotEmpty(exportFields)){
+            mv.addObject(NormalExcelConstants.EXPORT_FIELDS, exportFields);
+        }
        return mv;
    }
    /**
@ -94,14 +98,12 @@ public class JeecgController<T, S extends IService<T>> {
        // Step.2 计算分页sheet数据
        double total = service.count();
        int count = (int)Math.ceil(total/pageNum);
-        //update-begin-author:liusq---date:20220629--for: 多sheet导出根据选择导出写法调整 ---
        // Step.3  过滤选中数据
        String selections = request.getParameter("selections");
        if (oConvertUtils.isNotEmpty(selections)) {
            List<String> selectionList = Arrays.asList(selections.split(","));
            queryWrapper.in("id",selectionList);
        }
-        //update-end-author:liusq---date:20220629--for: 多sheet导出根据选择导出写法调整 ---
        // Step.4 多sheet处理
        List<Map<String, Object>> listMap = new ArrayList<Map<String, Object>>();
        for (int i = 1; i <=count ; i++) {
@ -220,16 +222,15 @@ public class JeecgController<T, S extends IService<T>> {
            params.setNeedSave(true);
            try {
                List<T> list = ExcelImportUtil.importExcel(file.getInputStream(), clazz, params);
-                //update-begin-author:taoyan date:20190528 for:批量插入数据
+                // 代码逻辑说明: 批量插入数据
                long start = System.currentTimeMillis();
                service.saveBatch(list);
                //400条 saveBatch消耗时间1592毫秒  循环插入消耗时间1947毫秒
                //1200条  saveBatch消耗时间3687毫秒 循环插入消耗时间5212毫秒
                log.info("消耗时间" + (System.currentTimeMillis() - start) + "毫秒");
-                //update-end-author:taoyan date:20190528 for:批量插入数据
                return Result.ok("文件导入成功！数据行数：" + list.size());
            } catch (Exception e) {
-                //update-begin-author:taoyan date:20211124 for: 导入数据重复增加提示
+                // 代码逻辑说明: 导入数据重复增加提示
                String msg = e.getMessage();
                log.error(msg, e);
                if(msg!=null && msg.indexOf("Duplicate entry")>=0){
@ -237,7 +238,6 @@ public class JeecgController<T, S extends IService<T>> {
                }else{
                    return Result.error("文件导入失败:" + e.getMessage());
                }
-                //update-end-author:taoyan date:20211124 for: 导入数据重复增加提示
            } finally {
                try {
                    file.getInputStream().close();
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java
@ -97,7 +97,6 @@ public class QueryGenerator {
 		return queryWrapper;
 	}
 	
-	//update-begin---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
 	/**
 	 * 获取查询条件构造器QueryWrapper实例 通用查询条件已被封装完成
 	 * @param searchObj 查询实体
@ -112,7 +111,6 @@ public class QueryGenerator {
 		log.debug("---查询条件构造器初始化完成,耗时:"+(System.currentTimeMillis()-start)+"毫秒----");
 		return queryWrapper;
 	}
-	//update-end---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------

 	/**
 	 * 组装Mybatis Plus 查询条件
@ -142,7 +140,6 @@ public class QueryGenerator {
 		}
 		
 		String name, type, column;
-		// update-begin--Author:taoyan  Date:20200923 for：issues/1671 如果字段加注解了@TableField(exist = false),不走DB查询-------
 		//定义实体字段和数据库字段名称的映射 高级查询中 只能获取实体字段 如果设置TableField注解 那么查询条件会出问题
 		Map<String,String> fieldColumnMap = new HashMap<>(5);
 		for (int i = 0; i < origDescriptors.length; i++) {
@ -188,7 +185,7 @@ public class QueryGenerator {
 						queryWrapper.and(j -> j.like(field,vals[0]));
 					}
 				}else {
-					//update-begin---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
+					// 代码逻辑说明: [TV360X-378]增加自定义字段查询规则功能------------
 					QueryRuleEnum rule;
 					if(null != customRuleMap && customRuleMap.containsKey(name)) {
 						// 有自定义规则,使用自定义规则.
@ -197,7 +194,6 @@ public class QueryGenerator {
 						//根据参数值带什么关键字符串判断走什么类型的查询
 						 rule = convert2Rule(value);
 					}
-					//update-end---author:chenrui ---date:20240527  for：[TV360X-378]增加自定义字段查询规则功能------------
 					value = replaceValue(rule,value);
 					// add -begin 添加判断为字符串时设为全模糊查询
 					//if( (rule==null || QueryRuleEnum.EQ.equals(rule)) && "class java.lang.String".equals(type)) {
@ -217,7 +213,6 @@ public class QueryGenerator {
 				
 		//高级查询
 		doSuperQuery(queryWrapper, parameterMap, fieldColumnMap);
-		// update-end--Author:taoyan  Date:20200923 for：issues/1671 如果字段加注解了@TableField(exist = false),不走DB查询-------
 		
 	}

@ -260,16 +255,16 @@ public class QueryGenerator {
 		}
 		
 		if(oConvertUtils.isNotEmpty(column)){
-			log.info("单字段排序规则>> column:" + column + ",排序方式:" + order);
+			log.debug("单字段排序规则>> column:" + column + ",排序方式:" + order);
 		}

 		// 1. 列表多字段排序优先
 		if(parameterMap!=null&& parameterMap.containsKey("sortInfoString")) {
 			// 多字段排序
 			String sortInfoString = parameterMap.get("sortInfoString")[0];
-			log.info("多字段排序规则>> sortInfoString:" + sortInfoString);
+			log.debug("多字段排序规则>> sortInfoString:" + sortInfoString);
 			List<OrderItem> orderItemList = SqlConcatUtil.getQueryConditionOrders(column, order, sortInfoString);
-			log.info(orderItemList.toString());
+			log.debug(orderItemList.toString());
 			if (orderItemList != null && !orderItemList.isEmpty()) {
 				for (OrderItem item : orderItemList) {
 					// 一、获取排序数据库字段
@ -321,13 +316,11 @@ public class QueryGenerator {
 			return;
 		}
 		
-		//update-begin-author:scott date:2022-11-07 for:避免用户自定义表无默认字段{创建时间}，导致排序报错
 		//TODO 避免用户自定义表无默认字段创建时间，导致排序报错
 		if(DataBaseConstant.CREATE_TIME.equals(column) && !fieldColumnMap.containsKey(DataBaseConstant.CREATE_TIME)){
 			column = "id";
 			log.warn("检测到实体里没有字段createTime，改成采用ID排序！");
 		}
-		//update-end-author:scott date:2022-11-07 for:避免用户自定义表无默认字段{创建时间}，导致排序报错
 		
 		if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
 			//字典字段，去掉字典翻译文本后缀
@ -335,15 +328,12 @@ public class QueryGenerator {
 				column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX));
 			}

-			//update-begin-author:taoyan date:2022-5-16 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 			//判断column是不是当前实体的
 			log.debug("当前字段有："+ allFields);
 			if (!allColumnExist(column, allFields)) {
 				throw new JeecgBootException("请注意，将要排序的列字段不存在：" + column);
 			}
-			//update-end-author:taoyan date:2022-5-16 for: issues/3676 获取系统用户列表时，使用SQL注入生效

-			//update-begin-author:scott date:2022-10-10 for:【jeecg-boot/issues/I5FJU6】doMultiFieldsOrder() 多字段排序方法存在问题
 			//多字段排序方法没有读取 MybatisPlus 注解 @TableField 里 value 的值
 			if (column.contains(",")) {
 				List<String> columnList = Arrays.asList(column.split(","));
@ -354,12 +344,10 @@ public class QueryGenerator {
 			}else{
 				column = fieldColumnMap.get(column);
 			}
-			//update-end-author:scott date:2022-10-10 for:【jeecg-boot/issues/I5FJU6】doMultiFieldsOrder() 多字段排序方法存在问题

 			//SQL注入check
 			SqlInjectionUtil.filterContentMulti(column);

-			//update-begin--Author:scott  Date:20210531 for：36 多条件排序无效问题修正-------
 			// 排序规则修改
 			// 将现有排序 _ 前端传递排序条件{....,column: 'column1,column2',order: 'desc'} 翻译成sql "column1,column2 desc"
 			// 修改为 _ 前端传递排序条件{....,column: 'column1,column2',order: 'desc'} 翻译成sql "column1 desc,column2 desc"
@ -368,11 +356,9 @@ public class QueryGenerator {
 			} else {
 				queryWrapper.orderByDesc(SqlInjectionUtil.getSqlInjectSortFields(column.split(",")));
 			}
-			//update-end--Author:scott  Date:20210531 for：36 多条件排序无效问题修正-------
 		}
 	}

-	//update-begin-author:taoyan date:2022-5-23 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 	/**
 	 * 多字段排序 判断所传字段是否存在
 	 * @return
@ -392,7 +378,6 @@ public class QueryGenerator {
 		}
 		return exist;
 	}
-	//update-end-author:taoyan date:2022-5-23 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 	
 	/**
 	 * 高级查询
@ -405,14 +390,14 @@ public class QueryGenerator {
 			String superQueryParams = parameterMap.get(SUPER_QUERY_PARAMS)[0];
 			String superQueryMatchType = parameterMap.get(SUPER_QUERY_MATCH_TYPE) != null ? parameterMap.get(SUPER_QUERY_MATCH_TYPE)[0] : MatchTypeEnum.AND.getValue();
            MatchTypeEnum matchType = MatchTypeEnum.getByValue(superQueryMatchType);
-            // update-begin--Author:sunjianlei  Date:20200325 for：高级查询的条件要用括号括起来，防止和用户的其他条件冲突 -------
+            // 代码逻辑说明: 高级查询的条件要用括号括起来，防止和用户的其他条件冲突 -------
            try {
                superQueryParams = URLDecoder.decode(superQueryParams, "UTF-8");
                List<QueryCondition> conditions = JSON.parseArray(superQueryParams, QueryCondition.class);
                if (conditions == null || conditions.size() == 0) {
                    return;
                }
-				// update-begin-author:sunjianlei date:20220119 for: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
+				// 代码逻辑说明: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
 				List<QueryCondition> filterConditions = conditions.stream().filter(
 						rule -> (oConvertUtils.isNotEmpty(rule.getField())
 													&& oConvertUtils.isNotEmpty(rule.getRule())
@ -423,7 +408,6 @@ public class QueryGenerator {
 				if (filterConditions.size() == 0) {
 					return;
 				}
-				// update-end-author:sunjianlei date:20220119 for: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
                log.debug("---高级查询参数-->" + filterConditions);

                queryWrapper.and(andWrapper -> {
@ -438,14 +422,14 @@ public class QueryGenerator {

                            log.debug("SuperQuery ==> " + rule.toString());

-                            //update-begin-author:taoyan date:20201228 for: 【高级查询】 oracle 日期等于查询报错
+                            // 代码逻辑说明: 【高级查询】 oracle 日期等于查询报错
 							Object queryValue = rule.getVal();
                            if("date".equals(rule.getType())){
 								queryValue = DateUtils.str2Date(rule.getVal(),DateUtils.date_sdf.get());
 							}else if("datetime".equals(rule.getType())){
 								queryValue = DateUtils.str2Date(rule.getVal(), DateUtils.datetimeFormat.get());
 							}
-							// update-begin--author:sunjianlei date:20210702 for：【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
+							// 代码逻辑说明: 【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
 							String dbType = rule.getDbType();
 							if (oConvertUtils.isNotEmpty(dbType)) {
 								try {
@ -478,9 +462,8 @@ public class QueryGenerator {
 									log.error("高级查询值转换失败：", e);
 								}
 							}
-							// update-begin--author:sunjianlei date:20210702 for：【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
+							// 代码逻辑说明: 【/issues/I3VR8E】高级查询没有类型转换，查询参数都是字符串类型 ----
                            addEasyQuery(andWrapper, fieldColumnMap.get(rule.getField()), QueryRuleEnum.getByValue(rule.getRule()), queryValue);
-							//update-end-author:taoyan date:20201228 for: 【高级查询】 oracle 日期等于查询报错

                            // 如果拼接方式是OR，就拼接OR
                            if (MatchTypeEnum.OR == matchType && i < (filterConditions.size() - 1)) {
@ -496,7 +479,6 @@ public class QueryGenerator {
                log.error("--高级查询拼接失败：" + e.getMessage());
                e.printStackTrace();
            }
-            // update-end--Author:sunjianlei  Date:20200325 for：高级查询的条件要用括号括起来，防止和用户的其他条件冲突 -------
 		}
 		//log.info(" superQuery getCustomSqlSegment: "+ queryWrapper.getCustomSqlSegment());
 	}
@ -508,7 +490,7 @@ public class QueryGenerator {
 	 */
 	public static QueryRuleEnum convert2Rule(Object value) {
 		// 避免空数据
-		// update-begin-author:taoyan date:20210629 for: 查询条件输入空格导致return null后续判断导致抛出null异常
+		// 代码逻辑说明: 查询条件输入空格导致return null后续判断导致抛出null异常
 		if (value == null) {
 			return QueryRuleEnum.EQ;
 		}
@ -516,10 +498,8 @@ public class QueryGenerator {
 		if (val.length() == 0) {
 			return QueryRuleEnum.EQ;
 		}
-		// update-end-author:taoyan date:20210629 for: 查询条件输入空格导致return null后续判断导致抛出null异常
 		QueryRuleEnum rule =null;

-		//update-begin--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284-------------------
 		//TODO 此处规则，只适用于 le lt ge gt
 		// step 2 .>= =<
        int length2 = 2;
@ -535,14 +515,12 @@ public class QueryGenerator {
 				rule = QueryRuleEnum.getByValue(val.substring(0, 1));
 			}
 		}
-		//update-end--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284---------------------

 		// step 3 like
-		//update-begin-author:taoyan for: /issues/3382 默认带*就走模糊，但是如果只有一个*，那么走等于查询
+		// 代码逻辑说明: /issues/3382 默认带*就走模糊，但是如果只有一个*，那么走等于查询
 		if(rule == null && val.equals(STAR)){
 			rule = QueryRuleEnum.EQ;
 		}
-		//update-end-author:taoyan for: /issues/3382  默认带*就走模糊，但是如果只有一个*，那么走等于查询
 		if (rule == null && val.contains(STAR)) {
 			if (val.startsWith(STAR) && val.endsWith(STAR)) {
 				rule = QueryRuleEnum.LIKE;
@ -567,12 +545,10 @@ public class QueryGenerator {
 			rule = QueryRuleEnum.EQ_WITH_ADD;
 		}

-		//update-begin--Author:taoyan  Date:20201229 for：initQueryWrapper组装sql查询条件错误 #284---------------------
 		//特殊处理：Oracle的表达式to_date('xxx','yyyy-MM-dd')含有逗号，会被识别为in查询，转为等于查询
 		if(rule == QueryRuleEnum.IN && val.indexOf(YYYY_MM_DD)>=0 && val.indexOf(TO_DATE)>=0){
 			rule = QueryRuleEnum.EQ;
 		}
-		//update-end--Author:taoyan  Date:20201229 for：initQueryWrapper组装sql查询条件错误 #284---------------------

 		return rule != null ? rule : QueryRuleEnum.EQ;
 	}
@ -592,11 +568,10 @@ public class QueryGenerator {
 			return value;
 		}
 		String val = (value + "").toString().trim();
-		//update-begin-author:taoyan date:20220302 for: 查询条件的值为等号（=）bug #3443
+		// 代码逻辑说明: 查询条件的值为等号（=）bug #3443
 		if(QueryRuleEnum.EQ.getValue().equals(val)){
 			return val;
 		}
-		//update-end-author:taoyan date:20220302 for: 查询条件的值为等号（=）bug #3443
 		if (rule == QueryRuleEnum.LIKE) {
 			value = val.substring(1, val.length() - 1);
 			//mysql 模糊查询之特殊字符下划线 （_、\）
@ -614,21 +589,19 @@ public class QueryGenerator {
 		} else if (rule == QueryRuleEnum.EQ_WITH_ADD) {
 			value = val.replaceAll("\\+\\+", COMMA);
 		}else {
-			//update-begin--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284-------------------
+			// 代码逻辑说明: initQueryWrapper组装sql查询条件错误 #284-------------------
 			if(val.startsWith(rule.getValue())){
 				//TODO 此处逻辑应该注释掉-> 如果查询内容中带有查询匹配规则符号，就会被截取的（比如：>=您好）
 				value = val.replaceFirst(rule.getValue(),"");
 			}else if(val.startsWith(rule.getCondition()+QUERY_SEPARATE_KEYWORD)){
 				value = val.replaceFirst(rule.getCondition()+QUERY_SEPARATE_KEYWORD,"").trim();
 			}
-			//update-end--Author:scott  Date:20190724 for：initQueryWrapper组装sql查询条件错误 #284-------------------
 		}
 		return value;
 	}
 	
 	private static void addQueryByRule(QueryWrapper<?> queryWrapper,String name,String type,String value,QueryRuleEnum rule) throws ParseException {
 		if(oConvertUtils.isNotEmpty(value)) {
-			//update-begin--Author:sunjianlei  Date:20220104 for：【JTC-409】修复逗号分割情况下没有转换类型，导致类型严格的数据库查询报错 -------------------
 			// 针对数字类型字段，多值查询
 			if(value.contains(COMMA)){
 				Object[] temp = Arrays.stream(value.split(COMMA)).map(v -> {
@ -644,7 +617,6 @@ public class QueryGenerator {
 			}
 			Object temp = QueryGenerator.parseByType(value, type, rule);
 			addEasyQuery(queryWrapper, name, rule, temp);
-			//update-end--Author:sunjianlei  Date:20220104 for：【JTC-409】修复逗号分割情况下没有转换类型，导致类型严格的数据库查询报错 -------------------
 		}
 	}

@ -759,13 +731,12 @@ public class QueryGenerator {
 			}else if(value instanceof String[]) {
 				queryWrapper.in(name, (Object[]) value);
 			}
-			//update-begin-author:taoyan date:20200909 for:【bug】in 类型多值查询 不适配postgresql #1671
+			// 代码逻辑说明: 【bug】in 类型多值查询 不适配postgresql #1671
 			else if(value.getClass().isArray()) {
 				queryWrapper.in(name, (Object[])value);
 			}else {
 				queryWrapper.in(name, value);
 			}
-			//update-end-author:taoyan date:20200909 for:【bug】in 类型多值查询 不适配postgresql #1671
 			break;
 		case LIKE:
 			queryWrapper.like(name, value);
@ -782,7 +753,7 @@ public class QueryGenerator {
 		case NOT_RIGHT_LIKE:
 			queryWrapper.notLikeRight(name, value);
 			break;
-		//update-begin---author:chenrui ---date:20240527  for：[TV360X-378]下拉多框根据条件查询不出来:增加自定义字段查询规则功能------------
+		// 代码逻辑说明: [TV360X-378]下拉多框根据条件查询不出来:增加自定义字段查询规则功能------------
 		case LIKE_WITH_OR:
 			final String nameFinal = name;
 			Object[] vals;
@ -791,7 +762,7 @@ public class QueryGenerator {
 			} else if (value instanceof String[]) {
 				vals = (Object[]) value;
 			}
-			//update-begin-author:taoyan date:20200909 for:【bug】in 类型多值查询 不适配postgresql #1671
+			// 代码逻辑说明: 【bug】in 类型多值查询 不适配postgresql #1671
 			else if (value.getClass().isArray()) {
 				vals = (Object[]) value;
 			} else {
@ -806,7 +777,6 @@ public class QueryGenerator {
 				}
 			});
 			break;
-		//update-end---author:chenrui ---date:20240527  for：[TV360X-378]下拉多框根据条件查询不出来:增加自定义字段查询规则功能------------
 		default:
 			log.info("--查询规则未匹配到---");
 			break;
@ -820,10 +790,8 @@ public class QueryGenerator {
 	private static boolean judgedIsUselessField(String name) {
 		return "class".equals(name) || "ids".equals(name)
 				|| "page".equals(name) || "rows".equals(name)
-//// update-begin--author:sunjianlei date:20240808 for：【TV360X-2009】取消过滤 sort、order 字段，防止前端排序报错 ------
 //// https://github.com/jeecgboot/JeecgBoot/issues/6937
 //				|| "sort".equals(name) || "order".equals(name)
-//// update-end----author:sunjianlei date:20240808 for：【TV360X-2009】取消过滤 sort、order 字段，防止前端排序报错 ------
 				;
 	}

@ -836,13 +804,12 @@ public class QueryGenerator {
 	public static Map<String, SysPermissionDataRuleModel> getRuleMap() {
 		Map<String, SysPermissionDataRuleModel> ruleMap = new HashMap<>(5);
 		List<SysPermissionDataRuleModel> list = null;
-		//update-begin-author:taoyan date:2023-6-1 for:QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
+		// 代码逻辑说明: QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
 		try {
 			list = JeecgDataAutorUtils.loadDataSearchConditon();
 		}catch (Exception e){
 			log.error("根据request对象获取权限数据失败，可能是定时任务中执行的。", e);
 		}
-		//update-end-author:taoyan date:2023-6-1 for:QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
 		if(list != null&&list.size()>0){
 			if(list.get(0)==null){
 				return ruleMap;
@ -879,9 +846,8 @@ public class QueryGenerator {
 					addEasyQuery(queryWrapper, name, rule, DateUtils.str2Date(dateStr,DateUtils.datetimeFormat.get()));
 				}
 			}else {
-				//update-begin---author:chenrui ---date:20241125  for：[issues/7481]多租户模式下 数据权限使用变量：#{tenant_id} 报错------------
+				// 代码逻辑说明: [issues/7481]多租户模式下 数据权限使用变量：#{tenant_id} 报错------------
 				addEasyQuery(queryWrapper, name, rule, NumberUtils.parseNumber(converRuleValue(dataRule.getRuleValue()), propertyType));
-				//update-end---author:chenrui ---date:20241125  for：[issues/7481]多租户模式下 数据权限使用变量：#{tenant_id} 报错------------
 			}
 		}
 	}
@ -935,9 +901,8 @@ public class QueryGenerator {
 			return null;
 		}
 		Set<String> varParams = new HashSet<String>();
-		//update-begin---author:chenrui ---date:20250108  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+		// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		String regex = "#\\{\\[*\\w+]*}";
-		//update-end---author:chenrui ---date:20250108  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		
 		Pattern p = Pattern.compile(regex);
 		Matcher m = p.matcher(sql);
@ -993,9 +958,8 @@ public class QueryGenerator {
 				Class propType = origDescriptors[i].getPropertyType();
 				boolean isString = propType.equals(String.class);
 				Object value;
-				//update-begin---author:chenrui ---date:20240527  for：[TV360X-539]数据权限，配置日期等于条件时后端报转换错误------------
+				// 代码逻辑说明: [TV360X-539]数据权限，配置日期等于条件时后端报转换错误------------
 				if(isString || Date.class.equals(propType)) {
-				//update-end---author:chenrui ---date:20240527  for：[TV360X-539]数据权限，配置日期等于条件时后端报转换错误------------
 					value = converRuleValue(dataRule.getRuleValue());
 				}else {
 					value = NumberUtils.parseNumber(dataRule.getRuleValue(),propType);
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JeecgDataAutorUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JeecgDataAutorUtils.java
@ -5,7 +5,7 @@ import org.jeecg.common.system.vo.SysUserCacheInfo;
 import org.jeecg.common.util.SpringContextUtils;
 import org.springframework.util.StringUtils;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
 import java.util.List;

--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
@ -6,16 +6,18 @@ import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.base.Joiner;

 import java.io.IOException;
 import java.io.OutputStream;
 import java.util.Date;
 import java.util.Objects;
 import java.util.stream.Collectors;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
+
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;

 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
@ -39,8 +41,10 @@ import org.jeecg.common.util.oConvertUtils;
@Slf4j
 public class JwtUtil {

-	/**Token有效期为7天（Token在reids中缓存时间为两倍）*/
-	public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000;
+	/**PC端，Token有效期为7天（Token在reids中缓存时间为两倍）*/
+	public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000L;
+	/**APP端，Token有效期为30天（Token在reids中缓存时间为两倍）*/
+	public static final long APP_EXPIRE_TIME = (30 * 12) * 60 * 60 * 1000L;
 	static final String WELL_NUMBER = SymbolConstant.WELL_NUMBER + SymbolConstant.LEFT_CURLY_BRACKET;

    /**
@ -84,7 +88,7 @@ public class JwtUtil {
 			DecodedJWT jwt = verifier.verify(token);
 			return true;
 		} catch (Exception e) {
-			log.error(e.getMessage(), e);
+			log.warn("Token验证失败：" + e.getMessage(),e);
 			return false;
 		}
 	}
@ -110,7 +114,9 @@ public class JwtUtil {
 	 * @param username 用户名
 	 * @param secret   用户的密码
 	 * @return 加密的token
+	 * @deprecated 请使用sign(String username, String secret, String clientType)方法代替
 	 */
+	@Deprecated
 	public static String sign(String username, String secret) {
 		Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
 		Algorithm algorithm = Algorithm.HMAC256(secret);
@ -119,6 +125,68 @@ public class JwtUtil {

 	}

+
+	/**
+	 * 生成签名,5min后过期
+	 *
+	 * @param username 用户名
+	 * @param secret   用户的密码
+	 * @param expireTime 过期时间
+	 * @return 加密的token
+	 * @deprecated 请使用sign(String username, String secret, String clientType)方法代替
+	 */
+	@Deprecated
+	public static String sign(String username, String secret, Long expireTime) {
+		Date date = new Date(System.currentTimeMillis() + expireTime);
+		Algorithm algorithm = Algorithm.HMAC256(secret);
+		// 附带username信息
+		return JWT.create().withClaim("username", username).withExpiresAt(date).sign(algorithm);
+
+	}
+
+	/**
+	 * 生成签名，根据客户端类型自动选择过期时间
+	 * for [JHHB-1030]【鉴权】移动端用户token到期后续期时间变成pc端时长
+	 *
+	 * @param username 用户名
+	 * @param secret   用户的密码
+	 * @param clientType 客户端类型（PC或APP）
+	 * @return 加密的token
+	 */
+	public static String sign(String username, String secret, String clientType) {
+		// 根据客户端类型选择对应的过期时间
+		long expireTime = CommonConstant.CLIENT_TYPE_APP.equalsIgnoreCase(clientType) 
+			? APP_EXPIRE_TIME 
+			: EXPIRE_TIME;
+		Date date = new Date(System.currentTimeMillis() + expireTime);
+		Algorithm algorithm = Algorithm.HMAC256(secret);
+		// 附带username和clientType信息
+		return JWT.create()
+			.withClaim("username", username)
+			.withClaim("clientType", clientType)
+			.withExpiresAt(date)
+			.sign(algorithm);
+	}
+
+	/**
+	 * 从token中获取客户端类型
+	 * for [JHHB-1030]【鉴权】移动端用户token到期后续期时间变成pc端时长
+	 *
+	 * @param token JWT token
+	 * @return 客户端类型，如果不存在则返回PC（兼容旧token）
+	 */
+	public static String getClientType(String token) {
+		try {
+			DecodedJWT jwt = JWT.decode(token);
+			String clientType = jwt.getClaim("clientType").asString();
+			// 如果clientType为空，返回默认值PC（兼容旧token）
+			return oConvertUtils.isNotEmpty(clientType) ? clientType : CommonConstant.CLIENT_TYPE_PC;
+		} catch (JWTDecodeException e) {
+			log.warn("解析token中的clientType失败，使用默认值PC：" + e.getMessage());
+			return CommonConstant.CLIENT_TYPE_PC;
+		}
+	}
+
 	/**
 	 * 根据request中的token获取用户账号
 	 * 
@ -198,7 +266,6 @@ public class JwtUtil {
 		} else {
 			key = key;
 		}
-		//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		// 是否存在字符串标志
 		boolean multiStr;
 		if(oConvertUtils.isNotEmpty(key) && key.trim().matches("^\\[\\w+]$")){
@ -207,7 +274,6 @@ public class JwtUtil {
 		} else {
            multiStr = false;
        }
-		//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 		//替换为当前系统时间(年月日)
 		if (key.equals(DataBaseConstant.SYS_DATE)|| key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) {
 			returnValue = DateUtils.formatDate();
@ -276,20 +342,17 @@ public class JwtUtil {
 			if(user==null){
 				//TODO 暂时使用用户登录部门，存在逻辑缺陷，不是用户所拥有的部门
 				returnValue = sysUser.getOrgCode();
-				//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+				// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 				returnValue = multiStr ? "'" + returnValue + "'" : returnValue;
-				//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 			}else{
 				if(user.isOneDepart()) {
 					returnValue = user.getSysMultiOrgCode().get(0);
-					//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+					// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 					returnValue = multiStr ? "'" + returnValue + "'" : returnValue;
-					//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 				}else {
-					//update-begin---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
+					// 代码逻辑说明: [QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 					returnValue = user.getSysMultiOrgCode().stream()
 							.filter(Objects::nonNull)
-							//update-begin---author:chenrui ---date:20250224  for：[issues/7288]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 							.map(orgCode -> {
 								if (multiStr) {
 									return "'" + orgCode + "'";
@ -297,9 +360,7 @@ public class JwtUtil {
 									return orgCode;
 								}
 							})
-							//update-end---author:chenrui ---date:20250224  for：[issues/7288]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 							.collect(Collectors.joining(", "));
-					//update-end---author:chenrui ---date:20250107  for：[QQYUN-10785]数据权限，查看自己拥有部门的权限中存在问题 #7288------------
 				}
 			}
 		}
@ -313,7 +374,7 @@ public class JwtUtil {
 			}
 		}

-		//update-begin-author:taoyan date:20210330 for:多租户ID作为系统变量
+		// 代码逻辑说明: 多租户ID作为系统变量
 		else if (key.equals(TenantConstant.TENANT_ID) || key.toLowerCase().equals(TenantConstant.TENANT_ID_TABLE)){
 			try {
 				returnValue = SpringContextUtils.getHttpServletRequest().getHeader(CommonConstant.TENANT_ID);
@ -321,7 +382,6 @@ public class JwtUtil {
 				log.warn("获取系统租户异常：" + e.getMessage());
 			}
 		}
-		//update-end-author:taoyan date:20210330 for:多租户ID作为系统变量
 		if(returnValue!=null){returnValue = returnValue + moshi;}
 		return returnValue;
 	}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/ResourceUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/ResourceUtil.java
@ -67,13 +67,13 @@ public class ResourceUtil {
            synchronized (ResourceUtil.class) {
                if (!initialized) {
                    long startTime = System.currentTimeMillis();
-                    log.info("【枚举字典加载】开始初始化枚举字典数据...");
+                    log.debug("【枚举字典加载】开始初始化枚举字典数据...");

                    initEnumDictData();
                    initialized = true;

                    long endTime = System.currentTimeMillis();
-                    log.info("【枚举字典加载】枚举字典数据初始化完成，共加载 {} 个字典，总耗时: {}ms", enumDictData.size(), endTime - startTime);
+                    log.debug("【枚举字典加载】枚举字典数据初始化完成，共加载 {} 个字典，总耗时: {}ms", enumDictData.size(), endTime - startTime);
                }
            }
        }
@ -103,7 +103,7 @@ public class ResourceUtil {
        }

        long scanEndTime = System.currentTimeMillis();
-        log.info("【枚举字典加载】文件扫描完成，总共找到 {} 个枚举类文件，扫描耗时: {}ms", allResources.size(), scanEndTime - scanStartTime);
+        log.debug("【枚举字典加载】文件扫描完成，总共找到 {} 个枚举类文件，扫描耗时: {}ms", allResources.size(), scanEndTime - scanStartTime);

        MetadataReaderFactory readerFactory = new CachingMetadataReaderFactory(resourcePatternResolver);

@ -126,7 +126,7 @@ public class ResourceUtil {
        }

        long processEndTime = System.currentTimeMillis();
-        log.info("【枚举字典加载】处理完成，实际处理 {} 个带注解的枚举类，处理耗时: {}ms", processedCount, processEndTime - processStartTime);
+        log.debug("【枚举字典加载】处理完成，实际处理 {} 个带注解的枚举类，处理耗时: {}ms", processedCount, processEndTime - processStartTime);
    }

    /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/SqlConcatUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/SqlConcatUtil.java
@ -150,7 +150,7 @@ public class SqlConcatUtil {
    }

    private static String getInConditionValue(Object value,boolean isString) {
-        //update-begin-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
+        // 代码逻辑说明: 查询条件如果输入,导致sql报错
        String[] temp = value.toString().split(",");
        if(temp.length==0){
            return "('')";
@ -168,7 +168,6 @@ public class SqlConcatUtil {
        }else {
            return "("+value.toString()+")";
        }
-        //update-end-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
    }

    /**
@ -215,7 +214,6 @@ public class SqlConcatUtil {
                }
            }else {

-                //update-begin-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
                // 走到这里说明 value不带有任何模糊查询的标识(*或者%)
                if (ruleEnum == QueryRuleEnum.LEFT_LIKE) {
                    if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
@ -236,7 +234,6 @@ public class SqlConcatUtil {
                        return "'%" + str + "%'";
                    }
                }
-                //update-end-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题

            }
        }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/BrowserUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/BrowserUtils.java
@ -5,7 +5,7 @@ import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;

 /**
 * 
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/CommonUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/CommonUtils.java
@ -19,7 +19,7 @@ import org.springframework.jdbc.datasource.DriverManagerDataSource;
 import org.springframework.util.FileCopyUtils;
 import org.springframework.web.multipart.MultipartFile;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import javax.sql.DataSource;
 import java.io.ByteArrayInputStream;
 import java.io.File;
@ -153,9 +153,9 @@ public class CommonUtils {
     */
    public static String uploadLocal(MultipartFile mf,String bizPath,String uploadpath){
        try {
-            //update-begin-author:liusq date:20210809 for: 过滤上传文件类型
-            SsrfFileTypeFilter.checkUploadFileType(mf);
-            //update-end-author:liusq date:20210809 for: 过滤上传文件类型
+            // 文件安全校验，防止上传漏洞文件
+            SsrfFileTypeFilter.checkUploadFileType(mf, bizPath);
+            
            String fileName = null;
            File file = new File(uploadpath + File.separator + bizPath + File.separator );
            if (!file.exists()) {
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/DySmsHelper.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/DySmsHelper.java
@ -10,7 +10,9 @@ import com.aliyuncs.exceptions.ClientException;
 import com.aliyuncs.profile.DefaultProfile;
 import com.aliyuncs.profile.IClientProfile;
 import org.apache.commons.lang3.StringUtils;
+import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.enums.DySmsEnum;
+import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.config.JeecgSmsTemplateConfig;
 import org.jeecg.config.StaticConfig;
 import org.slf4j.Logger;
@ -61,17 +63,21 @@ public class DySmsHelper {
    
    
    public static boolean sendSms(String phone, JSONObject templateParamJson, DySmsEnum dySmsEnum) throws ClientException {
-    	//可自助调整超时时间
+        JeecgBaseConfig config = SpringContextUtils.getBean(JeecgBaseConfig.class);
+        String smsSendType = config.getSmsSendType();
+        if(oConvertUtils.isNotEmpty(smsSendType) && CommonConstant.SMS_SEND_TYPE_TENCENT.equals(smsSendType)){
+            return TencentSms.sendTencentSms(phone, templateParamJson, config.getTencent(), dySmsEnum);
+        }
+        //可自助调整超时时间
        System.setProperty("sun.net.client.defaultConnectTimeout", "10000");
        System.setProperty("sun.net.client.defaultReadTimeout", "10000");

-        //update-begin-author：taoyan date:20200811 for:配置类数据获取
+        // 代码逻辑说明: 配置类数据获取
        StaticConfig staticConfig = SpringContextUtils.getBean(StaticConfig.class);
        //logger.info("阿里大鱼短信秘钥 accessKeyId：" + staticConfig.getAccessKeyId());
        //logger.info("阿里大鱼短信秘钥 accessKeySecret："+ staticConfig.getAccessKeySecret());
        setAccessKeyId(staticConfig.getAccessKeyId());
        setAccessKeySecret(staticConfig.getAccessKeySecret());
-        //update-end-author：taoyan date:20200811 for:配置类数据获取
        
        //初始化acsClient,暂不支持region化
        IClientProfile profile = DefaultProfile.getProfile("cn-hangzhou", accessKeyId, accessKeySecret);
@ -81,7 +87,7 @@ public class DySmsHelper {
        //验证json参数
        validateParam(templateParamJson,dySmsEnum);

-        //update-begin---author:wangshuai---date:2024-11-05---for:【QQYUN-9422】短信模板管理，阿里云---
+        // 代码逻辑说明: 【QQYUN-9422】短信模板管理，阿里云---
        String templateCode = dySmsEnum.getTemplateCode();
        JeecgSmsTemplateConfig baseConfig = SpringContextUtils.getBean(JeecgSmsTemplateConfig.class);
        if(baseConfig != null && CollectionUtil.isNotEmpty(baseConfig.getTemplateCode())){
@ -97,7 +103,6 @@ public class DySmsHelper {
            logger.info("yml中读取签名名称{}",baseConfig.getSignature());
            signName = baseConfig.getSignature();
        }
-        //update-end---author:wangshuai---date:2024-11-05---for:【QQYUN-9422】短信模板管理，阿里云---
        
        //组装请求对象-具体描述见控制台-文档部分内容
        SendSmsRequest request = new SendSmsRequest();
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/FileDownloadUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/FileDownloadUtils.java
@ -1,6 +1,7 @@
 package org.jeecg.common.util;

 import cn.hutool.core.io.IoUtil;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream;
@ -10,7 +11,6 @@ import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.util.filter.SsrfFileTypeFilter;

-import javax.servlet.http.HttpServletResponse;
 import java.io.*;
 import java.net.HttpURLConnection;
 import java.net.URL;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/FillRuleUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/FillRuleUtil.java
@ -4,13 +4,13 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.handler.IFillRuleHandler;
 import org.jeecg.common.system.query.QueryGenerator;

-import javax.servlet.http.HttpServletRequest;


 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/HTMLUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/HTMLUtils.java
@ -38,14 +38,12 @@ public class HTMLUtils {
     * @return
     */
    public static String parseMarkdown(String markdownContent) {
-        //update-begin---author:wangshuai---date:2024-06-26---for:【TV360X-1344】JDK17 邮箱发送失败，需要换写法---
        /*PegDownProcessor pdp = new PegDownProcessor();
        return pdp.markdownToHtml(markdownContent);*/
        Parser parser = Parser.builder().build();
        Node document = parser.parse(markdownContent);
        HtmlRenderer renderer = HtmlRenderer.builder().build();
        return renderer.render(document);
-        //update-end---author:wangshuai---date:2024-06-26---for:【TV360X-1344】JDK17 邮箱发送失败，需要换写法---
    }

 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/IpUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/IpUtils.java
@ -1,6 +1,6 @@
 package org.jeecg.common.util;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;

 import org.apache.commons.lang3.StringUtils;
 import org.jeecg.common.constant.CommonConstant;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MinioUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MinioUtil.java
@ -55,13 +55,11 @@ public class MinioUtil {
     */
    public static String upload(MultipartFile file, String bizPath, String customBucket) throws Exception {
        String fileUrl = "";
-        //update-begin-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击
+        // 业务路径过滤，防止攻击
        bizPath = StrAttackFilter.filter(bizPath);
-        //update-end-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击

-        //update-begin-author:liusq date:20210809 for: 过滤上传文件类型
-        SsrfFileTypeFilter.checkUploadFileType(file);
-        //update-end-author:liusq date:20210809 for: 过滤上传文件类型
+        // 文件安全校验，防止上传漏洞文件
+        SsrfFileTypeFilter.checkUploadFileType(file, bizPath);

        String newBucket = bucketName;
        if(oConvertUtils.isNotEmpty(customBucket)){
@ -163,11 +161,10 @@ public class MinioUtil {
    public static String getObjectUrl(String bucketName, String objectName, Integer expires) {
        initMinio(minioUrl, minioName,minioPass);
        try{
-            //update-begin---author:liusq  Date:20220121  for：获取文件外链报错提示method不能为空，导致文件下载和预览失败----
+            // 代码逻辑说明: 获取文件外链报错提示method不能为空，导致文件下载和预览失败----
            GetPresignedObjectUrlArgs objectArgs = GetPresignedObjectUrlArgs.builder().object(objectName)
                    .bucket(bucketName)
                    .expiry(expires).method(Method.GET).build();
-            //update-begin---author:liusq  Date:20220121  for：获取文件外链报错提示method不能为空，导致文件下载和预览失败----
            String url = minioClient.getPresignedObjectUrl(objectArgs);
            return URLDecoder.decode(url,"UTF-8");
        }catch (Exception e){
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MyCommonsMultipartFile.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MyCommonsMultipartFile.java
@ -0,0 +1,78 @@
+package org.jeecg.common.util;
+
+import org.apache.commons.fileupload.FileItem;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.*;
+
+/**
+ * @date 2025-09-04
+ * @author scott
+ * 
+ * 升级springboot3 无法使用 CommonsMultipartFile
+ * 自定义 MultipartFile 实现类，支持从 FileItem 构造
+ */
+public class MyCommonsMultipartFile implements MultipartFile {
+
+    private final byte[] fileContent;
+    private final String fileName;
+    private final String contentType;
+
+    // 新增构造方法，支持 FileItem 参数
+    public MyCommonsMultipartFile(FileItem fileItem) throws IOException {
+        this.fileName = fileItem.getName();
+        this.contentType = fileItem.getContentType();
+        try (InputStream inputStream = fileItem.getInputStream()) {
+            this.fileContent = inputStream.readAllBytes();
+        }
+    }
+    
+    // 现有构造方法
+    public MyCommonsMultipartFile(InputStream inputStream, String fileName, String contentType) throws IOException {
+        this.fileName = fileName;
+        this.contentType = contentType;
+        this.fileContent = inputStream.readAllBytes();
+    }
+
+    @Override
+    public String getName() {
+        return fileName;
+    }
+
+    @Override
+    public String getOriginalFilename() {
+        return fileName;
+    }
+
+    @Override
+    public String getContentType() {
+        return contentType;
+    }
+
+    @Override
+    public boolean isEmpty() {
+        return fileContent.length == 0;
+    }
+
+    @Override
+    public long getSize() {
+        return fileContent.length;
+    }
+
+    @Override
+    public byte[] getBytes() {
+        return fileContent;
+    }
+
+    @Override
+    public InputStream getInputStream() {
+        return new ByteArrayInputStream(fileContent);
+    }
+
+    @Override
+    public void transferTo(File dest) throws IOException {
+        try (OutputStream os = new FileOutputStream(dest)) {
+            os.write(fileContent);
+        }
+    }
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/PasswordUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/PasswordUtil.java
@ -99,9 +99,8 @@ public class PasswordUtil {
 			Cipher cipher = Cipher.getInstance(ALGORITHM);

 			cipher.init(Cipher.ENCRYPT_MODE, key, parameterSpec);
-			//update-begin-author:sccott date:20180815 for:中文作为用户名时，加密的密码windows和linux会得到不同的结果 gitee/issues/IZUD7
+			// 代码逻辑说明: 中文作为用户名时，加密的密码windows和linux会得到不同的结果 gitee/issues/IZUD7
 			encipheredData = cipher.doFinal(plaintext.getBytes("utf-8"));
-			//update-end-author:sccott date:20180815 for:中文作为用户名时，加密的密码windows和linux会得到不同的结果 gitee/issues/IZUD7
 		} catch (Exception e) {
 		}
 		return bytesToHexString(encipheredData);
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/RestUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/RestUtil.java
@ -4,7 +4,7 @@ import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.*;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.web.client.RestTemplate;

@ -56,12 +56,19 @@ public class RestUtil {
    private final static RestTemplate RT;

    static {
-        SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
+        // 解决[issues/8859]online表单java增强失效------------
+        // 使用 Apache HttpClient 避免 JDK HttpURLConnection 的 too many bytes written 问题
+        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setConnectTimeout(30000);
        requestFactory.setReadTimeout(30000);
        RT = new RestTemplate(requestFactory);
-        // 解决乱码问题
-        RT.getMessageConverters().set(1, new StringHttpMessageConverter(StandardCharsets.UTF_8));
+        // 解决乱码问题（替换 StringHttpMessageConverter 为 UTF-8）
+        for (int i = 0; i < RT.getMessageConverters().size(); i++) {
+            if (RT.getMessageConverters().get(i) instanceof StringHttpMessageConverter) {
+                RT.getMessageConverters().set(i, new StringHttpMessageConverter(StandardCharsets.UTF_8));
+                break;
+            }
+        }
    }

    public static RestTemplate getRestTemplate() {
@ -216,6 +223,16 @@ public class RestUtil {
        if (variables != null && !variables.isEmpty()) {
            url += ("?" + asUrlVariables(variables));
        }
+        // 解决[issues/8951]从jeecgboot 3.8.2 升级到 3.8.3 在线表单java增强功能报错------------
+        // Content-Length 强制设置（解决可能出现的截断问题）
+        if (StringUtils.isNotEmpty(body)) {
+            int contentLength = body.getBytes(StandardCharsets.UTF_8).length;
+            String current = headers.getFirst(HttpHeaders.CONTENT_LENGTH);
+            if (current == null || !current.equals(String.valueOf(contentLength))) {
+                headers.setContentLength(contentLength);
+                log.info(" RestUtil  --- request --- 修正/设置 Content-Length = " + contentLength + (current!=null?" (原值="+current+")":""));
+            }
+        }
        // 发送请求
        HttpEntity<String> request = new HttpEntity<>(body, headers);
        return RT.exchange(url, method, request, responseType);
@ -250,12 +267,18 @@ public class RestUtil {
        // 创建自定义RestTemplate（如果需要设置超时）
        RestTemplate restTemplate = RT;
        if (timeout > 0) {
-            SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
+            // 代码逻辑说明: [issues/8859]online表单java增强失效------------
+            HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
            requestFactory.setConnectTimeout(timeout);
            requestFactory.setReadTimeout(timeout);
            restTemplate = new RestTemplate(requestFactory);
-            // 解决乱码问题
-            restTemplate.getMessageConverters().set(1, new StringHttpMessageConverter(StandardCharsets.UTF_8));
+            // 解决乱码问题（替换 StringHttpMessageConverter 为 UTF-8）
+            for (int i = 0; i < restTemplate.getMessageConverters().size(); i++) {
+                if (restTemplate.getMessageConverters().get(i) instanceof StringHttpMessageConverter) {
+                    restTemplate.getMessageConverters().set(i, new StringHttpMessageConverter(StandardCharsets.UTF_8));
+                    break;
+                }
+            }
        }

        // 请求体
@ -273,11 +296,21 @@ public class RestUtil {
            url += ("?" + asUrlVariables(variables));
        }

+        // Content-Length 强制设置（解决可能出现的截断问题）
+        if (StringUtils.isNotEmpty(body) && !headers.containsKey(HttpHeaders.CONTENT_LENGTH)) {
+            int contentLength = body.getBytes(StandardCharsets.UTF_8).length;
+            String current = headers.getFirst(HttpHeaders.CONTENT_LENGTH);
+            if (current == null || !current.equals(String.valueOf(contentLength))) {
+                headers.setContentLength(contentLength);
+                log.info(" RestUtil  --- request(timeout) --- 修正/设置 Content-Length = " + contentLength + (current!=null?" (原值="+current+")":""));
+            }
+        }
+
        // 发送请求
        HttpEntity<String> request = new HttpEntity<>(body, headers);
        return restTemplate.exchange(url, method, request, responseType);
    }
-    
+
    /**
     * 获取JSON请求头
     */
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SpringContextUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SpringContextUtils.java
@ -1,7 +1,7 @@
 package org.jeecg.common.util;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;

 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.ServiceNameConstants;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java
@ -335,13 +335,12 @@ public class SqlInjectionUtil {
 			return table;
 		}

-		//update-begin---author:scott ---date:2024-05-28  for：表单设计器列表翻译存在表名带条件，导致翻译出问题----
+		// 代码逻辑说明: 表单设计器列表翻译存在表名带条件，导致翻译出问题----
 		int index = table.toLowerCase().indexOf(" where ");
 		if (index != -1) {
 			table = table.substring(0, index);
 			log.info("截掉where之后的新表名：" + table);
 		}
-		//update-end---author:scott ---date::2024-05-28  for：表单设计器列表翻译存在表名带条件，导致翻译出问题----

 		table = table.trim();
 		/**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TencentSms.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TencentSms.java
@ -0,0 +1,184 @@
+package org.jeecg.common.util;
+
+import com.alibaba.fastjson.JSONObject;
+import com.tencentcloudapi.common.Credential;
+import com.tencentcloudapi.common.exception.TencentCloudSDKException;
+import com.tencentcloudapi.common.profile.ClientProfile;
+import com.tencentcloudapi.common.profile.HttpProfile;
+import com.tencentcloudapi.sms.v20210111.SmsClient;
+import com.tencentcloudapi.sms.v20210111.models.SendSmsRequest;
+import com.tencentcloudapi.sms.v20210111.models.SendSmsResponse;
+import com.tencentcloudapi.sms.v20210111.models.SendStatus;
+import org.apache.commons.lang3.StringUtils;
+import org.jeecg.common.constant.enums.DySmsEnum;
+import org.jeecg.config.JeecgSmsTemplateConfig;
+import org.jeecg.config.tencent.JeecgTencent;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @Description: 腾讯发送短信
+ * @author: wangshuai
+ * @date: 2025/11/4 19:27
+ */
+public class TencentSms {
+
+    private final static Logger logger = LoggerFactory.getLogger(TencentSms.class);
+
+    /**
+     * 发送腾讯短信
+     *
+     * @param phone
+     * @param templateParamJson
+     * @param tencent
+     * @param dySmsEnum
+     * @return
+     */
+    public static boolean sendTencentSms(String phone, JSONObject templateParamJson, JeecgTencent tencent, DySmsEnum dySmsEnum) {
+        //获取客户端链接
+        SmsClient client = getSmsClient(tencent);
+        //构建腾讯云短信发送请求
+        SendSmsRequest req = buildSendSmsRequest(phone, templateParamJson, dySmsEnum, tencent);
+        try {
+            //发送短信
+            SendSmsResponse resp = client.SendSms(req);
+            // 处理响应
+            SendStatus[] statusSet = resp.getSendStatusSet();
+            if (statusSet != null && statusSet.length > 0) {
+                SendStatus status = statusSet[0];
+                if ("Ok".equals(status.getCode())) {
+                    logger.info("短信发送成功，手机号：{}", phone);
+                    return true;
+                } else {
+                    logger.error("短信发送失败，手机号：{}，错误码：{}，错误信息：{}",
+                            phone, status.getCode(), status.getMessage());
+                }
+            }
+        } catch (TencentCloudSDKException e) {
+            logger.error("短信发送失败{}", e.getMessage());
+        }
+        return false;
+    }
+
+    /**
+     * 获取sms客户端
+     *
+     * @param tencent 腾讯云配置
+     * @return SmsClient对象
+     */
+    private static SmsClient getSmsClient(JeecgTencent tencent) {
+        Credential cred = new Credential(tencent.getSecretId(), tencent.getSecretKey());
+        // 实例化一个http选项，可选的，没有特殊需求可以跳过
+        HttpProfile httpProfile = new HttpProfile();
+        //指定接入地域域名*/
+        httpProfile.setEndpoint(tencent.getEndpoint());
+        //实例化一个客户端配置对象
+        ClientProfile clientProfile = new ClientProfile();
+        clientProfile.setHttpProfile(httpProfile);
+        //实例化要请求产品的client对象，第二个参数是地域信息
+        return new SmsClient(cred, tencent.getRegion(), clientProfile);
+    }
+
+    /**
+     * 构建腾讯云短信发送请求
+     *
+     * @param phone             手机号码
+     * @param templateParamJson 模板参数JSON对象
+     * @param dySmsEnum         短信枚举配置
+     * @param tencent           腾讯云配置
+     * @return 构建好的SendSmsRequest对象
+     */
+    private static SendSmsRequest buildSendSmsRequest(
+            String phone,
+            JSONObject templateParamJson,
+            DySmsEnum dySmsEnum,
+            JeecgTencent tencent) {
+
+        SendSmsRequest req = new SendSmsRequest();
+
+        // 1. 设置短信应用ID
+        String sdkAppId = tencent.getSdkAppId();
+        req.setSmsSdkAppId(sdkAppId);
+        // 2. 设置短信签名
+        String signName = getSmsSignName(dySmsEnum);
+        req.setSignName(signName);
+        // 3. 设置模板ID
+        String templateId = getSmsTemplateId(dySmsEnum);
+        req.setTemplateId(templateId);
+        // 4. 设置模板参数
+        String[] templateParams = extractTemplateParams(templateParamJson);
+        req.setTemplateParamSet(templateParams);
+        // 5. 设置手机号码
+        String[] phoneNumberSet = { phone };
+        req.setPhoneNumberSet(phoneNumberSet);
+
+        logger.debug("构建短信请求完成 - 应用ID: {}, 签名: {}, 模板ID: {}, 手机号: {}",
+                sdkAppId, signName, templateId, phone);
+
+        return req;
+    }
+
+    /**
+     * 获取短信签名名称
+     *
+     * @param dySmsEnum 腾讯云对象
+     */
+    private static String getSmsSignName(DySmsEnum dySmsEnum) {
+        JeecgSmsTemplateConfig baseConfig = SpringContextUtils.getBean(JeecgSmsTemplateConfig.class);
+        String signName = dySmsEnum.getSignName();
+
+        if (StringUtils.isNotEmpty(baseConfig.getSignature())) {
+            logger.debug("yml中读取签名名称: {}", baseConfig.getSignature());
+            signName = baseConfig.getSignature();
+        }
+
+        return signName;
+    }
+
+    /**
+     * 获取短信模板ID
+     *
+     * @param dySmsEnum 腾讯云对象
+     */
+    private static String getSmsTemplateId(DySmsEnum dySmsEnum) {
+        JeecgSmsTemplateConfig baseConfig = SpringContextUtils.getBean(JeecgSmsTemplateConfig.class);
+        String templateCode = dySmsEnum.getTemplateCode();
+
+        if (StringUtils.isNotEmpty(baseConfig.getSignature())) {
+            Map<String, String> smsTemplate = baseConfig.getTemplateCode();
+            if (smsTemplate.containsKey(templateCode) &&
+                    StringUtils.isNotEmpty(smsTemplate.get(templateCode))) {
+                templateCode = smsTemplate.get(templateCode);
+                logger.debug("yml中读取短信模板ID: {}", templateCode);
+            }
+        }
+        return templateCode;
+    }
+
+    /**
+     * 从JSONObject中提取模板参数（按原始顺序）
+     *
+     * @param templateParamJson 模板参数
+     */
+    private static String[] extractTemplateParams(JSONObject templateParamJson) {
+        if (templateParamJson == null || templateParamJson.isEmpty()) {
+            return new String[0];
+        }
+        List<String> params = new ArrayList<>();
+        for (String key : templateParamJson.keySet()) {
+            Object value = templateParamJson.get(key);
+            if (value != null) {
+                params.add(value.toString());
+            } else {
+                // 处理null值
+                params.add("");
+            }
+        }
+        logger.debug("提取模板参数: {}", params);
+        return params.toArray(new String[0]);
+    }
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TokenUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TokenUtils.java
@ -11,7 +11,7 @@ import org.jeecg.common.exception.JeecgBoot401Exception;
 import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;

 /**
 * @Author scott
@ -121,7 +121,9 @@ public class TokenUtils {
        }
        // 校验token是否超时失效 & 或者账号密码是否错误
        if (!jwtTokenRefresh(token, username, user.getPassword(), redisUtil)) {
-            throw new JeecgBoot401Exception(CommonConstant.TOKEN_IS_INVALID_MSG);
+            // 用户登录Token过期提示信息
+            String userLoginTokenErrorMsg = oConvertUtils.getString(redisUtil.get(CommonConstant.PREFIX_USER_TOKEN_ERROR_MSG + token));
+            throw new JeecgBoot401Exception(oConvertUtils.isEmpty(userLoginTokenErrorMsg)? CommonConstant.TOKEN_IS_INVALID_MSG: userLoginTokenErrorMsg);
        }
        return true;
    }
@ -139,10 +141,15 @@ public class TokenUtils {
        if (oConvertUtils.isNotEmpty(cacheToken)) {
            // 校验token有效性
            if (!JwtUtil.verify(cacheToken, userName, passWord)) {
-                String newAuthorization = JwtUtil.sign(userName, passWord);
-                // 设置Toekn缓存有效时间
+                // 从token中解析客户端类型，保持续期时使用相同的客户端类型
+                String clientType = JwtUtil.getClientType(token);
+                String newAuthorization = JwtUtil.sign(userName, passWord, clientType);
+                // 根据客户端类型设置对应的缓存有效时间
+                long expireTime = CommonConstant.CLIENT_TYPE_APP.equalsIgnoreCase(clientType) 
+                    ? JwtUtil.APP_EXPIRE_TIME * 2 / 1000 
+                    : JwtUtil.EXPIRE_TIME * 2 / 1000;
                redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, newAuthorization);
-                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
+                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, expireTime);
            }
            return true;
        }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/dynamic/db/FreemarkerParseFactory.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/dynamic/db/FreemarkerParseFactory.java
@ -54,11 +54,10 @@ public class FreemarkerParseFactory {
        //classic_compatible设置，解决报空指针错误
        SQL_CONFIG.setClassicCompatible(true);

-        //update-begin-author:taoyan date:2022-8-10 for: freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
+        // 解决freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
        //https://ackcent.com/in-depth-freemarker-template-injection/
        TPL_CONFIG.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
        SQL_CONFIG.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
-        //update-end-author:taoyan date:2022-8-10 for: freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
    }

    /**
@ -73,13 +72,12 @@ public class FreemarkerParseFactory {
                return false;
            }
        } catch (Exception e) {
-            //update-begin--Author:scott  Date:20180320 for：解决问题 - 错误提示sql文件不存在，实际问题是sql freemarker用法错误-----
+            // 代码逻辑说明: 解决问题 - 错误提示sql文件不存在，实际问题是sql freemarker用法错误-----
            if (e instanceof ParseException) {
                log.error(e.getMessage(), e.fillInStackTrace());
                throw new Exception(e);
            }
            log.debug("----isExistTemplate----" + e.toString());
-            //update-end--Author:scott  Date:20180320 for：解决问题 - 错误提示sql文件不存在，实际问题是sql freemarker用法错误------
            return false;
        }
        return true;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/encryption/AesEncryptUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/encryption/AesEncryptUtil.java
@ -1,124 +1,107 @@
 package org.jeecg.common.util.encryption;

-import org.apache.shiro.codec.Base64;
-
+import lombok.extern.slf4j.Slf4j;
+import org.apache.shiro.lang.codec.Base64;
+import org.jeecg.common.util.oConvertUtils;
 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;

 /**
- * @Description: AES 加密
- * @author: jeecg-boot
- * @date: 2022/3/30 11:48
+ * AES 工具 (兼容历史 NoPadding + 新 PKCS5Padding)
 */
+@Slf4j
 public class AesEncryptUtil {

-    /**
-     * 使用AES-128-CBC加密模式 key和iv可以相同
-     */
-    private static String KEY = EncryptedString.key;
-    private static String IV = EncryptedString.iv;
+    private static final String KEY = EncryptedString.key;
+    private static final String IV  = EncryptedString.iv;

-    /**
-     * 加密方法
-     * @param data  要加密的数据
-     * @param key 加密key
-     * @param iv 加密iv
-     * @return 加密的结果
-     * @throws Exception
-     */
-    public static String encrypt(String data, String key, String iv) throws Exception {
-        try {
+    /* -------- 新版：CBC + PKCS5Padding (与前端 CryptoJS Pkcs7 兼容) -------- */
+    private static String decryptPkcs5(String cipherBase64) throws Exception {
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+        SecretKeySpec ks = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
+        IvParameterSpec ivSpec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
+        cipher.init(Cipher.DECRYPT_MODE, ks, ivSpec);
+        byte[] plain = cipher.doFinal(Base64.decode(cipherBase64));
+        return new String(plain, StandardCharsets.UTF_8);
+    }

-            //"算法/模式/补码方式"NoPadding PkcsPadding
+    /* -------- 旧版：CBC + NoPadding (手工补 0) -------- */
+    private static String decryptLegacyNoPadding(String cipherBase64) throws Exception {
+        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
+        SecretKeySpec ks = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
+        IvParameterSpec ivSpec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
+        cipher.init(Cipher.DECRYPT_MODE, ks, ivSpec);
+        byte[] data = cipher.doFinal(Base64.decode(cipherBase64));
+        return new String(data, StandardCharsets.UTF_8)
+                .replace("\u0000",""); // 旧填充 0
+    }
+
+    /* -------- 兼容入口：登录使用 -------- */
+    public static String resolvePassword(String input){
+        if(oConvertUtils.isEmpty(input)){
+            return input;
+        }
+        // 1. 先尝试新版
+        try{
+            String p = decryptPkcs5(input);
+            return clean(p);
+        }catch(Exception ignore){
+            //log.debug("【AES解密】Password not AES PKCS5 cipher, try legacy.");
+        }
+
+        // 2. 回退旧版
+        try{
+            String legacy = decryptLegacyNoPadding(input);
+            return clean(legacy);
+        }catch(Exception e){
+            log.debug("【AES解密】Password not AES cipher, raw used.");
+        }
+
+        // 3. 视为明文
+        return input;
+    }
+
+    /* -------- 可选：统一清理尾部不可见控制字符 -------- */
+    private static String clean(String s){
+        if(s==null) return null;
+        // 去除结尾控制符/空白（不影响中间合法空格）
+        return s.replaceAll("[\\p{Cntrl}]+","").trim();
+    }
+
+    /* -------- 若仍需要旧接口，可保留 (不建议再用于新前端) -------- */
+    @Deprecated
+    public static String desEncrypt(String data) throws Exception {
+        return decryptLegacyNoPadding(data);
+    }
+
+    /* 加密（若前端不再使用，可忽略；保留旧实现避免影响历史） */
+    @Deprecated
+    public static String encrypt(String data) throws Exception {
+        try{
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            int blockSize = cipher.getBlockSize();
-
-            byte[] dataBytes = data.getBytes();
+            byte[] dataBytes = data.getBytes(StandardCharsets.UTF_8);
            int plaintextLength = dataBytes.length;
            if (plaintextLength % blockSize != 0) {
-                plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
+                plaintextLength += (blockSize - (plaintextLength % blockSize));
            }
-
            byte[] plaintext = new byte[plaintextLength];
            System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
-
-            SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
-            IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
-
+            SecretKeySpec keyspec = new SecretKeySpec(KEY.getBytes(StandardCharsets.UTF_8), "AES");
+            IvParameterSpec ivspec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
            cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
            byte[] encrypted = cipher.doFinal(plaintext);
-
            return Base64.encodeToString(encrypted);
-
-        } catch (Exception e) {
-            e.printStackTrace();
-            return null;
+        }catch(Exception e){
+            throw new IllegalStateException("legacy encrypt error", e);
        }
    }

-    /**
-     * 解密方法
-     * @param data 要解密的数据
-     * @param key  解密key
-     * @param iv 解密iv
-     * @return 解密的结果
-     * @throws Exception
-     */
-    public static String desEncrypt(String data, String key, String iv) throws Exception {
-        //update-begin-author:taoyan date:2022-5-23 for:VUEN-1084 【vue3】online表单测试发现的新问题 6、解密报错 ---解码失败应该把异常抛出去，在外面处理
-        byte[] encrypted1 = Base64.decode(data);
-
-        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
-        SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
-        IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
-
-        cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
-
-        byte[] original = cipher.doFinal(encrypted1);
-        String originalString = new String(original);
-        //加密解码后的字符串会出现\u0000
-        return originalString.replaceAll("\\u0000", "");
-        //update-end-author:taoyan date:2022-5-23 for:VUEN-1084 【vue3】online表单测试发现的新问题 6、解密报错 ---解码失败应该把异常抛出去，在外面处理
-    }
-
-    /**
-     * 使用默认的key和iv加密
-     * @param data
-     * @return
-     * @throws Exception
-     */
-    public static String encrypt(String data) throws Exception {
-        return encrypt(data, KEY, IV);
-    }
-
-    /**
-     * 使用默认的key和iv解密
-     * @param data
-     * @return
-     * @throws Exception
-     */
-    public static String desEncrypt(String data) throws Exception {
-        return desEncrypt(data, KEY, IV);
-    }
-
-
-
-//    /**
-//     * 测试
-//     */
-//    public static void main(String args[]) throws Exception {
-//        String test1 = "sa";
-//        String test =new String(test1.getBytes(),"UTF-8");
-//        String data = null;
-//        String key =  KEY;
-//        String iv = IV;
-//        // /g2wzfqvMOeazgtsUVbq1kmJawROa6mcRAzwG1/GeJ4=
-//        data = encrypt(test, key, iv);
-//        System.out.println("数据："+test);
-//        System.out.println("加密："+data);
-//        String jiemi =desEncrypt(data, key, iv).trim();
-//        System.out.println("解密："+jiemi);
+//    public static void main(String[] args) throws Exception {
+//        // 前端 CBC/Pkcs7 密文测试
+//        String frontCipher = encrypt("sa"); // 仅验证管道是否可用（旧方式）
+//        System.out.println(resolvePassword(frontCipher));
 //    }
-
-}
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/filter/SsrfFileTypeFilter.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/filter/SsrfFileTypeFilter.java
@ -2,6 +2,7 @@ package org.jeecg.common.util.filter;

 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.jeecg.common.exception.JeecgBootException;
 import org.springframework.web.multipart.MultipartFile;

 import java.io.IOException;
@ -149,29 +150,38 @@ public class SsrfFileTypeFilter {
    public static void checkDownloadFileType(String filePath) throws IOException {
        //文件后缀
        String suffix = getFileTypeBySuffix(filePath);
-        log.info("suffix:{}", suffix);
+        log.debug(" 【文件下载校验】文件后缀 suffix: {}", suffix);
        boolean isAllowExtension = FILE_TYPE_WHITE_LIST.contains(suffix.toLowerCase());
        //是否允许下载的文件
        if (!isAllowExtension) {
-            throw new IOException("下载失败，存在非法文件类型：" + suffix);
+            throw new JeecgBootException("下载失败，存在非法文件类型：" + suffix);
        }
    }

-
    /**
     * 上传文件类型过滤
     *
     * @param file
     */
    public static void checkUploadFileType(MultipartFile file) throws Exception {
-        //获取文件真是后缀
-        String suffix = getFileType(file);
-
-        log.info("suffix:{}", suffix);
+        checkUploadFileType(file, null);
+    }
+    
+    /**
+     * 上传文件类型过滤
+     *
+     * @param file
+     */
+    public static void checkUploadFileType(MultipartFile file, String customPath) throws Exception {
+        //1. 路径安全校验
+        validatePathSecurity(customPath);
+        //2. 校验文件后缀和头
+        String suffix = getFileType(file, customPath);
+        log.info("【文件上传校验】文件后缀 suffix: {}，customPath：{}", suffix, customPath);
        boolean isAllowExtension = FILE_TYPE_WHITE_LIST.contains(suffix.toLowerCase());
        //是否允许下载的文件
        if (!isAllowExtension) {
-            throw new Exception("上传失败，存在非法文件类型：" + suffix);
+            throw new JeecgBootException("上传失败，存在非法文件类型：" + suffix);
        }
    }

@ -183,8 +193,8 @@ public class SsrfFileTypeFilter {
     * @throws Exception
     */

-    private static String getFileType(MultipartFile file) throws Exception {
-        //update-begin-author:liusq date:20230404 for: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
+    private static String getFileType(MultipartFile file, String customPath) throws Exception {
+        // 代码逻辑说明: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
        String fileExtendName = null;
        InputStream is = null;
        try {
@ -203,7 +213,7 @@ public class SsrfFileTypeFilter {
                    break;
                }
            }
-            log.info("-----获取到的指定文件类型------"+fileExtendName);
+            log.debug("-----获取到的指定文件类型------"+fileExtendName);
            // 如果不是上述类型，则判断扩展名
            if (StringUtils.isBlank(fileExtendName)) {
                String fileName = file.getOriginalFilename();
@ -214,7 +224,6 @@ public class SsrfFileTypeFilter {
                // 如果有扩展名，则返回扩展名
                return getFileTypeBySuffix(fileName);
            }
-            log.info("-----最終的文件类型------"+fileExtendName);
            is.close();
            return fileExtendName;
        } catch (Exception e) {
@ -225,7 +234,6 @@ public class SsrfFileTypeFilter {
                is.close();
            }
        }
-        //update-end-author:liusq date:20230404 for: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
    }

    /**
@ -249,4 +257,34 @@ public class SsrfFileTypeFilter {
        }
        return stringBuilder.toString();
    }
+
+    /**
+     * 路径安全校验
+     */
+    private static void validatePathSecurity(String customPath) throws JeecgBootException {
+        if (customPath == null || customPath.trim().isEmpty()) {
+            return;
+        }
+
+        // 统一分隔符为 /
+        String normalized = customPath.replace("\\", "/");
+
+        // 1. 防止路径遍历攻击
+        if (normalized.contains("..") || normalized.contains("~")) {
+            throw new JeecgBootException("上传业务路径包含非法字符！");
+        }
+
+        // 2. 限制路径深度
+        int depth = normalized.split("/").length;
+        if (depth > 5) {
+            throw new JeecgBootException("上传业务路径深度超出限制！");
+        }
+
+        // 3. 限制字符集（只允许字母、数字、下划线、横线、斜杠）
+        if (!normalized.matches("^[a-zA-Z0-9/_-]+$")) {
+            throw new JeecgBootException("上传业务路径包含非法字符！");
+        }
+    }
+
+    
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oConvertUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oConvertUtils.java
@ -10,7 +10,11 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.springframework.beans.BeanUtils;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.BeanWrapper;
+import org.springframework.beans.BeanWrapperImpl;
+
+import java.beans.PropertyDescriptor;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
@ -23,6 +27,7 @@ import java.sql.Date;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Stream;

 /**
 * 
@ -563,10 +568,8 @@ public class oConvertUtils {
 			return "";
 		} else if (!name.contains(SymbolConstant.UNDERLINE)) {
 			// 不含下划线，仅将首字母小写
-			//update-begin--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
-			//update-begin--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
+			// 代码逻辑说明: TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 			return name.substring(0, 1).toLowerCase() + name.substring(1).toLowerCase();
-			//update-end--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 		}
 		// 用下划线将原始字符串分割
 		String[] camels = name.split("_");
@ -611,7 +614,6 @@ public class oConvertUtils {
 		return result.substring(0, result.length() - 1);
 	}
 	
-	//update-begin--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 	/**
 	 * 将下划线大写方式命名的字符串转换为驼峰式。(首字母写)
 	 * 如果转换前的下划线大写方式命名的字符串为空，则返回空字符串。</br>
@ -644,7 +646,6 @@ public class oConvertUtils {
 		}
 		return result.toString();
 	}
-	//update-end--Author:zhoujf  Date:20180503 for：TASK #2500 【代码生成器】代码生成器开发一通用模板生成功能
 	
 	/**
 	 * 将驼峰命名转化成下划线
@ -982,17 +983,18 @@ public class oConvertUtils {


 	/**
-	 * 判断 list1中的元素是否在list2中出现
+	 * 判断 sourceList中的元素是否在targetList中出现
+	 * 
 	 * QQYUN-5326【简流】获取组织人员 单/多 筛选条件 没有部门筛选
-	 * @param list1
-	 * @param list2
-	 * @return
+	 * @param sourceList 源列表，要检查的元素列表
+	 * @param targetList 目标列表，用于匹配的列表
+	 * @return 如果sourceList中有任何元素在targetList中存在则返回true，否则返回false
 	 */
-	public static boolean isInList(List<String> list1, List<String> list2){
-		for(String str1: list1){
+	public static boolean isInList(List<String> sourceList, List<String> targetList){
+		for(String sourceItem: sourceList){
 			boolean flag = false;
-			for(String str2: list2){
-				if(str1.equals(str2)){
+			for(String targetItem: targetList){
+				if(sourceItem.equals(targetItem)){
 					flag = true;
 					break;
 				}
@ -1004,6 +1006,35 @@ public class oConvertUtils {
 		return false;
 	}

+	/**
+	 * 判断 sourceList中的所有元素是否都在targetList中存在
+	 * @param sourceList 源列表，要检查的元素列表
+	 * @param targetList 目标列表，用于匹配的列表
+	 * @return 如果sourceList中的所有元素都在targetList中存在则返回true，否则返回false
+	 */
+	public static boolean isAllInList(List<String> sourceList, List<String> targetList){
+		if(sourceList == null || sourceList.isEmpty()){
+			return true; // 空列表视为所有元素都存在
+		}
+		if(targetList == null || targetList.isEmpty()){
+			return false; // 目标列表为空，源列表非空时返回false
+		}
+
+		for(String sourceItem: sourceList){
+			boolean found = false;
+			for(String targetItem: targetList){
+				if(sourceItem.equals(targetItem)){
+					found = true;
+					break;
+				}
+			}
+			if(!found){
+				return false; // 有任何一个元素不在目标列表中，返回false
+			}
+		}
+		return true; // 所有元素都找到了
+	}
+	
 	/**
 	 * 计算文件大小转成MB
 	 * @param uploadCount
@ -1168,5 +1199,37 @@ public class oConvertUtils {
 	public static boolean isEffectiveTenant(String tenantId) {
 		return MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && isNotEmpty(tenantId) && !("0").equals(tenantId);
 	}
+
+    /**
+     * 复制源对象的非空属性到目标对象（同名属性）
+     * 
+     * @param source 源对象（页面）
+     * @param target 目标对象（数据库实体）
+     */
+    public static void copyNonNullFields(Object source, Object target) {
+        if (source == null || target == null) {
+            return;
+        }
+        // 获取源对象的非空属性名数组
+        String[] nullPropertyNames = getNullPropertyNames(source);
+        // 复制：忽略源对象的空属性，仅覆盖目标对象的对应非空属性
+        BeanUtils.copyProperties(source, target, nullPropertyNames);
+    }
+
+    /**
+     * 获取源对象中值为 null 的属性名数组
+     * 
+     * @param source 
+     */
+    private static String[] getNullPropertyNames(Object source) {
+        BeanWrapper beanWrapper = new BeanWrapperImpl(source);
+        //获取类的属性
+        PropertyDescriptor[] propertyDescriptors = beanWrapper.getPropertyDescriptors();
+        // 过滤出值为 null 的属性名
+        return Stream.of(propertyDescriptors)
+                .map(PropertyDescriptor::getName)
+                .filter(name -> beanWrapper.getPropertyValue(name) == null)
+                .toArray(String[]::new);
+    }
 	
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oss/OssBootUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oss/OssBootUtil.java
@ -97,9 +97,8 @@ public class OssBootUtil {
     * @return oss 中的相对文件路径
     */
    public static String upload(MultipartFile file, String fileDir,String customBucket) throws Exception {
-        //update-begin-author:liusq date:20210809 for: 过滤上传文件类型
+        // 文件安全校验，防止上传漏洞文件
        SsrfFileTypeFilter.checkUploadFileType(file);
-        //update-end-author:liusq date:20210809 for: 过滤上传文件类型

        String filePath = null;
        initOss(endPoint, accessKeyId, accessKeySecret);
@ -125,9 +124,8 @@ public class OssBootUtil {
            if (!fileDir.endsWith(SymbolConstant.SINGLE_SLASH)) {
                fileDir = fileDir.concat(SymbolConstant.SINGLE_SLASH);
            }
-            //update-begin-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击
+            // 代码逻辑说明: 过滤上传文件夹名特殊字符，防止攻击
            fileDir=StrAttackFilter.filter(fileDir);
-            //update-end-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击
            fileUrl = fileUrl.append(fileDir + fileName);

            if (oConvertUtils.isNotEmpty(staticDomain) && staticDomain.toLowerCase().startsWith(CommonConstant.STR_HTTP)) {
@ -264,9 +262,8 @@ public class OssBootUtil {
                newBucket = bucket;
            }
            initOss(endPoint, accessKeyId, accessKeySecret);
-            //update-begin---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
+            // 代码逻辑说明: 替换objectName前缀，防止key不一致导致获取不到文件----
            objectName = OssBootUtil.replacePrefix(objectName,bucket);
-            //update-end---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
            OSSObject ossObject = ossClient.getObject(newBucket,objectName);
            inputStream = new BufferedInputStream(ossObject.getObjectContent());
        }catch (Exception e){
@ -294,9 +291,8 @@ public class OssBootUtil {
    public static String getObjectUrl(String bucketName, String objectName, Date expires) {
        initOss(endPoint, accessKeyId, accessKeySecret);
        try{
-            //update-begin---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
+            // 代码逻辑说明: 替换objectName前缀，防止key不一致导致获取不到文件----
            objectName = OssBootUtil.replacePrefix(objectName,bucketName);
-            //update-end---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
            if(ossClient.doesObjectExist(bucketName,objectName)){
                URL url = ossClient.generatePresignedUrl(bucketName,objectName,expires);
                //log.info("原始url : {}", url.toString());
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java
@ -63,7 +63,7 @@ public abstract class AbstractQueryBlackListHandler {
        if(list==null){
            return true;
        }
-        log.info("  获取sql信息 ：{} ", list.toString());
+        log.debug("  获取sql信息 ：{} ", list.toString());
        boolean flag = checkTableAndFieldsName(list);
        if(flag == false){
            return false;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/AutoPoiDictConfig.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/AutoPoiDictConfig.java
@ -3,7 +3,7 @@ package org.jeecg.config;
 import java.util.ArrayList;
 import java.util.List;

-import javax.annotation.Resource;
+import jakarta.annotation.Resource;

 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.system.vo.DictModel;
@ -60,17 +60,15 @@ public class AutoPoiDictConfig implements AutoPoiDictServiceI {


 		for (DictModel t : dictList) {
-			//update-begin---author:liusq   Date:20230517  for：[issues/4917]excel 导出异常---
+			// 代码逻辑说明: [issues/4917]excel 导出异常---
 			if(t!=null && t.getText()!=null && t.getValue()!=null){
-			//update-end---author:liusq     Date:20230517  for：[issues/4917]excel 导出异常---
-				//update-begin---author:scott   Date:20211220  for：[issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
+				// 代码逻辑说明: [issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
 				if(t.getValue().contains(EXCEL_SPLIT_TAG)){
 					String val = t.getValue().replace(EXCEL_SPLIT_TAG,TEMP_EXCEL_SPLIT_TAG);
 					dictReplaces.add(t.getText() + EXCEL_SPLIT_TAG + val);
 				}else{
 					dictReplaces.add(t.getText() + EXCEL_SPLIT_TAG + t.getValue());
 				}
-				//update-end---author:20211220     Date:20211220  for：[issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
 			}
 		}
 		if (dictReplaces != null && dictReplaces.size() != 0) {
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/DruidConfig.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/DruidConfig.java
@ -2,7 +2,9 @@ package org.jeecg.config;

 import java.io.IOException;

-import javax.servlet.*;
+import com.alibaba.druid.spring.boot3.autoconfigure.DruidDataSourceAutoConfigure;
+import com.alibaba.druid.spring.boot3.autoconfigure.properties.DruidStatProperties;
+import jakarta.servlet.*;

 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@ -11,8 +13,6 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

-import com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceAutoConfigure;
-import com.alibaba.druid.spring.boot.autoconfigure.properties.DruidStatProperties;
 import com.alibaba.druid.util.Utils;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/DruidWallConfigRegister.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/DruidWallConfigRegister.java
@ -12,6 +12,7 @@ import java.util.HashMap;
 import java.util.Map;

 /**
+ * @author eightmonth@qq.com
 * 启动程序修改DruidWallConfig配置
 * 允许SELECT语句的WHERE子句是一个永真条件
 * @author eightmonth
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/JeecgBaseConfig.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/JeecgBaseConfig.java
@ -1,7 +1,12 @@
 package org.jeecg.config;

+import lombok.Getter;
+import lombok.Setter;
+import org.jeecg.config.tencent.JeecgTencent;
 import org.jeecg.config.vo.*;
+import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Role;
 import org.springframework.stereotype.Component;


@ -11,6 +16,7 @@ import org.springframework.stereotype.Component;
 */
@Component("jeecgBaseConfig")
@ConfigurationProperties(prefix = "jeecg")
+@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
 public class JeecgBaseConfig {
    /**
     * 签名密钥串(字典等敏感接口)
@ -70,7 +76,35 @@ public class JeecgBaseConfig {
    /**
     * 百度开放API配置
     */
-    private BaiduApi baiduApi;    
+    private BaiduApi baiduApi;
+
+    /**
+     * minio配置
+     */
+    @Getter
+    @Setter
+    private JeecgMinio minio;
+
+    /**
+     * oss配置
+     */
+    @Getter
+    @Setter
+    private JeecgOSS oss;
+
+    /**
+     * 短信发送方式 aliyun阿里云短信 tencent腾讯云短信
+     */
+    @Getter
+    @Setter
+    private String smsSendType = "aliyun";
+    
+    /**
+     * 腾讯配置
+     */
+    @Getter
+    @Setter
+    private JeecgTencent tencent;

    public String getCustomResourcePrefixPath() {
        return customResourcePrefixPath;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger2Config.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger2Config.java
@ -95,13 +95,11 @@
 //        List<Parameter> pars = new ArrayList<>();
 //        tokenPar.name(CommonConstant.X_ACCESS_TOKEN).description("token").modelRef(new ModelRef("string")).parameterType("header").required(false).build();
 //        pars.add(tokenPar.build());
-//        //update-begin-author:liusq---date:2024-08-15--for:  开启多租户时，全局参数增加租户id
 //        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
 //            ParameterBuilder tenantPar = new ParameterBuilder();
 //            tenantPar.name(CommonConstant.TENANT_ID).description("租户ID").modelRef(new ModelRef("string")).parameterType("header").required(false).build();
 //            pars.add(tenantPar.build());
 //        }
-//        //update-end-author:liusq---date:2024-08-15--for: 开启多租户时，全局参数增加租户id
 //
 //        return pars;
 //    }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger3Config.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger3Config.java
@ -10,28 +10,37 @@ import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.constant.CommonConstant;
-import org.springdoc.core.customizers.GlobalOpenApiCustomizer;
+import org.springdoc.core.customizers.OperationCustomizer;
 import org.springdoc.core.filters.GlobalOpenApiMethodFilter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;

 /**
 * @author eightmonth
 */
@Slf4j
@Configuration
+@ConditionalOnProperty(prefix = "knife4j", name = "production", havingValue = "false", matchIfMissing = true)
@PropertySource("classpath:config/default-spring-doc.properties")
 public class Swagger3Config implements WebMvcConfigurer {
+
+    // 路径匹配结果缓存，避免重复计算
+    private static final Map<String, Boolean> EXCLUDED_PATHS_CACHE = new ConcurrentHashMap<>();
    // 定义不需要注入安全要求的路径集合
-    Set<String> excludedPaths = new HashSet<>(Arrays.asList(
-            "/sys/randomImage/{key}",
+    private static final Set<String> excludedPaths = new HashSet<>(Arrays.asList(
+            "/sys/randomImage/**",
            "/sys/login",
            "/sys/phoneLogin",
            "/sys/mLogin",
@ -41,7 +50,20 @@ public class Swagger3Config implements WebMvcConfigurer {
            "/sys/thirdLogin/**",
            "/sys/user/register"
    ));
-
+    // 预处理通配符模式，提高匹配效率
+    private static final Set<String> wildcardPatterns = new HashSet<>();
+    private static final Set<String> exactPatterns = new HashSet<>();
+    static {
+        // 初始化时分离精确匹配和通配符匹配
+        for (String pattern : excludedPaths) {
+            if (pattern.endsWith("/**")) {
+                wildcardPatterns.add(pattern.substring(0, pattern.length() - 3));
+            } else {
+                exactPatterns.add(pattern);
+            }
+        }
+    }
+    
    /**
     *
     * 显示swagger-ui.html文档展示页，还必须注入swagger资源：
@ -61,40 +83,70 @@ public class Swagger3Config implements WebMvcConfigurer {
    }

    @Bean
-    public GlobalOpenApiCustomizer globalOpenApiCustomizer() {
-        return openApi -> {
-            // 全局添加鉴权参数
-            if (openApi.getPaths() != null) {
-                openApi.getPaths().forEach((path, pathItem) -> {
-                    //log.debug("path: {}", path);
-                    // 检查当前路径是否在排除列表中
-                    boolean isExcluded = excludedPaths.stream().anyMatch(
-                            excludedPath -> excludedPath.equals(path) || (excludedPath.endsWith("**") && path.startsWith(excludedPath.substring(0, excludedPath.length() - 2)))
-                    );
-
-                    if (!isExcluded) {
-                        // 接口添加鉴权参数
-                        pathItem.readOperations().forEach(operation ->
-                                operation.addSecurityItem(new SecurityRequirement().addList(CommonConstant.X_ACCESS_TOKEN))
-                        );
-                    }
-                });
+    public OperationCustomizer operationCustomizer() {
+        return (operation, handlerMethod) -> {
+            String path = getFullPath(handlerMethod);
+            if (!isExcludedPath(path)) {
+                operation.addSecurityItem(new SecurityRequirement().addList(CommonConstant.X_ACCESS_TOKEN));
+            }else{
+                log.info("忽略加入 X_ACCESS_TOKEN 的 PATH:" + path);
            }
+            return operation;
        };
    }

+    private String getFullPath(HandlerMethod handlerMethod) {
+        StringBuilder fullPath = new StringBuilder();
+
+        // 获取类级别的路径
+        RequestMapping classMapping = handlerMethod.getBeanType().getAnnotation(RequestMapping.class);
+        if (classMapping != null && classMapping.value().length > 0) {
+            fullPath.append(classMapping.value()[0]);
+        }
+
+        // 获取方法级别的路径
+        RequestMapping methodMapping = handlerMethod.getMethodAnnotation(RequestMapping.class);
+        if (methodMapping != null && methodMapping.value().length > 0) {
+            String methodPath = methodMapping.value()[0];
+            // 确保路径正确拼接，处理斜杠
+            if (!fullPath.toString().endsWith("/") && !methodPath.startsWith("/")) {
+                fullPath.append("/");
+            }
+            fullPath.append(methodPath);
+        }
+
+        return fullPath.toString();
+    }
+
+
+    private boolean isExcludedPath(String path) {
+        // 使用缓存避免重复计算
+        return EXCLUDED_PATHS_CACHE.computeIfAbsent(path, p -> {
+            // 精确匹配
+            if (exactPatterns.contains(p)) {
+                return true;
+            }
+            // 通配符匹配
+            return wildcardPatterns.stream().anyMatch(p::startsWith);
+        });
+    }
+    
    @Bean
    public OpenAPI customOpenAPI() {
        return new OpenAPI()
                .info(new Info()
                        .title("JeecgBoot 后台服务API接口文档")
-                        .version("3.8.3")
+                        .version("3.9.0")
                        .contact(new Contact().name("北京国炬信息技术有限公司").url("www.jeccg.com").email("jeecgos@163.com"))
-                        .description( "后台API接口")
+                        .description("后台API接口")
                        .termsOfService("NO terms of service")
                        .license(new License().name("Apache 2.0").url("http://www.apache.org/licenses/LICENSE-2.0.html")))
                .addSecurityItem(new SecurityRequirement().addList(CommonConstant.X_ACCESS_TOKEN))
                .components(new Components().addSecuritySchemes(CommonConstant.X_ACCESS_TOKEN,
-                        new SecurityScheme().name(CommonConstant.X_ACCESS_TOKEN).type(SecurityScheme.Type.HTTP)));
+                        new SecurityScheme()
+                                .name(CommonConstant.X_ACCESS_TOKEN)
+                                .type(SecurityScheme.Type.APIKEY)
+                                .in(SecurityScheme.In.HEADER) // 关键：指定为 header
+                ));
    }
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/WebMvcConfiguration.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/WebMvcConfiguration.java
@ -10,17 +10,18 @@ import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
-import io.micrometer.prometheus.PrometheusMeterRegistry;
+import io.micrometer.prometheusmetrics.PrometheusMeterRegistry;
+import jakarta.annotation.PostConstruct;
+import jakarta.annotation.Resource;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.boot.context.event.ApplicationReadyEvent;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
-import org.springframework.context.event.EventListener;
 import org.springframework.http.CacheControl;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
@ -32,7 +33,6 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

-import javax.annotation.Resource;
 import java.text.SimpleDateFormat;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
@ -47,6 +47,7 @@ import java.util.concurrent.TimeUnit;
 * @Author qinfeng
 *
 */
+@Slf4j
@Configuration
 public class WebMvcConfiguration implements WebMvcConfigurer {

@ -141,7 +142,6 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
        return objectMapper;
    }

-    //update-begin---author:chenrui ---date:20240514  for：[QQYUN-9247]系统监控功能优化------------
 //    /**
 //     * SpringBootAdmin的Httptrace不见了
 //     * https://blog.csdn.net/u013810234/article/details/110097201
@ -150,20 +150,20 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
 //    public InMemoryHttpTraceRepository getInMemoryHttpTrace(){
 //        return new InMemoryHttpTraceRepository();
 //    }
-    //update-end---author:chenrui ---date:20240514  for：[QQYUN-9247]系统监控功能优化------------


    /**
-     * 监听应用启动完成事件，确保 PrometheusMeterRegistry 已经初始化
+     * 在Bean初始化完成后立即配置PrometheusMeterRegistry，避免在Meter注册后才配置MeterFilter
     * for [QQYUN-12558]【监控】系统监控的头两个tab不好使，接口404
-     * @param event
     * @author chenrui
     * @date 2025/5/26 16:46
     */
-    @EventListener
-    public void onApplicationReady(ApplicationReadyEvent event) {
-        if(null != meterRegistryPostProcessor){
-            meterRegistryPostProcessor.postProcessAfterInitialization(prometheusMeterRegistry, "");
+    @PostConstruct
+    public void initPrometheusMeterRegistry() {
+        // 确保在应用启动早期就配置MeterFilter，避免警告
+        if (null != meterRegistryPostProcessor && null != prometheusMeterRegistry) {
+            meterRegistryPostProcessor.postProcessAfterInitialization(prometheusMeterRegistry, "prometheusMeterRegistry");
+            log.info("PrometheusMeterRegistry 配置完成");
        }
    }

--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/filter/RequestBodyReserveFilter.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/filter/RequestBodyReserveFilter.java
@ -3,8 +3,8 @@ package org.jeecg.config.filter;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.config.sign.util.BodyReaderHttpServletRequestWrapper;

-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/filter/WebsocketFilter.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/filter/WebsocketFilter.java
@ -7,9 +7,9 @@ import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;

-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java
@ -14,9 +14,9 @@ import org.jeecg.config.JeecgBaseConfig;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;

-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Set;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisInterceptor.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisInterceptor.java
@ -129,20 +129,18 @@ public class MybatisInterceptor implements Interceptor {
 			Field[] fields = null;
 			if (parameter instanceof ParamMap) {
 				ParamMap<?> p = (ParamMap<?>) parameter;
-				//update-begin-author:scott date:20190729 for:批量更新报错issues/IZA3Q--
+				// 代码逻辑说明: 批量更新报错issues/IZA3Q--
                String et = "et";
 				if (p.containsKey(et)) {
 					parameter = p.get(et);
 				} else {
 					parameter = p.get("param1");
 				}
-				//update-end-author:scott date:20190729 for:批量更新报错issues/IZA3Q-

-				//update-begin-author:scott date:20190729 for:更新指定字段时报错 issues/#516-
+				// 代码逻辑说明: 更新指定字段时报错 issues/#516-
 				if (parameter == null) {
 					return invocation.proceed();
 				}
-				//update-end-author:scott date:20190729 for:更新指定字段时报错 issues/#516-

 				fields = oConvertUtils.getAllFields(parameter);
 			} else {
@ -184,7 +182,6 @@ public class MybatisInterceptor implements Interceptor {
 		// TODO Auto-generated method stub
 	}

-	//update-begin--Author:scott  Date:20191213 for：关于使用Quzrtz 开启线程任务， #465
    /**
     * 获取登录用户
     * @return
@ -199,6 +196,5 @@ public class MybatisInterceptor implements Interceptor {
 		}
 		return sysUser;
 	}
-	//update-end--Author:scott  Date:20191213 for：关于使用Quzrtz 开启线程任务， #465

 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/aspect/DynamicTableAspect.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/aspect/DynamicTableAspect.java
@ -11,7 +11,7 @@ import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.config.mybatis.ThreadLocalDataHelper;
 import org.springframework.stereotype.Component;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/interceptor/DynamicDatasourceInterceptor.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/interceptor/DynamicDatasourceInterceptor.java
@ -6,8 +6,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;

 /**
 * 动态数据源切换拦截器
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/MinioConfig.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/MinioConfig.java
@ -1,5 +1,6 @@
 package org.jeecg.config.oss;

+import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.SymbolConstant;
@ -28,7 +29,7 @@ public class MinioConfig {
    @Value(value = "${jeecg.minio.bucketName}")
    private String bucketName;

-    @Bean
+    @PostConstruct
    public void initMinio(){
        if(!minioUrl.startsWith(CommonConstant.STR_HTTP)){
            minioUrl = "http://" + minioUrl;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/OssConfiguration.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/OssConfiguration.java
@ -1,5 +1,6 @@
 package org.jeecg.config.oss;

+import jakarta.annotation.PostConstruct;
 import org.jeecg.common.util.oss.OssBootUtil;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@ -28,7 +29,7 @@ public class OssConfiguration {
    private String staticDomain;


-    @Bean
+    @PostConstruct
    public void initOssBootConfiguration() {
        OssBootUtil.setEndPoint(endpoint);
        OssBootUtil.setAccessKeyId(accessKeyId);
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
@ -1,5 +1,8 @@
 package org.jeecg.config.shiro;

+import jakarta.annotation.Resource;
+import jakarta.servlet.DispatcherType;
+import jakarta.servlet.Filter;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
 import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
@ -8,6 +11,7 @@ import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.spring.LifecycleBeanPostProcessor;
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.spring.web.ShiroUrlPathHelper;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.crazycake.shiro.*;
 import org.jeecg.common.constant.CommonConstant;
@ -29,12 +33,10 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.filter.DelegatingFilterProxy;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
 import redis.clients.jedis.HostAndPort;
 import redis.clients.jedis.JedisCluster;

-import javax.annotation.Resource;
-import javax.servlet.DispatcherType;
-import javax.servlet.Filter;
 import java.lang.reflect.Method;
 import java.util.*;

@ -111,7 +113,7 @@ public class ShiroConfig {
        filterChainDefinitionMap.put("/sys/checkAuth", "anon"); //授权接口排除
        filterChainDefinitionMap.put("/openapi/call/**", "anon"); // 开放平台接口排除

-        //update-begin--Author:scott Date:20221116 for：排除静态资源后缀
+        // 代码逻辑说明: 排除静态资源后缀
        filterChainDefinitionMap.put("/", "anon");
        filterChainDefinitionMap.put("/doc.html", "anon");
        filterChainDefinitionMap.put("/**/*.js", "anon");
@ -129,7 +131,6 @@ public class ShiroConfig {

        filterChainDefinitionMap.put("/**/*.glb", "anon");
        filterChainDefinitionMap.put("/**/*.wasm", "anon");
-        //update-end--Author:scott Date:20221116 for：排除静态资源后缀

        filterChainDefinitionMap.put("/druid/**", "anon");
        filterChainDefinitionMap.put("/swagger-ui.html", "anon");
@ -137,9 +138,7 @@ public class ShiroConfig {
        filterChainDefinitionMap.put("/webjars/**", "anon");
        filterChainDefinitionMap.put("/v3/**", "anon");

-        // update-begin--Author:sunjianlei Date:20210510 for：排除消息通告查看详情页面（用于第三方APP）
        filterChainDefinitionMap.put("/sys/annountCement/show/**", "anon");
-        // update-end--Author:sunjianlei Date:20210510 for：排除消息通告查看详情页面（用于第三方APP）

        //积木报表排除
        filterChainDefinitionMap.put("/jmreport/**", "anon");
@ -158,7 +157,7 @@ public class ShiroConfig {
        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getTotalDataByCompId", "anon");
        filterChainDefinitionMap.put("/drag/mock/json/**", "anon");
        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getDictByCodes", "anon");
-
+        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/queryAllById", "anon");
        filterChainDefinitionMap.put("/jimubi/view", "anon");
        filterChainDefinitionMap.put("/jimubi/share/view/**", "anon");

@ -178,8 +177,6 @@ public class ShiroConfig {
        filterChainDefinitionMap.put("/sys/version/app3version", "anon");
        //仪表盘（按钮通信）
        filterChainDefinitionMap.put("/dragChannelSocket/**","anon");
-        //App vue3版本查询版本接口
-        filterChainDefinitionMap.put("/sys/version/app3version", "anon");

        //性能监控——安全隐患泄露TOEKN（durid连接池也有）
        //filterChainDefinitionMap.put("/actuator/**", "anon");
@ -207,7 +204,6 @@ public class ShiroConfig {
        return shiroFilterFactoryBean;
    }

-    //update-begin---author:chenrui ---date:20240126  for：【QQYUN-7932】AI助手------------

    /**
     * spring过滤装饰器 <br/>
@ -223,9 +219,8 @@ public class ShiroConfig {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new DelegatingFilterProxy("shiroFilterFactoryBean"));
        registration.setEnabled(true);
-        //update-begin---author:chenrui ---date:20241202  for：[issues/7491]运行时间好长，效率慢 ------------
+        // 代码逻辑说明: [issues/7491]运行耗时长，效率慢 
        registration.addUrlPatterns("/test/ai/chat/send");
-        //update-end---author:chenrui ---date:20241202  for：[issues/7491]运行时间好长，效率慢 ------------
        registration.addUrlPatterns("/airag/flow/run");
        registration.addUrlPatterns("/airag/flow/debug");
        registration.addUrlPatterns("/airag/chat/send");
@ -237,7 +232,6 @@ public class ShiroConfig {
        registration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
        return registration;
    }
-    //update-end---author:chenrui ---date:20240126  for：【QQYUN-7932】AI助手------------

    @Bean("securityManager")
    public DefaultWebSecurityManager securityManager(ShiroRealm myRealm) {
@ -358,12 +352,23 @@ public class ShiroConfig {
                JedisCluster jedisCluster = new JedisCluster(portSet);
                redisManager.setJedisCluster(jedisCluster);
            }
-            //update-end--Author:scott Date:20210531 for：修改集群模式下未设置redis密码的bug issues/I3QNIC
            manager = redisManager;
        }
        return manager;
    }

+    /**
+     * 解决 ShiroRequestMappingConfig 获取 requestMappingHandlerMapping Bean 冲突
+     * spring-boot-autoconfigure:3.4.5 和 spring-boot-actuator-autoconfigure:3.4.5
+     */
+    @Primary
+    @Bean
+    public RequestMappingHandlerMapping overridedRequestMappingHandlerMapping() {
+        RequestMappingHandlerMapping mapping = new RequestMappingHandlerMapping();
+        mapping.setUrlPathHelper(new ShiroUrlPathHelper());
+        return mapping;
+    }
+    
    private List<String> rebuildUrl(String[] bases, String[] uris) {
        List<String> urls = new ArrayList<>();
        for (String base : bases) {
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
@ -20,11 +20,13 @@ import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
+import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Lazy;
+import org.springframework.context.annotation.Role;
 import org.springframework.stereotype.Component;

-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.Set;

 /**
@ -35,6 +37,7 @@ import java.util.Set;
 */
@Component
@Slf4j
+@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
 public class ShiroRealm extends AuthorizingRealm {
 	@Lazy
    @Resource
@ -80,7 +83,7 @@ public class ShiroRealm extends AuthorizingRealm {
        Set<String> permissionSet = commonApi.queryUserAuths(userId);
        info.addStringPermissions(permissionSet);
        //System.out.println(permissionSet);
-        log.info("===============Shiro权限认证成功==============");
+        log.debug("===============Shiro权限认证成功==============");
        return info;
    }

@ -107,8 +110,8 @@ public class ShiroRealm extends AuthorizingRealm {
            loginUser = this.checkUserTokenIsEffect(token);
        } catch (AuthenticationException e) {
            log.error("—————校验 check token 失败——————————"+ e.getMessage(), e);
-            JwtUtil.responseError(SpringContextUtils.getHttpServletResponse(),401,e.getMessage());
-            return null;
+            // 重新抛出异常，让JwtFilter统一处理，避免返回两次错误响应
+            throw e;
        }
        return new SimpleAuthenticationInfo(loginUser, token, getName());
    }
@ -138,9 +141,11 @@ public class ShiroRealm extends AuthorizingRealm {
        }
        // 校验token是否超时失效 & 或者账号密码是否错误
        if (!jwtTokenRefresh(token, username, loginUser.getPassword())) {
-            throw new AuthenticationException(CommonConstant.TOKEN_IS_INVALID_MSG);
+            // 用户登录Token过期提示信息
+            String userLoginTokenErrorMsg = oConvertUtils.getString(redisUtil.get(CommonConstant.PREFIX_USER_TOKEN_ERROR_MSG + token));
+            throw new AuthenticationException(oConvertUtils.isEmpty(userLoginTokenErrorMsg)? CommonConstant.TOKEN_IS_INVALID_MSG: userLoginTokenErrorMsg);
        }
-        //update-begin-author:taoyan date:20210609 for:校验用户的tenant_id和前端传过来的是否一致
+        // 代码逻辑说明: 校验用户的tenant_id和前端传过来的是否一致
        String userTenantIds = loginUser.getRelTenantIds();
        if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && oConvertUtils.isNotEmpty(userTenantIds)){
            String contextTenantId = TenantContext.getTenant();
@ -149,7 +154,7 @@ public class ShiroRealm extends AuthorizingRealm {
             //登录用户无租户，前端header中租户ID值为 0
            String str ="0";
            if(oConvertUtils.isNotEmpty(contextTenantId) && !str.equals(contextTenantId)){
-                //update-begin-author:taoyan date:20211227 for: /issues/I4O14W 用户租户信息变更判断漏洞
+                // 代码逻辑说明: /issues/I4O14W 用户租户信息变更判断漏洞
                String[] arr = userTenantIds.split(",");
                if(!oConvertUtils.isIn(contextTenantId, arr)){
                    boolean isAuthorization = false;
@ -174,10 +179,8 @@ public class ShiroRealm extends AuthorizingRealm {
                    }
                    //*********************************************
                }
-                //update-end-author:taoyan date:20211227 for: /issues/I4O14W 用户租户信息变更判断漏洞
            }
        }
-        //update-end-author:taoyan date:20210609 for:校验用户的tenant_id和前端传过来的是否一致
        return loginUser;
    }

@ -199,19 +202,22 @@ public class ShiroRealm extends AuthorizingRealm {
        if (oConvertUtils.isNotEmpty(cacheToken)) {
            // 校验token有效性
            if (!JwtUtil.verify(cacheToken, userName, passWord)) {
-                String newAuthorization = JwtUtil.sign(userName, passWord);
-                // 设置超时时间
+                // 从token中解析客户端类型，保持续期时使用相同的客户端类型
+                String clientType = JwtUtil.getClientType(token);
+                String newAuthorization = JwtUtil.sign(userName, passWord, clientType);
+                // 根据客户端类型设置对应的缓存有效时间
+                long expireTime = CommonConstant.CLIENT_TYPE_APP.equalsIgnoreCase(clientType) 
+                    ? JwtUtil.APP_EXPIRE_TIME * 2 / 1000 
+                    : JwtUtil.EXPIRE_TIME * 2 / 1000;
                redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, newAuthorization);
-                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME *2 / 1000);
+                redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, expireTime);
                log.debug("——————————用户在线操作，更新token保证不掉线—————————jwtTokenRefresh——————— "+ token);
            }
-            //update-begin--Author:scott  Date:20191005  for：解决每次请求，都重写redis中 token缓存问题
 //			else {
 //				// 设置超时时间
 //				redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, cacheToken);
 //				redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000);
 //			}
-            //update-end--Author:scott  Date:20191005   for：解决每次请求，都重写redis中 token缓存问题
            return true;
        }

@ -227,8 +233,7 @@ public class ShiroRealm extends AuthorizingRealm {
    @Override
    public void clearCache(PrincipalCollection principals) {
        super.clearCache(principals);
-        //update-begin---author:scott ---date::2024-06-18  for：【TV360X-1320】分配权限必须退出重新登录才生效，造成很多用户困扰---
+        // 代码逻辑说明: 【TV360X-1320】分配权限必须退出重新登录才生效，造成很多用户困扰---
        super.clearCachedAuthorizationInfo(principals);
-        //update-end---author:scott ---date::2024-06-18  for：【TV360X-1320】分配权限必须退出重新登录才生效，造成很多用户困扰---
    }
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/CustomShiroFilterFactoryBean.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/CustomShiroFilterFactoryBean.java
@ -12,7 +12,7 @@ import org.apache.shiro.web.servlet.AbstractShiroFilter;
 import org.apache.shiro.mgt.SecurityManager;
 import org.springframework.beans.factory.BeanInitializationException;

-import javax.servlet.Filter;
+import jakarta.servlet.Filter;
 import java.util.Map;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
@ -13,10 +13,10 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.RequestMethod;

-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;

 /**
 * @Description: 鉴权登录拦截器
@ -56,9 +56,13 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
            executeLogin(request, response);
            return true;
        } catch (Exception e) {
-            JwtUtil.responseError((HttpServletResponse)response,401,CommonConstant.TOKEN_IS_INVALID_MSG);
+            // 使用异常中的具体错误信息，保留"不允许同一账号多地同时登录"等具体提示
+            String errorMsg = e.getMessage();
+            if (oConvertUtils.isEmpty(errorMsg)) {
+                errorMsg = CommonConstant.TOKEN_IS_INVALID_MSG;
+            }
+            JwtUtil.responseError((HttpServletResponse)response, 401, errorMsg);
            return false;
-            //throw new AuthenticationException("Token失效，请重新登录", e);
        }
    }

@ -69,11 +73,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String token = httpServletRequest.getHeader(CommonConstant.X_ACCESS_TOKEN);
-        // update-begin--Author:lvdandan Date:20210105 for：JT-355 OA聊天添加token验证，获取token参数
+        // 代码逻辑说明: JT-355 OA聊天添加token验证，获取token参数
        if (oConvertUtils.isEmpty(token)) {
            token = httpServletRequest.getParameter("token");
        }
-        // update-end--Author:lvdandan Date:20210105 for：JT-355 OA聊天添加token验证，获取token参数

        JwtToken jwtToken = new JwtToken(token);
        // 提交给realm进行登入，如果错误他会抛出异常并被捕获
@ -106,10 +109,9 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return false;
        }
-        //update-begin-author:taoyan date:20200708 for:多租户用到
+        // 代码逻辑说明: 多租户用到
        String tenantId = httpServletRequest.getHeader(CommonConstant.TENANT_ID);
        TenantContext.setTenant(tenantId);
-        //update-end-author:taoyan date:20200708 for:多租户用到

        return super.preHandle(request, response);
    }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/ResourceCheckFilter.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/ResourceCheckFilter.java
@ -1,9 +1,9 @@
 package org.jeecg.config.shiro.filters;

-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.filter.AccessControlFilter;
 import lombok.extern.slf4j.Slf4j;
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java
@ -4,6 +4,7 @@ import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.config.shiro.IgnoreAuth;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
@ -20,6 +21,7 @@ import java.util.stream.Collectors;
 * @date 2024/4/18 11:35
 */
@Slf4j
+@Lazy(false)
@Component
@AllArgsConstructor
 public class IgnoreAuthPostProcessor implements InitializingBean {
@ -33,10 +35,15 @@ public class IgnoreAuthPostProcessor implements InitializingBean {
        long startTime = System.currentTimeMillis();
        
        List<String> ignoreAuthUrls = new ArrayList<>();
-        Set<Class<?>> restControllers = requestMappingHandlerMapping.getHandlerMethods().values().stream().map(HandlerMethod::getBeanType).collect(Collectors.toSet());
-        for (Class<?> restController : restControllers) {
-            ignoreAuthUrls.addAll(postProcessRestController(restController));
-        }
+        
+        // 优化：直接从HandlerMethod过滤，避免重复扫描
+        requestMappingHandlerMapping.getHandlerMethods().values().stream()
+            .filter(handlerMethod -> handlerMethod.getMethod().isAnnotationPresent(IgnoreAuth.class))
+            .forEach(handlerMethod -> {
+                Class<?> clazz = handlerMethod.getBeanType();
+                Method method = handlerMethod.getMethod();
+                ignoreAuthUrls.addAll(processIgnoreAuthMethod(clazz, method));
+            });

        log.info("Init Token ignoreAuthUrls Config [ 集合 ]  ：{}", ignoreAuthUrls);
        if (!CollectionUtils.isEmpty(ignoreAuthUrls)) {
@ -46,44 +53,30 @@ public class IgnoreAuthPostProcessor implements InitializingBean {
        // 计算方法的耗时
        long endTime = System.currentTimeMillis();
        long elapsedTime = endTime - startTime;
-        log.info("Init Token ignoreAuthUrls Config [ 耗时 ] ：" + elapsedTime + "毫秒");
+        log.info("Init Token ignoreAuthUrls Config [ 耗时 ] ：" + elapsedTime + "ms");
    }

-    private List<String> postProcessRestController(Class<?> clazz) {
-        List<String> ignoreAuthUrls = new ArrayList<>();
+    // 优化：新方法处理单个@IgnoreAuth方法，减少重复注解检查
+    private List<String> processIgnoreAuthMethod(Class<?> clazz, Method method) {
        RequestMapping base = clazz.getAnnotation(RequestMapping.class);
        String[] baseUrl = Objects.nonNull(base) ? base.value() : new String[]{};
-        Method[] methods = clazz.getDeclaredMethods();
-
-        for (Method method : methods) {
-            if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(RequestMapping.class)) {
-                RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
-                String[] uri = requestMapping.value();
-                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(GetMapping.class)) {
-                GetMapping requestMapping = method.getAnnotation(GetMapping.class);
-                String[] uri = requestMapping.value();
-                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PostMapping.class)) {
-                PostMapping requestMapping = method.getAnnotation(PostMapping.class);
-                String[] uri = requestMapping.value();
-                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PutMapping.class)) {
-                PutMapping requestMapping = method.getAnnotation(PutMapping.class);
-                String[] uri = requestMapping.value();
-                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(DeleteMapping.class)) {
-                DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
-                String[] uri = requestMapping.value();
-                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PatchMapping.class)) {
-                PatchMapping requestMapping = method.getAnnotation(PatchMapping.class);
-                String[] uri = requestMapping.value();
-                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-            }
+        
+        String[] uri = null;
+        if (method.isAnnotationPresent(RequestMapping.class)) {
+            uri = method.getAnnotation(RequestMapping.class).value();
+        } else if (method.isAnnotationPresent(GetMapping.class)) {
+            uri = method.getAnnotation(GetMapping.class).value();
+        } else if (method.isAnnotationPresent(PostMapping.class)) {
+            uri = method.getAnnotation(PostMapping.class).value();
+        } else if (method.isAnnotationPresent(PutMapping.class)) {
+            uri = method.getAnnotation(PutMapping.class).value();
+        } else if (method.isAnnotationPresent(DeleteMapping.class)) {
+            uri = method.getAnnotation(DeleteMapping.class).value();
+        } else if (method.isAnnotationPresent(PatchMapping.class)) {
+            uri = method.getAnnotation(PatchMapping.class).value();
        }
-
-        return ignoreAuthUrls;
+        
+        return uri != null ? rebuildUrl(baseUrl, uri) : Collections.emptyList();
    }

    private List<String> rebuildUrl(String[] bases, String[] uris) {
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthConfiguration.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthConfiguration.java
@ -10,7 +10,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

-import javax.annotation.Resource;
+import jakarta.annotation.Resource;

 /**
 * 签名 拦截器配置
@ -41,7 +41,7 @@ public class SignAuthConfiguration implements WebMvcConfigurer {
        registry.addInterceptor(signAuthInterceptor()).addPathPatterns(signUrlsArray);
    }

-    //update-begin-author:taoyan date:20220427 for: issues/I53J5E post请求X_SIGN签名拦截校验后报错, request body 为空
+    // 代码逻辑说明: issues/I53J5E post请求X_SIGN签名拦截校验后报错, request body 为空
    @Bean
    public RequestBodyReserveFilter requestBodyReserveFilter(){
        return new RequestBodyReserveFilter();
@ -66,6 +66,5 @@ public class SignAuthConfiguration implements WebMvcConfigurer {
        registration.addUrlPatterns(signUrlsArray);
        return registration;
    }
-    //update-end-author:taoyan date:20220427 for: issues/I53J5E post请求X_SIGN签名拦截校验后报错, request body 为空

 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthInterceptor.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthInterceptor.java
@ -4,8 +4,8 @@ package org.jeecg.config.sign.interceptor;
 import java.io.PrintWriter;
 import java.util.SortedMap;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;

 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
@ -33,7 +33,7 @@ public class SignAuthInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        log.info("Sign Interceptor request URI = " + request.getRequestURI());
+        log.debug("Sign Interceptor request URI = " + request.getRequestURI());
        HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
        //获取全部参数(包括URL和body上的)
        SortedMap<String, String> allParams = HttpUtils.getAllParams(requestWrapper);
@ -79,7 +79,7 @@ public class SignAuthInterceptor implements HandlerInterceptor {
            log.debug("Sign 签名通过！Header Sign : {}",headerSign);
            return true;
        } else {
-            log.info("sign allParams: {}", allParams);
+            log.debug("sign allParams: {}", allParams);
            log.error("request URI = " + request.getRequestURI());
            log.error("Sign 签名校验失败！Header Sign : {}",headerSign);
            //校验失败返回前端
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/BodyReaderHttpServletRequestWrapper.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/BodyReaderHttpServletRequestWrapper.java
@ -1,10 +1,10 @@
 package org.jeecg.config.sign.util;

-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.ServletRequest;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
 import java.io.*;
 import java.nio.charset.Charset;

--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/HttpUtils.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/HttpUtils.java
@ -10,7 +10,7 @@ import java.util.Map;
 import java.util.SortedMap;
 import java.util.TreeMap;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;

 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.constant.SymbolConstant;
@ -41,19 +41,19 @@ public class HttpUtils {
        // 获取URL上最后带逗号的参数变量 sys/dict/getDictItems/sys_user,realname,username
        String pathVariable = request.getRequestURI().substring(request.getRequestURI().lastIndexOf("/") + 1);
        if (pathVariable.contains(SymbolConstant.COMMA)) {
-            log.info(" pathVariable: {}",pathVariable);
+            log.debug(" pathVariable: {}",pathVariable);
            String deString = URLDecoder.decode(pathVariable, "UTF-8");
          
            //https://www.52dianzi.com/category/article/37/565371.html
            if(deString.contains("%")){
                try {
                    deString = URLDecoder.decode(deString, "UTF-8");
-                    log.info("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
+                    log.debug("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
                } catch (Exception e) {
                    //e.printStackTrace();
                }
            }
-            log.info(" pathVariable decode: {}",deString);
+            log.debug(" pathVariable decode: {}",deString);
            result.put(SignUtil.X_PATH_VARIABLE, deString);
        }
        // 获取URL上的参数
@ -91,15 +91,15 @@ public class HttpUtils {
        // 获取URL上最后带逗号的参数变量 sys/dict/getDictItems/sys_user,realname,username
        String pathVariable = url.substring(url.lastIndexOf("/") + 1);
        if (pathVariable.contains(SymbolConstant.COMMA)) {
-            log.info(" pathVariable: {}",pathVariable);
+            log.debug(" pathVariable: {}",pathVariable);
            String deString = URLDecoder.decode(pathVariable, "UTF-8");
           
            //https://www.52dianzi.com/category/article/37/565371.html
            if(deString.contains("%")){
                deString = URLDecoder.decode(deString, "UTF-8");
-                log.info("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
+                log.debug("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
            }
-            log.info(" pathVariable decode: {}",deString);
+            log.debug(" pathVariable decode: {}",deString);
            result.put(SignUtil.X_PATH_VARIABLE, deString);
        }
        // 获取URL上的参数
@ -174,11 +174,10 @@ public class HttpUtils {
        String[] params = param.split("&");
        for (String s : params) {
            int index = s.indexOf("=");
-            //update-begin---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
+            // 代码逻辑说明: [issues/5879]数据查询传ds=“”造成的异常------------
            if (index != -1) {
                result.put(s.substring(0, index), s.substring(index + 1));
            }
-            //update-end---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
        }
        return result;
    }
@ -202,11 +201,10 @@ public class HttpUtils {
        String[] params = param.split("&");
        for (String s : params) {
            int index = s.indexOf("=");
-            //update-begin---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
+            // 代码逻辑说明: [issues/5879]数据查询传ds=“”造成的异常------------
            if (index != -1) {
                result.put(s.substring(0, index), s.substring(index + 1));
            }
-            //update-end---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
        }
        return result;
    }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/SignUtil.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/SignUtil.java
@ -34,7 +34,7 @@ public class SignUtil {
        }
        // 把参数加密
        String paramsSign = getParamsSign(params);
-        log.info("Param Sign : {}", paramsSign);
+        log.debug("Param Sign : {}", paramsSign);
        return !StringUtils.isEmpty(paramsSign) && headerSign.equals(paramsSign);
    }

@ -47,7 +47,7 @@ public class SignUtil {
        //去掉 Url 里的时间戳
        params.remove("_t");
        String paramsJsonStr = JSONObject.toJSONString(params);
-        log.info("Param paramsJsonStr : {}", paramsJsonStr);
+        log.debug("Param paramsJsonStr : {}", paramsJsonStr);
        //设置签名秘钥
        JeecgBaseConfig jeecgBaseConfig = SpringContextUtils.getBean(JeecgBaseConfig.class);
        String signatureSecret = jeecgBaseConfig.getSignatureSecret();
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/tencent/JeecgTencent.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/tencent/JeecgTencent.java
@ -0,0 +1,38 @@
+package org.jeecg.config.tencent;
+
+import lombok.Data;
+
+/**
+* @Description: 腾讯短信配置
+*
+* @author: wangshuai
+* @date: 2025/10/30 18:22
+*/
+@Data
+public class JeecgTencent {
+
+    /**
+     * 接入域名
+     */
+    private String endpoint;
+    
+    /**
+     * api秘钥id
+     */
+    private String secretId;
+    
+    /**
+     * api秘钥key
+     */
+    private String secretKey;
+    
+    /**
+     * 应用id
+     */
+    private String sdkAppId;
+
+    /**
+     * 地域信息
+     */
+    private String region;
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/Firewall.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/Firewall.java
@ -19,11 +19,42 @@ public class Firewall {
     * 低代码模式（dev:开发模式，prod:发布模式——关闭所有在线开发配置能力）
     */
    private String lowCodeMode;
+    /**
+     * 是否允许同一账号多地同时登录 （为 true 时允许一起登录, 为 false 时新登录挤掉旧登录）
+     */
+    private Boolean isConcurrent = true;
+    /**
+     * 是否开启默认密码登录提醒（true 登录后提示必须修改默认密码）
+     */
+    private Boolean enableDefaultPwdCheck = false;
+
+    /**
+     * 是否开启登录验证码校验（true 开启；false 关闭并跳过验证码逻辑）
+     */
+    private Boolean enableLoginCaptcha = true;
+
 //    /**
 //     * 表字典安全模式（white:白名单——配置了白名单的表才能通过表字典方式访问，black:黑名单——配置了黑名单的表不允许表字典方式访问）
 //     */
 //    private String tableDictMode;

+
+    public Boolean getEnableLoginCaptcha() {
+        return enableLoginCaptcha;
+    }
+
+    public void setEnableLoginCaptcha(Boolean enableLoginCaptcha) {
+        this.enableLoginCaptcha = enableLoginCaptcha;
+    }
+
+    public Boolean getEnableDefaultPwdCheck() {
+        return enableDefaultPwdCheck;
+    }
+
+    public void setEnableDefaultPwdCheck(Boolean enableDefaultPwdCheck) {
+        this.enableDefaultPwdCheck = enableDefaultPwdCheck;
+    }
+
    public Boolean getDataSourceSafe() {
        return dataSourceSafe;
    }
@ -47,4 +78,12 @@ public class Firewall {
    public void setDisableSelectAll(Boolean disableSelectAll) {
        this.disableSelectAll = disableSelectAll;
    }
+
+    public Boolean getIsConcurrent() {
+        return isConcurrent;
+    }
+
+    public void setIsConcurrent(Boolean isConcurrent) {
+        this.isConcurrent = isConcurrent;
+    }
 }
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/JeecgMinio.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/JeecgMinio.java
@ -0,0 +1,11 @@
+package org.jeecg.config.vo;
+
+import lombok.Data;
+
+@Data
+public class JeecgMinio {
+
+    private String minio_url;
+    private String bucketName;
+
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/JeecgOSS.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/JeecgOSS.java
@ -0,0 +1,11 @@
+package org.jeecg.config.vo;
+
+import lombok.Data;
+
+@Data
+public class JeecgOSS {
+
+    private String endpoint;
+    private String bucketName;
+
+}
--- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/modules/base/service/impl/BaseCommonServiceImpl.java
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/modules/base/service/impl/BaseCommonServiceImpl.java
@ -14,8 +14,8 @@ import org.jeecg.common.util.SpringContextUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.springframework.stereotype.Service;

-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
 import java.util.*;

 /**
--- a/jeecg-boot/jeecg-boot-base-core/src/main/resources/META-INF/spring/org.springframework.boot.SpringApplicationRunListeners
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/resources/META-INF/spring/org.springframework.boot.SpringApplicationRunListeners
@ -0,0 +1 @@
+org.jeecg.config.DruidWallConfigRegister
--- a/jeecg-boot/jeecg-boot-base-core/src/main/resources/static/favicon.ico
+++ b/jeecg-boot/jeecg-boot-base-core/src/main/resources/static/favicon.ico
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/pom.xml
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/pom.xml
@ -4,9 +4,9 @@
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
-        <groupId>org.jeecgframework.boot</groupId>
+        <groupId>org.jeecgframework.boot3</groupId>
        <artifactId>jeecg-boot-module</artifactId>
-        <version>3.8.3</version>
+        <version>3.9.0</version>
    </parent>

    <artifactId>jeecg-boot-module-airag</artifactId>
@ -31,34 +31,68 @@
    </repositories>

    <properties>
-        <langchain4j.version>0.35.0</langchain4j.version>
+        <kotlin.version>2.2.0</kotlin.version>
+        <liteflow.version>2.15.0</liteflow.version>
        <apache-tika.version>2.9.1</apache-tika.version>
    </properties>

+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>dev.langchain4j</groupId>
+                <artifactId>langchain4j-bom</artifactId>
+                <version>1.3.0</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>dev.langchain4j</groupId>
+                <artifactId>langchain4j-community-bom</artifactId>
+                <version>1.3.0-beta9</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
    <dependencies>
        <!-- system单体 api-->
        <dependency>
-            <groupId>org.jeecgframework.boot</groupId>
+            <groupId>org.jeecgframework.boot3</groupId>
            <artifactId>jeecg-system-local-api</artifactId>
        </dependency>
        <!-- 微服务starter和system微服务 api
        <dependency>
-            <groupId>org.jeecgframework.boot</groupId>
+            <groupId>org.jeecgframework.boot3</groupId>
            <artifactId>jeecg-boot-starter-cloud</artifactId>
        </dependency>
        <dependency>
-            <groupId>org.jeecgframework.boot</groupId>
+            <groupId>org.jeecgframework.boot3</groupId>
            <artifactId>jeecg-system-cloud-api</artifactId>
        </dependency>-->

        <!-- aiflow依赖 -->
        <dependency>
-            <groupId>org.jeecgframework.boot</groupId>
+            <groupId>org.jeecgframework.boot3</groupId>
            <artifactId>jeecg-aiflow</artifactId>
-            <version>1.2.0</version>
+            <version>3.9.0.1</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-beanutils</groupId>
+                    <artifactId>commons-beanutils</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.yomahub</groupId>
+                    <artifactId>liteflow-script-python</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>

-        <!-- beigin 这两个依赖太多每个包50M左右，如果你发布需要使用，请把<scope>provided</scope>删掉 -->
+        <!-- begin 注意：这几个依赖体积较大，每个约50MB。若发布时需要使用，请将 <scope>provided</scope> 删除 -->
        <dependency>
            <groupId>org.jetbrains.kotlin</groupId>
            <artifactId>kotlin-scripting-jsr223</artifactId>
@ -71,7 +105,13 @@
            <version>${liteflow.version}</version>
            <scope>provided</scope>
        </dependency>
-        <!-- end 这两个依赖太多每个包50M左右，如果你发布需要使用，请把<scope>provided</scope>删掉 -->
+        <dependency>
+            <groupId>com.yomahub</groupId>
+            <artifactId>liteflow-script-python</artifactId>
+            <version>${liteflow.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- end 注意：这几个依赖体积较大，每个约50MB。若发布时需要使用，请将 <scope>provided</scope> 删除 -->

        <!-- aiflow 脚本依赖 -->
        <dependency>
@ -109,13 +149,15 @@
        <!-- langChain4j model support -->
        <dependency>
            <groupId>dev.langchain4j</groupId>
-            <artifactId>langchain4j-ollama</artifactId>
-            <version>${langchain4j.version}</version>
+            <artifactId>langchain4j-open-ai</artifactId>
        </dependency>
        <dependency>
            <groupId>dev.langchain4j</groupId>
-            <artifactId>langchain4j-zhipu-ai</artifactId>
-            <version>${langchain4j.version}</version>
+            <artifactId>langchain4j-ollama</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>dev.langchain4j</groupId>
+            <artifactId>langchain4j-community-zhipu-ai</artifactId>
            <exclusions>
                <exclusion>
                    <artifactId>checker-qual</artifactId>
@ -129,13 +171,11 @@
        </dependency>
        <dependency>
            <groupId>dev.langchain4j</groupId>
-            <artifactId>langchain4j-qianfan</artifactId>
-            <version>${langchain4j.version}</version>
+            <artifactId>langchain4j-community-qianfan</artifactId>
        </dependency>
        <dependency>
            <groupId>dev.langchain4j</groupId>
-            <artifactId>langchain4j-dashscope</artifactId>
-            <version>${langchain4j.version}</version>
+            <artifactId>langchain4j-community-dashscope</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.slf4j</groupId>
@ -147,11 +187,15 @@
                </exclusion>
            </exclusions>
        </dependency>
+        <dependency>
+            <groupId>dev.langchain4j</groupId>
+            <artifactId>langchain4j-anthropic</artifactId>
+        </dependency>
        <!-- langChain4j vextor support -->
        <dependency>
            <groupId>org.jeecgframework</groupId>
            <artifactId>langchain4j-pgvector</artifactId>
-            <version>${langchain4j.version}</version>
+            <version>1.3.0-beta9</version>
        </dependency>
        <!-- langChain4j Document Parser -->
        <dependency>
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/consts/AiAppConsts.java
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/consts/AiAppConsts.java
@ -38,4 +38,10 @@ public class AiAppConsts {
     */
    public static final String APP_TYPE_CHAT_FLOW = "chatFLow";

+    /**
+     * 应用元数据:流程输入参数
+     * for [issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程
+     */
+    public static final String APP_METADATA_FLOW_INPUTS = "flowInputs";
+
 }
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/controller/AiragAppController.java
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/controller/AiragAppController.java
@ -21,7 +21,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;

-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
+import java.util.Arrays;

 /**
 * @Description: AI应用
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/controller/AiragChatController.java
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/controller/AiragChatController.java
@ -1,5 +1,7 @@
 package org.jeecg.modules.airag.app.controller;

+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
@ -15,8 +17,6 @@ import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;

-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;


 /**
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/entity/AiragApp.java
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/entity/AiragApp.java
@ -167,6 +167,12 @@ public class AiragApp implements Serializable {
    @Schema(description = "元数据")
    private java.lang.String metadata;

+    /**
+     * 插件 [{pluginId: '123213', pluginName: 'xxxx', category: 'mcp'}]
+     */
+    @Schema(description = "插件")
+    private java.lang.String plugins;
+
    /**
     * 知识库ids
     */
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/service/impl/AiragAppServiceImpl.java
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/service/impl/AiragAppServiceImpl.java
@ -71,7 +71,7 @@ public class AiragAppServiceImpl extends ServiceImpl<AiragAppMapper, AiragApp> i
            AtomicBoolean isThinking = new AtomicBoolean(false);
            String requestId = UUIDGenerator.generate();
            // ai聊天响应逻辑
-            tokenStream.onNext((String resMessage) -> {
+            tokenStream.onPartialResponse((String resMessage) -> {
                        // 兼容推理模型
                        if ("<think>".equals(resMessage)) {
                            isThinking.set(true);
@ -99,9 +99,9 @@ public class AiragAppServiceImpl extends ServiceImpl<AiragAppMapper, AiragApp> i
                            throw new RuntimeException(e);
                        }
                    })
-                    .onComplete((responseMessage) -> {
+                    .onCompleteResponse((responseMessage) -> {
                        // 记录ai的回复
-                        AiMessage aiMessage = responseMessage.content();
+                        AiMessage aiMessage = responseMessage.aiMessage();
                        FinishReason finishReason = responseMessage.finishReason();
                        String respText = aiMessage.text();
                        if (FinishReason.STOP.equals(finishReason) || null == finishReason) {
@ -114,9 +114,6 @@ public class AiragAppServiceImpl extends ServiceImpl<AiragAppMapper, AiragApp> i
                                throw new RuntimeException(e);
                            }
                            closeSSE(emitter, eventData);
-                        } else if (FinishReason.TOOL_EXECUTION.equals(finishReason)) {
-                            // 需要执行工具
-                            // TODO author: chenrui for: date:2025/3/7
                        } else {
                            // 异常结束
                            log.error("调用模型异常:" + respText);
--- a/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/service/impl/AiragChatServiceImpl.java
+++ b/jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/service/impl/AiragChatServiceImpl.java
@ -1,10 +1,13 @@
 package org.jeecg.modules.airag.app.service.impl;

+import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import dev.langchain4j.agent.tool.ToolExecutionRequest;
 import dev.langchain4j.data.image.Image;
 import dev.langchain4j.data.message.*;
 import dev.langchain4j.model.output.FinishReason;
 import dev.langchain4j.service.TokenStream;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.exception.JeecgBootBizTipException;
@ -23,16 +26,19 @@ import org.jeecg.modules.airag.common.consts.AiragConsts;
 import org.jeecg.modules.airag.common.handler.AIChatParams;
 import org.jeecg.modules.airag.common.handler.IAIChatHandler;
 import org.jeecg.modules.airag.common.utils.AiragLocalCache;
+import org.jeecg.modules.airag.common.vo.LlmPlugin;
 import org.jeecg.modules.airag.common.vo.MessageHistory;
 import org.jeecg.modules.airag.common.vo.event.EventData;
 import org.jeecg.modules.airag.common.vo.event.EventFlowData;
 import org.jeecg.modules.airag.common.vo.event.EventMessageData;
 import org.jeecg.modules.airag.flow.consts.FlowConsts;
+import org.jeecg.modules.airag.flow.entity.AiragFlow;
 import org.jeecg.modules.airag.flow.service.IAiragFlowService;
 import org.jeecg.modules.airag.flow.vo.api.FlowRunParams;
 import org.jeecg.modules.airag.llm.entity.AiragModel;
 import org.jeecg.modules.airag.llm.handler.AIChatHandler;
 import org.jeecg.modules.airag.llm.handler.JeecgToolsProvider;
+import org.jeecg.modules.airag.llm.mapper.AiragModelMapper;
 import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.BoundValueOperations;
@ -40,7 +46,6 @@ import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;

-import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.util.*;
 import java.util.concurrent.*;
@ -78,6 +83,9 @@ public class AiragChatServiceImpl implements IAiragChatService {
    @Autowired
    JeecgToolsProvider jeecgToolsProvider;

+    @Autowired
+    AiragModelMapper airagModelMapper;
+
    /**
     * 重新接收消息
     */
@ -102,6 +110,12 @@ public class AiragChatServiceImpl implements IAiragChatService {
        if (oConvertUtils.isEmpty(chatConversation.getTitle())) {
            chatConversation.setTitle(userMessage.length() > 5 ? userMessage.substring(0, 5) : userMessage);
        }
+        //update-begin---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        // 保存工作流入参配置（如果有）
+        if (oConvertUtils.isObjectNotEmpty(chatSendParams.getFlowInputs())) {
+            chatConversation.setFlowInputs(chatSendParams.getFlowInputs());
+        }
+        //update-end---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
        // 发送消息
        return doChat(chatConversation, topicId, chatSendParams);
    }
@ -117,6 +131,12 @@ public class AiragChatServiceImpl implements IAiragChatService {
        AiragApp app = appDebugParams.getApp();
        app.setId("__DEBUG_APP");
        ChatConversation chatConversation = getOrCreateChatConversation(app, topicId);
+        //update-begin---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        // 保存工作流入参配置（如果有）
+        if (oConvertUtils.isObjectNotEmpty(appDebugParams.getFlowInputs())) {
+            chatConversation.setFlowInputs(appDebugParams.getFlowInputs());
+        }
+        //update-end---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
        // 发送消息
        SseEmitter emitter = doChat(chatConversation, topicId, appDebugParams);
        //保存会话
@ -237,7 +257,33 @@ public class AiragChatServiceImpl implements IAiragChatService {
        if (oConvertUtils.isObjectEmpty(chatConversation)) {
            return Result.ok(Collections.emptyList());
        }
-        return Result.ok(chatConversation.getMessages());
+        //update-begin---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        // 返回消息列表和会话设置信息
+        Map<String, Object> result = new HashMap<>();
+        // 过滤掉工具调用相关的消息（前端不需要展示）
+        List<MessageHistory> messages = chatConversation.getMessages();
+        if (oConvertUtils.isObjectNotEmpty(messages)) {
+            messages = messages.stream()
+                    .filter(msg -> !AiragConsts.MESSAGE_ROLE_TOOL.equals(msg.getRole()))
+                    .map(msg -> {
+                        // 克隆消息对象，移除工具执行请求信息（前端不需要）
+                        MessageHistory displayMsg = MessageHistory.builder()
+                                .conversationId(msg.getConversationId())
+                                .topicId(msg.getTopicId())
+                                .role(msg.getRole())
+                                .content(msg.getContent())
+                                .images(msg.getImages())
+                                .datetime(msg.getDatetime())
+                                .build();
+                        // 不设置toolExecutionRequests和toolExecutionResult
+                        return displayMsg;
+                    })
+                    .collect(Collectors.toList());
+        }
+        result.put("messages", messages);
+        result.put("flowInputs", chatConversation.getFlowInputs());
+        return Result.ok(result);
+        //update-end---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
    }

    @Override
@ -258,6 +304,51 @@ public class AiragChatServiceImpl implements IAiragChatService {
    @Override
    public Result<?> initChat(String appId) {
        AiragApp app = airagAppMapper.getByIdIgnoreTenant(appId);
+        //update-begin---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        if(AiAppConsts.APP_TYPE_CHAT_FLOW.equalsIgnoreCase(app.getType())) {
+            AiragFlow flow = airagFlowService.getById(app.getFlowId());
+            String flowMetadata = flow.getMetadata();
+            if(oConvertUtils.isNotEmpty(flowMetadata)) {
+                JSONObject flowMetadataJson = JSONObject.parseObject(flowMetadata);
+                JSONArray flowMetadataInputs = flowMetadataJson.getJSONArray(FlowConsts.FLOW_METADATA_INPUTS);
+                if(oConvertUtils.isObjectNotEmpty(flowMetadataInputs)) {
+                    String appMetadataStr = app.getMetadata();
+                    JSONObject appMetadataJson;
+                    if(oConvertUtils.isEmpty(appMetadataStr)){
+                        appMetadataJson = new JSONObject();
+                    } else {
+                        appMetadataJson = JSONObject.parseObject(appMetadataStr);
+                    }
+                    appMetadataJson.put(AiAppConsts.APP_METADATA_FLOW_INPUTS, flowMetadataInputs);
+                    app.setMetadata(appMetadataJson.toJSONString());
+                }
+            }
+        }
+        //update-end---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        
+        //update-begin---author:chenrui ---date:202501XX  for：在initChat接口中返回模型供应商信息，避免前端多次调用模型查询接口------------
+        // 如果应用有模型ID，查询模型信息并将供应商、类型、名称等信息添加到metadata中
+        if (oConvertUtils.isNotEmpty(app.getModelId())) {
+            AiragModel model = airagModelMapper.getByIdIgnoreTenant(app.getModelId());
+            if (model != null) {
+                String appMetadataStr = app.getMetadata();
+                JSONObject appMetadataJson;
+                if(oConvertUtils.isEmpty(appMetadataStr)){
+                    appMetadataJson = new JSONObject();
+                } else {
+                    appMetadataJson = JSONObject.parseObject(appMetadataStr);
+                }
+                // 将模型信息添加到metadata中
+                JSONObject modelInfo = new JSONObject();
+                modelInfo.put("provider", model.getProvider());
+                modelInfo.put("modelType", model.getModelType());
+                modelInfo.put("modelName", model.getModelName());
+                appMetadataJson.put("modelInfo", modelInfo);
+                app.setMetadata(appMetadataJson.toJSONString());
+            }
+        }
+        //update-end---author:chenrui ---date:202501XX  for：在initChat接口中返回模型供应商信息，避免前端多次调用模型查询接口------------
+        
        return Result.ok(app);
    }

@ -541,7 +632,30 @@ public class AiragChatServiceImpl implements IAiragChatService {
                        chatMessage = UserMessage.from(contents);
                        break;
                    case AiragConsts.MESSAGE_ROLE_AI:
-                        chatMessage = new AiMessage(history.getContent());
+                        // 重建AI消息，包括工具执行请求
+                        if (oConvertUtils.isObjectNotEmpty(history.getToolExecutionRequests())) {
+                            // 有工具执行请求，重建带工具调用的AiMessage
+                            List<ToolExecutionRequest> toolRequests = history.getToolExecutionRequests().stream()
+                                    .map(toolReq -> ToolExecutionRequest.builder()
+                                            .id(toolReq.getId())
+                                            .name(toolReq.getName())
+                                            .arguments(toolReq.getArguments())
+                                            .build())
+                                    .collect(Collectors.toList());
+                            chatMessage = AiMessage.from(history.getContent(), toolRequests);
+                        } else {
+                            chatMessage = new AiMessage(history.getContent());
+                        }
+                        break;
+                    case AiragConsts.MESSAGE_ROLE_TOOL:
+                        // 重建工具执行结果消息
+                        // 需要重建ToolExecutionRequest，第一个参数是request对象，第二个参数是result字符串
+                        ToolExecutionRequest recreatedRequest = ToolExecutionRequest.builder()
+                                .id(history.getContent()) // content字段存储的是工具执行的id
+                                .name("unknown") // 工具名称在重建时不重要，因为主要用于AI理解结果
+                                .arguments("{}")
+                                .build();
+                        chatMessage = ToolExecutionResultMessage.from(recreatedRequest, history.getToolExecutionResult());
                        break;
                }
                if (null == chatMessage) {
@ -599,7 +713,26 @@ public class AiragChatServiceImpl implements IAiragChatService {
            historyMessage.setImages(images);
        } else if (message.type().equals(ChatMessageType.AI)) {
            historyMessage.setRole(AiragConsts.MESSAGE_ROLE_AI);
-            historyMessage.setContent(((AiMessage) message).text());
+            AiMessage aiMessage = (AiMessage) message;
+            historyMessage.setContent(aiMessage.text());
+            // 处理工具执行请求
+            if (oConvertUtils.isObjectNotEmpty(aiMessage.toolExecutionRequests())) {
+                List<MessageHistory.ToolExecutionRequestHistory> toolRequests = new ArrayList<>();
+                for (ToolExecutionRequest request : aiMessage.toolExecutionRequests()) {
+                    toolRequests.add(MessageHistory.ToolExecutionRequestHistory.from(
+                            request.id(),
+                            request.name(),
+                            request.arguments()
+                    ));
+                }
+                historyMessage.setToolExecutionRequests(toolRequests);
+            }
+        } else if (message.type().equals(ChatMessageType.TOOL_EXECUTION_RESULT)) {
+            // 工具执行结果消息
+            historyMessage.setRole(AiragConsts.MESSAGE_ROLE_TOOL);
+            ToolExecutionResultMessage toolMessage = (ToolExecutionResultMessage) message;
+            historyMessage.setContent(toolMessage.id());
+            historyMessage.setToolExecutionResult(toolMessage.text());
        }
        histories.add(historyMessage);
        chatConversation.setMessages(histories);
@ -648,11 +781,15 @@ public class AiragChatServiceImpl implements IAiragChatService {
                    sendWithFlow(requestId, aiApp.getFlowId(), chatConversation, topicId, messages, sendParams);
                } else {
                    // AI应用-聊天助手(ChatAssistant):从应用信息组装模型和提示词
-                    sendWithAppChat(requestId, messages, chatConversation, topicId);
+                    sendWithAppChat(requestId, messages, chatConversation, topicId, sendParams);
                }
            } else {
                // 发消息
-                sendWithDefault(requestId, chatConversation, topicId, null, messages, null);
+                AIChatParams aiChatParams = new AIChatParams();
+                if (oConvertUtils.isObjectNotEmpty(sendParams.getEnableSearch())) {
+                    aiChatParams.setEnableSearch(sendParams.getEnableSearch());
+                }
+                sendWithDefault(requestId, chatConversation, topicId, null, messages, aiChatParams);
            }
            // 发送就绪消息
            EventData eventRequestId = new EventData(requestId, null, EventData.EVENT_INIT_REQUEST_ID, chatConversation.getId(), topicId);
@ -698,6 +835,14 @@ public class AiragChatServiceImpl implements IAiragChatService {
        flowInputParams.put(FlowConsts.FLOW_INPUT_PARAM_HISTORY, histories);
        flowInputParams.put(FlowConsts.FLOW_INPUT_PARAM_QUESTION, sendParams.getContent());
        flowInputParams.put(FlowConsts.FLOW_INPUT_PARAM_IMAGES, sendParams.getImages());
+        
+        //update-begin---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        // 添加工作流的额外参数（从conversation的flowInputs中读取）
+        if (oConvertUtils.isObjectNotEmpty(chatConversation.getFlowInputs())) {
+            flowInputParams.putAll(chatConversation.getFlowInputs());
+        }
+        //update-end---author:chenrui ---date:20251106  for：[issues/8545]新建AI应用的时候只能选择没有自定义参数的AI流程------------
+        
        flowRunParams.setInputParams(flowInputParams);
        HttpServletRequest httpRequest = SpringContextUtils.getHttpServletRequest();
        flowRunParams.setHttpRequest(httpRequest);
@ -762,11 +907,12 @@ public class AiragChatServiceImpl implements IAiragChatService {
     * @param messages
     * @param chatConversation
     * @param topicId
+     * @param sendParams
     * @return
     * @author chenrui
     * @date 2025/2/28 10:41
     */
-    private void sendWithAppChat(String requestId, List<ChatMessage> messages, ChatConversation chatConversation, String topicId) {
+    private void sendWithAppChat(String requestId, List<ChatMessage> messages, ChatConversation chatConversation, String topicId, ChatSendParams sendParams) {
        AiragApp aiApp = chatConversation.getApp();
        String modelId = aiApp.getModelId();
        AssertUtils.assertNotEmpty("请先选择模型", modelId);
@ -799,6 +945,31 @@ public class AiragChatServiceImpl implements IAiragChatService {
                }
            }
        }
+
+        // AI应用插件（支持MCP和自定义插件）
+        String plugins = aiApp.getPlugins();
+        if (oConvertUtils.isNotEmpty(plugins)) {
+            List<String> pluginIds = new ArrayList<>();
+            JSONArray pluginArray = JSONArray.parseArray(plugins);
+            pluginArray.stream().filter(Objects::nonNull)
+                    .map(o -> JSONObject.parseObject(o.toString(), LlmPlugin.class))
+                    .forEach(plugin -> {
+                        // 支持MCP和插件类型
+                        if (plugin.getCategory().equals(AiragConsts.PLUGIN_CATEGORY_MCP) 
+                                || plugin.getCategory().equals(AiragConsts.PLUGIN_CATEGORY_PLUGIN)) {
+                            pluginIds.add(plugin.getPluginId());
+                        }
+                    });
+            if (oConvertUtils.isNotEmpty(pluginIds)) {
+                aiChatParams.setPluginIds(pluginIds);
+            }
+        }
+
+        // 设置网络搜索参数（如果前端传递了）
+        if (sendParams != null && oConvertUtils.isObjectNotEmpty(sendParams.getEnableSearch())) {
+            aiChatParams.setEnableSearch(sendParams.getEnableSearch());
+        }
+
        // 打印流程耗时日志
        printChatDuration(requestId, "构造应用自定义参数完成");
        // 发消息
@ -828,6 +999,8 @@ public class AiragChatServiceImpl implements IAiragChatService {
        }
        aiChatParams.setKnowIds(chatConversation.getApp().getKnowIds());
        aiChatParams.setMaxMsgNumber(oConvertUtils.getInt(chatConversation.getApp().getMsgNum(), 5));
+        aiChatParams.setCurrentHttpRequest(SpringContextUtils.getHttpServletRequest());
+        aiChatParams.setReturnThinking(true);
        HttpServletRequest httpRequest = SpringContextUtils.getHttpServletRequest();
        TokenStream chatStream;
        try {
@ -860,21 +1033,14 @@ public class AiragChatServiceImpl implements IAiragChatService {
         */
        AtomicBoolean isThinking = new AtomicBoolean(false);
        // ai聊天响应逻辑
-        chatStream.onNext((String resMessage) -> {
-            // 兼容推理模型
-            if ("<think>".equals(resMessage)) {
-                isThinking.set(true);
-                resMessage = "> ";
-            }
-            if ("</think>".equals(resMessage)) {
+        chatStream.onPartialResponse((String resMessage) -> {
+            //update-begin---author:wangshuai---date:2025-11-07---for:[issues/8506]/[issues/8260]/[issues/8166]新增推理模型的支持---
+            if(isThinking.get()){
+                //思考过程结束
+                this.sendThinkEnd(requestId, chatConversation, topicId);
                isThinking.set(false);
-                resMessage = "\n\n";
-            }
-            if (isThinking.get()) {
-                if (null != resMessage && resMessage.contains("\n")) {
-                    resMessage = "\n> ";
-                }
            }
+            //update-end---author:wangshuai---date:2025-11-07---for:[issues/8506]/[issues/8260]/[issues/8166]新增推理模型的支持---
            EventData eventData = new EventData(requestId, null, EventData.EVENT_MESSAGE, chatConversation.getId(), topicId);
            EventMessageData messageEventData = EventMessageData.builder().message(resMessage).build();
            eventData.setData(messageEventData);
@ -886,12 +1052,54 @@ public class AiragChatServiceImpl implements IAiragChatService {
                return;
            }
            sendMessage2Client(emitter, eventData);
-        }).onComplete((responseMessage) -> {
+        }).onToolExecuted((toolExecution) -> {
+            // 打印工具执行结果
+            log.debug("[AI应用]工具执行结果: toolName={}, toolId={}, result={}",
+                    toolExecution.request().name(), 
+                    toolExecution.request().id(), 
+                    toolExecution.result());
+            // 将工具执行结果存储到消息历史中
+            ToolExecutionResultMessage toolResultMessage = ToolExecutionResultMessage.from(
+                    toolExecution.request(),
+                    toolExecution.result()
+            );
+            appendMessage(messages, toolResultMessage, chatConversation, topicId);
+        }).onIntermediateResponse((chatResponse) -> {
+            // 中间响应：包含tool_calls的AI消息
+            AiMessage aiMessage = chatResponse.aiMessage();
+            if (aiMessage != null && oConvertUtils.isObjectNotEmpty(aiMessage.toolExecutionRequests())) {
+                // 保存包含工具调用请求的AI消息
+                log.debug("[AI应用]保存包含工具调用的AI消息: toolCallsCount={}", aiMessage.toolExecutionRequests().size());
+                appendMessage(messages, aiMessage, chatConversation, topicId);
+            }
+        }).onPartialThinking((partialThinking) -> {
+            try {
+                if (oConvertUtils.isEmpty(partialThinking)) {
+                    return;
+                }
+                isThinking.set(true);
+                String text = partialThinking.text();
+                // 构造事件数据（EVENT_THINKING 以便前端统一处理）
+                EventData thinkingEvent = new EventData(requestId, null, EventData.EVENT_THINKING, chatConversation.getId(), topicId);
+                thinkingEvent.setData(EventMessageData.builder().message(text).build());
+                thinkingEvent.setRequestId(requestId);
+                // 获取当前缓存的 emitter
+                SseEmitter emitter = AiragLocalCache.get(AiragConsts.CACHE_TYPE_SSE, requestId);
+                if (null == emitter) {
+                    log.warn("[AI应用]思考过程发送失败，SSE 已关闭: {}", requestId);
+                    return;
+                }
+                // 发送给客户端并缓存历史
+                sendMessage2Client(emitter, thinkingEvent);
+            } catch (Exception e) {
+                log.error("发送思考过程异常", e);
+            }
+        }).onCompleteResponse((responseMessage) -> {
            // 打印流程耗时日志
            printChatDuration(requestId, "LLM输出消息完成");
            AiragLocalCache.remove(AiragConsts.CACHE_TYPE_SSE_SEND_TIME, requestId);
            // 记录ai的回复
-            AiMessage aiMessage = responseMessage.content();
+            AiMessage aiMessage = responseMessage.aiMessage();
            FinishReason finishReason = responseMessage.finishReason();
            String respText = aiMessage.text();
            // sse
@ -907,9 +1115,6 @@ public class AiragChatServiceImpl implements IAiragChatService {
                // 保存会话
                saveChatConversation(chatConversation, false, httpRequest);
                closeSSE(emitter, eventData);
-            } else if (FinishReason.TOOL_EXECUTION.equals(finishReason)) {
-                // 需要执行工具
-                // TODO author: chenrui for: date:2025/3/7
            } else if (FinishReason.LENGTH.equals(finishReason)) {
                // 上下文长度超过限制
                log.error("调用模型异常:上下文长度超过限制:{}", responseMessage.tokenUsage());
@ -966,6 +1171,26 @@ public class AiragChatServiceImpl implements IAiragChatService {
        }).start();
    }

+    /**
+     * 发送思考过程结束
+     * 
+     * @param requestId
+     * @param chatConversation
+     * @param topicId
+     */
+    private void sendThinkEnd(String requestId, ChatConversation chatConversation, String topicId) {
+        EventData eventData = new EventData(requestId, null, EventData.EVENT_THINKING_END, chatConversation.getId(), topicId);
+        EventMessageData messageEventData = EventMessageData.builder().message("").build();
+        eventData.setData(messageEventData);
+        eventData.setRequestId(requestId);
+        SseEmitter emitter = AiragLocalCache.get(AiragConsts.CACHE_TYPE_SSE, requestId);
+        if (null == emitter) {
+            log.warn("[AI应用]接收LLM返回会话已关闭");
+            return;
+        }
+        sendMessage2Client(emitter, eventData);
+    }
+
    /**
     * 发送消息到客户端
     *
--- a/Show More
+++ b/Show More