【优化代码生成功能】uniapp调整目录

[issue/#5711]修复用户选择组件在生成代码后变成部门用户选择组件
[issues/1022]我这个控件是哪里设置没对吗，为什么打开已有的记录，会触发提示“请输入”验证？ #1022
fix 带条件字典存在单引号导致js编译错误

.gitee/ISSUE_TEMPLATE.md

@@ -1,21 +0,0 @@
-##### 版本号：
-
-
-##### 前端版本：vue3版？还是 vue2版？
-
-
-##### 问题描述：
-
-
-##### 截图&代码：
-
-
-
-
-#### 友情提示（为了提高issue处理效率）：
-  - 未按格式要求发帖，会被直接删掉;
-  - 描述过于简单或模糊，导致无法处理的，会被直接删掉；
-  - 请自己初判问题描述是否清楚，是否方便我们调查处理；
-  - 针对问题请说明是Online在线功能(需说明用的主题模板)，还是生成的代码功能；
-
-  

.gitignore

@@ -9,3 +9,7 @@ rebel.xml
 
 ## front
 **/*.lock
+os_del.cmd
+os_del_doc.cmd
+.svn
+derby.log

LICENSE

@@ -207,7 +207,10 @@
     本软件受适用的国家软件著作权法（包括国际条约）和双重保护许可。
   
    1.允许基于本平台软件开展业务系统开发。
-   2.不得基于该平台软件的基础，修改包装成一个与JeecgBoot平台软件功能类似的产品进行发布、销售，或与JeecgBoot参与同类软件产品市场的竞争。
+   2.JeecgBoot底层依赖的非开源功能：online lib依赖、仪表盘lib依赖等，统一采用LGPL开源协议（不二次改造、不拆分出jeecgboot之外使用，就不产生侵权）
+   3.不得基于该平台软件的基础，修改包装成一个与JeecgBoot平台软件功能类似的产品进行发布、销售，或与JeecgBoot参与同类软件产品市场的竞争。
 	 违反此条款属于侵权行为，须赔偿侵权经济损失，同时立即停止著作权侵权行为。
+	 
+     总结：在遵循Apache开源协议和开源协议补充条款下，允许商用使用，不会造成侵权行为！
 	 解释权归：http://www.jeecg.com
 	 

README-EN.md

@@ -0,0 +1,554 @@
+
+
+![JEECG](https://jeecgos.oss-cn-beijing.aliyuncs.com/files/logov3.png "JeecgBoot低代码开发平台")
+
+
+
+JEECG BOOT Low Code Development Platform
+===============
+
+当前最新版本： 3.6.3（发布日期：2024-03-11） 
+
+
+[![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/zhangdaiscott/jeecg-boot/blob/master/LICENSE)
+[![](https://img.shields.io/badge/Author-guojusoft-orange.svg)](http://www.jeecg.com)
+[![](https://img.shields.io/badge/Blog-blog-blue.svg)](https://jeecg.blog.csdn.net)
+[![](https://img.shields.io/badge/version-3.6.3-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
+[![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/zhangdaiscott/jeecg-boot)
+[![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/zhangdaiscott/jeecg-boot)
+
+
+
+Project introduction
+-----------------------------------
+
+<h3 align="center">Java Low Code Platform for Enterprise web applications</h3>
+
+JeecgBoot is a `low code development platform` based on code `generators`! Front and back end separation architecture SpringBoot2.x, SpringCloud, Ant Design&Vue, Mybatis plus, Shiro, JWT, support for microservices. The powerful code generator makes the front and back end of the code generation, low code development! JeecgBoot leads a new low-code development paradigm (OnlineCoding-> Code Generator -> Manual MERGE) that helps resolve 70% of the duplication in Java projects and makes development more business-focused. Not only can quickly improve efficiency, save research and development costs, but also do not lose flexibility!
+
+JeecgBoot provides a series of low code modules to make Online development truly zero code: Online form development, online reports, report configuration capabilities, online chart design, large screen design, mobile configuration capabilities, form designer, online design flow, process automation configuration, plug-in capabilities (pluggable) and more!
+
+
+The purpose of JEECG is: simple functions are implemented by OnlineCoding configuration, so that zero code development; Complex functions are generated by code generator and manually Merge to achieve low code development, which ensures both intelligence and flexibility. The implementation of low code development and support flexible coding at the same time, to solve the current low code products are generally not flexible drawbacks!
+
+JEECG Business process: Using workflow to implement and extend the task interface for developing and writing business logic, forms provides a variety of solutions: form designer, online configuration form, and coding form. At the same time, the separation design of process and form (loose coupling) is realized, and the flexible configuration of task nodes is supported, which not only ensures the confidentiality of the company's process, but also reduces the workload of developers.
+
+
+Technical support
+-----------------------------------
+
+Problems or bugs in use can be found in [Making on the Issues](https://github.com/jeecgboot/jeecg-boot/issues/new)
+
+Official Support: http://jeecg.com/doc/help
+
+
+Download the source code
+-----------------------------------
+项目源码
+-----------------------------------
+| Source |Front-end source (Vue3 version) | The background source |
+|-|-|-|
+| Github | [jeecgboot-vue3](https://github.com/jeecgboot/jeecgboot-vue3)  | [jeecg-boot](https://github.com/jeecgboot/jeecg-boot) |
+| Gitee | [jeecgboot-vue3](https://gitee.com/jeecg/jeecgboot-vue3)    | [jeecg-boot](https://gitee.com/jeecg/jeecg-boot) |
+
+##### Project description
+
+| Project                | description                     | 
+|--------------------|------------------------|
+| `jeecg-boot`    | SpringBoot background source code (support microservices)      |
+| `jeecgboot-vue3` | Vue3+TS new front-end source code|
+| `jeecg-uniapp` | [APP development framework, a code multi terminal adaptation, and support APP, small program, H5](https://github.com/jeecgboot/jeecg-uniapp) |
+| `SpringBoot3+JDK17`    | [BranchSourceCode](https://github.com/jeecgboot/jeecg-boot/tree/springboot3)  [UpgradeBlog](https://blog.csdn.net/zhangdaiscott/article/details/134805602)        |
+| `More` | [Download more source code](http://jeecg.com/download) |
+
+
+
+
+For the project
+-----------------------------------
+Jeecg-Boot low code development platform can be applied in the development of any J2EE project, especially for SAAS projects, enterprise information management system (MIS), internal office system (OA), enterprise resource planning system (ERP), customer relationship management system (CRM), etc. Its semi-intelligent manual Merge development method, Can significantly improve the development efficiency of more than 70%, greatly reduce the development cost.
+
+
+
+Docker starts the project
+-----------------------------------
+
+- [Docker starts the monomer background](https://help.jeecg.com/java/setup/docker/up.html)
+- [Docker starts the Vue3 front-end](http://help.jeecg.com/publish/docker.html)
+- [Docker starts the micro-service background](https://help.jeecg.com/java/springcloud/docker.html)
+
+
+
+
+Technical documentation
+-----------------------------------
+
+- Website：  [http://www.jeecg.com](http://www.jeecg.com)
+- Doc：  [http://help.jeecg.com](http://help.jeecg.com)
+- Newbie guide： [Quick start](http://www.jeecg.com/doc/quickstart)  |  [video](https://space.bilibili.com/454617261/channel/series) |   [Q&A ](http://www.jeecg.com/doc/qa)  |   [help](http://jeecg.com/doc/help) |  [1 minute experience](https://my.oschina.net/jeecg/blog/3083313)
+- Microservice Development：  [Monomer upgrade to microservice](https://help.jeecg.com/java/springcloud/switchcloud/monomer.html)
+- QQ group ： ⑧825232878、⑦791696430、⑥730954414(full)、683903138(full)、⑤860162132(full)、④774126647(full)、③816531124(full)、②769925425(full)、①284271917(full)
+- Demo ： [Vue3](http://boot3.jeecg.com) | [Vue2](http://boot.jeecg.com)  | [APP](http://jeecg.com/appIndex)
+> [please click obtain account password to obtain](http://jeecg.com/doc/demo) 
+
+
+
+Thinking
+-----------------------------------
+> We are pursuing the goal of implementing complex business systems without writing code! That has been done so far
+- https://www.qiaoqiaoyun.com
+
+
+Star charts
+-----------------------------------
+
+[![Star History Chart](https://api.star-history.com/svg?repos=jeecgboot/jeecg-boot&type=Date)](https://star-history.com/#jeecgboot/jeecg-boot)
+
+
+
+
+Background directory Structure
+-----------------------------------
+```
+project structure
+├─jeecg-boot-parent
+│  ├─jeecg-boot-base-core
+│  ├─jeecg-module-demo    
+│  ├─jeecg-module-system 
+│  │  ├─jeecg-system-biz   
+│  │  ├─jeecg-system-start system (8080）
+│  │  ├─jeecg-system-api   
+│  │  │  ├─jeecg-system-cloud-api  
+│  │  │  ├─jeecg-system-local-api   
+│  ├─jeecg-server-cloud           
+     ├─jeecg-cloud-gateway       (9999)
+     ├─jeecg-cloud-nacos       --Nacos(8848)
+     ├─jeecg-system-cloud-start  --System(7001)
+     ├─jeecg-demo-cloud-start    --Demo(7002)
+     ├─jeecg-visual
+        ├─jeecg-cloud-monitor       -- (9111)
+        ├─jeecg-cloud-xxljob        -- (9080)
+        ├─jeecg-cloud-sentinel     --sentinel (9000)
+        ├─jeecg-cloud-test           
+           ├─jeecg-cloud-test-more        
+           ├─jeecg-cloud-test-rabbitmq     
+           ├─jeecg-cloud-test-seata         
+           ├─jeecg-cloud-test-shardingsphere    
+
+```
+
+
+
+
+Why JeecgBoot?
+-----------------------------------
+* Adopt the latest mainstream front and back separation framework (Springboot+Mybatis+antd), easy to use; Code generator has low dependency, flexible expansion ability, and can quickly realize secondary development;
+* Support microservices SpringCloud Alibaba(Nacos, Gateway, Sentinel, Skywalking), and provide switching mechanism to support free switching between single and microservices
+* High development efficiency, using code generator, single table, tree list, one-to-many, one-to-one and other data models, add, delete, change and search function one-key generation, menu configuration directly use;
+* Code generator provides powerful template mechanism, support custom template, currently provide four sets of style template (single table two sets, tree model one set, one to many three sets)
+* Code generator is very intelligent, online business modeling, online configuration, WYSIWYG support 23 kinds of controls, a key to generate front and back end code, greatly improve the development efficiency, no longer worry about repeated work.
+* Low code ability: Online online form (without coding, through online configuration of the form, to achieve the addition, deletion, change and check of the form, support single table, tree, one-to-many, one-to-one model, to achieve everyone can code)
+* Low code ability: Online online report (without coding, through online configuration, to achieve data report, can quickly extract data, reduce development pressure, to achieve everyone can code)
+* Low code ability: Online online chart (without coding, through online configuration, to achieve graphs, bar graphs, data reports, etc., support custom layout, to achieve everyone can code)
+* Complete encapsulation of user, role, menu, organization, data dictionary, online scheduled tasks and other basic functions, support access authorization, button permission, data permission and other functions
+* Commonly used common package, various tools (scheduled task, SMS interface, email sending,Excel import and export, etc.), basically meeting 80% of project requirements
+* Easy Excel import and export, support single table export and one-to-many table mode export, generated code with import and export function
+* Integrated simple report tools, image report and data export is very convenient, can be extremely convenient to generate graphical reports, pdf, excel, word and other reports;
+* Before and after the separation technology, the page UI style is exquisite, for the commonly used components to do the encapsulation: time, row table control, interception display control, report component, editor and so on
+* Query filter: query function automatically generated, the background dynamic spell SQL additional query conditions; Supports multiple matching modes (full matching, fuzzy query, included query, and unmatched query).
+* Data permission (fine data permission control, control to row level, list level, form field level, realize different people see different data, different people operate different fields on the same page
+* Page verification automatically generated (must be input, digital verification, amount verification, time and space, etc.);
+* Support SAAS service model and provide SaaS multi-tenant architecture solution.
+* Distributed file service, integration of minio, Ali OSS and other excellent third parties, to provide convenient file upload and management, but also support local storage.
+* Mainstream database compatibility, a set of code is fully compatible with Mysql, Postgresql, Oracle, Sqlserver, MariaDB, dream and other mainstream databases.
+* Integrate workflow activiti and realize only the configuration of flow direction in the page, which can greatly simplify the development of bpm workflow; Using bpm's process designer to draw the flow direction, a workflow is basically complete with a small amount of java code;
+* Low code ability: online process design, using open source Activiti process engine, to achieve online drawing process, custom form, form attachment, business flow
+* Multi-data source: its simple way of use, online configuration of data source configuration, convenient to grab data from other data;
+* Provide single sign-on CAS integration solution, and complete docking code has been provided in the project
+* Low code ability: form designer, support user custom form layout, support single table, one to many forms, support select, radio, checkbox, textarea, date, popup, list, macro and other controls
+* Professional interface docking mechanism, unified using restful interface, integrated swagger-ui online interface documentation, Jwt token security verification, convenient client docking
+* Interface security mechanism, can be refined control interface authorization, very simple to realize different clients only see their own data control
+* Advanced combination query function, online configuration support primary and sub-table associated query, can save the query history
+* Provide a variety of system monitoring, real-time tracking system running conditions (monitoring Redis, Tomcat, jvm, server information, request tracking, SQL monitoring)
+* Message center (support SMS, email, wechat push, etc.)
+* Integrate Websocket message notification mechanism
+* Excellent mobile adaptive effect, providing APP release scheme:
+* Support multiple languages and provide internationalization solutions;
+* Data change record log, can record each change of data content, through the version comparison function to view historical changes
+* The platform UI is powerful and mobile adaptation is implemented
+* Platform home page style, provide a variety of combination mode, support custom style
+* Provide easy to use print plug-in, support Google, Firefox, IE11+ and other browsers
+* Rich sample code, provide a lot of learning case reference
+* Using maven module development method
+* Support dynamic menu routing
+* RBAC (Role-Based Access Control) is used for permission control.
+* Provide new row edit table JVXETable, easily meet a variety of complex ERP layout, with higher performance, more flexible extension, more powerful functions
+
+ 
+ 
+ 
+Technical Architecture:
+-----------------------------------
+
+#### Development Environment
+
+- Language: Java 8+ (less than 17)
+
+- IDE(JAVA) : IDEA (lombok plug-in must be installed)
+
+- IDE(front-end) : Vscode, WebStorm, IDEA
+
+- Dependency management: Maven
+
+- Cache: Redis
+
+- Database: MySQL5.7 + & Oracle 11 g & Sqlserver2017  [More Databases](https://my.oschina.net/jeecg/blog/4905722)
+
+
+#### backend
+
+- Basic framework: Spring Boot 2.6.14
+
+- Microservice framework: Spring Cloud Alibaba 2021.0.1.0
+
+- Persistence layer framework: MybatisPlus 3.5.1
+
+- Report tool: JimuReport 1.5.8
+
+- Security framework: Apache Shiro 1.10.0, Jwt 3.11.0
+
+- Microservice technology stack: Spring Cloud Alibaba, Nacos, Gateway, Sentinel, Skywalking
+
+- Database connection pool: Alibaba Druid 1.1.22
+
+- Log printing: logback
+
+- Others: autopoi, fastjson, poi, Swagger-ui, quartz, lombok (simplified code), etc.
+
+
+#### The front end
+
+- Vue2 version：`Vue2.6+@vue/cli+AntDesignVue+Viser-vue+Vuex`  [detail](https://github.com/jeecgboot/ant-design-vue-jeecg)
+- Vue3 version：`Vue3.0+TypeScript+Vite+AntDesignVue+pinia+echarts` [detail](https://github.com/jeecgboot/jeecgboot-vue3)
+
+#### Support library
+
+|  database   |  support   |
+| --- | --- |
+|   MySQL   |  √   |
+|  Oracle11g   |  √   |
+|  Sqlserver2017   |  √   |
+|   PostgreSQL   |  √   |
+|   MariaDB   |  √   |
+|   达梦、人大金仓   |  √   |
+
+
+
+## Microservice solutions
+
+
+1. Service registration and discovery Nacos √
+
+2. Nacos √
+
+3. Route gateway gateway(Three loading modes) √
+
+4. Distributed http feign √
+
+5. fuse degrade current limiting Sentinel √
+
+6. Distributed files Minio and Alioss √
+
+7. Unified permission control
+
+8. Service monitoring SpringBootAdmin√
+
+9. link tracking Skywalking  [reference document](https://help.jeecg.com/java/springcloud/super/skywarking.html)
+
+10. Messaging middleware RabbitMQ √
+
+11. Distributed task xxl-job √
+
+12. Distributed Transaction Seata
+
+13. Distributed log elk + kafka
+
+14. Support docker-compose, k8s, jenkins
+
+15. CAS SSO √
+
+16. Route traffic limiting √
+
+   
+#### Microservice architecture diagram
+![微服务架构图](https://jeecgos.oss-cn-beijing.aliyuncs.com/files/jeecgboot_springcloud2022.png "在这里输入图片标题")
+
+### Jeecg Boot product functionality blueprint
+![功能蓝图](https://jeecgos.oss-cn-beijing.aliyuncs.com/upload/test/Jeecg-Boot-lantu202005_1590912449914.jpg "在这里输入图片标题")
+
+
+
+
+### Function module
+```
+├─系统管理
+│  ├─用户管理
+│  ├─角色管理
+│  ├─菜单管理
+│  ├─权限设置（支持按钮权限、数据权限）
+│  ├─表单权限（控制字段禁用、隐藏）
+│  ├─部门管理
+│  ├─我的部门（二级管理员）
+│  └─字典管理
+│  └─分类字典
+│  └─系统公告
+│  └─职务管理
+│  └─通讯录
+│  └─多租户管理
+├─消息中心
+│  ├─消息管理
+│  ├─模板管理
+├─代码生成器(低代码)
+│  ├─代码生成器功能（一键生成前后端代码，生成后无需修改直接用，绝对是后端开发福音）
+│  ├─代码生成器模板（提供4套模板，分别支持单表和一对多模型，不同风格选择）
+│  ├─代码生成器模板（生成代码，自带excel导入导出）
+│  ├─查询过滤器（查询逻辑无需编码，系统根据页面配置自动生成）
+│  ├─高级查询器（弹窗自动组合查询条件）
+│  ├─Excel导入导出工具集成（支持单表，一对多 导入导出）
+│  ├─平台移动自适应支持
+├─系统监控
+│  ├─Gateway路由网关
+│  ├─性能扫描监控
+│  │  ├─监控 Redis
+│  │  ├─Tomcat
+│  │  ├─jvm
+│  │  ├─服务器信息
+│  │  ├─请求追踪
+│  │  ├─磁盘监控
+│  ├─定时任务
+│  ├─系统日志
+│  ├─消息中心（支持短信、邮件、微信推送等等）
+│  ├─数据日志（记录数据快照，可对比快照，查看数据变更情况）
+│  ├─系统通知
+│  ├─SQL监控
+│  ├─swagger-ui(在线接口文档)
+│─报表示例
+│  ├─曲线图
+│  └─饼状图
+│  └─柱状图
+│  └─折线图
+│  └─面积图
+│  └─雷达图
+│  └─仪表图
+│  └─进度条
+│  └─排名列表
+│  └─等等
+│─大屏模板
+│  ├─作战指挥中心大屏
+│  └─物流服务中心大屏
+│─常用示例
+│  ├─自定义组件
+│  ├─对象存储(对接阿里云)
+│  ├─JVXETable示例（各种复杂ERP布局示例）
+│  ├─单表模型例子
+│  └─一对多模型例子
+│  └─打印例子
+│  └─一对多TAB例子
+│  └─内嵌table例子
+│  └─常用选择组件
+│  └─异步树table
+│  └─接口模拟测试
+│  └─表格合计示例
+│  └─异步树列表示例
+│  └─一对多JEditable
+│  └─JEditable组件示例
+│  └─图片拖拽排序
+│  └─图片翻页
+│  └─图片预览
+│  └─PDF预览
+│  └─分屏功能
+│─封装通用组件	
+│  ├─行编辑表格JEditableTable
+│  └─省略显示组件
+│  └─时间控件
+│  └─高级查询
+│  └─用户选择组件
+│  └─报表组件封装
+│  └─字典组件
+│  └─下拉多选组件
+│  └─选人组件
+│  └─选部门组件
+│  └─通过部门选人组件
+│  └─封装曲线、柱状图、饼状图、折线图等等报表的组件（经过封装，使用简单）
+│  └─在线code编辑器
+│  └─上传文件组件
+│  └─验证码组件
+│  └─树列表组件
+│  └─表单禁用组件
+│  └─等等
+│─更多页面模板
+│  ├─各种高级表单
+│  ├─各种列表效果
+│  └─结果页面
+│  └─异常页面
+│  └─个人页面
+├─高级功能
+│  ├─系统编码规则
+│  ├─提供单点登录CAS集成方案
+│  ├─提供APP发布方案
+│  ├─集成Websocket消息通知机制
+├─Online在线开发(低代码)
+│  ├─Online在线表单 - 功能已开放
+│  ├─Online代码生成器 - 功能已开放
+│  ├─Online在线报表 - 功能已开放
+│  ├─Online在线图表(未开源)
+│  ├─Online图表模板配置(未开源)
+│  ├─Online布局设计(未开源)
+│  ├─多数据源管理 - 功能已开放
+├─积木报表设计器(低代码)
+│  ├─打印设计器
+│  ├─数据报表设计
+│  ├─图形报表设计（支持echart）
+│  ├─大屏设计器(未开源)
+│─流程模块功能 (未开源)
+│  ├─流程设计器
+│  ├─表单设计器
+   ├─大屏设计器
+   ├─门户设计/仪表盘设计器
+│  └─我的任务
+│  └─历史流程
+│  └─历史流程
+│  └─流程实例管理
+│  └─流程监听管理
+│  └─流程表达式
+│  └─我发起的流程
+│  └─我的抄送
+│  └─流程委派、抄送、跳转
+│  └─。。。
+│─OA办公组件 (未开源)
+│  ├─更多功能
+│  └─。。。
+└─其他模块
+   └─更多功能开发中。。
+   
+```
+
+
+
+
+
+
+
+### Effect of system
+
+
+##### PC
+![](https://oscimg.oschina.net/oscnet/up-000530d95df337b43089ac77e562494f454.png)
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14155402_AmlV.png "在这里输入图片标题")
+
+![](https://oscimg.oschina.net/oscnet/up-9d6f36f251e71a0b515a01323474b03004c.png)
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160813_KmXS.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160935_Nibs.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14161004_bxQ4.png "在这里输入图片标题")
+
+#####  interactive
+![](https://oscimg.oschina.net/oscnet/up-78b151fc888d4319377bf1cc311fe826871.png)
+
+![](https://oscimg.oschina.net/oscnet/up-16c07e000278329b69b228ae3189814b8e9.png)
+
+
+##### process Designer
+![](https://oscimg.oschina.net/oscnet/up-981ce174e4fbb48c8a2ce4ccfd7372e2994.png)
+
+![输入图片说明](https://static.oschina.net/uploads/img/201907/05165142_yyQ7.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160917_9Ftz.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160633_u59G.png "在这里输入图片标题")
+
+##### min process
+
+![](https://oscimg.oschina.net/oscnet/up-1dc0d052149ec675f3e4fad632b82b48add.png)
+
+![](https://oscimg.oschina.net/oscnet/up-de31bc2f9d9b8332c554b0954cc73d79593.png)
+
+![](https://oscimg.oschina.net/oscnet/up-7f83b25159663686d67ed080eb16068c3b4.png)
+
+#####  dashboard Designer
+![](https://oscimg.oschina.net/oscnet/up-9c9d41288c31398d76b390bdd400f13a582.png)
+
+![](https://oscimg.oschina.net/oscnet/up-fad98d42b2cf92f92a903c9cff7579f18ec.png)
+
+##### report Designer
+![](https://oscimg.oschina.net/oscnet/up-64648de000851f15f6c7b9573d107ebb5f8.png)
+
+![](https://oscimg.oschina.net/oscnet/up-fa52b44445db281c51d3f267dce7450d21b.gif)
+
+![](https://oscimg.oschina.net/oscnet/up-68a19149d640f1646c8ed89ed4375e3326c.png)
+
+![](https://oscimg.oschina.net/oscnet/up-f7e9cb2e3740f2d19ff63b40ec2dd554f96.png)
+
+##### form Designer
+![](https://oscimg.oschina.net/oscnet/up-5f8cb657615714b02190b355e59f60c5937.png)
+
+![](https://oscimg.oschina.net/oscnet/up-d9659b2f324e33218476ec98c9b400e6508.png)
+
+![](https://oscimg.oschina.net/oscnet/up-4868615395272d3206dbb960ade02dbc291.png)
+
+##### bigscreen Designer
+![](https://oscimg.oschina.net/oscnet/up-402a6034124474bfef8dfc5b4b2bac1ce5c.png)
+
+![](https://oscimg.oschina.net/oscnet/up-6f7ba2e2ebbeea0d203db8d69fd87644c9f.png)
+
+![](https://oscimg.oschina.net/oscnet/up-ee8d34f318da466b8a6070a6e3111d12ce7.png)
+
+![](https://oscimg.oschina.net/oscnet/up-6b81781b43086819049c4421206810667c5.png)
+
+##### uniapp
+![](https://oscimg.oschina.net/oscnet/up-aac943fbd26561879c57a41f7a406edf274.png)
+
+![](https://oscimg.oschina.net/oscnet/up-9a44ba2e82b09c750629d12fafd7f60f553.png)
+
+##### low app
+![](https://oscimg.oschina.net/oscnet/up-4be29ae761b2615c8c54b3f668cd8432d9b.png)
+
+![](https://oscimg.oschina.net/oscnet/up-787e76bc24b38ecc7ed19f338808d128255.png)
+
+![](https://oscimg.oschina.net/oscnet/up-99d24a236c483362868523ad0d90f611487.png)
+
+![](https://oscimg.oschina.net/oscnet/up-339a0f29d10449abc7724e3bcda802761c1.png)
+
+![](https://oscimg.oschina.net/oscnet/up-b356670cdc14c609958c7619a537397c4b9.png)
+
+##### app
+![](https://oscimg.oschina.net/oscnet/da543c5d0d57baab0cecaa4670c8b68c521.jpg)
+![](https://oscimg.oschina.net/oscnet/fda4bd82cab9d682de1c1fbf2060bf14fa6.jpg)
+
+##### PAD
+![](https://oscimg.oschina.net/oscnet/e90fef970a8c33790ab03ffd6c4c7cec225.jpg)
+![](https://oscimg.oschina.net/oscnet/d78218803a9e856a0aa82b45efc49849a0c.jpg)
+![](https://oscimg.oschina.net/oscnet/59c23b230f52384e588ee16309b44fa20de.jpg)
+
+
+##### chart
+![](https://oscimg.oschina.net/oscnet/up-218bc6a1669496b241ebb23506440c0083e.png)
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160834_Lo23.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160842_QK7B.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160849_GBm5.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160858_6RAM.png "在这里输入图片标题")
+
+##### swagger
+![输入图片说明](https://static.oschina.net/uploads/img/201908/27095258_M2Xq.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160957_hN3X.png "在这里输入图片标题")
+
+
+## donation
+
+If so, buy the author a cup of coffee ☺
+
+![](https://static.oschina.net/uploads/img/201903/08155608_0EFX.png)

README.md

@@ -7,13 +7,13 @@
 JEECG BOOT 低代码开发平台
 ===============
 
-当前最新版本： 3.4.2（发布日期：2022-09-22） 
+当前最新版本： 3.6.3（发布日期：2024-03-11） 
 
 
 [![AUR](https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg)](https://github.com/zhangdaiscott/jeecg-boot/blob/master/LICENSE)
-[![](https://img.shields.io/badge/Author-北京国炬软件-orange.svg)](http://www.jeecg.com)
-[![](https://img.shields.io/badge/Blog-官方博客-blue.svg)](https://my.oschina.net/jeecg)
-[![](https://img.shields.io/badge/version-3.4.2-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
+[![](https://img.shields.io/badge/Author-北京国炬软件-orange.svg)](http://jeecg.com/aboutusIndex)
+[![](https://img.shields.io/badge/Blog-官方博客-blue.svg)](https://jeecg.blog.csdn.net)
+[![](https://img.shields.io/badge/version-3.6.3-brightgreen.svg)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub stars](https://img.shields.io/github/stars/zhangdaiscott/jeecg-boot.svg?style=social&label=Stars)](https://github.com/zhangdaiscott/jeecg-boot)
 [![GitHub forks](https://img.shields.io/github/forks/zhangdaiscott/jeecg-boot.svg?style=social&label=Fork)](https://github.com/zhangdaiscott/jeecg-boot)
 
@@ -33,28 +33,7 @@ JeecgBoot 提供了一系列`低代码模块`，实现在线开发`真正的零
 
 `JEECG业务流程:` 采用工作流来实现、扩展出任务接口，供开发编写业务逻辑，表单提供多种解决方案： 表单设计器、online配置表单、编码表单。同时实现了流程与表单的分离设计（松耦合）、并支持任务节点灵活配置，既保证了公司流程的保密性，又减少了开发人员的工作量。
 
-
-项目源码
------------------------------------
-| 仓库 |前端 Vue3版 | 前端 Vue2版 | 后端源码 |
-|-|-|-|-|
-| Github | [jeecgboot-vue3](https://github.com/jeecgboot/jeecgboot-vue3)  | [ant-design-vue-jeecg](https://github.com/jeecgboot/ant-design-vue-jeecg) | [jeecg-boot](https://github.com/jeecgboot/jeecg-boot) |
-| 码云 | [jeecgboot-vue3](https://gitee.com/jeecg/jeecgboot-vue3)  | [ant-design-vue-jeecg](https://gitee.com/jeecg/ant-design-vue-jeecg)  | [jeecg-boot](https://gitee.com/jeecg/jeecg-boot) |
-
-
-##### 项目说明
-
-| 项目名                | 说明                     | 
-|--------------------|------------------------|
-| `jeecg-boot`    | SpringBoot后台源码（支持微服务）        |
-| `ant-design-vue-jeecg`  |Vue2版前端源码     |
-| `jeecgboot-vue3` | Vue3+Ts版前端源码 |
-| `jeecg-boot-starter` | stater依赖项目单独维护 [下载地址](https://gitee.com/jeecg/jeecg-boot-starter) |
-
-
-
-##### Star走势图
-![](https://jeecgos.oss-cn-beijing.aliyuncs.com/files/star20220907.png)
+遇到技术问题，[请在这里反馈BUG](https://github.com/jeecgboot/jeecg-boot/issues/new)
 
 适用项目
 -----------------------------------
@@ -62,23 +41,106 @@ Jeecg-Boot低代码开发平台，可以应用在任何J2EE项目的开发中，
 
 
 
+
+项目源码
+-----------------------------------
+| 仓库 |前端源码 Vue3版 | 后端JAVA源码 |
+|-|-|-|
+| Github | [jeecgboot-vue3](https://github.com/jeecgboot/jeecgboot-vue3)   | [jeecg-boot](https://github.com/jeecgboot/jeecg-boot) |
+| 码云 | [jeecgboot-vue3](https://gitee.com/jeecg/jeecgboot-vue3)   | [jeecg-boot](https://gitee.com/jeecg/jeecg-boot) |
+
+> 官方已推出 `SpringBoot3+JDK17版本` [分支源码下载](https://github.com/jeecgboot/jeecg-boot/tree/springboot3)  |  [升级SpringBoot3博客](https://blog.csdn.net/zhangdaiscott/article/details/134805602)
+
+#### 项目说明
+
+| 项目名                | 说明                     | 
+|--------------------|------------------------|
+| `jeecgboot-vue3` | 前端源码 (Vue3版本) |
+| `jeecg-boot`    | 后端JAVA源码（支持微服务）        |
+| `jeecg-uniapp` | [APP开发框架，一份代码多终端适配，同时支持APP、小程序、H5](https://github.com/jeecgboot/jeecg-uniapp) |
+| `更多开源项目` | [更多底层源码下载](http://jeecg.com/download) |
+
+
+
+快速搭建开发环境
+-----------------------------------
+
+- [通过IDEA导入项目](https://help.jeecg.com/java/setup/idea.html)
+- [通过IDEA启动前后端项目](https://help.jeecg.com/java/setup/idea/startup.html)
+- [Vue3前端项目快速启动](http://help.jeecg.com/setup/startup.html)
+- [单体快速切换为微服务版](https://help.jeecg.com/java/springcloud/switchcloud/monomer.html)
+
+
+Docker快速启动项目
+-----------------------------------
+
+- [Docker启动单体后台](https://help.jeecg.com/java/setup/docker/up.html)
+- [Docker启动Vue3前端](http://help.jeecg.com/publish/docker.html)
+- [Docker启动微服务后台](https://help.jeecg.com/java/springcloud/docker.html)
+
+
 技术文档
 -----------------------------------
 
-- 技术官网：  [http://www.jeecg.com](http://www.jeecg.com)
+- 项目官网：  [http://www.jeecg.com](http://www.jeecg.com)
+- 开发文档：  [https://help.jeecg.com](https://help.jeecg.com)
+- 新手指南： [快速入门](http://www.jeecg.com/doc/quickstart)  |   [常见问题 ](http://www.jeecg.com/doc/qa) |  [视频教程](https://space.bilibili.com/454617261/channel/series)  |  [1分钟低代码体验](https://my.oschina.net/jeecg/blog/3083313) 
 
-- 在线演示 ： [Vue2版本](http://boot.jeecg.com) |  [Vue3版本](http://boot3.jeecg.com)
-
-- 开发文档：  [主项目文档](http://doc.jeecg.com) | [Vue3文档](http://vue3.jeecg.com)
-
-- 新手指南： [快速入门](http://www.jeecg.com/doc/quickstart)  |  [视频教程](https://space.bilibili.com/454617261/channel/series) |   [常见问题 ](http://www.jeecg.com/doc/qa)  |   [技术支持](http://jeecg.com/doc/help) |  [1分钟体验低代码](https://my.oschina.net/jeecg/blog/3083313)
-
-- 微服务开发：  [单体升级为微服务](http://doc.jeecg.com/3043471)
-
-- QQ交流群 ： ⑥730954414、VUE3群683903138、⑤860162132(满)、④774126647(满)、③816531124(满)、②769925425(满)、①284271917(满)
+- 在线演示 ：  [Vue3演示](http://boot3.jeecg.com)   | [APP演示](http://jeecg.com/appIndex) |  [敲敲云零代码](https://qiaoqiaoyun.com)
+> 演示系统的登录账号密码，请点击 [获取账号密码](http://jeecg.com/doc/demo) 获取 
+>
+- QQ交流群 ： ⑧825232878、⑦791696430(满)、⑥730954414(满)、683903138(满)、⑤860162132(满)、④774126647(满)、③816531124(满)、②769925425(满)、①284271917(满)
 > ` 提醒：【QQ群是自助服务群，建议给帮助您解决问题的同学发送指定红包，表示感谢！】 `
 
 
+大龄码农的思考
+-----------------------------------
+> 作为码农年纪大了写不动代码了怎么办？？哎！！
+所以我们团队在追求不写代码也可实现复杂业务系统！目前已经做到了，不信你到敲敲云零代码试试（通过流程串联修改业务数据）
+
+- https://www.qiaoqiaoyun.com
+
+
+技术支持
+-----------------------------------
+
+关闭gitee的issue通道，使用中遇到问题或者BUG可以在 [Github上提Issues](https://github.com/jeecgboot/jeecg-boot/issues/new)
+
+官方支持： [http://jeecg.com/doc/help](http://jeecg.com/doc/help)
+
+
+
+
+VUE2版本专题介绍
+-----------------------------------
+#### 项目介绍 
+- 项目名称：ant-design-vue-jeecg
+- 说明：JeecgBoot前端提供两套解决方案，一套VUE2和一套VUE3版本，目前vue2版本最新代码只支持到jeecgboot 3.4.3版本，一定注意。
+
+#### 源码下载
+| 源码                | 源码地址                     | 
+|--------------------|------------------------|
+| 后端JAVA源码 `Vue2版`  |https://gitee.com/jeecg/jeecg-boot/tree/v3.4.3last    |
+| 前端vue2源码 `Vue2版`  |https://gitee.com/jeecg/ant-design-vue-jeecg    |
+
+#### Vue2与Vue3版本区别
+> - VUE3版本彻底抛弃IE兼容，不兼容IE和低版本浏览器，只适配高版本谷歌和Edge
+ （政府、事业类单位项目需要谨慎选择——国产化迁移是一个漫长的过程，万一过程中要求IE兼容，这个不可逆）
+> - 所以如果对浏览器有要求的项目，请选择VUE2版本。
+> - VUE3版是全新的技术栈，紧跟主流（前端重写），各个功能都做了优化，拥有更好的体验效果
+
+#### 技术文档
+- 在线演示：[Vue2版演示](http://boot.jeecg.com) 
+- 开发文档：| [开发文档](http://doc.jeecg.com)  | [Vue2前端快速启动](http://doc.jeecg.com/2678320) |  [Vue2前端采用Docker启动](http://doc.jeecg.com/3043612)
+
+
+
+Star走势图
+-----------------------------------
+
+[![Star History Chart](https://api.star-history.com/svg?repos=jeecgboot/jeecg-boot&type=Date)](https://star-history.com/#jeecgboot/jeecg-boot)
+
+
 
 
 后台目录结构
@@ -110,12 +172,6 @@ Jeecg-Boot低代码开发平台，可以应用在任何J2EE项目的开发中，
            ├─jeecg-cloud-test-shardingsphere    -- 微服务测试示例（分库分表）
 ```
 
-Docker启动项目
------------------------------------
-- [Docker启动单体后台](http://doc.jeecg.com/2043889)
-- [Docker启动微服务后台](http://doc.jeecg.com/3043472)
-- [Docker启动Vue3前端](http://vue3.jeecg.com/3028878)
-- [Docker启动Vue2前端](http://doc.jeecg.com/3043612)
 
 
 
@@ -140,7 +196,7 @@ Docker启动项目
 * 17.支持SAAS服务模式，提供SaaS多租户架构方案。
 * 18.分布式文件服务，集成minio、阿里OSS等优秀的第三方，提供便捷的文件上传与管理，同时也支持本地存储。
 * 19.主流数据库兼容，一套代码完全兼容Mysql、Postgresql、Oracle、Sqlserver、MariaDB、达梦等主流数据库。
-* 20.集成工作流activiti，并实现了只需在页面配置流程转向，可极大的简化bpm工作流的开发；用bpm的流程设计器画出了流程走向，一个工作流基本就完成了，只需写很少量的java代码；
+* 20.集成工作流activiti、flowable，并实现了只需在页面配置流程转向，可极大的简化bpm工作流的开发；用bpm的流程设计器画出了流程走向，一个工作流基本就完成了，只需写很少量的java代码；
 * 21.低代码能力：在线流程设计，采用开源Activiti流程引擎，实现在线画流程,自定义表单,表单挂靠,业务流转
 * 22.多数据源：及其简易的使用方式，在线配置数据源配置，便捷的从其他数据抓取数据；
 * 23.提供单点登录CAS集成方案，项目中已经提供完善的对接代码
@@ -185,15 +241,15 @@ Docker启动项目
 
 #### 后端
 
-- 基础框架：Spring Boot 2.6.6
+- 基础框架：Spring Boot 2.6.14
 
 - 微服务框架： Spring Cloud Alibaba 2021.0.1.0
 
 - 持久层框架：MybatisPlus 3.5.1
 
-- 报表工具： JimuReport 1.5.2
+- 报表工具： JimuReport 1.5.8
 
-- 安全框架：Apache Shiro 1.8.0，Jwt 3.11.0
+- 安全框架：Apache Shiro 1.10.0，Jwt 3.11.0
 
 - 微服务技术栈：Spring Cloud Alibaba、Nacos、Gateway、Sentinel、Skywalking
 
@@ -241,7 +297,7 @@ Docker启动项目
 
 8、服务监控 SpringBootAdmin√
 
-9、链路跟踪 Skywalking   [参考文档](http://doc.jeecg.com/2350293)
+9、链路跟踪 Skywalking   [参考文档](https://help.jeecg.com/java/springcloud/super/skywarking.html)
 
 10、消息中间件 RabbitMQ  √
 
@@ -388,7 +444,7 @@ Docker启动项目
 │  ├─数据报表设计
 │  ├─图形报表设计（支持echart）
 │  ├─大屏设计器(未开源)
-│─流程模块功能 (未开源)
+│─更多商业功能 (未开源)
 │  ├─流程设计器
 │  ├─表单设计器
    ├─大屏设计器
@@ -411,43 +467,99 @@ Docker启动项目
    
 ```
 
+### 流程引擎推荐
+
+JeecgBoot企业版本默认集成了activiti和flowable两套方案，大家在使用本开源项目时，如果想进一步集成流程引擎，推荐结合贺波老师的书 [《深入Activiti流程引擎：核心原理与高阶实战》](https://item.m.jd.com/product/13928958.html?gx=RnAomTM2bmCImZxDqYAkVCoIHuIYVqc)
+
+<img src="https://jeecgos.oss-cn-beijing.aliyuncs.com/files/tuijian20231220161656.png" width="25%" height="auto">
 
 
+### 系统效果
 
 
-系统效果
-----
-##### 大屏模板
-![输入图片说明](https://static.oschina.net/uploads/img/201912/25133248_Ag1C.jpg "在这里输入图片标题")
-
-![输入图片说明](https://static.oschina.net/uploads/img/201912/25133301_k9Kc.jpg "在这里输入图片标题")
 
 ##### PC端
+![](https://oscimg.oschina.net/oscnet/up-000530d95df337b43089ac77e562494f454.png)
+
 ![输入图片说明](https://static.oschina.net/uploads/img/201904/14155402_AmlV.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160657_cHwb.png "在这里输入图片标题")
+
+![](https://oscimg.oschina.net/oscnet/up-9d6f36f251e71a0b515a01323474b03004c.png)
+
 ![输入图片说明](https://static.oschina.net/uploads/img/201904/14160813_KmXS.png "在这里输入图片标题")
+
 ![输入图片说明](https://static.oschina.net/uploads/img/201904/14160935_Nibs.png "在这里输入图片标题")
+
 ![输入图片说明](https://static.oschina.net/uploads/img/201904/14161004_bxQ4.png "在这里输入图片标题")
 
+#####  系统交互
+![](https://oscimg.oschina.net/oscnet/up-78b151fc888d4319377bf1cc311fe826871.png)
 
-##### 在线接口文档
-![输入图片说明](https://static.oschina.net/uploads/img/201908/27095258_M2Xq.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160957_hN3X.png "在这里输入图片标题")
+![](https://oscimg.oschina.net/oscnet/up-16c07e000278329b69b228ae3189814b8e9.png)
 
 
-##### 报表
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160828_pkFr.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160834_Lo23.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160842_QK7B.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160849_GBm5.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160858_6RAM.png "在这里输入图片标题")
+##### 流程设计
+![](https://oscimg.oschina.net/oscnet/up-981ce174e4fbb48c8a2ce4ccfd7372e2994.png)
 
-##### 流程
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160623_8fwk.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160917_9Ftz.png "在这里输入图片标题")
-![输入图片说明](https://static.oschina.net/uploads/img/201904/14160633_u59G.png "在这里输入图片标题")
 ![输入图片说明](https://static.oschina.net/uploads/img/201907/05165142_yyQ7.png "在这里输入图片标题")
 
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160917_9Ftz.png "在这里输入图片标题")
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160633_u59G.png "在这里输入图片标题")
+
+##### 简版流程设计
+
+![](https://oscimg.oschina.net/oscnet/up-1dc0d052149ec675f3e4fad632b82b48add.png)
+
+![](https://oscimg.oschina.net/oscnet/up-de31bc2f9d9b8332c554b0954cc73d79593.png)
+
+![](https://oscimg.oschina.net/oscnet/up-7f83b25159663686d67ed080eb16068c3b4.png)
+
+#####  仪表盘设计器
+![](https://oscimg.oschina.net/oscnet/up-9c9d41288c31398d76b390bdd400f13a582.png)
+
+![](https://oscimg.oschina.net/oscnet/up-fad98d42b2cf92f92a903c9cff7579f18ec.png)
+
+##### 报表设计器
+![](https://oscimg.oschina.net/oscnet/up-64648de000851f15f6c7b9573d107ebb5f8.png)
+
+![](https://oscimg.oschina.net/oscnet/up-fa52b44445db281c51d3f267dce7450d21b.gif)
+
+![](https://oscimg.oschina.net/oscnet/up-68a19149d640f1646c8ed89ed4375e3326c.png)
+
+![](https://oscimg.oschina.net/oscnet/up-f7e9cb2e3740f2d19ff63b40ec2dd554f96.png)
+
+##### 表单设计器
+![](https://oscimg.oschina.net/oscnet/up-5f8cb657615714b02190b355e59f60c5937.png)
+
+![](https://oscimg.oschina.net/oscnet/up-d9659b2f324e33218476ec98c9b400e6508.png)
+
+![](https://oscimg.oschina.net/oscnet/up-4868615395272d3206dbb960ade02dbc291.png)
+
+##### 大屏设计器
+![](https://oscimg.oschina.net/oscnet/up-402a6034124474bfef8dfc5b4b2bac1ce5c.png)
+
+![](https://oscimg.oschina.net/oscnet/up-6f7ba2e2ebbeea0d203db8d69fd87644c9f.png)
+
+![](https://oscimg.oschina.net/oscnet/up-ee8d34f318da466b8a6070a6e3111d12ce7.png)
+
+![](https://oscimg.oschina.net/oscnet/up-6b81781b43086819049c4421206810667c5.png)
+
+##### UNIAPP效果
+
+![](https://oscimg.oschina.net/oscnet/up-aac943fbd26561879c57a41f7a406edf274.png)
+
+![](https://oscimg.oschina.net/oscnet/up-9a44ba2e82b09c750629d12fafd7f60f553.png)
+
+##### 零代码应用
+![](https://oscimg.oschina.net/oscnet/up-4be29ae761b2615c8c54b3f668cd8432d9b.png)
+
+![](https://oscimg.oschina.net/oscnet/up-787e76bc24b38ecc7ed19f338808d128255.png)
+
+![](https://oscimg.oschina.net/oscnet/up-99d24a236c483362868523ad0d90f611487.png)
+
+![](https://oscimg.oschina.net/oscnet/up-339a0f29d10449abc7724e3bcda802761c1.png)
+
+![](https://oscimg.oschina.net/oscnet/up-b356670cdc14c609958c7619a537397c4b9.png)
 
 ##### 手机端
 ![](https://oscimg.oschina.net/oscnet/da543c5d0d57baab0cecaa4670c8b68c521.jpg)
@@ -456,10 +568,20 @@ Docker启动项目
 ##### PAD端
 ![](https://oscimg.oschina.net/oscnet/e90fef970a8c33790ab03ffd6c4c7cec225.jpg)
 ![](https://oscimg.oschina.net/oscnet/d78218803a9e856a0aa82b45efc49849a0c.jpg)
-![](https://oscimg.oschina.net/oscnet/0404054d9a12647ef6f82cf9cfb80a5ac02.jpg)
 ![](https://oscimg.oschina.net/oscnet/59c23b230f52384e588ee16309b44fa20de.jpg)
 
 
+##### 图表示例
+![](https://oscimg.oschina.net/oscnet/up-218bc6a1669496b241ebb23506440c0083e.png)
+
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160834_Lo23.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160842_QK7B.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160849_GBm5.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160858_6RAM.png "在这里输入图片标题")
+
+##### 在线接口文档
+![输入图片说明](https://static.oschina.net/uploads/img/201908/27095258_M2Xq.png "在这里输入图片标题")
+![输入图片说明](https://static.oschina.net/uploads/img/201904/14160957_hN3X.png "在这里输入图片标题")
 ## 捐赠 
 
 如果觉得还不错，请作者喝杯咖啡吧 ☺

db/增量SQL/3.4.0升级到3.4.2增量脚本sql

@@ -1,102 +0,0 @@
--- 系统通知消息支持标星
-ALTER TABLE `sys_announcement_send` 
-ADD COLUMN `star_flag` varchar(10) NULL COMMENT '标星状态( 1为标星 空/0没有标星)' AFTER `update_time`;
-
-ALTER TABLE `sys_comment`
-MODIFY COLUMN `comment_content` varchar(255) CHARACTER SET utf8mb4 NULL DEFAULT NULL COMMENT '回复内容' AFTER `comment_id`;
-
-ALTER TABLE `sys_data_log`
-ADD COLUMN `type` varchar(20) NULL DEFAULT 'json' COMMENT '类型' AFTER `data_version`;
-update sys_data_log set type = 'json';
-
-
--- vue3单表原生组件菜单 
-INSERT INTO `sys_permission`(`id`, `parent_id`, `name`, `url`, `component`, `is_route`, `component_name`, `redirect`, `menu_type`, `perms`, `perms_type`, `sort_no`, `always_show`, `icon`, `is_leaf`, `keep_alive`, `hidden`, `hide_tab`, `description`, `create_by`, `create_time`, `update_by`, `update_time`, `del_flag`, `rule_flag`, `status`, `internal_or_external`) VALUES ('1534418199197323265', '1438108197958311537', '单表原生示例', '/one/OneNativeList', 'demo/jeecg/Native/one/OneNativeList', 1, NULL, NULL, 1, NULL, '0', 13.00, 0, NULL, 1, 0, 0, 0, NULL, 'admin', '2022-06-08 14:13:01', 'admin', '2022-06-08 14:13:12', 0, 0, NULL, 0);
-
-INSERT INTO  `sys_dict` (`id`, `dict_name`, `dict_code`, `description`, `del_flag`, `create_by`, `create_time`, `update_by`, `update_time`, `type`) VALUES ('1242298510024429569', '提醒方式', 'remindMode', '', 0, 'admin', '2020-03-24 11:53:40', 'admin', '2020-03-24 12:03:22', 0);
-INSERT INTO  `sys_dict_item` (`id`, `dict_id`, `item_text`, `item_value`, `description`, `sort_order`, `status`, `create_by`, `create_time`, `update_by`, `update_time`) VALUES ('1242300779390357505', '1242298510024429569', '短信提醒', '2', '', 2, 1, 'admin', '2020-03-24 12:02:41', 'admin', '2020-03-30 18:21:33');
-INSERT INTO  `sys_dict_item` (`id`, `dict_id`, `item_text`, `item_value`, `description`, `sort_order`, `status`, `create_by`, `create_time`, `update_by`, `update_time`) VALUES ('1242300814383435777', '1242298510024429569', '邮件提醒', '1', '', 1, 1, 'admin', '2020-03-24 12:02:49', 'admin', '2020-03-30 18:21:26');
-INSERT INTO  `sys_dict_item` (`id`, `dict_id`, `item_text`, `item_value`, `description`, `sort_order`, `status`, `create_by`, `create_time`, `update_by`, `update_time`) VALUES ('1242300887343353857', '1242298510024429569', '系统消息', '4', '', 4, 1, 'admin', '2020-03-24 12:03:07', 'admin', '2020-03-30 18:21:43');
-
--- 删除vue3作废菜单
-DELETE from sys_permission  where component = 'demo/comp/upload/index';
-
--- vue3示例菜单缓存配置修正
-UPDATE `sys_permission` SET `parent_id` = '1438108187455774722', `name` = '多级菜单', `url` = '/level', `component` = 'layouts/default/index', `is_route` = 1, `component_name` = NULL, `redirect` = '/level/menu1/menu1-1/menu1-1-1', `menu_type` = 0, `perms` = NULL, `perms_type` = '1', `sort_no` = 9.00, `always_show` = 0, `icon` = 'ion:menu-outline', `is_leaf` = 0, `keep_alive` = 0, `hidden` = 0, `hide_tab` = NULL, `description` = NULL, `create_by` = 'admin', `create_time` = '2021-09-15 19:51:33', `update_by` = NULL, `update_time` = NULL, `del_flag` = 0, `rule_flag` = 0, `status` = '1', `internal_or_external` = 0 WHERE `id` = '1438108220418809857';
-UPDATE `sys_permission` SET `parent_id` = '1438108220418809857', `name` = 'Menu1', `url` = '/level/menu1', `component` = NULL, `is_route` = 1, `component_name` = NULL, `redirect` = '/level/menu1/menu1-1/menu1-1-1', `menu_type` = 1, `perms` = NULL, `perms_type` = '1', `sort_no` = 0.00, `always_show` = 0, `icon` = NULL, `is_leaf` = 0, `keep_alive` = 0, `hidden` = 0, `hide_tab` = NULL, `description` = NULL, `create_by` = 'admin', `create_time` = '2021-09-15 19:51:33', `update_by` = NULL, `update_time` = NULL, `del_flag` = 0, `rule_flag` = 0, `status` = '1', `internal_or_external` = 0 WHERE `id` = '1438108220523667458';
-UPDATE `sys_permission` SET `parent_id` = '1438108220418809857', `name` = 'Menu2', `url` = '/level/menu2', `component` = 'demo/level/Menu2', `is_route` = 1, `component_name` = 'Menu2Demo', `redirect` = NULL, `menu_type` = 1, `perms` = NULL, `perms_type` = '1', `sort_no` = 1.00, `always_show` = 0, `icon` = NULL, `is_leaf` = 1, `keep_alive` = 1, `hidden` = 0, `hide_tab` = 0, `description` = NULL, `create_by` = 'admin', `create_time` = '2021-09-15 19:51:33', `update_by` = 'admin', `update_time` = '2022-09-20 15:24:13', `del_flag` = 0, `rule_flag` = 0, `status` = '1', `internal_or_external` = 0 WHERE `id` = '1438108220724994049';
-UPDATE `sys_permission` SET `parent_id` = '1438108220523667458', `name` = 'Menu1-1', `url` = '/level/menu1/menu1-1', `component` = NULL, `is_route` = 1, `component_name` = NULL, `redirect` = '/level/menu1/menu1-1/menu1-1-1', `menu_type` = 1, `perms` = NULL, `perms_type` = '1', `sort_no` = 0.00, `always_show` = 0, `icon` = NULL, `is_leaf` = 0, `keep_alive` = 0, `hidden` = 0, `hide_tab` = NULL, `description` = NULL, `create_by` = 'admin', `create_time` = '2021-09-15 19:51:33', `update_by` = NULL, `update_time` = NULL, `del_flag` = 0, `rule_flag` = 0, `status` = '1', `internal_or_external` = 0 WHERE `id` = '1438108220896960513';
-UPDATE `sys_permission` SET `parent_id` = '1438108220896960513', `name` = 'Menu1-1-1', `url` = '/level/menu1/menu1-1/menu1-1-1', `component` = 'demo/level/Menu111', `is_route` = 1, `component_name` = 'Menu111Demo', `redirect` = NULL, `menu_type` = 1, `perms` = NULL, `perms_type` = '1', `sort_no` = 0.00, `always_show` = 0, `icon` = NULL, `is_leaf` = 1, `keep_alive` = 1, `hidden` = 0, `hide_tab` = 0, `description` = NULL, `create_by` = 'admin', `create_time` = '2021-09-15 19:51:33', `update_by` = 'admin', `update_time` = '2022-09-20 15:24:03', `del_flag` = 0, `rule_flag` = 0, `status` = '1', `internal_or_external` = 0 WHERE `id` = '1438108221127647234';
-UPDATE `sys_permission` SET `parent_id` = '1438108220523667458', `name` = 'Menu1-2', `url` = '/level/menu1/menu1-2', `component` = 'demo/level/Menu12', `is_route` = 1, `component_name` = 'Menu12Demo', `redirect` = NULL, `menu_type` = 1, `perms` = NULL, `perms_type` = '1', `sort_no` = 1.00, `always_show` = 0, `icon` = NULL, `is_leaf` = 1, `keep_alive` = 1, `hidden` = 0, `hide_tab` = 0, `description` = NULL, `create_by` = 'admin', `create_time` = '2021-09-15 19:51:33', `update_by` = 'admin', `update_time` = '2022-09-20 15:24:08', `del_flag` = 0, `rule_flag` = 0, `status` = '1', `internal_or_external` = 0 WHERE `id` = '1438108221270253570';
-
-
--- 新增评论表和文件表
-DROP TABLE IF EXISTS `sys_comment`;
-CREATE TABLE `sys_comment`  (
-  `id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
-  `table_name` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '表名',
-  `table_data_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '数据id',
-  `from_user_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '来源用户id',
-  `to_user_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '发送给用户id(允许为空)',
-  `comment_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '评论id(允许为空，不为空时，则为回复)',
-  `comment_content` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '回复内容',
-  `create_by` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '创建人',
-  `create_time` datetime NULL DEFAULT NULL COMMENT '创建日期',
-  `update_by` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '更新人',
-  `update_time` datetime NULL DEFAULT NULL COMMENT '更新日期',
-  PRIMARY KEY (`id`) USING BTREE,
-  INDEX `idx_table_data_id`(`table_name`, `table_data_id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '系统评论回复表' ROW_FORMAT = DYNAMIC;
-
-DROP TABLE IF EXISTS `sys_files`;
-CREATE TABLE `sys_files`  (
-  `id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '主键id',
-  `file_name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '文件名称',
-  `url` varchar(1000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '文件地址',
-  `file_type` varchar(20) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '文档类型（folder:文件夹 excel:excel doc:word ppt:ppt image:图片  archive:其他文档 video:视频 pdf:pdf）',
-  `store_type` varchar(20) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '文件上传类型(temp/本地上传(临时文件) manage/知识库)',
-  `parent_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '父级id',
-  `tenant_id` varchar(500) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '租户id',
-  `file_size` double(13, 2) NULL DEFAULT NULL COMMENT '文件大小（kb）',
-  `iz_folder` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '是否文件夹(1：是  0：否)',
-  `iz_root_folder` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '是否为1级文件夹，允许为空 (1：是 )',
-  `iz_star` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '是否标星(1：是  0：否)',
-  `down_count` int(11) NULL DEFAULT NULL COMMENT '下载次数',
-  `read_count` int(11) NULL DEFAULT NULL COMMENT '阅读次数',
-  `share_url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '分享链接',
-  `share_perms` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '分享权限(1.关闭分享 2.允许所有联系人查看 3.允许任何人查看)',
-  `enable_down` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '是否允许下载(1：是  0：否)',
-  `enable_updat` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '是否允许修改(1：是  0：否)',
-  `del_flag` varchar(2) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '删除状态(0-正常,1-删除至回收站)',
-  `create_by` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '创建人登录名称',
-  `create_time` datetime NULL DEFAULT NULL COMMENT '创建日期',
-  `update_by` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '更新人登录名称',
-  `update_time` datetime NULL DEFAULT NULL COMMENT '更新日期',
-  PRIMARY KEY (`id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '知识库-文档管理' ROW_FORMAT = DYNAMIC;
-
-DROP TABLE IF EXISTS `sys_form_file`;
-CREATE TABLE `sys_form_file`  (
-  `id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
-  `table_name` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '表名',
-  `table_data_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '数据id',
-  `file_id` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '关联文件id',
-  `file_type` varchar(20) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '文件类型(text:文本, excel:excel doc:word ppt:ppt image:图片  archive:其他文档 video:视频 pdf:pdf）)',
-  `create_by` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '创建人登录名称',
-  `create_time` datetime NULL DEFAULT NULL COMMENT '创建日期',
-  PRIMARY KEY (`id`) USING BTREE,
-  INDEX `idx_table_form`(`table_name`, `table_data_id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-
-ALTER TABLE `sys_files`
-MODIFY COLUMN `tenant_id` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '租户id' AFTER `parent_id`;
-
-ALTER TABLE `sys_files`
-ADD INDEX `index_tenant_id`(`tenant_id`),
-ADD INDEX `index_del_flag`(`del_flag`);
-
-ALTER TABLE `sys_form_file`
-ADD INDEX `index_file_id`(`file_id`);
-
-
-

db/增量SQL/版本升级说明.txt

@@ -1,10 +0,0 @@
-版本升级方法？
-
-  JeecgBoot属于平台级产品，每次升级改动内容较多，目前做不到平滑升级。
-
-  这里给用户的升级建议是这样的：
-  1.代码升级  => 本地版本通过svn或者git做好主干，在分支上做业务开发，jeecg每次版本发布，可以手工覆盖主干的代码，对比代码进行提交；
-  2.数据库升级 => 针对数据库我们每次发布会提供增量升级SQL，可以通过增量SQL实现数据库的升级。
-  3.兼容问题 => 每次版本发布会针对不兼容地方标注说明，需要手工修改不兼容的代码。
-
-  注意： 升级sql目前只提供mysql版本，执行完脚步后，新菜单需要手工进行角色授权，刷新首页才会出现。

db/版本升级说明.md

@@ -0,0 +1,15 @@
+# 版本升级方法
+
+> JeecgBoot属于平台级产品，每次升级改动较大，目前做不到平滑升级。
+
+### 增量升级方案
+#### 1.代码合并
+ 本地通过svn或git做好主干，在分支上做业务开发，jeecg每次版本发布，可以手工覆盖主干的代码，对比合并代码；
+
+#### 2.数据库升级
+- 从3.6.2+版本增加flyway自动升级数据库机制，支持 mysql5.7、mysql8; 
+- 其他库请手工执行SQL, 目录： `jeecg-module-system\jeecg-system-start\src\main\resources\flyway\sql\mysql`
+> 注意： 升级sql只提供mysql版本；如果有权限升级, 还需要手工角色授权，退出重新登录才好使。
+
+#### 3.兼容问题
+ 每次发版，会针对不兼容地方重点说明。

docker-compose.yml

@@ -19,6 +19,8 @@ services:
       --default-authentication-plugin=caching_sha2_password
     ports:
       - 3306:3306
+    networks:
+      - jeecg-boot
 
   jeecg-boot-redis:
     image: redis:5.0
@@ -27,6 +29,8 @@ services:
     restart: always
     hostname: jeecg-boot-redis
     container_name: jeecg-boot-redis
+    networks:
+      - jeecg-boot
 
   jeecg-boot-system:
     build:
@@ -40,3 +44,9 @@ services:
     hostname: jeecg-boot-system
     ports:
       - 8080:8080
+    networks:
+      - jeecg-boot
+
+networks:
+  jeecg-boot:
+    name: jeecg_boot

jeecg-boot-base-core/pom.xml

@@ -2,14 +2,43 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<parent>
-		<artifactId>jeecg-boot-parent</artifactId>
 		<groupId>org.jeecgframework.boot</groupId>
-		<version>3.4.2</version>
+		<artifactId>jeecg-boot-parent</artifactId>
+		<version>3.6.3</version>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>
-
 	<artifactId>jeecg-boot-base-core</artifactId>
 
+	<repositories>
+		<repository>
+			<id>aliyun</id>
+			<name>aliyun Repository</name>
+			<url>https://maven.aliyun.com/repository/public</url>
+			<snapshots>
+				<enabled>false</enabled>
+			</snapshots>
+		</repository>
+		<repository>
+			<id>jeecg</id>
+			<name>jeecg Repository</name>
+			<url>https://maven.jeecg.org/nexus/content/repositories/jeecg</url>
+			<snapshots>
+				<enabled>false</enabled>
+			</snapshots>
+		</repository>
+		<repository>
+			<id>jeecg-snapshots</id>
+			<name>jeecg-snapshots Repository</name>
+			<url>https://oss.sonatype.org/content/repositories/snapshots</url>
+			<releases>
+				<enabled>false</enabled>
+			</releases>
+			<snapshots>
+				<enabled>true</enabled>
+			</snapshots>
+		</repository>
+	</repositories>
+	
 	<dependencies>
 		<!--jeecg-tools-->
 		<dependency>
@@ -146,6 +175,10 @@
 					<groupId>org.apache.shiro</groupId>
 					<artifactId>shiro-core</artifactId>
 				</exclusion>
+				<exclusion>
+					<artifactId>checkstyle</artifactId>
+					<groupId>com.puppycrawl.tools</groupId>
+				</exclusion>
 			</exclusions>
 		</dependency>
 
@@ -157,7 +190,7 @@
 		</dependency>
 
 		<!-- 代码生成器 -->
-		<!-- 如下载失败，请参考此文档  http://doc.jeecg.com/2043876 -->
+		<!-- 如下载失败，请参考此文档  https://help.jeecg.com/java/setup/maven.html -->
 		<dependency>
 			<groupId>org.jeecgframework.boot</groupId>
 			<artifactId>codegenerate</artifactId>
@@ -174,8 +207,18 @@
 					<groupId>commons-codec</groupId>
 					<artifactId>commons-codec</artifactId>
 				</exclusion>
+				<exclusion>
+					<artifactId>xercesImpl</artifactId>
+					<groupId>xerces</groupId>
+				</exclusion>
 			</exclusions>
 		</dependency>
+		<dependency>
+			<groupId>xerces</groupId>
+			<artifactId>xercesImpl</artifactId>
+			<version>2.12.2</version>
+			<optional>true</optional>
+		</dependency>
 
 		<!-- mini文件存储服务 -->
 		<dependency>
@@ -209,6 +252,19 @@
 			<groupId>com.fasterxml.jackson.module</groupId>
 			<artifactId>jackson-module-kotlin</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>commons-fileupload</groupId>
+			<artifactId>commons-fileupload</artifactId>
+		</dependency>
+		<!--加载hutool-->
+		<dependency>
+			<groupId>cn.hutool</groupId>
+			<artifactId>hutool-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>cn.hutool</groupId>
+			<artifactId>hutool-crypto</artifactId>
+		</dependency>
 	</dependencies>
 
 </project>

jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java

@@ -22,10 +22,10 @@ public interface CommonAPI {
 
     /**
      * 2查询用户权限信息
-     * @param username
+     * @param userId
      * @return
      */
-    Set<String> queryUserAuths(String username);
+    Set<String> queryUserAuths(String userId);
 
     /**
      * 3根据 id 查询数据库中存储的 DynamicDataSourceModel
@@ -102,12 +102,12 @@ public interface CommonAPI {
 
     /**
      * 13获取表数据字典
-     * @param table
+     * @param tableFilterSql
      * @param text
      * @param code
      * @return
      */
-    List<DictModel> queryTableDictItemsByCode(String table, String text, String code);
+    List<DictModel> queryTableDictItemsByCode(String tableFilterSql, String text, String code);
 
     /**
      * 14 普通字典的翻译，根据多个dictCode和多条数据，多个以逗号分割
@@ -117,14 +117,17 @@ public interface CommonAPI {
      */
     Map<String, List<DictModel>> translateManyDict(String dictCodes, String keys);
 
+    //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
     /**
      * 15 字典表的 翻译，可批量
      * @param table
      * @param text
      * @param code
      * @param keys 多个用逗号分割
+     * @param dataSource 数据源
      * @return
      */
-    List<DictModel> translateDictFromTableByKeys(String table, String text, String code, String keys);
+    List<DictModel> translateDictFromTableByKeys(String table, String text, String code, String keys, String dataSource);
+    //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
 
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/DataLogDTO.java

@@ -17,6 +17,8 @@ public class DataLogDTO {
 
     private String type;
 
+    private String createName;
+
     public DataLogDTO(){
 
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/LogDTO.java

@@ -50,6 +50,11 @@ public class LogDTO implements Serializable {
     /**操作人用户账户*/
     private String userid;
 
+    /**
+     * 租户ID
+     */
+    private Integer tenantId;
+
     public LogDTO(){
 
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/OnlineAuthDTO.java

@@ -30,6 +30,13 @@ public class OnlineAuthDTO implements Serializable {
      */
     private String onlineFormUrl;
 
+    //update-begin---author:chenrui ---date:20240123  for：[QQYUN-7992]【online】工单申请下的online表单，未配置online表单开发菜单，操作报错无权限------------
+    /**
+     * online工单的地址
+     */
+    private String onlineWorkOrderUrl;
+    //update-end---author:chenrui ---date:20240123  for：[QQYUN-7992]【online】工单申请下的online表单，未配置online表单开发菜单，操作报错无权限------------
+
     public OnlineAuthDTO(){
 
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/api/dto/message/MessageDTO.java

@@ -4,7 +4,7 @@ import lombok.Data;
 import org.jeecg.common.constant.CommonConstant;
 
 import java.io.Serializable;
-import java.util.Map;
+import java.util.*;
 
 /**
  * 普通消息
@@ -44,13 +44,6 @@ public class MessageDTO implements Serializable {
      */
     protected String category;
     
-    //-----------------------------------------------------------------------
-    //update-begin---author:taoyan ---date:20220705  for：支持自定义推送类型，邮件、钉钉、企业微信、系统消息-----------
-
-    /**
-     * 模板消息对应的模板编码
-     */
-    protected String templateCode;
     /**
      * 消息类型：org.jeecg.common.constant.enums.MessageTypeEnum
      *  XT("system",  "系统消息")
@@ -60,18 +53,38 @@ public class MessageDTO implements Serializable {
      */
     protected String type;
     
+
+    //---【推送模板相关参数】-------------------------------------------------------------
     /**
      * 是否发送Markdown格式的消息
      */
     protected boolean isMarkdown;
-
+    /**
+     * 模板消息对应的模板编码
+     */
+    protected String templateCode;
     /**
      * 解析模板内容 对应的数据
      */
     protected Map<String, Object> data;
-    //update-end---author:taoyan ---date::20220705  for：支持自定义推送类型，邮件、钉钉、企业微信、系统消息-----------
-    //-----------------------------------------------------------------------
+    //---【推送模板相关参数】-------------------------------------------------------------
 
+    //---【邮件相关参数】-------------------------------------------------------------
+    /**
+     * 邮件抄送人
+     */
+    private String copyToUser;
+
+    /**
+     * 邮件推送地址
+     */
+    protected Set<String> toEmailList;
+
+    /**
+     * 邮件抄送地址
+     */
+    protected Set<String> ccEmailList;
+    //---【邮件相关参数】-------------------------------------------------------------
     
     public MessageDTO(){
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/DictAspect.java

@@ -140,11 +140,15 @@ public class DictAspect {
                             String code = field.getAnnotation(Dict.class).dicCode();
                             String text = field.getAnnotation(Dict.class).dicText();
                             String table = field.getAnnotation(Dict.class).dictTable();
-
+                            //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                            String dataSource = field.getAnnotation(Dict.class).ds();
+                            //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                             List<String> dataList;
                             String dictCode = code;
                             if (!StringUtils.isEmpty(table)) {
-                                dictCode = String.format("%s,%s,%s", table, text, code);
+                                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                                dictCode = String.format("%s,%s,%s,%s", table, text, code, dataSource);
+                                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                             }
                             dataList = dataListMap.computeIfAbsent(dictCode, k -> new ArrayList<>());
                             this.listAddAllDeduplicate(dataList, Arrays.asList(value.split(",")));
@@ -169,10 +173,15 @@ public class DictAspect {
                         String code = field.getAnnotation(Dict.class).dicCode();
                         String text = field.getAnnotation(Dict.class).dicText();
                         String table = field.getAnnotation(Dict.class).dictTable();
-
+                        //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                        // 自定义的字典表数据源
+                        String dataSource = field.getAnnotation(Dict.class).ds();
+                        //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                         String fieldDictCode = code;
                         if (!StringUtils.isEmpty(table)) {
-                            fieldDictCode = String.format("%s,%s,%s", table, text, code);
+                            //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                            fieldDictCode = String.format("%s,%s,%s,%s", table, text, code, dataSource);
+                            //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                         }
 
                         String value = record.getString(field.getName());
@@ -274,9 +283,25 @@ public class DictAspect {
                 String[] arr = dictCode.split(",");
                 String table = arr[0], text = arr[1], code = arr[2];
                 String values = String.join(",", needTranslDataTable);
+                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                // 自定义的数据源
+                String dataSource = null;
+                if (arr.length > 3) {
+                    dataSource = arr[3];
+                }
+                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                 log.debug("translateDictFromTableByKeys.dictCode:" + dictCode);
                 log.debug("translateDictFromTableByKeys.values:" + values);
-                List<DictModel> texts = commonApi.translateDictFromTableByKeys(table, text, code, values);
+                //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+                
+                //update-begin---author:wangshuai---date:2024-01-09---for:微服务下为空报错没有参数需要传递空字符串---
+                if(null == dataSource){
+                    dataSource = "";
+                }
+                //update-end---author:wangshuai---date:2024-01-09---for:微服务下为空报错没有参数需要传递空字符串---
+                
+                List<DictModel> texts = commonApi.translateDictFromTableByKeys(table, text, code, values, dataSource);
+                //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
                 log.debug("translateDictFromTableByKeys.result:" + texts);
                 List<DictModel> list = translText.computeIfAbsent(dictCode, k -> new ArrayList<>());
                 list.addAll(texts);

jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/PermissionDataAspect.java

@@ -59,8 +59,7 @@ public class PermissionDataAspect {
         requestPath = filterUrl(requestPath);
         //update-begin-author:taoyan date:20211027 for:JTC-132【online报表权限】online报表带参数的菜单配置数据权限无效
         //先判断是否online报表请求
-        // TODO 参数顺序调整有隐患
-        if(requestPath.indexOf(UrlMatchEnum.CGREPORT_DATA.getMatchUrl())>=0){
+        if(requestPath.indexOf(UrlMatchEnum.CGREPORT_DATA.getMatchUrl())>=0 || requestPath.indexOf(UrlMatchEnum.CGREPORT_ONLY_DATA.getMatchUrl())>=0){
             // 获取地址栏参数
             String urlParamString = request.getParameter(CommonConstant.ONL_REP_URL_PARAM_STR);
             if(oConvertUtils.isNotEmpty(urlParamString)){
@@ -68,7 +67,7 @@ public class PermissionDataAspect {
             }
         }
         //update-end-author:taoyan date:20211027 for:JTC-132【online报表权限】online报表带参数的菜单配置数据权限无效
-        log.info("拦截请求 >> {} ; 请求类型 >> {} . ", requestPath, requestMethod);
+        log.debug("拦截请求 >> {} ; 请求类型 >> {} . ", requestPath, requestMethod);
         String username = JwtUtil.getUserNameByToken(request);
         //查询数据权限信息
         //TODO 微服务情况下也得支持缓存机制

jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/UrlMatchEnum.java

@@ -14,6 +14,8 @@ public enum UrlMatchEnum {
     CGFORM_TREE_DATA("/online/cgform/api/getTreeData/", "/online/cgformList/"),
     /**求URL与菜单路由URL转换规则 /online/cgreport/api/getColumnsAndData/ */
     CGREPORT_DATA("/online/cgreport/api/getColumnsAndData/", "/online/cgreport/"),
+    /** 求URL与菜单路由URL转换规则/online/cgreport/api/getData/ 【vue3报表数据请求地址】 */
+    CGREPORT_ONLY_DATA("/online/cgreport/api/getData/", "/online/cgreport/"),
     /**求URL与菜单路由URL转换规则 /online/cgreport/api/exportXls/ */
     CGREPORT_EXCEL_DATA("/online/cgreport/api/exportXls/", "/online/cgreport/"),
     /**求URL与菜单路由URL转换规则 /online/cgreport/api/exportManySheetXls/ */

jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/annotation/AutoLowApp.java

@@ -1,33 +0,0 @@
-package org.jeecg.common.aspect.annotation;
-
-import java.lang.annotation.*;
-
-import org.jeecg.common.constant.enums.LowAppAopEnum;
-
-/**
- * 自动注入low_app_id
- * 
- * @Author scott
- * @email jeecgos@163.com
- * @Date 2022年01月05日
- */
-@Target(ElementType.METHOD)
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface AutoLowApp {
-
-	/**
-	 * 切面类型（add、delete、db_import等其他操作）
-	 *
-	 * @return
-	 */
-	LowAppAopEnum action();
-
-	/**
-	 * 业务类型（cgform等）
-	 *
-	 * @return
-	 */
-	String bizType();
-
-}

jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/annotation/Dict.java

@@ -39,4 +39,16 @@ public @interface Dict {
      * @return 返回类型： String
      */
     String dictTable() default "";
+
+
+    //update-begin---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
+    /**
+     * 方法描述: 数据字典表所在数据源名称
+     * 作    者： chenrui
+     * 日    期： 2023年12月20日-下午4:58
+     *
+     * @return 返回类型： String
+     */
+    String ds() default "";
+    //update-end---author:chenrui ---date:20231221  for：[issues/#5643]解决分布式下表字典跨库无法查询问题------------
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/CommonConstant.java

@@ -69,6 +69,8 @@ public interface CommonConstant {
 	
 	/** {@code 500 Server Error} (HTTP/1.0 - RFC 1945) */
     Integer SC_INTERNAL_SERVER_ERROR_500 = 500;
+    /** {@code 404 Not Found} (HTTP/1.0 - RFC 1945) */
+    Integer SC_INTERNAL_NOT_FOUND_404 = 404;
     /** {@code 200 OK} (HTTP/1.0 - RFC 1945) */
     Integer SC_OK_200 = 200;
     
@@ -78,7 +80,7 @@ public interface CommonConstant {
     /** 登录用户Shiro权限缓存KEY前缀 */
     public static String PREFIX_USER_SHIRO_CACHE  = "shiro:cache:org.jeecg.config.shiro.ShiroRealm.authorizationCache:";
     /** 登录用户Token令牌缓存KEY前缀 */
-    String PREFIX_USER_TOKEN  = "prefix_user_token_";
+    String PREFIX_USER_TOKEN  = "prefix_user_token:";
 //    /** Token缓存时间：3600秒即一小时 */
 //    int  TOKEN_EXPIRE_TIME  = 3600;
 
@@ -112,8 +114,8 @@ public interface CommonConstant {
     String HAS_CANCLE  = "2";
     
     /**阅读状态（0未读，1已读）*/
-    String HAS_READ_FLAG  = "1";
-    String NO_READ_FLAG  = "0";
+    Integer HAS_READ_FLAG  = 1;
+    Integer NO_READ_FLAG  = 0;
     
     /**优先级（L低，M中，H高）*/
     String PRIORITY_L  = "L";
@@ -152,13 +154,16 @@ public interface CommonConstant {
     Integer RULE_FLAG_1 = 1;
 
     /**
-     * 是否用户已被冻结 1正常(解冻) 2冻结
+     * 是否用户已被冻结 1正常(解冻) 2冻结 3离职
      */
     Integer USER_UNFREEZE = 1;
     Integer USER_FREEZE = 2;
+    Integer USER_QUIT = 3;
     
     /**字典翻译文本后缀*/
     String DICT_TEXT_SUFFIX = "_dictText";
+    /**字典翻译颜色后缀*/
+    String DICT_COLOR_SUFFIX = "_dictColor";
 
     /**
      * 表单设计器主表类型
@@ -312,8 +317,10 @@ public interface CommonConstant {
     String X_ACCESS_TOKEN = "X-Access-Token";
     String X_SIGN = "X-Sign";
     String X_TIMESTAMP = "X-TIMESTAMP";
-    /** 租户 请求头*/
-    String TENANT_ID = "tenant-id";
+    /** 租户请求头 更名为：X-Tenant-Id */
+    String TENANT_ID = "X-Tenant-Id";
+    /** 简流接口请求头，用于排除不支持的控件字段  */
+    String X_MiniFlowExclusionFieldMode = "X-Miniflowexclusionfieldmode";
     /**===============================================================================================*/
 
     String TOKEN_IS_INVALID_MSG = "Token失效，请重新登录!";
@@ -370,6 +377,8 @@ public interface CommonConstant {
     /**前端vue3版本Header参数名*/
     String VERSION="X-Version";
 
+    String VERSION_V3 = "v3";
+
     /**存储在线程变量里的动态表名*/
     String DYNAMIC_TABLE_NAME="DYNAMIC_TABLE_NAME";
     /**
@@ -387,6 +396,7 @@ public interface CommonConstant {
     /** 部门表唯一key，orgCode */
     String DEPART_KEY_ORG_CODE = "orgCode";
 
+    /**======【消息推送相关】==============================================================================*/
     /**
      * 发消息 会传递一些信息到map
      */
@@ -397,6 +407,11 @@ public interface CommonConstant {
      */
     String NOTICE_MSG_BUS_ID = "NOTICE_MSG_BUS_ID";
 
+   /**
+    * 发消息 消息业务类型
+    */
+   String NOTICE_MSG_BUS_TYPE = "NOTICE_MSG_BUS_TYPE";
+
     /**
      * 邮箱消息中地址登录时地址后携带的token,需要替换成真实的token值
      */
@@ -419,10 +434,147 @@ public interface CommonConstant {
 
     /** 消息模板：markdown */
     String MSG_TEMPLATE_TYPE_MD = "5";
+    /**========【消息推送相关】==========================================================================*/
 
     /**
      * 短信验证码redis-key的前缀
      */
     String PHONE_REDIS_KEY_PRE = "phone_msg";
 
+    /**
+     * 是文件夹
+     */
+    String IT_IS_FOLDER = "1";
+
+    /**
+     * 文件拥有者
+     */
+    String FILE_OWNER = "owner";
+
+    /**
+     * 文件管理员
+     */
+    String FILE_ADMIN = "admin";
+
+    /**
+     * 只允许编辑
+     */
+    String FILE_EDITABLE = "editable";
+
+    /**
+     * 登录失败，用于记录失败次数的key
+     */
+    String LOGIN_FAIL = "LOGIN_FAIL_";
+
+    /**
+     * 入职事件
+     */
+    Integer BPM_USER_EVENT_ADD = 1;
+
+   /**
+    * 离职事件
+    */
+    Integer BPM_USER_EVENT_LEVEL = 2;
+
+   /**
+    * 用户租户状态(正常/已通过审核的)
+    */
+   String USER_TENANT_NORMAL = "1";
+
+   /**
+    * 用户租户状态(离职)
+    */
+   String USER_TENANT_QUIT = "2";
+
+   /**
+    * 用户租户状态(审核中)
+    */
+   String USER_TENANT_UNDER_REVIEW = "3";
+   
+   /**
+    * 用户租户状态(拒绝)
+    */
+   String USER_TENANT_REFUSE = "4";
+
+   /**
+    * 用户租户状态(邀请)
+    */
+   String USER_TENANT_INVITE = "5";
+   
+   /**
+    * 不是叶子节点
+    */
+   Integer NOT_LEAF = 0;
+
+   /**
+    * 是叶子节点
+    */
+   Integer IS_LEAF = 1;
+
+   /**
+    * 钉钉
+    */
+   String DINGTALK = "DINGTALK";
+
+   /**
+    * 企业微信
+    */
+   String WECHAT_ENTERPRISE = "WECHAT_ENTERPRISE";
+
+  /**
+   * 系统默认租户id 0
+   */
+  Integer TENANT_ID_DEFAULT_VALUE = 0;
+
+ /**
+  * 【low-app用】 应用级别的复制
+  */
+ String COPY_LEVEL_APP = "app";
+
+ /**
+  * 【low-app用】 菜单级别的复制
+  */
+ String COPY_LEVEL_MENU = "menu";
+
+
+ /**
+  * 【low-app用】 应用备份
+  */
+ String COPY_LEVEL_BAK = "backup";
+
+ /**
+  * 【low-app用】 从备份还原
+  */
+ String COPY_LEVEL_COVER = "cover";
+
+ /** 【QQYUN-6034】关联字段变更历史值，缓存半个小时 */
+ String CACHE_REL_FIELD_OLD_VAL = "sys:cache:desform:relFieldOldVal:";
+
+    /**
+     * 排序类型：升序
+     */
+    String ORDER_TYPE_ASC = "ASC";
+    /**
+     * 排序类型：降序
+     */
+    String ORDER_TYPE_DESC = "DESC";
+
+
+   //update-begin---author:scott ---date:2023-09-10  for：积木报表常量----
+   /**
+    * 报表允许设计开发的角色
+    */
+   public static String[] allowDevRoles = new String[]{"lowdeveloper", "admin"};
+   /**
+    * 【对应积木报表的常量】
+    * 数据隔离模式： 按照创建人隔离
+    */
+   public static final String SAAS_MODE_CREATED = "created";
+   /**
+    * 【对应积木报表的常量】
+    * 数据隔离模式： 按照租户隔离
+    */
+   public static final String SAAS_MODE_TENANT = "tenant";
+   //update-end---author:scott ---date::2023-09-10  for：积木报表常量----
+ 
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/CommonSendStatus.java

@@ -28,12 +28,21 @@ public interface CommonSendStatus {
 	public static final String  APP_SESSION_SUFFIX = "_app";
 
 
+	/**-----【流程相关通知模板code】------------------------------------------------------------*/
 	/**流程催办——系统通知消息模板*/
 	public static final String TZMB_BPM_CUIBAN = "bpm_cuiban";
+	/**流程抄送——系统通知消息模板*/
+	public static final String TZMB_BPM_CC = "bpm_cc";
 	/**流程催办——邮件通知消息模板*/
 	public static final String TZMB_BPM_CUIBAN_EMAIL = "bpm_cuiban_email";
 	/**标准模板—系统消息通知*/
 	public static final String TZMB_SYS_TS_NOTE = "sys_ts_note";
 	/**流程超时提醒——系统通知消息模板*/
 	public static final String TZMB_BPM_CHAOSHI_TIP = "bpm_chaoshi_tip";
+	/**-----【流程相关通知模板code】-----------------------------------------------------------*/
+
+	/**
+	 * 系统通知拓展参数（比如：用于流程抄送和催办通知，这里额外传递流程跳转页面所需要的路由参数）
+	 */
+	public static final String MSG_ABSTRACT_JSON = "msg_abstract";
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/DataBaseConstant.java

@@ -18,6 +18,9 @@ public interface DataBaseConstant {
     /**postgreSQL达梦数据库*/
 	public static final String DB_TYPE_POSTGRESQL = "POSTGRESQL";
 	
+    /**人大金仓数据库*/
+	public static final String DB_TYPE_KINGBASEES = "KINGBASEES";
+
     /**sqlserver数据库*/
 	public static final String DB_TYPE_SQLSERVER = "SQLSERVER";
 
@@ -139,16 +142,6 @@ public interface DataBaseConstant {
 	public static final String BPM_STATUS_TABLE = "bpm_status";
 	//*********系统建表标准字段****************************************
 
-
-	/**
-	 * 租户ID 实体字段名
-	 */
-	String TENANT_ID = "tenantId";
-	/**
-	 * 租户ID 数据库字段名
-	 */
-	String TENANT_ID_TABLE = "tenant_id";
-
     /**
      * sql语句 where
      */

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/ServiceNameConstants.java

@@ -33,6 +33,18 @@ public interface ServiceNameConstants {
 	 * 微服务名： demo模块
 	 */
 	String SERVICE_DEMO = "jeecg-demo";
+	/**
+	 * 微服务名：online在线模块
+	 */
+	String SERVICE_ONLINE = "jeecg-online";
+	/**
+	 * 微服务名：OA模块
+	 */
+	String SERVICE_EOA = "jeecg-eoa";
+	/**
+	 * 微服务名：表单设计模块
+	 */
+	String SERVICE_FORM = "jeecg-desform";
 
 	/**
 	 * gateway通过header传递根路径 basePath

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/SymbolConstant.java

@@ -116,4 +116,8 @@ public class SymbolConstant {
      */
     public static final String SQUARE_BRACKETS_RIGHT = "]";
 
+    /**
+     * 拼接字符串符号 分号 ;
+     */
+    public static final String SEMICOLON = ";";
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/TenantConstant.java

@@ -6,17 +6,45 @@ package org.jeecg.common.constant;
  * @date: 2022年08月29日 15:29
  */
 public interface TenantConstant {
-
+    /*------【低代码应用参数】----------------------------------------------*/
     /**
-     * 应用ID——表字段
+     * header的lowAppId标识
      */
-    String DB_FIELD_LOW_APP_ID = "low_app_id";
+    String X_LOW_APP_ID = "X-Low-App-ID";
     /**
      * 应用ID——实体字段
      */
     String FIELD_LOW_APP_ID = "lowAppId";
     /**
-     * 租户ID
+     * 应用ID——表字段
+     */
+    String DB_FIELD_LOW_APP_ID = "low_app_id";
+    /*------【低代码应用参数】---------------------------------------------*/
+
+    /*--------【租户参数】-----------------------------------------------*/
+    /**
+     * 租户ID（实体字段名 和 url参数名）
      */
     String TENANT_ID = "tenantId";
+    /**
+     * 租户ID 数据库字段名
+     */
+    String TENANT_ID_TABLE = "tenant_id";
+    /*-------【租户参数】-----------------------------------------------*/
+
+    /**
+     * 超级管理员
+     */
+    String SUPER_ADMIN = "superAdmin";
+
+    /**
+     * 组织账户管理员
+     */
+    String ACCOUNT_ADMIN = "accountAdmin";
+
+    /**
+     * 组织应用管理员
+     */
+    String APP_ADMIN = "appAdmin";
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/CgformEnum.java

@@ -14,32 +14,33 @@ public enum CgformEnum {
     /**
      * 单表
      */
-    ONE(1, "one", "/jeecg/code-template-online", "default.one", "经典风格"),
-    /**
-     * 多表
-     */
-    MANY(2, "many", "/jeecg/code-template-online", "default.onetomany", "经典风格"),
-    /**
-     * 多表（jvxe风格）
-     *  */
-    JVXE_TABLE(2, "jvxe", "/jeecg/code-template-online", "jvxe.onetomany", "JVXE风格"),
+    ONE(1, "one", "/jeecg/code-template-online", "default.one", "经典风格", new String[]{"vue3","vue","vue3Native"}),
 
     /**
      * 多表
      */
-    ERP(2, "erp", "/jeecg/code-template-online", "erp.onetomany", "ERP风格"),
+    MANY(2, "many", "/jeecg/code-template-online", "default.onetomany", "经典风格" ,new String[]{"vue"}),
+    /**
+     * 多表（jvxe风格）
+     *  */
+    JVXE_TABLE(2, "jvxe", "/jeecg/code-template-online", "jvxe.onetomany", "JVXE风格" ,new String[]{"vue3","vue","vue3Native"}),
+
+    /**
+     * 多表 (erp风格)
+     */
+    ERP(2, "erp", "/jeecg/code-template-online", "erp.onetomany", "ERP风格" ,new String[]{"vue3","vue","vue3Native"}),
     /**
      * 多表（内嵌子表风格）
      */
-    INNER_TABLE(2, "innerTable", "/jeecg/code-template-online", "inner-table.onetomany", "内嵌子表风格"),
+    INNER_TABLE(2, "innerTable", "/jeecg/code-template-online", "inner-table.onetomany", "内嵌子表风格" ,new String[]{"vue3","vue"}),
     /**
      * 多表（tab风格）
      *  */
-    TAB(2, "tab", "/jeecg/code-template-online", "tab.onetomany", "Tab风格"),
+    TAB(2, "tab", "/jeecg/code-template-online", "tab.onetomany", "Tab风格" ,new String[]{"vue3","vue"}),
     /**
      * 树形列表
      */
-    TREE(3, "tree", "/jeecg/code-template-online", "default.tree", "树形列表");
+    TREE(3, "tree", "/jeecg/code-template-online", "default.tree", "树形列表" ,new String[]{"vue3","vue","vue3Native"});
 
     /**
      * 类型 1/单表 2/一对多 3/树
@@ -61,6 +62,10 @@ public enum CgformEnum {
      * 模板风格名称
      */
     String note;
+    /**
+     * 支持代码风格 vue3:vue3包装代码 vue3Native:vue3原生代码 vue:vue2代码
+     */
+    String[] vueStyle;
 
     /**
      * 构造器
@@ -70,13 +75,15 @@ public enum CgformEnum {
      * @param templatePath  模板路径
      * @param stylePath  模板子路径
      * @param note
+     * @param vueStyle 支持代码风格
      */
-    CgformEnum(int type, String code, String templatePath, String stylePath, String note) {
+    CgformEnum(int type, String code, String templatePath, String stylePath, String note, String[] vueStyle) {
         this.type = type;
         this.code = code;
         this.templatePath = templatePath;
         this.stylePath = stylePath;
         this.note = note;
+        this.vueStyle = vueStyle;
     }
 
     /**
@@ -114,6 +121,14 @@ public enum CgformEnum {
         this.stylePath = stylePath;
     }
 
+    public String[] getVueStyle() {
+        return vueStyle;
+    }
+
+    public void setVueStyle(String[] vueStyle) {
+        this.vueStyle = vueStyle;
+    }
+
     /**
      * 根据code找枚举
      *

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/DySmsEnum.java

@@ -1,4 +1,4 @@
-package org.jeecg.common.util;
+package org.jeecg.common.constant.enums;
 
 import org.apache.commons.lang3.StringUtils;
 
@@ -9,15 +9,19 @@ import org.apache.commons.lang3.StringUtils;
 public enum DySmsEnum {
 
     /**登录短信模板编码*/
-	LOGIN_TEMPLATE_CODE("SMS_175435174","JEECG","code"),
+	LOGIN_TEMPLATE_CODE("SMS_175435174","敲敲云","code"),
     /**忘记密码短信模板编码*/
-	FORGET_PASSWORD_TEMPLATE_CODE("SMS_175435174","JEECG","code"),
+	FORGET_PASSWORD_TEMPLATE_CODE("SMS_175435174","敲敲云","code"),
 	/**注册账号短信模板编码*/
-	REGISTER_TEMPLATE_CODE("SMS_175430166","JEECG","code"),
+	REGISTER_TEMPLATE_CODE("SMS_175430166","敲敲云","code"),
 	/**会议通知*/
-	MEET_NOTICE_TEMPLATE_CODE("SMS_201480469","H5活动之家","username,title,minute,time"),
+	MEET_NOTICE_TEMPLATE_CODE("SMS_201480469","JEECG","username,title,minute,time"),
 	/**我的计划通知*/
-	PLAN_NOTICE_TEMPLATE_CODE("SMS_201470515","H5活动之家","username,title,time");
+	PLAN_NOTICE_TEMPLATE_CODE("SMS_201470515","JEECG","username,title,time"),
+	/**支付成功短信通知*/
+	PAY_SUCCESS_NOTICE_CODE("SMS_461735163","敲敲云","realname,money,endTime"),
+	/**会员到期通知提醒*/
+	VIP_EXPIRE_NOTICE_CODE("SMS_461885023","敲敲云","realname,endTime");
 
 	/**
 	 * 短信模板编码

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/EmailTemplateEnum.java

@@ -0,0 +1,66 @@
+package org.jeecg.common.constant.enums;
+
+import org.jeecg.common.util.oConvertUtils;
+
+/**
+ * 邮件html模板配置地址美剧
+ *
+ * @author: liusq
+ * @Date: 2023-10-13
+ */
+public enum EmailTemplateEnum {
+    /**
+     * 流程催办
+     */
+    BPM_CUIBAN_EMAIL("bpm_cuiban_email", "/templates/email/bpm_cuiban_email.ftl"),
+    /**
+     * 流程新任务
+     */
+    BPM_NEW_TASK_EMAIL("bpm_new_task_email", "/templates/email/bpm_new_task_email.ftl"),
+    /**
+     * 表单新增记录
+     */
+    DESFORM_NEW_DATA_EMAIL("desform_new_data_email", "/templates/email/desform_new_data_email.ftl");
+
+    /**
+     * 模板名称
+     */
+    private String name;
+    /**
+     * 模板地址
+     */
+    private String url;
+
+    EmailTemplateEnum(String name, String url) {
+        this.name = name;
+        this.url = url;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+
+    public static EmailTemplateEnum getByName(String name) {
+        if (oConvertUtils.isEmpty(name)) {
+            return null;
+        }
+        for (EmailTemplateEnum val : values()) {
+            if (val.getName().equals(name)) {
+                return val;
+            }
+        }
+        return null;
+    }
+}

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/FileTypeEnum.java

@@ -6,7 +6,7 @@ import org.jeecg.common.util.oConvertUtils;
  * 文件类型
  */
 public enum FileTypeEnum {
-    //    文档类型（folder:文件夹 excel:excel doc:word pp:ppt image:图片  archive:其他文档 video:视频）
+    //    文档类型（folder:文件夹 excel:excel doc:word pp:ppt image:图片  archive:其他文档 video:视频 voice:语音）
 //    FOLDER
     xls(".xls","excel","excel"),
     xlsx(".xlsx","excel","excel"),
@@ -26,7 +26,8 @@ public enum FileTypeEnum {
     flv(".flv","video","视频"),
     mp4(".mp4","video","视频"),
     zip(".zip","zip","压缩包"),
-    pdf(".pdf","pdf","pdf");
+    pdf(".pdf","pdf","pdf"),
+    mp3(".mp3","mp3","语音");
 
     private String type;
     private String value;

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/LowAppAopEnum.java

@@ -1,25 +0,0 @@
-package org.jeecg.common.constant.enums;
-
-/**
- * LowApp 切面注解枚举
- * @date 2022-1-5
- * @author: jeecg-boot
- */
-public enum LowAppAopEnum {
-
-    /**
-     * 新增方法
-     */
-    ADD,
-    /**
-     * 删除方法（包含单个和批量删除）
-     */
-    DELETE,
-    /** 复制表单操作 */
-    COPY,
-
-    /**
-     * Online表单专用：数据库表转Online表单
-     */
-    CGFORM_DB_IMPORT
-}

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/RoleIndexConfigEnum.java

@@ -13,12 +13,16 @@ import java.util.List;
 public enum RoleIndexConfigEnum {
 
     /**首页自定义 admin*/
-    ADMIN("admin", "dashboard/Analysis"),
+//    ADMIN("admin", "dashboard/Analysis"),
     //TEST("test",  "dashboard/IndexChart"),
     /**首页自定义 hr*/
-    HR("hr", "dashboard/IndexBdc");
+//    HR("hr", "dashboard/IndexBdc");
+  
     //DM("dm", "dashboard/IndexTask"),
 
+    // 注：此值仅为防止报错，无任何实际意义
+    ROLE_INDEX_CONFIG_ENUM("RoleIndexConfigEnumDefault", "dashboard/Analysis");
+
     /**
      * 角色编码
      */

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/SysAnnmentTypeEnum.java

@@ -1,4 +1,6 @@
-package org.jeecg.common.util;
+package org.jeecg.common.constant.enums;
+
+import org.jeecg.common.util.oConvertUtils;
 
 /**
  * 系统公告自定义跳转方式
@@ -12,7 +14,16 @@ public enum SysAnnmentTypeEnum {
     /**
      * 流程跳转到我的任务
      */
-    BPM("bpm", "url", "/bpm/task/MyTaskList");
+    BPM("bpm", "url", "/bpm/task/MyTaskList"),
+    
+    /**
+     * 流程抄送任务
+     */
+    BPM_VIEW("bpm_cc", "url", "/bpm/task/MyTaskList"),
+    /**
+     * 邀请用户跳转到个人设置
+     */
+    TENANT_INVITE("tenant_invite", "url", "/system/usersetting");
 
     /**
      * 业务类型(email:邮件 bpm:流程)

jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/enums/Vue3MessageHrefEnum.java

@@ -1,4 +1,4 @@
-package org.jeecg.modules.message.enums;
+package org.jeecg.common.constant.enums;
 
 import org.jeecg.common.system.annotation.EnumDict;
 import org.jeecg.common.system.vo.DictModel;
@@ -19,6 +19,16 @@ public enum Vue3MessageHrefEnum {
      */
     BPM("bpm", "/task/myHandleTaskInfo"),
     
+    /**
+     * 系统消息通知
+     */
+    BPM_SYSTEM_MSG("bpm_msg_node", ""),
+    
+    /**
+     * 流程抄送任务
+     */
+    BPM_VIEW("bpm_cc", "/task/myHandleTaskInfo"),
+
     /**
      * 节点通知
      */

jeecg-boot-base-core/src/main/java/org/jeecg/common/desensitization/util/SensitiveInfoUtil.java

@@ -63,11 +63,12 @@ public class SensitiveInfoUtil {
      * @throws IllegalAccessException
      */
     public static Object handlerObject(Object obj, boolean isEncode) throws IllegalAccessException {
-        log.debug(" obj --> "+ obj.toString());
-        long startTime=System.currentTimeMillis();
         if (oConvertUtils.isEmpty(obj)) {
             return obj;
         }
+        long startTime=System.currentTimeMillis();
+        log.debug(" obj --> "+ obj.toString());
+        
         // 判断是不是一个对象
         Field[] fields = obj.getClass().getDeclaredFields();
         for (Field field : fields) {

jeecg-boot-base-core/src/main/java/org/jeecg/common/es/JeecgElasticsearchTemplate.java

@@ -7,6 +7,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.jeecg.common.util.RestUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
@@ -22,6 +23,7 @@ import java.util.*;
  */
 @Slf4j
 @Component
+@ConditionalOnProperty(prefix = "jeecg.elasticsearch", name = "cluster-nodes")
 public class JeecgElasticsearchTemplate {
     /** es服务地址 */
     private String baseUrl;

jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootException.java

@@ -1,5 +1,7 @@
 package org.jeecg.common.exception;
 
+import org.jeecg.common.constant.CommonConstant;
+
 /**
  * @Description: jeecg-boot自定义异常
  * @author: jeecg-boot
@@ -7,10 +9,24 @@ package org.jeecg.common.exception;
 public class JeecgBootException extends RuntimeException {
 	private static final long serialVersionUID = 1L;
 
+	/**
+	 * 返回给前端的错误code
+	 */
+	private int errCode = CommonConstant.SC_INTERNAL_SERVER_ERROR_500;
+
 	public JeecgBootException(String message){
 		super(message);
 	}
 
+	public JeecgBootException(String message, int errCode){
+		super(message);
+		this.errCode = errCode;
+	}
+
+	public int getErrCode() {
+		return errCode;
+	}
+
 	public JeecgBootException(Throwable cause)
 	{
 		super(cause);

jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java

@@ -1,6 +1,7 @@
 package org.jeecg.common.exception;
 
 import cn.hutool.core.util.ObjectUtil;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.authz.UnauthorizedException;
 import org.jeecg.common.api.vo.Result;
@@ -16,8 +17,6 @@ import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.multipart.MaxUploadSizeExceededException;
 import org.springframework.web.servlet.NoHandlerFoundException;
 
-import lombok.extern.slf4j.Slf4j;
-
 /**
  * 异常处理器
  * 
@@ -34,7 +33,7 @@ public class JeecgBootExceptionHandler {
 	@ExceptionHandler(JeecgBootException.class)
 	public Result<?> handleJeecgBootException(JeecgBootException e){
 		log.error(e.getMessage(), e);
-		return Result.error(e.getMessage());
+		return Result.error(e.getErrCode(), e.getMessage());
 	}
 
 	/**
@@ -133,4 +132,24 @@ public class JeecgBootExceptionHandler {
         return Result.error("Redis 连接异常!");
     }
 
+
+	/**
+	 * SQL注入风险，全局异常处理
+	 *
+	 * @param exception
+	 * @return
+	 */
+	@ExceptionHandler(JeecgSqlInjectionException.class)
+	public Result<?> handleSQLException(Exception exception) {
+		String msg = exception.getMessage().toLowerCase();
+		final String extractvalue = "extractvalue";
+		final String updatexml = "updatexml";
+		boolean hasSensitiveInformation = msg.indexOf(extractvalue) >= 0 || msg.indexOf(updatexml) >= 0;
+		if (msg != null && hasSensitiveInformation) {
+			log.error("校验失败，存在SQL注入风险！{}", msg);
+			return Result.error("校验失败，存在SQL注入风险！");
+		}
+		return Result.error("校验失败，存在SQL注入风险！" + msg);
+	}
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgSqlInjectionException.java

@@ -0,0 +1,23 @@
+package org.jeecg.common.exception;
+
+/**
+ * @Description: jeecg-boot自定义SQL注入异常
+ * @author: jeecg-boot
+ */
+public class JeecgSqlInjectionException extends RuntimeException {
+	private static final long serialVersionUID = 1L;
+
+	public JeecgSqlInjectionException(String message){
+		super(message);
+	}
+	
+	public JeecgSqlInjectionException(Throwable cause)
+	{
+		super(cause);
+	}
+	
+	public JeecgSqlInjectionException(String message, Throwable cause)
+	{
+		super(message,cause);
+	}
+}

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java

@@ -11,6 +11,7 @@ import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.JeecgBaseConfig;
 import org.jeecgframework.poi.excel.ExcelImportUtil;
 import org.jeecgframework.poi.excel.def.NormalExcelConstants;
 import org.jeecgframework.poi.excel.entity.ExportParams;
@@ -18,16 +19,15 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
 import org.jeecgframework.poi.excel.entity.enmus.ExcelType;
 import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
 import org.springframework.web.servlet.ModelAndView;
 
+import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.*;
-import java.util.stream.Collectors;
 
 /**
  * @Description: Controller基类
@@ -40,9 +40,9 @@ public class JeecgController<T, S extends IService<T>> {
     /**issues/2933 JeecgController注入service时改用protected修饰，能避免重复引用service*/
     @Autowired
     protected S service;
+    @Resource
+    private JeecgBaseConfig jeecgBaseConfig;
     
-    @Value("${jeecg.path.upload}")
-    private String upLoadPath;
     /**
      * 导出excel
      *
@@ -69,7 +69,7 @@ public class JeecgController<T, S extends IService<T>> {
         mv.addObject(NormalExcelConstants.CLASS, clazz);
         //update-begin--Author:liusq  Date:20210126 for：图片导出报错，ImageBasePath未设置--------------------
         ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title);
-        exportParams.setImageBasePath(upLoadPath);
+        exportParams.setImageBasePath(jeecgBaseConfig.getPath().getUpload());
         //update-end--Author:liusq  Date:20210126 for：图片导出报错，ImageBasePath未设置----------------------
         mv.addObject(NormalExcelConstants.PARAMS,exportParams);
         mv.addObject(NormalExcelConstants.DATA_LIST, exportList);
@@ -108,7 +108,7 @@ public class JeecgController<T, S extends IService<T>> {
             IPage<T> pageList = service.page(page, queryWrapper);
             List<T> exportList = pageList.getRecords();
             Map<String, Object> map = new HashMap<>(5);
-            ExportParams  exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title+i,upLoadPath);
+            ExportParams exportParams=new ExportParams(title + "报表", "导出人:" + sysUser.getRealname(), title+i,jeecgBaseConfig.getPath().getUpload());
             exportParams.setType(ExcelType.XSSF);
             //map.put("title",exportParams);
             //表格Title

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryCondition.java

@@ -21,6 +21,14 @@ public class QueryCondition implements Serializable {
 	private String rule;
 	private String val;
 
+	public QueryCondition(String field, String type, String dbType, String rule, String val) {
+		this.field = field;
+		this.type = type;
+		this.dbType = dbType;
+		this.rule = rule;
+		this.val = val;
+	}
+	
 	public String getField() {
 		return field;
 	}

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java

@@ -19,11 +19,9 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.util.JeecgDataAutorUtils;
 import org.jeecg.common.system.util.JwtUtil;
+import org.jeecg.common.system.util.SqlConcatUtil;
 import org.jeecg.common.system.vo.SysPermissionDataRuleModel;
-import org.jeecg.common.util.CommonUtils;
-import org.jeecg.common.util.DateUtils;
-import org.jeecg.common.util.SqlInjectionUtil;
-import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.common.util.*;
 import org.springframework.util.NumberUtils;
 
 import com.alibaba.fastjson.JSON;
@@ -143,7 +141,7 @@ public class QueryGenerator {
 				}
 
 				Object value = PropertyUtils.getSimpleProperty(searchObj, name);
-				column = getTableFieldName(searchObj.getClass(), name);
+				column = ReflectHelper.getTableFieldName(searchObj.getClass(), name);
 				if(column==null){
 					//column为null只有一种情况 那就是 添加了注解@TableField(exist = false) 后续都不用处理了
 					continue;
@@ -193,7 +191,7 @@ public class QueryGenerator {
 			}
 		}
 		// 排序逻辑 处理
-		doMultiFieldsOrder(queryWrapper, parameterMap, fieldColumnMap.keySet());
+		doMultiFieldsOrder(queryWrapper, parameterMap, fieldColumnMap);
 				
 		//高级查询
 		doSuperQuery(queryWrapper, parameterMap, fieldColumnMap);
@@ -229,7 +227,8 @@ public class QueryGenerator {
 		}
 	}
 	
-	private static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap, Set<String> allFields) {
+	private static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap, Map<String,String> fieldColumnMap) {
+		Set<String> allFields = fieldColumnMap.keySet();
 		String column=null,order=null;
 		if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) {
 			column = parameterMap.get(ORDER_COLUMN)[0];
@@ -238,6 +237,15 @@ public class QueryGenerator {
 			order = parameterMap.get(ORDER_TYPE)[0];
 		}
         log.debug("排序规则>>列:" + column + ",排序方式:" + order);
+
+		//update-begin-author:scott date:2022-11-07 for:避免用户自定义表无默认字段{创建时间}，导致排序报错
+		//TODO 避免用户自定义表无默认字段创建时间，导致排序报错
+		if(DataBaseConstant.CREATE_TIME.equals(column) && !fieldColumnMap.containsKey(DataBaseConstant.CREATE_TIME)){
+			column = "id";
+			log.warn("检测到实体里没有字段createTime，改成采用ID排序！");
+		}
+		//update-end-author:scott date:2022-11-07 for:避免用户自定义表无默认字段{创建时间}，导致排序报错
+		
 		if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) {
 			//字典字段，去掉字典翻译文本后缀
 			if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) {
@@ -252,6 +260,19 @@ public class QueryGenerator {
 			}
 			//update-end-author:taoyan date:2022-5-16 for: issues/3676 获取系统用户列表时，使用SQL注入生效
 
+			//update-begin-author:scott date:2022-10-10 for:【jeecg-boot/issues/I5FJU6】doMultiFieldsOrder() 多字段排序方法存在问题
+			//多字段排序方法没有读取 MybatisPlus 注解 @TableField 里 value 的值
+			if (column.contains(",")) {
+				List<String> columnList = Arrays.asList(column.split(","));
+				String columnStrNew = columnList.stream().map(c -> fieldColumnMap.get(c)).collect(Collectors.joining(","));
+				if (oConvertUtils.isNotEmpty(columnStrNew)) {
+					column = columnStrNew;
+				}
+			}else{
+				column = fieldColumnMap.get(column);
+			}
+			//update-end-author:scott date:2022-10-10 for:【jeecg-boot/issues/I5FJU6】doMultiFieldsOrder() 多字段排序方法存在问题
+
 			//SQL注入check
 			SqlInjectionUtil.filterContent(column);
 
@@ -260,15 +281,9 @@ public class QueryGenerator {
 			// 将现有排序 _ 前端传递排序条件{....,column: 'column1,column2',order: 'desc'} 翻译成sql "column1,column2 desc"
 			// 修改为 _ 前端传递排序条件{....,column: 'column1,column2',order: 'desc'} 翻译成sql "column1 desc,column2 desc"
 			if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) {
-				//queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column));
-				String columnStr = oConvertUtils.camelToUnderline(column);
-				String[] columnArray = columnStr.split(",");
-				queryWrapper.orderByAsc(Arrays.asList(columnArray));
+				queryWrapper.orderByAsc(SqlInjectionUtil.getSqlInjectSortFields(column.split(",")));
 			} else {
-				//queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column));
-				String columnStr = oConvertUtils.camelToUnderline(column);
-				String[] columnArray = columnStr.split(",");
-				queryWrapper.orderByDesc(Arrays.asList(columnArray));
+				queryWrapper.orderByDesc(SqlInjectionUtil.getSqlInjectSortFields(column.split(",")));
 			}
 			//update-end--Author:scott  Date:20210531 for：36 多条件排序无效问题修正-------
 		}
@@ -324,7 +339,7 @@ public class QueryGenerator {
 					return;
 				}
 				// update-end-author:sunjianlei date:20220119 for: 【JTC-573】 过滤空条件查询，防止 sql 拼接多余的 and
-                log.info("---高级查询参数-->" + filterConditions);
+                log.debug("---高级查询参数-->" + filterConditions);
 
                 queryWrapper.and(andWrapper -> {
                     for (int i = 0; i < filterConditions.size(); i++) {
@@ -618,11 +633,11 @@ public class QueryGenerator {
 	 * @param value        查询条件值
 	 */
 	public static void addEasyQuery(QueryWrapper<?> queryWrapper, String name, QueryRuleEnum rule, Object value) {
-		if (value == null || rule == null || oConvertUtils.isEmpty(value)) {
+		if (name==null || value == null || rule == null || oConvertUtils.isEmpty(value)) {
 			return;
 		}
 		name = oConvertUtils.camelToUnderline(name);
-		log.info("---查询过滤器，Query规则---field:{}, rule:{}, value:{}",name,rule.getValue(),value);
+		log.debug("---高级查询 Query规则---field:{} , rule:{} , value:{}",name,rule.getValue(),value);
 		switch (rule) {
 		case GT:
 			queryWrapper.gt(name, value);
@@ -690,7 +705,14 @@ public class QueryGenerator {
 	 */
 	public static Map<String, SysPermissionDataRuleModel> getRuleMap() {
 		Map<String, SysPermissionDataRuleModel> ruleMap = new HashMap<>(5);
-		List<SysPermissionDataRuleModel> list =JeecgDataAutorUtils.loadDataSearchConditon();
+		List<SysPermissionDataRuleModel> list = null;
+		//update-begin-author:taoyan date:2023-6-1 for:QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
+		try {
+			list = JeecgDataAutorUtils.loadDataSearchConditon();
+		}catch (Exception e){
+			log.error("根据request对象获取权限数据失败，可能是定时任务中执行的。", e);
+		}
+		//update-end-author:taoyan date:2023-6-1 for:QQYUN-5441 【简流】获取多个用户/部门/角色 设置部门查询 报错
 		if(list != null&&list.size()>0){
 			if(list.get(0)==null){
 				return ruleMap;
@@ -798,223 +820,7 @@ public class QueryGenerator {
 	 * @return
 	 */
 	public static String getSingleQueryConditionSql(String field,String alias,Object value,boolean isString) {
-		return getSingleQueryConditionSql(field, alias, value, isString,null);
-	}
-
-	/**
-	 * 报表获取查询条件 支持多数据源
-	 * @param field
-	 * @param alias
-	 * @param value
-	 * @param isString
-	 * @param dataBaseType
-	 * @return
-	 */
-	public static String getSingleQueryConditionSql(String field,String alias,Object value,boolean isString, String dataBaseType) {
-		if (value == null) {
-			return "";
-		}
-		field =  alias+oConvertUtils.camelToUnderline(field);
-		QueryRuleEnum rule = QueryGenerator.convert2Rule(value);
-		return getSingleSqlByRule(rule, field, value, isString, dataBaseType);
-	}
-
-	/**
-	 * 获取单个查询条件的值
-	 * @param rule
-	 * @param field
-	 * @param value
-	 * @param isString
-	 * @param dataBaseType
-	 * @return
-	 */
-	private static String getSingleSqlByRule(QueryRuleEnum rule,String field,Object value,boolean isString, String dataBaseType) {
-		String res = "";
-		switch (rule) {
-		case GT:
-			res =field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case GE:
-			res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case LT:
-			res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case LE:
-			res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case EQ:
-			res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case EQ_WITH_ADD:
-			res = field+" = "+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case NE:
-			res = field+" <> "+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		case IN:
-			res = field + " in "+getInConditionValue(value, isString);
-			break;
-		case LIKE:
-			res = field + " like "+getLikeConditionValue(value, QueryRuleEnum.LIKE);
-			break;
-		case LEFT_LIKE:
-			res = field + " like "+getLikeConditionValue(value, QueryRuleEnum.LEFT_LIKE);
-			break;
-		case RIGHT_LIKE:
-			res = field + " like "+getLikeConditionValue(value, QueryRuleEnum.RIGHT_LIKE);
-			break;
-		default:
-			res = field+" = "+getFieldConditionValue(value, isString, dataBaseType);
-			break;
-		}
-		return res;
-	}
-
-
-	/**
-	 * 获取单个查询条件的值
-	 * @param rule
-	 * @param field
-	 * @param value
-	 * @param isString
-	 * @return
-	 */
-	private static String getSingleSqlByRule(QueryRuleEnum rule,String field,Object value,boolean isString) {
-		return getSingleSqlByRule(rule, field, value, isString, null);
-	}
-
-	/**
-	 * 获取查询条件的值
-	 * @param value
-	 * @param isString
-	 * @param dataBaseType
-	 * @return
-	 */
-	private static String getFieldConditionValue(Object value,boolean isString, String dataBaseType) {
-		String str = value.toString().trim();
-		if(str.startsWith(SymbolConstant.EXCLAMATORY_MARK)) {
-			str = str.substring(1);
-		}else if(str.startsWith(QueryRuleEnum.GE.getValue())) {
-			str = str.substring(2);
-		}else if(str.startsWith(QueryRuleEnum.LE.getValue())) {
-			str = str.substring(2);
-		}else if(str.startsWith(QueryRuleEnum.GT.getValue())) {
-			str = str.substring(1);
-		}else if(str.startsWith(QueryRuleEnum.LT.getValue())) {
-			str = str.substring(1);
-		}else if(str.indexOf(QUERY_COMMA_ESCAPE)>0) {
-			str = str.replaceAll("\\+\\+", COMMA);
-		}
-		if(dataBaseType==null){
-			dataBaseType = getDbType();
-		}
-		if(isString) {
-			if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(dataBaseType)){
-				return " N'"+str+"' ";
-			}else{
-				return " '"+str+"' ";
-			}
-		}else {
-			// 如果不是字符串 有一种特殊情况 popup调用都走这个逻辑 参数传递的可能是“‘admin’”这种格式的
-			if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(dataBaseType) && str.endsWith(SymbolConstant.SINGLE_QUOTATION_MARK) && str.startsWith(SymbolConstant.SINGLE_QUOTATION_MARK)){
-				return " N"+str;
-			}
-			return value.toString();
-		}
-	}
-
-	private static String getInConditionValue(Object value,boolean isString) {
-		//update-begin-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
-		String[] temp = value.toString().split(",");
-		if(temp.length==0){
-			return "('')";
-		}
-		if(isString) {
-			List<String> res = new ArrayList<>();
-			for (String string : temp) {
-				if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
-					res.add("N'"+string+"'");
-				}else{
-					res.add("'"+string+"'");
-				}
-			}
-			return "("+String.join("," ,res)+")";
-		}else {
-			return "("+value.toString()+")";
-		}
-		//update-end-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
-	}
-
-	/**
-	 * 先根据值判断 走左模糊还是右模糊
-	 * 最后如果值不带任何标识(*或者%)，则再根据ruleEnum判断
-	 * @param value
-	 * @param ruleEnum
-	 * @return
-	 */
-	private static String getLikeConditionValue(Object value, QueryRuleEnum ruleEnum) {
-		String str = value.toString().trim();
-		if(str.startsWith(SymbolConstant.ASTERISK) && str.endsWith(SymbolConstant.ASTERISK)) {
-			if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
-				return "N'%"+str.substring(1,str.length()-1)+"%'";
-			}else{
-				return "'%"+str.substring(1,str.length()-1)+"%'";
-			}
-		}else if(str.startsWith(SymbolConstant.ASTERISK)) {
-			if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
-				return "N'%"+str.substring(1)+"'";
-			}else{
-				return "'%"+str.substring(1)+"'";
-			}
-		}else if(str.endsWith(SymbolConstant.ASTERISK)) {
-			if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
-				return "N'"+str.substring(0,str.length()-1)+"%'";
-			}else{
-				return "'"+str.substring(0,str.length()-1)+"%'";
-			}
-		}else {
-			if(str.indexOf(SymbolConstant.PERCENT_SIGN)>=0) {
-				if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
-					if(str.startsWith(SymbolConstant.SINGLE_QUOTATION_MARK) && str.endsWith(SymbolConstant.SINGLE_QUOTATION_MARK)){
-						return "N"+str;
-					}else{
-						return "N"+"'"+str+"'";
-					}
-				}else{
-					if(str.startsWith(SymbolConstant.SINGLE_QUOTATION_MARK) && str.endsWith(SymbolConstant.SINGLE_QUOTATION_MARK)){
-						return str;
-					}else{
-						return "'"+str+"'";
-					}
-				}
-			}else {
-
-				//update-begin-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
-				// 走到这里说明 value不带有任何模糊查询的标识(*或者%)
-				if (ruleEnum == QueryRuleEnum.LEFT_LIKE) {
-					if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
-						return "N'%" + str + "'";
-					} else {
-						return "'%" + str + "'";
-					}
-				} else if (ruleEnum == QueryRuleEnum.RIGHT_LIKE) {
-					if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
-						return "N'" + str + "%'";
-					} else {
-						return "'" + str + "%'";
-					}
-				} else {
-					if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
-						return "N'%" + str + "%'";
-					} else {
-						return "'%" + str + "%'";
-					}
-				}
-				//update-end-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
-
-			}
-		}
+		return SqlConcatUtil.getSingleQueryConditionSql(field, alias, value, isString,null);
 	}
 	
 	/**
@@ -1041,7 +847,7 @@ public class QueryGenerator {
 				continue;
 			}
 			if(ruleMap.containsKey(name)) {
-				column = getTableFieldName(clazz, name);
+				column = ReflectHelper.getTableFieldName(clazz, name);
 				if(column==null){
 					continue;
 				}
@@ -1055,7 +861,7 @@ public class QueryGenerator {
 				}else {
 					value = NumberUtils.parseNumber(dataRule.getRuleValue(),propType);
 				}
-				String filedSql = getSingleSqlByRule(rule, oConvertUtils.camelToUnderline(column), value,isString);
+				String filedSql = SqlConcatUtil.getSingleSqlByRule(rule, oConvertUtils.camelToUnderline(column), value,isString);
 				sb.append(sqlAnd+filedSql);
 			}
 		}
@@ -1084,7 +890,7 @@ public class QueryGenerator {
 			if (judgedIsUselessField(name)) {
 				continue;
 			}
-			column = getTableFieldName(clazz, name);
+			column = ReflectHelper.getTableFieldName(clazz, name);
 			if(column==null){
 				continue;
 			}
@@ -1103,42 +909,6 @@ public class QueryGenerator {
 		return getSqlRuleValue(sql);
 	}
 
-	/**
-	 * 获取所有配置的权限 返回sql字符串 不受字段限制 配置什么就拿到什么
-	 * @return
-	 */
-	public static String getAllConfigAuth() {
-		StringBuffer sb = new StringBuffer();
-		//权限查询
-		Map<String,SysPermissionDataRuleModel> ruleMap = getRuleMap();
-		String sqlAnd = " and ";
-		for (String c : ruleMap.keySet()) {
-			SysPermissionDataRuleModel dataRule = ruleMap.get(c);
-			String ruleValue = dataRule.getRuleValue();
-			if(oConvertUtils.isEmpty(ruleValue)){
-				continue;
-			}
-			if(oConvertUtils.isNotEmpty(c) && c.startsWith(SQL_RULES_COLUMN)){
-				sb.append(sqlAnd+getSqlRuleValue(ruleValue));
-			}else{
-				boolean isString  = false;
-				ruleValue = ruleValue.trim();
-				if(ruleValue.startsWith("'") && ruleValue.endsWith("'")){
-					isString = true;
-					ruleValue = ruleValue.substring(1,ruleValue.length()-1);
-				}
-				QueryRuleEnum rule = QueryRuleEnum.getByValue(dataRule.getRuleConditions());
-				String value = converRuleValue(ruleValue);
-				String filedSql = getSingleSqlByRule(rule, c, value,isString);
-				sb.append(sqlAnd+filedSql);
-			}
-		}
-		log.info("query auth sql is = "+sb.toString());
-		return sb.toString();
-	}
-
-
-
 	/**
 	 * 获取系统数据库类型
 	 */
@@ -1146,71 +916,6 @@ public class QueryGenerator {
 		return CommonUtils.getDatabaseType();
 	}
 
-
-	/**
-	 * 获取class的 包括父类的
-	 * @param clazz
-	 * @return
-	 */
-	private static List<Field> getClassFields(Class<?> clazz) {
-		List<Field> list = new ArrayList<Field>();
-		Field[] fields;
-		do{
-			fields = clazz.getDeclaredFields();
-			for(int i = 0;i<fields.length;i++){
-				list.add(fields[i]);
-			}
-			clazz = clazz.getSuperclass();
-		}while(clazz!= Object.class&&clazz!=null);
-		return list;
-	}
-
-	/**
-	 * 获取表字段名
-	 * @param clazz
-	 * @param name
-	 * @return
-	 */
-	private static String getTableFieldName(Class<?> clazz, String name) {
-		try {
-			//如果字段加注解了@TableField(exist = false),不走DB查询
-			Field field = null;
-			try {
-				field = clazz.getDeclaredField(name);
-			} catch (NoSuchFieldException e) {
-				//e.printStackTrace();
-			}
-
-			//如果为空，则去父类查找字段
-			if (field == null) {
-				List<Field> allFields = getClassFields(clazz);
-				List<Field> searchFields = allFields.stream().filter(a -> a.getName().equals(name)).collect(Collectors.toList());
-				if(searchFields!=null && searchFields.size()>0){
-					field = searchFields.get(0);
-				}
-			}
-
-			if (field != null) {
-				TableField tableField = field.getAnnotation(TableField.class);
-				if (tableField != null){
-					if(tableField.exist() == false){
-						//如果设置了TableField false 这个字段不需要处理
-						return null;
-					}else{
-						String column = tableField.value();
-						//如果设置了TableField value 这个字段是实体字段
-						if(!"".equals(column)){
-							return column;
-						}
-					}
-				}
-			}
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-		return name;
-	}
-
 	/**
 	 * mysql 模糊查询之特殊字符下划线 （_、\）
 	 *

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryRuleEnum.java

@@ -25,6 +25,8 @@ public enum QueryRuleEnum {
     IN("IN","in","包含"),
     /**查询规则 全模糊*/
     LIKE("LIKE","like","全模糊"),
+    /**查询规则 不模糊包含*/
+    NOT_LIKE("NOT_LIKE","not_like","不模糊包含"),
     /**查询规则 左模糊*/
     LEFT_LIKE("LEFT_LIKE","left_like","左模糊"),
     /**查询规则 右模糊*/
@@ -34,7 +36,21 @@ public enum QueryRuleEnum {
     /**查询规则 多词模糊匹配*/
     LIKE_WITH_AND("LIKEWITHAND","like_with_and","多词模糊匹配————暂时未用上"),
     /**查询规则 自定义SQL片段*/
-    SQL_RULES("USE_SQL_RULES","ext","自定义SQL片段");
+    SQL_RULES("USE_SQL_RULES","ext","自定义SQL片段"),
+    
+    // ------- 当前表单设计器内专用 -------
+    /** 值为空 */
+    EMPTY("EMPTY","empty","值为空"),
+    /** 值不为空 */
+    NOT_EMPTY("NOT_EMPTY","not_empty","值不为空"),
+    /**查询规则 不包含*/
+    NOT_IN("NOT_IN","not_in","不包含"),
+    /**查询规则 多词匹配*/
+    ELE_MATCH("ELE_MATCH","elemMatch","多词匹配"),
+    /**查询规则 范围查询*/
+    RANGE("RANGE","range","范围查询"),
+    NOT_RANGE("NOT_RANGE","not_range","不在范围查询");
+    // ------- 当前表单设计器内专用 -------
 
     private String value;
     
@@ -77,7 +93,7 @@ public enum QueryRuleEnum {
     		return null;
     	}
         for(QueryRuleEnum val :values()){
-            if (val.getValue().equals(value) || val.getCondition().equals(value)){
+            if (val.getValue().equals(value) || val.getCondition().equalsIgnoreCase(value)){
                 return val;
             }
         }

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java

@@ -16,11 +16,13 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.DataBaseConstant;
 import org.jeecg.common.constant.SymbolConstant;
+import org.jeecg.common.constant.TenantConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.system.vo.SysUserCacheInfo;
@@ -33,10 +35,11 @@ import org.jeecg.common.util.oConvertUtils;
  * @Date 2018-07-12 14:23
  * @Desc JWT工具类
  **/
+@Slf4j
 public class JwtUtil {
 
-	/**Token有效期为1小时（Token在reids中缓存时间为两倍）*/
-	public static final long EXPIRE_TIME = 60 * 60 * 1000;
+	/**Token有效期为7天（Token在reids中缓存时间为两倍）*/
+	public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000;
 	static final String WELL_NUMBER = SymbolConstant.WELL_NUMBER + SymbolConstant.LEFT_CURLY_BRACKET;
 
     /**
@@ -50,6 +53,7 @@ public class JwtUtil {
 		// issues/I4YH95浏览器显示乱码问题
 		httpServletResponse.setHeader("Content-type", "text/html;charset=UTF-8");
         Result jsonResult = new Result(code, errorMsg);
+		jsonResult.setSuccess(false);
         OutputStream os = null;
         try {
             os = httpServletResponse.getOutputStream();
@@ -162,14 +166,23 @@ public class JwtUtil {
 	 * @return
 	 */
 	public static String getUserSystemData(String key, SysUserCacheInfo user) {
+		//1.优先获取 SysUserCacheInfo
 		if(user==null) {
+			try {
 				user = JeecgDataAutorUtils.loadUserInfo();
+			} catch (Exception e) {
+				log.warn("获取用户信息异常：" + e.getMessage());
 			}
+		}
+		//2.通过shiro获取登录用户信息
+		LoginUser sysUser = null;
+		try {
+			sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+		} catch (Exception e) {
+			log.warn("SecurityUtils.getSubject() 获取用户信息异常：" + e.getMessage());
+		}
+
 		//#{sys_user_code}%
-		
-		// 获取登录用户信息
-		LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
-		
 		String moshi = "";
         String wellNumber = WELL_NUMBER;
 		if(key.indexOf(SymbolConstant.RIGHT_CURLY_BRACKET)!=-1){
@@ -182,6 +195,24 @@ public class JwtUtil {
 		} else {
 			key = key;
 		}
+		//替换为当前系统时间(年月日)
+		if (key.equals(DataBaseConstant.SYS_DATE)|| key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) {
+			returnValue = DateUtils.formatDate();
+		}
+		//替换为当前系统时间（年月日时分秒）
+		else if (key.equals(DataBaseConstant.SYS_TIME)|| key.toLowerCase().equals(DataBaseConstant.SYS_TIME_TABLE)) {
+			returnValue = DateUtils.now();
+		}
+		//流程状态默认值（默认未发起）
+		else if (key.equals(DataBaseConstant.BPM_STATUS)|| key.toLowerCase().equals(DataBaseConstant.BPM_STATUS_TABLE)) {
+			returnValue = "1";
+		}
+
+		//后台任务获取用户信息异常，导致程序中断
+		if(sysUser==null && user==null){
+			return null;
+		}
+		
 		//替换为系统登录用户帐号
 		if (key.equals(DataBaseConstant.SYS_USER_CODE)|| key.toLowerCase().equals(DataBaseConstant.SYS_USER_CODE_TABLE)) {
 			if(user==null) {
@@ -220,24 +251,12 @@ public class JwtUtil {
 				}
 			}
 		}
-		//替换为当前系统时间(年月日)
-		else if (key.equals(DataBaseConstant.SYS_DATE)|| key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) {
-			returnValue = DateUtils.formatDate();
-		}
-		//替换为当前系统时间（年月日时分秒）
-		else if (key.equals(DataBaseConstant.SYS_TIME)|| key.toLowerCase().equals(DataBaseConstant.SYS_TIME_TABLE)) {
-			returnValue = DateUtils.now();
-		}
-		//流程状态默认值（默认未发起）
-		else if (key.equals(DataBaseConstant.BPM_STATUS)|| key.toLowerCase().equals(DataBaseConstant.BPM_STATUS_TABLE)) {
-			returnValue = "1";
-		}
 		//update-begin-author:taoyan date:20210330 for:多租户ID作为系统变量
-		else if (key.equals(DataBaseConstant.TENANT_ID) || key.toLowerCase().equals(DataBaseConstant.TENANT_ID_TABLE)){
-			returnValue = sysUser.getRelTenantIds();
-            boolean flag = returnValue != null && returnValue.indexOf(SymbolConstant.COMMA) > 0;
-            if(oConvertUtils.isEmpty(returnValue) || flag){
+		else if (key.equals(TenantConstant.TENANT_ID) || key.toLowerCase().equals(TenantConstant.TENANT_ID_TABLE)){
+			try {
 				returnValue = SpringContextUtils.getHttpServletRequest().getHeader(CommonConstant.TENANT_ID);
+			} catch (Exception e) {
+				log.warn("获取系统租户异常：" + e.getMessage());
 			}
 		}
 		//update-end-author:taoyan date:20210330 for:多租户ID作为系统变量

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/ResourceUtil.java

@@ -36,6 +36,12 @@ public class ResourceUtil {
      */
     private final static String CLASS_PATTERN="/**/*.class";
 
+    /**
+     * 所有枚举java类
+     */
+
+    private final static String CLASS_ENUM_PATTERN="/**/*Enum.class";
+
     /**
      * 包路径 org.jeecg
      */
@@ -55,7 +61,7 @@ public class ResourceUtil {
             return enumDictData;
         }
         ResourcePatternResolver resourcePatternResolver = new PathMatchingResourcePatternResolver();
-        String pattern = ResourcePatternResolver.CLASSPATH_ALL_URL_PREFIX + ClassUtils.convertClassNameToResourcePath(BASE_PACKAGE) + CLASS_PATTERN;
+        String pattern = ResourcePatternResolver.CLASSPATH_ALL_URL_PREFIX + ClassUtils.convertClassNameToResourcePath(BASE_PACKAGE) + CLASS_ENUM_PATTERN;
         try {
             Resource[] resources = resourcePatternResolver.getResources(pattern);
             MetadataReaderFactory readerFactory = new CachingMetadataReaderFactory(resourcePatternResolver);

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/SqlConcatUtil.java

@@ -0,0 +1,243 @@
+package org.jeecg.common.system.util;
+
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.constant.DataBaseConstant;
+import org.jeecg.common.constant.SymbolConstant;
+import org.jeecg.common.system.query.QueryGenerator;
+import org.jeecg.common.system.query.QueryRuleEnum;
+import org.jeecg.common.util.CommonUtils;
+import org.jeecg.common.util.oConvertUtils;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @Description: 查询过滤器，SQL拼接写法拆成独立工具类
+ * @author:qinfeng
+ * @date 20230904
+ */
+@Slf4j
+public class SqlConcatUtil {
+
+    /**
+     * 获取单个查询条件的值
+     * @param rule
+     * @param field
+     * @param value
+     * @param isString
+     * @return
+     */
+    public static String getSingleSqlByRule(QueryRuleEnum rule,String field,Object value,boolean isString) {
+        return getSingleSqlByRule(rule, field, value, isString, null);
+    }
+    
+    /**
+     * 报表获取查询条件 支持多数据源
+     * @param field
+     * @param alias
+     * @param value
+     * @param isString
+     * @param dataBaseType
+     * @return
+     */
+    public static String getSingleQueryConditionSql(String field,String alias,Object value,boolean isString, String dataBaseType) {
+        if (value == null) {
+            return "";
+        }
+        field =  alias+oConvertUtils.camelToUnderline(field);
+        QueryRuleEnum rule = QueryGenerator.convert2Rule(value);
+        return getSingleSqlByRule(rule, field, value, isString, dataBaseType);
+    }
+
+    /**
+     * 获取单个查询条件的值
+     * @param rule
+     * @param field
+     * @param value
+     * @param isString
+     * @param dataBaseType
+     * @return
+     */
+    private static String getSingleSqlByRule(QueryRuleEnum rule,String field,Object value,boolean isString, String dataBaseType) {
+        String res = "";
+        switch (rule) {
+            case GT:
+                res =field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case GE:
+                res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case LT:
+                res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case LE:
+                res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case EQ:
+                res = field+rule.getValue()+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case EQ_WITH_ADD:
+                res = field+" = "+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case NE:
+                res = field+" <> "+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+            case IN:
+                res = field + " in "+getInConditionValue(value, isString);
+                break;
+            case LIKE:
+                res = field + " like "+getLikeConditionValue(value, QueryRuleEnum.LIKE);
+                break;
+            case LEFT_LIKE:
+                res = field + " like "+getLikeConditionValue(value, QueryRuleEnum.LEFT_LIKE);
+                break;
+            case RIGHT_LIKE:
+                res = field + " like "+getLikeConditionValue(value, QueryRuleEnum.RIGHT_LIKE);
+                break;
+            default:
+                res = field+" = "+getFieldConditionValue(value, isString, dataBaseType);
+                break;
+        }
+        return res;
+    }
+
+    /**
+     * 获取查询条件的值
+     * @param value
+     * @param isString
+     * @param dataBaseType
+     * @return
+     */
+    private static String getFieldConditionValue(Object value,boolean isString, String dataBaseType) {
+        String str = value.toString().trim();
+        if(str.startsWith(SymbolConstant.EXCLAMATORY_MARK)) {
+            str = str.substring(1);
+        }else if(str.startsWith(QueryRuleEnum.GE.getValue())) {
+            str = str.substring(2);
+        }else if(str.startsWith(QueryRuleEnum.LE.getValue())) {
+            str = str.substring(2);
+        }else if(str.startsWith(QueryRuleEnum.GT.getValue())) {
+            str = str.substring(1);
+        }else if(str.startsWith(QueryRuleEnum.LT.getValue())) {
+            str = str.substring(1);
+        }else if(str.indexOf(QueryGenerator.QUERY_COMMA_ESCAPE)>0) {
+            str = str.replaceAll("\\+\\+", SymbolConstant.COMMA);
+        }
+        if(dataBaseType==null){
+            dataBaseType = getDbType();
+        }
+        if(isString) {
+            if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(dataBaseType)){
+                return " N'"+str+"' ";
+            }else{
+                return " '"+str+"' ";
+            }
+        }else {
+            // 如果不是字符串 有一种特殊情况 popup调用都走这个逻辑 参数传递的可能是“‘admin’”这种格式的
+            if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(dataBaseType) && str.endsWith(SymbolConstant.SINGLE_QUOTATION_MARK) && str.startsWith(SymbolConstant.SINGLE_QUOTATION_MARK)){
+                return " N"+str;
+            }
+            return value.toString();
+        }
+    }
+
+    private static String getInConditionValue(Object value,boolean isString) {
+        //update-begin-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
+        String[] temp = value.toString().split(",");
+        if(temp.length==0){
+            return "('')";
+        }
+        if(isString) {
+            List<String> res = new ArrayList<>();
+            for (String string : temp) {
+                if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
+                    res.add("N'"+string+"'");
+                }else{
+                    res.add("'"+string+"'");
+                }
+            }
+            return "("+String.join("," ,res)+")";
+        }else {
+            return "("+value.toString()+")";
+        }
+        //update-end-author:taoyan date:20210628 for: 查询条件如果输入,导致sql报错
+    }
+
+    /**
+     * 先根据值判断 走左模糊还是右模糊
+     * 最后如果值不带任何标识(*或者%)，则再根据ruleEnum判断
+     * @param value
+     * @param ruleEnum
+     * @return
+     */
+    private static String getLikeConditionValue(Object value, QueryRuleEnum ruleEnum) {
+        String str = value.toString().trim();
+        if(str.startsWith(SymbolConstant.ASTERISK) && str.endsWith(SymbolConstant.ASTERISK)) {
+            if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
+                return "N'%"+str.substring(1,str.length()-1)+"%'";
+            }else{
+                return "'%"+str.substring(1,str.length()-1)+"%'";
+            }
+        }else if(str.startsWith(SymbolConstant.ASTERISK)) {
+            if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
+                return "N'%"+str.substring(1)+"'";
+            }else{
+                return "'%"+str.substring(1)+"'";
+            }
+        }else if(str.endsWith(SymbolConstant.ASTERISK)) {
+            if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
+                return "N'"+str.substring(0,str.length()-1)+"%'";
+            }else{
+                return "'"+str.substring(0,str.length()-1)+"%'";
+            }
+        }else {
+            if(str.indexOf(SymbolConstant.PERCENT_SIGN)>=0) {
+                if(DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())){
+                    if(str.startsWith(SymbolConstant.SINGLE_QUOTATION_MARK) && str.endsWith(SymbolConstant.SINGLE_QUOTATION_MARK)){
+                        return "N"+str;
+                    }else{
+                        return "N"+"'"+str+"'";
+                    }
+                }else{
+                    if(str.startsWith(SymbolConstant.SINGLE_QUOTATION_MARK) && str.endsWith(SymbolConstant.SINGLE_QUOTATION_MARK)){
+                        return str;
+                    }else{
+                        return "'"+str+"'";
+                    }
+                }
+            }else {
+
+                //update-begin-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
+                // 走到这里说明 value不带有任何模糊查询的标识(*或者%)
+                if (ruleEnum == QueryRuleEnum.LEFT_LIKE) {
+                    if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
+                        return "N'%" + str + "'";
+                    } else {
+                        return "'%" + str + "'";
+                    }
+                } else if (ruleEnum == QueryRuleEnum.RIGHT_LIKE) {
+                    if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
+                        return "N'" + str + "%'";
+                    } else {
+                        return "'" + str + "%'";
+                    }
+                } else {
+                    if (DataBaseConstant.DB_TYPE_SQLSERVER.equals(getDbType())) {
+                        return "N'%" + str + "%'";
+                    } else {
+                        return "'%" + str + "%'";
+                    }
+                }
+                //update-end-author:taoyan date:2022-6-30 for: issues/3810 数据权限规则问题
+
+            }
+        }
+    }
+
+    /**
+     * 获取系统数据库类型
+     */
+    private static String getDbType() {
+        return CommonUtils.getDatabaseType();
+    }
+    
+}

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/DictModel.java

@@ -2,6 +2,7 @@ package org.jeecg.common.system.vo;
 
 import java.io.Serializable;
 
+import com.alibaba.fastjson.JSONObject;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
 import lombok.Data;
@@ -27,6 +28,12 @@ public class DictModel implements Serializable{
 		this.text = text;
 	}
 
+	public DictModel(String value, String text, String color) {
+		this.value = value;
+		this.text = text;
+		this.color = color;
+	}
+
 	/**
 	 * 字典value
 	 */
@@ -35,6 +42,10 @@ public class DictModel implements Serializable{
 	 * 字典文本
 	 */
 	private String text;
+	/**
+	 * 字典颜色
+	 */
+	private String color;
 
 	/**
 	 * 特殊用途： JgEditableTable
@@ -50,4 +61,11 @@ public class DictModel implements Serializable{
 		return this.text;
 	}
 
+
+	/**
+	 * 用于表单设计器 关联记录表数据存储
+	 * QQYUN-5595【表单设计器】他表字段 导入没有翻译
+	 */
+	private JSONObject jsonObject;
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/LoginUser.java

@@ -1,15 +1,13 @@
 package org.jeecg.common.system.vo;
 
-import java.util.Date;
-
-import org.jeecg.common.desensitization.annotation.SensitiveField;
-import org.springframework.format.annotation.DateTimeFormat;
-
 import com.fasterxml.jackson.annotation.JsonFormat;
-
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.experimental.Accessors;
+import org.jeecg.common.desensitization.annotation.SensitiveField;
+import org.springframework.format.annotation.DateTimeFormat;
+
+import java.util.Date;
 
 /**
  * <p>
@@ -51,6 +49,7 @@ public class LoginUser {
      /**
       * 当前登录部门code
       */
+	@SensitiveField
     private String orgCode;
 	/**
 	 * 头像
@@ -61,7 +60,6 @@ public class LoginUser {
 	/**
 	 * 生日
 	 */
-	@SensitiveField
 	@JsonFormat(timezone = "GMT+8", pattern = "yyyy-MM-dd")
 	@DateTimeFormat(pattern = "yyyy-MM-dd")
 	private Date birthday;
@@ -107,6 +105,7 @@ public class LoginUser {
 	/**
 	 * 管理部门ids
 	 */
+	@SensitiveField
 	private String departIds;
 
 	/**
@@ -121,7 +120,8 @@ public class LoginUser {
 	@SensitiveField
 	private String telephone;
 
-	/**多租户id配置，编辑用户的时候设置*/
+	/** 多租户ids临时用，不持久化数据库(数据库字段不存在) */
+	@SensitiveField
 	private String relTenantIds;
 
 	/**设备id uniapp推送用*/

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/SysFilesModel.java

@@ -19,6 +19,8 @@ public class SysFilesModel {
     private String storeType;
     /**文件大小（kb）*/
     private Double fileSize;
+    /**租户id*/
+    private String tenantId;
 
     public String getId() {
         return id;
@@ -67,4 +69,12 @@ public class SysFilesModel {
     public void setFileSize(Double fileSize) {
         this.fileSize = fileSize;
     }
+
+    public String getTenantId() {
+        return tenantId;
+    }
+
+    public void setTenantId(String tenantId) {
+        this.tenantId = tenantId;
+    }
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/UserAccountInfo.java

@@ -0,0 +1,61 @@
+package org.jeecg.common.system.vo;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.experimental.Accessors;
+import org.jeecg.common.desensitization.annotation.SensitiveField;
+import org.springframework.format.annotation.DateTimeFormat;
+
+import java.util.Date;
+
+/**
+ * <p>
+ * 在线用户信息
+ * </p>
+ *
+ * @Author scott
+ * @since 2023-08-16
+ */
+@Data
+@EqualsAndHashCode(callSuper = false)
+@Accessors(chain = true)
+public class UserAccountInfo {
+
+    /**
+     * 登录人id
+     */
+    private String id;
+
+    /**
+     * 登录人账号
+     */
+    private String username;
+
+    /**
+     * 登录人名字
+     */
+    private String realname;
+
+    /**
+     * 电子邮件
+     */
+    private String email;
+
+    /**
+     * 头像
+     */
+    @SensitiveField
+    private String avatar;
+
+    /**
+     * 同步工作流引擎1同步0不同步
+     */
+    private Integer activitiSync;
+
+    /**
+     * 电话
+     */
+    @SensitiveField
+    private String phone;
+}

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/CommonUtils.java

@@ -1,15 +1,18 @@
 package org.jeecg.common.util;
 
-import com.baomidou.dynamic.datasource.spring.boot.autoconfigure.DataSourceProperty;
+import com.alibaba.fastjson.JSONObject;
+import com.baomidou.dynamic.datasource.creator.DataSourceProperty;
 import com.baomidou.dynamic.datasource.spring.boot.autoconfigure.DynamicDataSourceProperties;
 import com.baomidou.mybatisplus.annotation.DbType;
 import com.baomidou.mybatisplus.extension.toolkit.JdbcUtils;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.DataBaseConstant;
 import org.jeecg.common.constant.ServiceNameConstants;
 import org.jeecg.common.constant.SymbolConstant;
-import org.jeecg.common.util.filter.FileTypeFilter;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.util.filter.SsrfFileTypeFilter;
 import org.jeecg.common.util.oss.OssBootUtil;
 import org.jeecgframework.poi.util.PoiPublicUtil;
 import org.springframework.jdbc.datasource.DriverManagerDataSource;
@@ -25,7 +28,9 @@ import java.io.InputStream;
 import java.sql.Connection;
 import java.sql.DatabaseMetaData;
 import java.sql.SQLException;
+import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -135,6 +140,7 @@ public class CommonUtils {
             }
         } catch (Exception e) {
             log.error(e.getMessage(), e);
+            throw new JeecgBootException(e.getMessage());
         }
         return url;
     }
@@ -147,7 +153,7 @@ public class CommonUtils {
     public static String uploadLocal(MultipartFile mf,String bizPath,String uploadpath){
         try {
             //update-begin-author:liusq date:20210809 for: 过滤上传文件类型
-            FileTypeFilter.fileTypeFilter(mf);
+            SsrfFileTypeFilter.checkUploadFileType(mf);
             //update-end-author:liusq date:20210809 for: 过滤上传文件类型
             String fileName = null;
             File file = new File(uploadpath + File.separator + bizPath + File.separator );
@@ -298,7 +304,7 @@ public class CommonUtils {
                     DB_TYPE = DataBaseConstant.DB_TYPE_ORACLE;
                 }else if(dbType.indexOf(DataBaseConstant.DB_TYPE_SQLSERVER)>=0||dbType.indexOf(sqlserver)>=0) {
                     DB_TYPE = DataBaseConstant.DB_TYPE_SQLSERVER;
-                }else if(dbType.indexOf(DataBaseConstant.DB_TYPE_POSTGRESQL)>=0) {
+                }else if(dbType.indexOf(DataBaseConstant.DB_TYPE_POSTGRESQL)>=0 || dbType.indexOf(DataBaseConstant.DB_TYPE_KINGBASEES)>=0) {
                     DB_TYPE = DataBaseConstant.DB_TYPE_POSTGRESQL;
                 }else if(dbType.indexOf(DataBaseConstant.DB_TYPE_MARIADB)>=0) {
                     DB_TYPE = DataBaseConstant.DB_TYPE_MARIADB;
@@ -351,4 +357,131 @@ public class CommonUtils {
         log.debug("-----Common getBaseUrl----- : " + baseDomainPath);
         return baseDomainPath;
     }
+
+    /**
+     * 递归合并 fastJSON 对象
+     *
+     * @param target  目标对象
+     * @param sources 来源对象，允许多个，优先级从左到右，最右侧的优先级最高
+     */
+    public static JSONObject mergeJSON(JSONObject target, JSONObject... sources) {
+        for (JSONObject source : sources) {
+            CommonUtils.mergeJSON(target, source);
+        }
+        return target;
+    }
+
+    /**
+     * 递归合并 fastJSON 对象
+     *
+     * @param target 目标对象
+     * @param source 来源对象
+     */
+    public static JSONObject mergeJSON(JSONObject target, JSONObject source) {
+        for (String key : source.keySet()) {
+            Object sourceItem = source.get(key);
+            // 是否是 JSONObject
+            if (sourceItem instanceof Map) {
+                // target中存在此key
+                if (target.containsKey(key)) {
+                    // 两个都是 JSONObject，继续合并
+                    if (target.get(key) instanceof Map) {
+                        CommonUtils.mergeJSON(target.getJSONObject(key), source.getJSONObject(key));
+                        continue;
+                    }
+                }
+            }
+            // target不存在此key，或不是 JSONObject，则覆盖
+            target.put(key, sourceItem);
+        }
+        return target;
+    }
+
+    /**
+     * 将list集合以分割符的方式进行分割
+     * @param list      String类型的集合文本
+     * @param separator 分隔符
+     * @return
+     */
+    public static String getSplitText(List<String> list, String separator) {
+        if (null != list && list.size() > 0) {
+            return StringUtils.join(list, separator);
+        }
+        return "";
+    }
+ 
+    /**
+     * 通过table的条件SQL
+     *
+     * @param tableSql sys_user where name = '1212'
+     * @return name = '1212'
+     */
+    public static String getFilterSqlByTableSql(String tableSql) {
+        if(oConvertUtils.isEmpty(tableSql)){
+            return null;
+        }
+        
+        if (tableSql.toLowerCase().indexOf(DataBaseConstant.SQL_WHERE) > 0) {
+            String[] arr = tableSql.split(" (?i)where ");
+            if (arr != null && oConvertUtils.isNotEmpty(arr[1])) {
+                return arr[1];
+            }
+        }
+        return "";
+    }
+
+    /**
+     * 通过table获取表名
+     *
+     * @param tableSql sys_user where name = '1212'
+     * @return sys_user
+     */
+    public static String getTableNameByTableSql(String tableSql) {
+        if(oConvertUtils.isEmpty(tableSql)){
+            return null;
+        }
+        
+        if (tableSql.toLowerCase().indexOf(DataBaseConstant.SQL_WHERE) > 0) {
+            String[] arr = tableSql.split(" (?i)where ");
+            return arr[0].trim();
+        } else {
+            return tableSql;
+        }
+    }
+
+    /**
+     * 判断两个数组是否存在交集
+     * @param set1
+     * @param arr2
+     * @return
+     */
+    public static boolean hasIntersection(Set<String> set1, String[] arr2) {
+        if (set1 == null) {
+            return false;
+        }
+        
+        if(set1.size()>0){
+            for (String str : arr2) {
+                if (set1.contains(str)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 输出info日志，会捕获异常，防止因为日志问题导致程序异常
+     *
+     * @param msg
+     * @param objects
+     */
+    public static void logInfo(String msg, Object... objects) {
+        try {
+            log.info(msg, objects);
+        } catch (Exception e) {
+            log.warn("{} —— {}", msg, e.getMessage());
+        }
+    }
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/DateUtils.java

@@ -1,5 +1,8 @@
 package org.jeecg.common.util;
 
+import org.jeecg.common.constant.SymbolConstant;
+import org.springframework.util.StringUtils;
+
 import java.beans.PropertyEditorSupport;
 import java.sql.Timestamp;
 import java.text.DateFormat;
@@ -9,9 +12,6 @@ import java.util.Calendar;
 import java.util.Date;
 import java.util.GregorianCalendar;
 
-import org.jeecg.common.constant.SymbolConstant;
-import org.springframework.util.StringUtils;
-
 /**
  * 类描述：时间操作定义类
  *
@@ -684,4 +684,80 @@ public class DateUtils extends PropertyEditorSupport {
         return null;
     }
 
+    /**
+     * 判断两个时间是否是同一天
+     *
+     * @param date1
+     * @param date2
+     * @return
+     */
+    public static boolean isSameDay(Date date1, Date date2) {
+        if (date1 == null || date2 == null) {
+            return false;
+        }
+        Calendar calendar1 = Calendar.getInstance();
+        calendar1.setTime(date1);
+        Calendar calendar2 = Calendar.getInstance();
+        calendar2.setTime(date2);
+        boolean isSameYear = calendar1.get(Calendar.YEAR) == calendar2.get(Calendar.YEAR);
+        boolean isSameMonth = isSameYear && calendar1.get(Calendar.MONTH) == calendar2.get(Calendar.MONTH);
+        return isSameMonth && calendar1.get(Calendar.DAY_OF_MONTH) == calendar2.get(Calendar.DAY_OF_MONTH);
+    }
+
+    /**
+     * 判断两个时间是否是同一周
+     *
+     * @param date1
+     * @param date2
+     * @return
+     */
+    public static boolean isSameWeek(Date date1, Date date2) {
+        if (date1 == null || date2 == null) {
+            return false;
+        }
+        Calendar calendar1 = Calendar.getInstance();
+        calendar1.setTime(date1);
+        Calendar calendar2 = Calendar.getInstance();
+        calendar2.setTime(date2);
+        boolean isSameYear = calendar1.get(Calendar.YEAR) == calendar2.get(Calendar.YEAR);
+        return isSameYear && calendar1.get(Calendar.WEEK_OF_YEAR) == calendar2.get(Calendar.WEEK_OF_YEAR);
+    }
+
+    /**
+     * 判断两个时间是否是同一月
+     *
+     * @param date1
+     * @param date2
+     * @return
+     */
+    public static boolean isSameMonth(Date date1, Date date2) {
+        if (date1 == null || date2 == null) {
+            return false;
+        }
+        Calendar calendar1 = Calendar.getInstance();
+        calendar1.setTime(date1);
+        Calendar calendar2 = Calendar.getInstance();
+        calendar2.setTime(date2);
+        boolean isSameYear = calendar1.get(Calendar.YEAR) == calendar2.get(Calendar.YEAR);
+        return isSameYear && calendar1.get(Calendar.MONTH) == calendar2.get(Calendar.MONTH);
+    }
+
+    /**
+     * 判断两个时间是否是同一年
+     *
+     * @param date1
+     * @param date2
+     * @return
+     */
+    public static boolean isSameYear(Date date1, Date date2) {
+        if (date1 == null || date2 == null) {
+            return false;
+        }
+        Calendar calendar1 = Calendar.getInstance();
+        calendar1.setTime(date1);
+        Calendar calendar2 = Calendar.getInstance();
+        calendar2.setTime(date2);
+        return calendar1.get(Calendar.YEAR) == calendar2.get(Calendar.YEAR);
+    }
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/DySmsHelper.java

@@ -1,9 +1,5 @@
 package org.jeecg.common.util;
 
-import org.jeecg.config.StaticConfig;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import com.alibaba.fastjson.JSONObject;
 import com.aliyuncs.DefaultAcsClient;
 import com.aliyuncs.IAcsClient;
@@ -12,6 +8,10 @@ import com.aliyuncs.dysmsapi.model.v20170525.SendSmsResponse;
 import com.aliyuncs.exceptions.ClientException;
 import com.aliyuncs.profile.DefaultProfile;
 import com.aliyuncs.profile.IClientProfile;
+import org.jeecg.common.constant.enums.DySmsEnum;
+import org.jeecg.config.StaticConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Created on 17/6/7.
@@ -62,6 +62,8 @@ public class DySmsHelper {
 
         //update-begin-author：taoyan date:20200811 for:配置类数据获取
         StaticConfig staticConfig = SpringContextUtils.getBean(StaticConfig.class);
+        //logger.info("阿里大鱼短信秘钥 accessKeyId：" + staticConfig.getAccessKeyId());
+        //logger.info("阿里大鱼短信秘钥 accessKeySecret："+ staticConfig.getAccessKeySecret());
         setAccessKeyId(staticConfig.getAccessKeyId());
         setAccessKeySecret(staticConfig.getAccessKeySecret());
         //update-end-author：taoyan date:20200811 for:配置类数据获取

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/MinioUtil.java

@@ -4,7 +4,7 @@ import io.minio.*;
 import io.minio.http.Method;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.constant.SymbolConstant;
-import org.jeecg.common.util.filter.FileTypeFilter;
+import org.jeecg.common.util.filter.SsrfFileTypeFilter;
 import org.jeecg.common.util.filter.StrAttackFilter;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -60,7 +60,7 @@ public class MinioUtil {
         //update-end-author:wangshuai date:20201012 for: 过滤上传文件夹名特殊字符，防止攻击
 
         //update-begin-author:liusq date:20210809 for: 过滤上传文件类型
-        FileTypeFilter.fileTypeFilter(file);
+        SsrfFileTypeFilter.checkUploadFileType(file);
         //update-end-author:liusq date:20210809 for: 过滤上传文件类型
 
         String newBucket = bucketName;

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/PmsUtil.java

@@ -21,7 +21,7 @@ public class PmsUtil {
 
     private static String uploadPath;
 
-    @Value("${jeecg.path.upload}")
+    @Value("${jeecg.path.upload:}")
     public void setUploadPath(String uploadPath) {
         PmsUtil.uploadPath = uploadPath;
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/ReflectHelper.java

@@ -1,5 +1,6 @@
 package org.jeecg.common.util;
 
+import com.baomidou.mybatisplus.annotation.TableField;
 import lombok.extern.slf4j.Slf4j;
 
 import java.lang.reflect.Field;
@@ -7,6 +8,7 @@ import java.lang.reflect.Method;
 import java.util.*;
 import java.util.Map.Entry;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 /**
  * @author 张代浩
@@ -252,4 +254,86 @@ public class ReflectHelper {
         return value;
     }
 
+    /**
+     * 判断给定的字段是不是类中的属性
+     * @param field 字段名
+     * @param clazz 类对象
+     * @return
+     */
+    public static boolean isClassField(String field, Class clazz){
+        Field[] fields = clazz.getDeclaredFields();
+        for(int i=0;i<fields.length;i++){
+            String fieldName = fields[i].getName();
+            String tableColumnName = oConvertUtils.camelToUnderline(fieldName);
+            if(fieldName.equalsIgnoreCase(field) || tableColumnName.equalsIgnoreCase(field)){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 获取class的 包括父类的
+     * @param clazz
+     * @return
+     */
+    public static List<Field> getClassFields(Class<?> clazz) {
+        List<Field> list = new ArrayList<Field>();
+        Field[] fields;
+        do{
+            fields = clazz.getDeclaredFields();
+            for(int i = 0;i<fields.length;i++){
+                list.add(fields[i]);
+            }
+            clazz = clazz.getSuperclass();
+        }while(clazz!= Object.class&&clazz!=null);
+        return list;
+    }
+
+    /**
+     * 获取表字段名
+     * @param clazz
+     * @param name
+     * @return
+     */
+    public static String getTableFieldName(Class<?> clazz, String name) {
+        try {
+            //如果字段加注解了@TableField(exist = false),不走DB查询
+            Field field = null;
+            try {
+                field = clazz.getDeclaredField(name);
+            } catch (NoSuchFieldException e) {
+                //e.printStackTrace();
+            }
+
+            //如果为空，则去父类查找字段
+            if (field == null) {
+                List<Field> allFields = getClassFields(clazz);
+                List<Field> searchFields = allFields.stream().filter(a -> a.getName().equals(name)).collect(Collectors.toList());
+                if(searchFields!=null && searchFields.size()>0){
+                    field = searchFields.get(0);
+                }
+            }
+
+            if (field != null) {
+                TableField tableField = field.getAnnotation(TableField.class);
+                if (tableField != null){
+                    if(tableField.exist() == false){
+                        //如果设置了TableField false 这个字段不需要处理
+                        return null;
+                    }else{
+                        String column = tableField.value();
+                        //如果设置了TableField value 这个字段是实体字段
+                        if(!"".equals(column)){
+                            return column;
+                        }
+                    }
+                }
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return name;
+    }
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/RestUtil.java

@@ -3,7 +3,6 @@ package org.jeecg.common.util;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
-import org.jeecg.config.JeecgBaseConfig;
 import org.springframework.http.*;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.http.converter.StringHttpMessageConverter;
@@ -22,8 +21,9 @@ import java.util.Map;
 public class RestUtil {
 
     private static String domain = null;
+    private static String path = null;
     
-    public static String getDomain() {
+    private static String getDomain() {
         if (domain == null) {
             domain = SpringContextUtils.getDomain();
             // issues/2959
@@ -37,9 +37,7 @@ public class RestUtil {
         return domain;
     }
 
-    public static String path = null;
-
-    public static String getPath() {
+    private static String getPath() {
         if (path == null) {
             path = SpringContextUtils.getApplicationContext().getEnvironment().getProperty("server.servlet.context-path");
         }
@@ -47,18 +45,7 @@ public class RestUtil {
     }
 
     public static String getBaseUrl() {
-        String basepath = null;
-        try {
-            basepath = getDomain() + getPath();
-        } catch (Exception e) {
-            log.warn(e.getMessage(),e);
-        }
-
-        //定时任务情况下，通过request是获取不到domain的，这种情况下通过配置获取pc后台域名
-        if(oConvertUtils.isEmpty(basepath)){
-            JeecgBaseConfig jeecgBaseConfig = SpringContextUtils.getBean(JeecgBaseConfig.class);
-            basepath = jeecgBaseConfig.getDomainUrl().getPc();
-        }
+        String basepath = getDomain() + getPath();
         log.info(" RestUtil.getBaseUrl: " + basepath);
         return basepath;
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SpringContextUtils.java

@@ -3,6 +3,7 @@ package org.jeecg.common.util;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.ServiceNameConstants;
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
@@ -56,12 +57,19 @@ public class SpringContextUtils implements ApplicationContextAware {
 	public static String getDomain(){
 		HttpServletRequest request = getHttpServletRequest();
 		StringBuffer url = request.getRequestURL();
-		//微服务情况下，获取gateway的basePath
+		//1.微服务情况下，获取gateway的basePath
 		String basePath = request.getHeader(ServiceNameConstants.X_GATEWAY_BASE_PATH);
 		if(oConvertUtils.isNotEmpty(basePath)){
 			return basePath;
 		}else{
-			return url.delete(url.length() - request.getRequestURI().length(), url.length()).toString();
+			String domain = url.delete(url.length() - request.getRequestURI().length(), url.length()).toString();
+			//2.【兼容】SSL认证之后，request.getScheme()获取不到https的问题
+			// https://blog.csdn.net/weixin_34376986/article/details/89767950
+			String scheme = request.getHeader(CommonConstant.X_FORWARDED_SCHEME);
+			if(scheme!=null && !request.getScheme().equals(scheme)){
+				domain = domain.replace(request.getScheme(),scheme);
+			}
+			return domain;
 		}
 	}
 

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java

@@ -1,11 +1,13 @@
 package org.jeecg.common.util;
 
-import cn.hutool.crypto.SecureUtil;
+import cn.hutool.core.util.ReUtil;
 import lombok.extern.slf4j.Slf4j;
-import org.jeecg.common.exception.JeecgBootException;
-import javax.servlet.http.HttpServletRequest;
-import java.lang.reflect.Field;
-import java.util.Set;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.constant.SymbolConstant;
+import org.jeecg.common.exception.JeecgSqlInjectionException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 /**
@@ -16,47 +18,70 @@ import java.util.regex.Pattern;
 @Slf4j
 public class SqlInjectionUtil {	
 	/**
-	 * sign 用于表字典加签的盐值【SQL漏洞】
-	 * （上线修改值 20200501，同步修改前端的盐值）
+	 * 默认—sql注入关键词
 	 */
-	private final static String TABLE_DICT_SIGN_SALT = "20200501";
-	private final static String XSS_STR = "and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|user()";
+	private final static String XSS_STR = "and |exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+|--";
+	/**
+	 * online报表专用—sql注入关键词
+	 */
+	private static String specialReportXssStr = "exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |alter |delete |grant |update |drop |master |truncate |declare |--";
+	/**
+	 * 字典专用—sql注入关键词
+	 */
+	private static String specialDictSqlXssStr = "exec |peformance_schema|information_schema|extractvalue|updatexml|geohash|gtid_subset|gtid_subtract|insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|+|--";
+	/**
+	 * 完整匹配的key，不需要考虑前空格
+	 */
+	private static List<String> FULL_MATCHING_KEYWRODS = new ArrayList<>();
+	static {
+		FULL_MATCHING_KEYWRODS.add(";");
+		FULL_MATCHING_KEYWRODS.add("+");
+		FULL_MATCHING_KEYWRODS.add("--");
+	}
+	
 	
 	/**
-	 * 正则 user() 匹配更严谨
+	 * sql注入风险的 正则关键字
+	 *
+	 * 函数匹配，需要用正则模式
 	 */
-	private final static String REGULAR_EXPRE_USER = "user[\\s]*\\([\\s]*\\)";
-    /**正则 show tables*/
-	private final static String SHOW_TABLES = "show\\s+tables";
+	private final static String[] XSS_REGULAR_STR_ARRAY = new String[]{
+			"chr\\s*\\(",
+			"mid\\s*\\(",
+			" char\\s*\\(",
+			"sleep\\s*\\(",
+			"user\\s*\\(",
+			"show\\s+tables",
+			"user[\\s]*\\([\\s]*\\)",
+			"show\\s+databases",
+			"sleep\\(\\d*\\)",
+			"sleep\\(.*\\)",
+	};
+	/**
+	 * sql注释的正则
+	 */
+	private final static Pattern SQL_ANNOTATION = Pattern.compile("/\\*[\\s\\S]*\\*/");
+	private final static  String SQL_ANNOTATION2 = "--";
 	
 	/**
-	 * 针对表字典进行额外的sign签名校验（增加安全机制）
-	 * @param dictCode:
-	 * @param sign:
-	 * @param request:
-	 * @Return: void
+	 * sql注入提示语
 	 */
-	public static void checkDictTableSign(String dictCode, String sign, HttpServletRequest request) {
-		//表字典SQL注入漏洞,签名校验
-		String accessToken = request.getHeader("X-Access-Token");
-		String signStr = dictCode + SqlInjectionUtil.TABLE_DICT_SIGN_SALT + accessToken;
-		String javaSign = SecureUtil.md5(signStr);
-		if (!javaSign.equals(sign)) {
-			log.error("表字典，SQL注入漏洞签名校验失败 ：" + sign + "!=" + javaSign+ ",dictCode=" + dictCode);
-			throw new JeecgBootException("无权限访问！");
-		}
-		log.info(" 表字典，SQL注入漏洞签名校验成功！sign=" + sign + ",dictCode=" + dictCode);
-	}
+	private final static String SQL_INJECTION_KEYWORD_TIP = "请注意，存在SQL注入关键词---> {}";
+	private final static String SQL_INJECTION_TIP = "请注意，值可能存在SQL注入风险!--->";
+	private final static String SQL_INJECTION_TIP_VARIABLE = "请注意，值可能存在SQL注入风险!---> {}";
+	
 
 	/**
 	 * sql注入过滤处理，遇到注入关键字抛异常
-	 * @param value
+	 * @param values
 	 */
-	public static void filterContent(String value) {
-		filterContent(value, null);
+	public static void filterContent(String... values) {
+		filterContent(values, null);
 	}
 
 	/**
+	 * 校验比较严格
+	 * 
 	 * sql注入过滤处理，遇到注入关键字抛异常
 	 *
 	 * @param value
@@ -66,43 +91,81 @@ public class SqlInjectionUtil {
 		if (value == null || "".equals(value)) {
 			return;
 		}
-		// 统一转为小写
-		value = value.toLowerCase();
-		//SQL注入检测存在绕过风险 https://gitee.com/jeecg/jeecg-boot/issues/I4NZGE
-		value = value.replaceAll("/\\*.*\\*/","");
+		// 一、校验sql注释 不允许有sql注释
+		checkSqlAnnotation(value);
+		// 转为小写进行后续比较
+		value = value.toLowerCase().trim();
 		
+		// 二、SQL注入检测存在绕过风险 (普通文本校验)
+		//https://gitee.com/jeecg/jeecg-boot/issues/I4NZGE
 		String[] xssArr = XSS_STR.split("\\|");
 		for (int i = 0; i < xssArr.length; i++) {
 			if (value.indexOf(xssArr[i]) > -1) {
-				log.error("请注意，存在SQL注入关键词---> {}", xssArr[i]);
-				log.error("请注意，值可能存在SQL注入风险!---> {}", value);
-				throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+				log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, xssArr[i]);
+				log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+				throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
 			}
 		}
-		//update-begin-author:taoyan date:2022-7-13 for: 除了XSS_STR这些提前设置好的，还需要额外的校验比如 单引号
+		// 三、SQL注入检测存在绕过风险 (自定义传入普通文本校验)
 		if (customXssString != null) {
 			String[] xssArr2 = customXssString.split("\\|");
 			for (int i = 0; i < xssArr2.length; i++) {
 				if (value.indexOf(xssArr2[i]) > -1) {
-					log.error("请注意，存在SQL注入关键词---> {}", xssArr2[i]);
-					log.error("请注意，值可能存在SQL注入风险!---> {}", value);
-					throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+					log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, xssArr2[i]);
+					log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+					throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
 				}
 			}
 		}
-		//update-end-author:taoyan date:2022-7-13 for: 除了XSS_STR这些提前设置好的，还需要额外的校验比如 单引号
-		if(Pattern.matches(SHOW_TABLES, value) || Pattern.matches(REGULAR_EXPRE_USER, value)){
-			throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+
+		// 四、SQL注入检测存在绕过风险 (正则校验)
+		for (String regularOriginal : XSS_REGULAR_STR_ARRAY) {
+			String regular = ".*" + regularOriginal + ".*";
+			if (Pattern.matches(regular, value)) {
+				log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, regularOriginal);
+				log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+				throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
+			}
 		}
 		return;
 	}
 
 	/**
-	 * sql注入过滤处理，遇到注入关键字抛异常
-	 * @param values
+	 * 判断是否存在SQL注入关键词字符串
+	 *
+	 * @param keyword
+	 * @return
 	 */
-	public static void filterContent(String[] values) {
-		filterContent(values, null);
+	@SuppressWarnings("AlibabaUndefineMagicConstant")
+	private static boolean isExistSqlInjectKeyword(String sql, String keyword) {
+		if (sql.startsWith(keyword.trim())) {
+			return true;
+		} else if (sql.contains(keyword)) {
+			// 需要匹配的，sql注入关键词
+			String matchingText = " " + keyword;
+			if(FULL_MATCHING_KEYWRODS.contains(keyword)){
+				matchingText = keyword;
+			}
+			
+			if (sql.contains(matchingText)) {
+				return true;
+			} else {
+				String regularStr = "\\s+\\S+" + keyword;
+				List<String> resultFindAll = ReUtil.findAll(regularStr, sql, 0, new ArrayList<String>());
+				for (String res : resultFindAll) {
+					log.info("isExistSqlInjectKeyword —- 匹配到的SQL注入关键词：{}", res);
+					/**
+					 * SQL注入中可以替换空格的字符(%09  %0A  %0D  +都可以替代空格)
+					 * http://blog.chinaunix.net/uid-12501104-id-2932639.html
+					 * https://www.cnblogs.com/Vinson404/p/7253255.html
+					 * */
+					if (res.contains("%") || res.contains("+") || res.contains("#") || res.contains("/") || res.contains(")")) {
+						return true;
+					}
+				}
+			}
+		}
+		return false;
 	}
 	
 	/**
@@ -112,38 +175,11 @@ public class SqlInjectionUtil {
 	 * @return
 	 */
 	public static void filterContent(String[] values, String customXssString) {
-		String[] xssArr = XSS_STR.split("\\|");
-		for (String value : values) {
-			if (value == null || "".equals(value)) {
+		for (String val : values) {
+			if (oConvertUtils.isEmpty(val)) {
 				return;
 			}
-			// 统一转为小写
-			value = value.toLowerCase();
-			//SQL注入检测存在绕过风险 https://gitee.com/jeecg/jeecg-boot/issues/I4NZGE
-			value = value.replaceAll("/\\*.*\\*/","");
-
-			for (int i = 0; i < xssArr.length; i++) {
-				if (value.indexOf(xssArr[i]) > -1) {
-					log.error("请注意，存在SQL注入关键词---> {}", xssArr[i]);
-					log.error("请注意，值可能存在SQL注入风险!---> {}", value);
-					throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
-				}
-			}
-			//update-begin-author:taoyan date:2022-7-13 for: 除了XSS_STR这些提前设置好的，还需要额外的校验比如 单引号
-			if (customXssString != null) {
-				String[] xssArr2 = customXssString.split("\\|");
-				for (int i = 0; i < xssArr2.length; i++) {
-					if (value.indexOf(xssArr2[i]) > -1) {
-						log.error("请注意，存在SQL注入关键词---> {}", xssArr2[i]);
-						log.error("请注意，值可能存在SQL注入风险!---> {}", value);
-						throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
-					}
-				}
-			}
-			//update-end-author:taoyan date:2022-7-13 for: 除了XSS_STR这些提前设置好的，还需要额外的校验比如 单引号
-			if(Pattern.matches(SHOW_TABLES, value) || Pattern.matches(REGULAR_EXPRE_USER, value)){
-				throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
-			}
+			filterContent(val, customXssString);
 		}
 		return;
 	}
@@ -155,105 +191,230 @@ public class SqlInjectionUtil {
 	 * @param value
 	 * @return
 	 */
-	//@Deprecated
 	public static void specialFilterContentForDictSql(String value) {
-		String specialXssStr = " exec | insert | select | delete | update | drop | count | chr | mid | master | truncate | char | declare |;|+|user()";
-		String[] xssArr = specialXssStr.split("\\|");
+		String[] xssArr = specialDictSqlXssStr.split("\\|");
 		if (value == null || "".equals(value)) {
 			return;
 		}
-		// 统一转为小写
-		value = value.toLowerCase();
-		//SQL注入检测存在绕过风险 https://gitee.com/jeecg/jeecg-boot/issues/I4NZGE
-		value = value.replaceAll("/\\*.*\\*/","");
+		// 一、校验sql注释 不允许有sql注释
+		checkSqlAnnotation(value);
+		value = value.toLowerCase().trim();
 		
+		// 二、SQL注入检测存在绕过风险 (普通文本校验)
 		for (int i = 0; i < xssArr.length; i++) {
-			if (value.indexOf(xssArr[i]) > -1 || value.startsWith(xssArr[i].trim())) {
-				log.error("请注意，存在SQL注入关键词---> {}", xssArr[i]);
-				log.error("请注意，值可能存在SQL注入风险!---> {}", value);
-				throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+			if (isExistSqlInjectKeyword(value, xssArr[i])) {
+				log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, xssArr[i]);
+				log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+				throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
 			}
 		}
-		if(Pattern.matches(SHOW_TABLES, value) || Pattern.matches(REGULAR_EXPRE_USER, value)){
-			throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+
+		// 三、SQL注入检测存在绕过风险 (正则校验)
+		for (String regularOriginal : XSS_REGULAR_STR_ARRAY) {
+			String regular = ".*" + regularOriginal + ".*";
+			if (Pattern.matches(regular, value)) {
+				log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, regularOriginal);
+				log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+				throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
+			}
 		}
 		return;
 	}
 
-
     /**
 	 * 【提醒：不通用】
      *  仅用于Online报表SQL解析，注入过滤
      * @param value
      * @return
      */
-	//@Deprecated
 	public static void specialFilterContentForOnlineReport(String value) {
-		String specialXssStr = " exec | insert | delete | update | drop | chr | mid | master | truncate | char | declare |user()";
-		String[] xssArr = specialXssStr.split("\\|");
+		String[] xssArr = specialReportXssStr.split("\\|");
 		if (value == null || "".equals(value)) {
 			return;
 		}
-		// 统一转为小写
-		value = value.toLowerCase();
-		//SQL注入检测存在绕过风险 https://gitee.com/jeecg/jeecg-boot/issues/I4NZGE
-		value = value.replaceAll("/\\*.*\\*/","");
+		// 一、校验sql注释 不允许有sql注释
+		checkSqlAnnotation(value);
+		value = value.toLowerCase().trim();
 		
+		// 二、SQL注入检测存在绕过风险 (普通文本校验)
 		for (int i = 0; i < xssArr.length; i++) {
-			if (value.indexOf(xssArr[i]) > -1 || value.startsWith(xssArr[i].trim())) {
-				log.error("请注意，存在SQL注入关键词---> {}", xssArr[i]);
-				log.error("请注意，值可能存在SQL注入风险!---> {}", value);
-				throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+			if (isExistSqlInjectKeyword(value, xssArr[i])) {
+				log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, xssArr[i]);
+				log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+				throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
 			}
 		}
 
-		if(Pattern.matches(SHOW_TABLES, value) || Pattern.matches(REGULAR_EXPRE_USER, value)){
-			throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
+		// 三、SQL注入检测存在绕过风险 (正则校验)
+		for (String regularOriginal : XSS_REGULAR_STR_ARRAY) {
+			String regular = ".*" + regularOriginal + ".*";
+			if (Pattern.matches(regular, value)) {
+				log.error(SqlInjectionUtil.SQL_INJECTION_KEYWORD_TIP, regularOriginal);
+				log.error(SqlInjectionUtil.SQL_INJECTION_TIP_VARIABLE, value);
+				throw new JeecgSqlInjectionException(SqlInjectionUtil.SQL_INJECTION_TIP + value);
+			}
 		}
 		return;
 	}
 
 
 	/**
-	 * 判断给定的字段是不是类中的属性
-	 * @param field 字段名
-	 * @param clazz 类对象
+	 * 校验是否有sql注释 
 	 * @return
 	 */
-	public static boolean isClassField(String field, Class clazz){
-		Field[] fields = clazz.getDeclaredFields();
-		for(int i=0;i<fields.length;i++){
-			String fieldName = fields[i].getName();
-			String tableColumnName = oConvertUtils.camelToUnderline(fieldName);
-			if(fieldName.equalsIgnoreCase(field) || tableColumnName.equalsIgnoreCase(field)){
-				return true;
+	public static void checkSqlAnnotation(String str){
+		if(str.contains(SQL_ANNOTATION2)){
+			String error = "请注意，SQL中不允许含注释，有安全风险！";
+			log.error(error);
+			throw new RuntimeException(error);
+		}
+
+		
+		Matcher matcher = SQL_ANNOTATION.matcher(str);
+		if(matcher.find()){
+			String error = "请注意，值可能存在SQL注入风险---> \\*.*\\";
+			log.error(error);
+			throw new JeecgSqlInjectionException(error);
 		}
 	}
-		return false;
+
+
+	/**
+	 * 返回查询表名
+	 * <p>
+	 * sql注入过滤处理，遇到注入关键字抛异常
+	 *
+	 * @param table
+	 */
+	private static Pattern tableNamePattern = Pattern.compile("^[a-zA-Z][a-zA-Z0-9_\\$]{0,63}$");
+	public static String getSqlInjectTableName(String table) {
+		if(oConvertUtils.isEmpty(table)){
+			return table;
+		}
+		
+		table = table.trim();
+		/**
+		 * 检验表名是否合法
+		 *
+		 * 表名只能由字母、数字和下划线组成。
+		 * 表名必须以字母开头。
+		 * 表名长度通常有限制，例如最多为 64 个字符。
+		 */
+		boolean isValidTableName = tableNamePattern.matcher(table).matches();
+		if (!isValidTableName) {
+			String errorMsg = "表名不合法，存在SQL注入风险!--->" + table;
+			log.error(errorMsg);
+			throw new JeecgSqlInjectionException(errorMsg);
+		}
+
+		//进一步验证是否存在SQL注入风险
+		filterContent(table);
+		return table;
+	}
+
+
+	/**
+	 * 返回查询字段
+	 * <p>
+	 * sql注入过滤处理，遇到注入关键字抛异常
+	 *
+	 * @param field
+	 */
+	static final Pattern fieldPattern = Pattern.compile("^[a-zA-Z0-9_]+$");
+	public static String getSqlInjectField(String field) {
+		if(oConvertUtils.isEmpty(field)){
+			return field;
+		}
+		
+		field = field.trim();
+
+		if (field.contains(SymbolConstant.COMMA)) {
+			return getSqlInjectField(field.split(SymbolConstant.COMMA));
 		}
 
 		/**
-	 * 判断给定的多个字段是不是类中的属性
-	 * @param fieldSet 字段名set
-	 * @param clazz 类对象
+		 * 校验表字段是否有效
+		 *
+		 * 字段定义只能是是字母 数字 下划线的组合（不允许有空格、转义字符串等）
+		 */
+		boolean isValidField = fieldPattern.matcher(field).matches();
+		if (!isValidField) {
+			String errorMsg = "字段不合法，存在SQL注入风险!--->" + field;
+			log.error(errorMsg);
+			throw new JeecgSqlInjectionException(errorMsg);
+		}
+
+		//进一步验证是否存在SQL注入风险
+		filterContent(field);
+		return field;
+	}
+
+	/**
+	 * 获取多个字段
+	 * 返回: 逗号拼接
+	 *
+	 * @param fields
 	 * @return
 	 */
-	public static boolean isClassField(Set<String> fieldSet, Class clazz){
-		Field[] fields = clazz.getDeclaredFields();
-		for(String field: fieldSet){
-			boolean exist = false;
-			for(int i=0;i<fields.length;i++){
-				String fieldName = fields[i].getName();
-				String tableColumnName = oConvertUtils.camelToUnderline(fieldName);
-				if(fieldName.equalsIgnoreCase(field) || tableColumnName.equalsIgnoreCase(field)){
-					exist = true;
-					break;
+	public static String getSqlInjectField(String... fields) {
+		for (String s : fields) {
+			getSqlInjectField(s);
+		}
+		return String.join(SymbolConstant.COMMA, fields);
+	}
+
+
+	/**
+	 * 获取排序字段
+	 * 返回：字符串
+	 *
+	 * 1.将驼峰命名转化成下划线 
+	 * 2.限制sql注入
+	 * @param sortField  排序字段
+	 * @return
+	 */
+	public static String getSqlInjectSortField(String sortField) {
+		String field = SqlInjectionUtil.getSqlInjectField(oConvertUtils.camelToUnderline(sortField));
+		return field;
+	}
+
+	/**
+	 * 获取多个排序字段
+	 * 返回：数组
+	 *
+	 * 1.将驼峰命名转化成下划线 
+	 * 2.限制sql注入
+	 * @param sortFields 多个排序字段
+	 * @return
+	 */
+	public static List getSqlInjectSortFields(String... sortFields) {
+		List list = new ArrayList<String>();
+		for (String sortField : sortFields) {
+			list.add(getSqlInjectSortField(sortField));
+		}
+		return list;
+	}
+
+	/**
+	 * 获取 orderBy type
+	 * 返回：字符串
+	 * <p>
+	 * 1.检测是否为 asc 或 desc 其中的一个
+	 * 2.限制sql注入
+	 *
+	 * @param orderType
+	 * @return
+	 */
+	public static String getSqlInjectOrderType(String orderType) {
+		if (orderType == null) {
+			return null;
+		}
+		orderType = orderType.trim();
+		if (CommonConstant.ORDER_TYPE_ASC.equalsIgnoreCase(orderType)) {
+			return CommonConstant.ORDER_TYPE_ASC;
+		} else {
+			return CommonConstant.ORDER_TYPE_DESC;
 		}
 	}
-			if(!exist){
-				return false;
-			}
-		}
-		return true;
-	}
+
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TokenUtils.java

@@ -5,6 +5,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.constant.TenantConstant;
 import org.jeecg.common.desensitization.util.SensitiveInfoUtil;
 import org.jeecg.common.exception.JeecgBoot401Exception;
 import org.jeecg.common.system.util.JwtUtil;
@@ -34,6 +35,49 @@ public class TokenUtils {
         return token;
     }
     
+    /**
+     * 获取 request 里传递的 token
+     * @return
+     */
+    public static String getTokenByRequest() {
+        String token = null;
+        try {
+            HttpServletRequest request = SpringContextUtils.getHttpServletRequest();
+            token = TokenUtils.getTokenByRequest(request);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+        return token;
+    }
+
+    /**
+     * 获取 request 里传递的 tenantId (租户ID)
+     *
+     * @param request
+     * @return
+     */
+    public static String getTenantIdByRequest(HttpServletRequest request) {
+        String tenantId = request.getParameter(TenantConstant.TENANT_ID);
+        if (tenantId == null) {
+            tenantId = oConvertUtils.getString(request.getHeader(CommonConstant.TENANT_ID));
+        }
+        return tenantId;
+    }
+
+    /**
+     * 获取 request 里传递的 lowAppId (低代码应用ID)
+     *
+     * @param request
+     * @return
+     */
+    public static String getLowAppIdByRequest(HttpServletRequest request) {
+        String lowAppId = request.getParameter(TenantConstant.FIELD_LOW_APP_ID);
+        if (lowAppId == null) {
+            lowAppId = oConvertUtils.getString(request.getHeader(TenantConstant.X_LOW_APP_ID));
+        }
+        return lowAppId;
+    }
+
     /**
      * 验证Token
      */

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/dynamic/db/FreemarkerParseFactory.java

@@ -34,11 +34,11 @@ public class FreemarkerParseFactory {
     /**
      * 文件缓存
      */
-    private static final Configuration TPL_CONFIG = new Configuration();
+    private static final Configuration TPL_CONFIG = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
     /**
      * SQL 缓存
      */
-    private static final Configuration SQL_CONFIG = new Configuration();
+    private static final Configuration SQL_CONFIG = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
 
     private static StringTemplateLoader stringTemplateLoader = new StringTemplateLoader();
 
@@ -47,8 +47,7 @@ public class FreemarkerParseFactory {
             .compile("(?ms)/\\*.*?\\*/|^\\s*//.*?$");
 
     static {
-        TPL_CONFIG.setClassForTemplateLoading(
-                new FreemarkerParseFactory().getClass(), "/");
+        TPL_CONFIG.setClassForTemplateLoading(new FreemarkerParseFactory().getClass(), "/");
         TPL_CONFIG.setNumberFormat("0.#####################");
         SQL_CONFIG.setTemplateLoader(stringTemplateLoader);
         SQL_CONFIG.setNumberFormat("0.#####################");
@@ -57,6 +56,7 @@ public class FreemarkerParseFactory {
 
         //update-begin-author:taoyan date:2022-8-10 for: freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
         //https://ackcent.com/in-depth-freemarker-template-injection/
+        TPL_CONFIG.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
         SQL_CONFIG.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
         //update-end-author:taoyan date:2022-8-10 for: freemarker模板注入问题 禁止解析ObjectConstructor，Execute和freemarker.template.utility.JythonRuntime。
     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/filter/SsrfFileTypeFilter.java

@@ -1,30 +1,75 @@
 package org.jeecg.common.util.filter;
 
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 
+import java.io.IOException;
 import java.io.InputStream;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
+import java.util.List;
 
 /**
- * @Description: TODO
+ * @Description: 校验文件敏感后缀
  * @author: lsq
- * @date: 2021年08月09日 15:29
+ * @date: 2023年09月12日 15:29
  */
-public class FileTypeFilter {
-
-    /**文件后缀*/
-    private static String[] forbidType = {"jsp","php"};
+@Slf4j
+public class SsrfFileTypeFilter {
 
+    /**
+     * 允许操作文件类型白名单
+     */
+    private final static List<String> FILE_TYPE_WHITE_LIST = new ArrayList<>();
     /**初始化文件头类型，不够的自行补充*/
     final static HashMap<String, String> FILE_TYPE_MAP = new HashMap<>();
-
     static {
+        //图片文件
+        FILE_TYPE_WHITE_LIST.add("jpg");
+        FILE_TYPE_WHITE_LIST.add("jpeg");
+        FILE_TYPE_WHITE_LIST.add("png");
+        FILE_TYPE_WHITE_LIST.add("gif");
+        FILE_TYPE_WHITE_LIST.add("bmp");
+        FILE_TYPE_WHITE_LIST.add("svg");
+        FILE_TYPE_WHITE_LIST.add("ico");
+
+        //文本文件
+        FILE_TYPE_WHITE_LIST.add("txt");
+        FILE_TYPE_WHITE_LIST.add("doc");
+        FILE_TYPE_WHITE_LIST.add("docx");
+        FILE_TYPE_WHITE_LIST.add("pdf");
+        FILE_TYPE_WHITE_LIST.add("csv");
+//        FILE_TYPE_WHITE_LIST.add("xml");
+
+        //音视频文件
+        FILE_TYPE_WHITE_LIST.add("mp4");
+        FILE_TYPE_WHITE_LIST.add("avi");
+        FILE_TYPE_WHITE_LIST.add("mov");
+        FILE_TYPE_WHITE_LIST.add("wmv");
+        FILE_TYPE_WHITE_LIST.add("mp3");
+        FILE_TYPE_WHITE_LIST.add("wav");
+
+        //表格文件
+        FILE_TYPE_WHITE_LIST.add("xls");
+        FILE_TYPE_WHITE_LIST.add("xlsx");
+
+        //压缩文件
+        FILE_TYPE_WHITE_LIST.add("zip");
+        FILE_TYPE_WHITE_LIST.add("rar");
+        FILE_TYPE_WHITE_LIST.add("7z");
+        FILE_TYPE_WHITE_LIST.add("tar");
+
+        //app文件后缀
+        FILE_TYPE_WHITE_LIST.add("apk");
+        FILE_TYPE_WHITE_LIST.add("wgt");
+
+        //设置禁止文件的头部标记
         FILE_TYPE_MAP.put("3c25402070616765206c", "jsp");
         FILE_TYPE_MAP.put("3c3f7068700a0a2f2a2a0a202a205048", "php");
+        FILE_TYPE_MAP.put("cafebabe0000002e0041", "class");
+        FILE_TYPE_MAP.put("494e5345525420494e54", "sql");
        /* fileTypeMap.put("ffd8ffe000104a464946", "jpg");
         fileTypeMap.put("89504e470d0a1a0a0000", "png");
         fileTypeMap.put("47494638396126026f01", "gif");
@@ -89,17 +134,38 @@ public class FileTypeFilter {
         return fileName.substring(fileName.lastIndexOf(".") + 1, fileName.length());
     }
 
+
     /**
-     * 文件类型过滤
+     * 下载文件类型过滤
+     *
+     * @param filePath
+     */
+    public static void checkDownloadFileType(String filePath) throws IOException {
+        //文件后缀
+        String suffix = getFileTypeBySuffix(filePath);
+        log.info("suffix:{}", suffix);
+        boolean isAllowExtension = FILE_TYPE_WHITE_LIST.contains(suffix.toLowerCase());
+        //是否允许下载的文件
+        if (!isAllowExtension) {
+            throw new IOException("下载失败，存在非法文件类型：" + suffix);
+        }
+    }
+
+
+    /**
+     * 上传文件类型过滤
      *
      * @param file
      */
-    public static void fileTypeFilter(MultipartFile file) throws Exception {
+    public static void checkUploadFileType(MultipartFile file) throws Exception {
+        //获取文件真是后缀
         String suffix = getFileType(file);
-        for (String type : forbidType) {
-            if (type.contains(suffix)) {
-                throw new Exception("上传失败，非法文件类型：" + suffix);
-            }
+
+        log.info("suffix:{}", suffix);
+        boolean isAllowExtension = FILE_TYPE_WHITE_LIST.contains(suffix.toLowerCase());
+        //是否允许下载的文件
+        if (!isAllowExtension) {
+            throw new Exception("上传失败，存在非法文件类型：" + suffix);
         }
     }
 
@@ -112,8 +178,9 @@ public class FileTypeFilter {
      */
 
     private static String getFileType(MultipartFile file) throws Exception {
+        //update-begin-author:liusq date:20230404 for: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
         String fileExtendName = null;
-        InputStream is;
+        InputStream is = null;
         try {
             //is = new FileInputStream(file);
             is = file.getInputStream();
@@ -130,17 +197,30 @@ public class FileTypeFilter {
                     break;
                 }
             }
+            log.info("-----获取到的指定文件类型------"+fileExtendName);
             // 如果不是上述类型，则判断扩展名
             if (StringUtils.isBlank(fileExtendName)) {
                 String fileName = file.getOriginalFilename();
+                // 如果无扩展名，则直接返回空串
+                if (-1 == fileName.indexOf(".")) {
+                    return "";
+                }
+                // 如果有扩展名，则返回扩展名
                 return getFileTypeBySuffix(fileName);
             }
+            log.info("-----最終的文件类型------"+fileExtendName);
             is.close();
             return fileExtendName;
-        } catch (Exception exception) {
-            throw new Exception(exception.getMessage(), exception);
+        } catch (Exception e) {
+            log.error(e.getMessage(), e);
+            return "";
+        }finally {
+            if (is != null) {
+                is.close();
             }
         }
+        //update-end-author:liusq date:20230404 for: [issue/4672]方法造成的文件被占用，注释掉此方法tomcat就能自动清理掉临时文件
+    }
 
     /**
      * 获得文件头部字符串

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oConvertUtils.java

@@ -1,5 +1,6 @@
 package org.jeecg.common.util;
 
+import com.alibaba.fastjson.JSONArray;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.IOUtils;
 import org.jeecg.common.constant.CommonConstant;
@@ -86,7 +87,7 @@ public class oConvertUtils {
 	}
 
 	public static int getInt(String s, int defval) {
-		if (s == null || s == "") {
+		if (s == null || "".equals(s)) {
 			return (defval);
 		}
 		try {
@@ -97,7 +98,7 @@ public class oConvertUtils {
 	}
 
 	public static int getInt(String s) {
-		if (s == null || s == "") {
+		if (s == null || "".equals(s)) {
 			return 0;
 		}
 		try {
@@ -108,7 +109,7 @@ public class oConvertUtils {
 	}
 
 	public static int getInt(String s, Integer df) {
-		if (s == null || s == "") {
+		if (s == null || "".equals(s)) {
 			return df;
 		}
 		try {
@@ -119,10 +120,10 @@ public class oConvertUtils {
 	}
 
 	public static Integer[] getInts(String[] s) {
-		Integer[] integer = new Integer[s.length];
 		if (s == null) {
 			return null;
 		}
+		Integer[] integer = new Integer[s.length];
 		for (int i = 0; i < s.length; i++) {
 			integer[i] = Integer.parseInt(s[i]);
 		}
@@ -131,7 +132,7 @@ public class oConvertUtils {
 	}
 
 	public static double getDouble(String s, double defval) {
-		if (s == null || s == "") {
+		if (s == null || "".equals(s)) {
 			return (defval);
 		}
 		try {
@@ -167,6 +168,17 @@ public class oConvertUtils {
 		}
 	}
 	
+	public static Integer getInteger(Object object, Integer defval) {
+		if (isEmpty(object)) {
+			return (defval);
+		}
+		try {
+			return (Integer.parseInt(object.toString()));
+		} catch (NumberFormatException e) {
+			return (defval);
+		}
+	}
+	
 	public static Integer getInt(Object object) {
 		if (isEmpty(object)) {
 			return null;
@@ -353,23 +365,63 @@ public class oConvertUtils {
 	/**
 	 * 判断元素是否在数组内
 	 * 
-	 * @param substring
-	 * @param source
+	 * @param child
+	 * @param all
 	 * @return
 	 */
-	public static boolean isIn(String substring, String[] source) {
-		if (source == null || source.length == 0) {
+	public static boolean isIn(String child, String[] all) {
+		if (all == null || all.length == 0) {
 			return false;
 		}
-		for (int i = 0; i < source.length; i++) {
-			String aSource = source[i];
-			if (aSource.equals(substring)) {
+		for (int i = 0; i < all.length; i++) {
+			String aSource = all[i];
+			if (aSource.equals(child)) {
 				return true;
 			}
 		}
 		return false;
 	}
 
+	/**
+	 * 判断元素是否在数组内
+	 *
+	 * @param childArray
+	 * @param all
+	 * @return
+	 */
+	public static boolean isArrayIn(String[] childArray, String[] all) {
+		if (all == null || all.length == 0) {
+			return false;
+		}
+		for (String v : childArray) {
+			if (!isIn(v, all)) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	/**
+	 * 判断元素是否在数组内
+	 *
+	 * @param childArray
+	 * @param all
+	 * @return
+	 */
+	public static boolean isJsonArrayIn(JSONArray childArray, String[] all) {
+		if (all == null || all.length == 0) {
+			return false;
+		}
+
+		String[] childs = childArray.toArray(new String[]{});
+		for (String v : childs) {
+			if (!isIn(v, all)) {
+				return false;
+			}
+		}
+		return true;
+	}
+
 	/**
 	 * 获取Map对象
 	 */
@@ -649,6 +701,138 @@ public class oConvertUtils {
 		return (list == null || list.size() == 0);
 	}
 
+	/**
+	 * 判断旧值与新值 是否相等
+	 *
+	 * @param oldVal
+	 * @param newVal
+	 * @return
+	 */
+	public static boolean isEqual(Object oldVal, Object newVal) {
+		if (oldVal != null && newVal != null) {
+			if (isArray(oldVal)) {
+				return equalityOfArrays((Object[]) oldVal, (Object[]) newVal);
+			}else if(oldVal instanceof JSONArray){
+				if(newVal instanceof JSONArray){
+					return equalityOfJSONArray((JSONArray) oldVal, (JSONArray) newVal);
+				}else{
+					if (isEmpty(newVal) && (oldVal == null || ((JSONArray) oldVal).size() == 0)) {
+						return true;
+					}
+					List<Object> arrayStr = Arrays.asList(newVal.toString().split(","));
+					JSONArray newValArray = new JSONArray(arrayStr);
+					return equalityOfJSONArray((JSONArray) oldVal, newValArray);
+				}
+			}else{
+				return oldVal.equals(newVal);
+			}
+			
+		} else {
+			if (oldVal == null && newVal == null) {
+				return true;
+			} else {
+				return false;
+			}
+		}
+	}
+
+	/**
+	 * 方法描述 判断一个对象是否是一个数组
+	 *
+	 * @param obj
+	 * @return
+	 * @author yaomy
+	 * @date 2018年2月5日 下午5:03:00
+	 */
+	public static boolean isArray(Object obj) {
+		if (obj == null) {
+			return false;
+		}
+		return obj.getClass().isArray();
+	}
+	
+	/**
+	 * 判断两个数组是否相等（数组元素不分顺序）
+	 *
+	 * @param oldVal
+	 * @param newVal
+	 * @return
+	 */
+	public static boolean equalityOfJSONArray(JSONArray oldVal, JSONArray newVal) {
+		if (oldVal != null && newVal != null) {
+			Object[] oldValArray = oldVal.toArray();
+			Object[] newValArray = newVal.toArray();
+			return equalityOfArrays(oldValArray,newValArray);
+		} else {
+			if ((oldVal == null || oldVal.size() == 0) && (newVal == null || newVal.size() == 0)) {
+				return true;
+			} else {
+				return false;
+			}
+		}
+	}
+
+	/**
+	 * 比较带逗号的字符串
+	 * QQYUN-5212【简流】按日期触发 多选 人员组件 选择顺序不一致时 不触发，应该是统一问题 包括多选部门组件
+	 * @param oldVal
+	 * @param newVal
+	 * @return
+	 */
+	public static boolean equalityOfStringArrays(String oldVal, String newVal) {
+		if(oldVal.equals(newVal)){
+			return true;
+		}
+		if(oldVal.indexOf(",")>=0 && newVal.indexOf(",")>=0){
+			String[] arr1 = oldVal.split(",");
+			String[] arr2 = newVal.split(",");
+			if(arr1.length == arr2.length){
+				boolean flag = true;
+				Map<String, Integer> map = new HashMap<>();
+				for(String s1: arr1){
+					map.put(s1, 1);
+				}
+				for(String s2: arr2){
+					if(map.get(s2) == null){
+						flag = false;
+						break;
+					}
+				}
+				return flag;
+			}
+		}
+		return false;
+	}
+	
+	/**
+	 * 判断两个数组是否相等（数组元素不分顺序）
+	 *
+	 * @param oldVal
+	 * @param newVal
+	 * @return
+	 */
+	public static boolean equalityOfArrays(Object[] oldVal, Object newVal[]) {
+		if (oldVal != null && newVal != null) {
+			Arrays.sort(oldVal);
+			Arrays.sort(newVal);
+			return Arrays.equals(oldVal, newVal);
+		} else {
+			if ((oldVal == null || oldVal.length == 0) && (newVal == null || newVal.length == 0)) {
+				return true;
+			} else {
+				return false;
+			}
+		}
+	}
+
+//	public static void main(String[] args) {
+////		String[] a = new String[]{"1", "2"};
+////		String[] b = new String[]{"2", "1"};
+//		Integer a = null;
+//		Integer b = 1;
+//		System.out.println(oConvertUtils.isEqual(a, b));
+//	}
+	
 	/**
 	 * 判断 list 是否不为空
 	 *
@@ -677,4 +861,85 @@ public class oConvertUtils {
 		}
 		return json;
 	}
+
+	/**
+	 * 将List 转成 JSONArray
+	 * @return
+	 */
+	public static JSONArray list2JSONArray(List<String> list){
+		if(list==null || list.size()==0){
+			return null;
+		}
+		JSONArray array = new JSONArray();
+		for(String str: list){
+			array.add(str);
+		}
+		return array;
+	}
+
+	/**
+	 * 判断两个list中的元素是否完全一致
+	 * QQYUN-5326【简流】获取组织人员 单/多 筛选条件 没有部门筛选
+	 * @return
+	 */
+	public static boolean isEqList(List<String> list1, List<String> list2){
+		if(list1.size() != list2.size()){
+			return false;
+		}
+		for(String str1: list1){
+			boolean flag = false;
+			for(String str2: list2){
+				if(str1.equals(str2)){
+					flag = true;
+					break;
+				}
+			}
+			if(!flag){
+				return false;
+			}
+		}
+		return true;
+	}
+
+
+	/**
+	 * 判断 list1中的元素是否在list2中出现
+	 * QQYUN-5326【简流】获取组织人员 单/多 筛选条件 没有部门筛选
+	 * @param list1
+	 * @param list2
+	 * @return
+	 */
+	public static boolean isInList(List<String> list1, List<String> list2){
+		for(String str1: list1){
+			boolean flag = false;
+			for(String str2: list2){
+				if(str1.equals(str2)){
+					flag = true;
+					break;
+				}
+			}
+			if(flag){
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * 计算文件大小转成MB
+	 * @param uploadCount
+	 * @return
+	 */
+	public static Double calculateFileSizeToMb(Long uploadCount){
+		double count = 0.0;
+		if(uploadCount>0) {
+			BigDecimal bigDecimal = new BigDecimal(uploadCount);
+			//换算成MB
+			BigDecimal divide = bigDecimal.divide(new BigDecimal(1048576));
+			count = divide.setScale(2, BigDecimal.ROUND_HALF_UP).doubleValue();
+			return count;
+		}
+		return count;
+	}
+	
 }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/oss/OssBootUtil.java

@@ -7,11 +7,11 @@ import com.aliyun.oss.model.CannedAccessControlList;
 import com.aliyun.oss.model.OSSObject;
 import com.aliyun.oss.model.PutObjectResult;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.tomcat.util.http.fileupload.FileItemStream;
+import org.apache.commons.fileupload.FileItemStream;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.util.CommonUtils;
-import org.jeecg.common.util.filter.FileTypeFilter;
+import org.jeecg.common.util.filter.SsrfFileTypeFilter;
 import org.jeecg.common.util.filter.StrAttackFilter;
 import org.jeecg.common.util.oConvertUtils;
 import org.springframework.web.multipart.MultipartFile;
@@ -98,7 +98,7 @@ public class OssBootUtil {
      */
     public static String upload(MultipartFile file, String fileDir,String customBucket) throws Exception {
         //update-begin-author:liusq date:20210809 for: 过滤上传文件类型
-        FileTypeFilter.fileTypeFilter(file);
+        SsrfFileTypeFilter.checkUploadFileType(file);
         //update-end-author:liusq date:20210809 for: 过滤上传文件类型
 
         String filePath = null;
@@ -142,10 +142,10 @@ public class OssBootUtil {
                 log.info("------OSS文件上传成功------" + fileUrl);
             }
         } catch (IOException e) {
-            e.printStackTrace();
+            log.error(e.getMessage(),e);
             return null;
         }catch (Exception e) {
-            e.printStackTrace();
+            log.error(e.getMessage(),e);
             return null;
         }
         return filePath;
@@ -299,7 +299,10 @@ public class OssBootUtil {
             //update-end---author:liusq  Date:20220120  for：替换objectName前缀，防止key不一致导致获取不到文件----
             if(ossClient.doesObjectExist(bucketName,objectName)){
                 URL url = ossClient.generatePresignedUrl(bucketName,objectName,expires);
-                return URLDecoder.decode(url.toString(),"UTF-8");
+                //log.info("原始url : {}", url.toString());
+                //log.info("decode url : {}", URLDecoder.decode(url.toString(), "UTF-8"));
+                //【issues/4023】问题 oss外链经过转编码后，部分无效，大概在三分一；无需转编码直接返回即可 #4023
+                return url.toString();
             }
         }catch (Exception e){
             log.info("文件路径获取失败" + e.getMessage()); 

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java

@@ -1,8 +1,12 @@
 package org.jeecg.common.util.security;
 
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang.StringUtils;
+import org.jeecg.common.exception.JeecgSqlInjectionException;
 
 import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * 查询表/字段 黑名单处理
@@ -21,6 +25,11 @@ public abstract class AbstractQueryBlackListHandler {
      */
     public static Map<String, String> ruleMap = new HashMap<>();
 
+    /**
+     * 以下字符不能出现在表名中或是字段名中
+     */
+    public static final Pattern ILLEGAL_NAME_REG = Pattern.compile("[-]{2,}");
+
     static {
         ruleMap.put("sys_user", "password,salt");
     }
@@ -41,31 +50,87 @@ public abstract class AbstractQueryBlackListHandler {
      * @return
      */
     public boolean isPass(String sql) {
-        List<QueryTable> list = this.getQueryTableInfo(sql.toLowerCase());
+        List<QueryTable> list = null;
+        //【jeecg-boot/issues/4040】在线报表不支持子查询，解析报错 #4040
+        try {
+            list = this.getQueryTableInfo(sql.toLowerCase());
+        } catch (Exception e) {
+            log.warn("校验sql语句，解析报错：{}",e.getMessage());
+        }
+        
         if(list==null){
             return true;
         }
-        log.info("--获取sql信息--", list.toString());
-        boolean flag = true;
+        log.info("  获取sql信息 ：{} ", list.toString());
+        boolean flag = checkTableAndFieldsName(list);
+        if(flag == false){
+            return false;
+        }
         for (QueryTable table : list) {
             String name = table.getName();
-            String fieldString = ruleMap.get(name);
+            String fieldRule = ruleMap.get(name);
             // 有没有配置这张表
-            if (fieldString != null) {
-                if ("*".equals(fieldString) || table.isAll()) {
+            if (fieldRule != null) {
+                if ("*".equals(fieldRule) || table.isAll()) {
                     flag = false;
                     log.warn("sql黑名单校验，表【"+name+"】禁止查询");
                     break;
-                } else if (table.existSameField(fieldString)) {
+                } else if (table.existSameField(fieldRule)) {
                     flag = false;
                     break;
                 }
 
             }
         }
+
+        // 返回黑名单校验结果（不合法直接抛出异常）
+        if(!flag){
+            log.error(this.getError());
+            throw new JeecgSqlInjectionException(this.getError());
+        }
         return flag;
     }
 
+    /**
+     * 校验表名和字段名是否有效，或是是否会带些特殊的字符串进行sql注入
+     * issues/4983 SQL Injection in 3.5.1 #4983
+     * @return
+     */
+    private boolean checkTableAndFieldsName(List<QueryTable> list){
+        boolean flag = true;
+        for(QueryTable queryTable: list){
+            String tableName = queryTable.getName();
+            if(hasSpecialString(tableName)){
+                flag = false;
+                log.warn("sql黑名单校验，表名【"+tableName+"】包含特殊字符");
+                break;
+            }
+            Set<String> fields = queryTable.getFields();
+            for(String name: fields){
+                if(hasSpecialString(name)){
+                    flag = false;
+                    log.warn("sql黑名单校验，字段名【"+name+"】包含特殊字符");
+                    break;
+                } 
+            }
+        }
+        return flag;
+    }
+
+    /**
+     * 是否包含特殊的字符串
+     * @param name
+     * @return
+     */
+    private boolean hasSpecialString(String name){
+        Matcher m = ILLEGAL_NAME_REG.matcher(name);
+        if (m.find()) {
+            return true;
+        }
+        return false;
+    }
+    
+
     /**
      * 查询的表的信息
      */
@@ -132,21 +197,21 @@ public abstract class AbstractQueryBlackListHandler {
          * @return
          */
         public boolean existSameField(String fieldString) {
-            String[] arr = fieldString.split(",");
-            for (String exp : fields) {
-                for (String config : arr) {
-                    if (exp.equals(config)) {
+            String[] controlFields = fieldString.split(",");
+            for (String sqlField : fields) {
+                for (String controlField : controlFields) {
+                    if (sqlField.equals(controlField)) {
                         // 非常明确的列直接比较
-                        log.warn("sql黑名单校验，表【"+name+"】中字段【"+config+"】禁止查询");
+                        log.warn("sql黑名单校验，表【"+name+"】中字段【"+controlField+"】禁止查询");
                         return true;
                     } else {
                         // 使用表达式的列 只能判读字符串包含了
-                        String aliasColumn = config;
-                        if (alias != null && alias.length() > 0) {
-                            aliasColumn = alias + "." + config;
+                        String aliasColumn = controlField;
+                        if (StringUtils.isNotBlank(alias)) {
+                            aliasColumn = alias + "." + controlField;
                         }
-                        if (exp.indexOf(aliasColumn) > 0) {
-                            log.warn("sql黑名单校验，表【"+name+"】中字段【"+config+"】禁止查询");
+                        if (sqlField.indexOf(aliasColumn) != -1) {
+                            log.warn("sql黑名单校验，表【"+name+"】中字段【"+controlField+"】禁止查询");
                             return true;
                         }
                     }

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/InjectionAstNodeVisitor.java

@@ -0,0 +1,33 @@
+package org.jeecg.common.util.sqlInjection;
+
+import net.sf.jsqlparser.parser.CCJSqlParserDefaultVisitor;
+import net.sf.jsqlparser.parser.SimpleNode;
+import net.sf.jsqlparser.statement.select.UnionOp;
+import org.jeecg.common.exception.JeecgSqlInjectionException;
+
+/**
+ * 基于抽象语法树(AST)的注入攻击分析实现
+ *
+ * @author guyadong
+ */
+public class InjectionAstNodeVisitor extends CCJSqlParserDefaultVisitor {
+    public InjectionAstNodeVisitor() {
+    }
+
+    /**
+     * 处理禁止联合查询
+     *
+     * @param node
+     * @param data
+     * @return
+     */
+    @Override
+    public Object visit(SimpleNode node, Object data) {
+        Object value = node.jjtGetValue();
+        if (value instanceof UnionOp) {
+            throw new JeecgSqlInjectionException("DISABLE UNION");
+        }
+        return super.visit(node, data);
+    }
+}
+

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/InjectionSyntaxObjectAnalyzer.java

@@ -0,0 +1,172 @@
+package org.jeecg.common.util.sqlInjection;
+
+
+import net.sf.jsqlparser.expression.BinaryExpression;
+import net.sf.jsqlparser.expression.Expression;
+import net.sf.jsqlparser.expression.Function;
+import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
+import net.sf.jsqlparser.expression.operators.relational.ComparisonOperator;
+import net.sf.jsqlparser.schema.Column;
+import net.sf.jsqlparser.statement.select.Join;
+import net.sf.jsqlparser.statement.select.OrderByElement;
+import net.sf.jsqlparser.statement.select.PlainSelect;
+import net.sf.jsqlparser.statement.select.SelectItem;
+import net.sf.jsqlparser.statement.select.SubSelect;
+import net.sf.jsqlparser.statement.select.WithItem;
+import net.sf.jsqlparser.util.TablesNamesFinder;
+import org.jeecg.common.exception.JeecgSqlInjectionException;
+import org.jeecg.common.util.sqlInjection.parse.ConstAnalyzer;
+import org.jeecg.common.util.sqlInjection.parse.ParserSupport;
+
+/**
+ * 基于SQL语法对象的SQL注入攻击分析实现
+ *
+ * @author guyadong
+ */
+public class InjectionSyntaxObjectAnalyzer extends TablesNamesFinder {
+    /**
+     * 危险函数名
+     */
+    private static final String DANGROUS_FUNCTIONS = "(sleep|benchmark|extractvalue|updatexml|ST_LatFromGeoHash|ST_LongFromGeoHash|GTID_SUBSET|GTID_SUBTRACT|floor|ST_Pointfromgeohash"
+            + "|geometrycollection|multipoint|polygon|multipolygon|linestring|multilinestring)";
+
+    private static ThreadLocal<Boolean> disableSubselect = new ThreadLocal<Boolean>() {
+        @Override
+        protected Boolean initialValue() {
+            return true;
+        }
+    };
+    private ConstAnalyzer constAnalyzer = new ConstAnalyzer();
+
+    public InjectionSyntaxObjectAnalyzer() {
+        super();
+        init(true);
+
+    }
+
+    @Override
+    public void visitBinaryExpression(BinaryExpression binaryExpression) {
+        if (binaryExpression instanceof ComparisonOperator) {
+            if (isConst(binaryExpression.getLeftExpression()) && isConst(binaryExpression.getRightExpression())) {
+                /** 禁用恒等式 */
+                throw new JeecgSqlInjectionException("DISABLE IDENTICAL EQUATION " + binaryExpression);
+            }
+        }
+        super.visitBinaryExpression(binaryExpression);
+    }
+
+    @Override
+    public void visit(AndExpression andExpression) {
+        super.visit(andExpression);
+        checkConstExpress(andExpression.getLeftExpression());
+        checkConstExpress(andExpression.getRightExpression());
+    }
+
+    @Override
+    public void visit(OrExpression orExpression) {
+        super.visit(orExpression);
+        checkConstExpress(orExpression.getLeftExpression());
+        checkConstExpress(orExpression.getRightExpression());
+    }
+
+    @Override
+    public void visit(Function function) {
+        if (function.getName().matches(DANGROUS_FUNCTIONS)) {
+            /** 禁用危险函数 */
+            throw new JeecgSqlInjectionException("DANGROUS FUNCTION: " + function.getName());
+        }
+        super.visit(function);
+    }
+
+    @Override
+    public void visit(WithItem withItem) {
+        try {
+            /** 允许 WITH 语句中的子查询 */
+            disableSubselect.set(false);
+            super.visit(withItem);
+        } finally {
+            disableSubselect.set(true);
+        }
+    }
+
+    @Override
+    public void visit(SubSelect subSelect) {
+        try {
+            /** 允许语句中的子查询 */
+            disableSubselect.set(false);
+            super.visit(subSelect);
+        } finally {
+            disableSubselect.set(true);
+        }
+//        if (disableSubselect.get()) {
+//            // 禁用子查询
+//            throw new JeecgSqlInjectionException("DISABLE subselect " + subSelect);
+//        }
+    }
+
+    @Override
+    public void visit(Column tableColumn) {
+        if (ParserSupport.isBoolean(tableColumn)) {
+            throw new JeecgSqlInjectionException("DISABLE CONST BOOL " + tableColumn);
+        }
+        super.visit(tableColumn);
+    }
+
+    @Override
+    public void visit(PlainSelect plainSelect) {
+        if (plainSelect.getSelectItems() != null) {
+            for (SelectItem item : plainSelect.getSelectItems()) {
+                item.accept(this);
+            }
+        }
+
+        if (plainSelect.getFromItem() != null) {
+            plainSelect.getFromItem().accept(this);
+        }
+
+        if (plainSelect.getJoins() != null) {
+            for (Join join : plainSelect.getJoins()) {
+                join.getRightItem().accept(this);
+                for (Expression e : join.getOnExpressions()) {
+                    e.accept(this);
+                }
+            }
+        }
+        if (plainSelect.getWhere() != null) {
+            plainSelect.getWhere().accept(this);
+            checkConstExpress(plainSelect.getWhere());
+        }
+
+        if (plainSelect.getHaving() != null) {
+            plainSelect.getHaving().accept(this);
+        }
+
+        if (plainSelect.getOracleHierarchical() != null) {
+            plainSelect.getOracleHierarchical().accept(this);
+        }
+        if (plainSelect.getOrderByElements() != null) {
+            for (OrderByElement orderByElement : plainSelect.getOrderByElements()) {
+                orderByElement.getExpression().accept(this);
+            }
+        }
+        if (plainSelect.getGroupBy() != null) {
+            for (Expression expression : plainSelect.getGroupBy().getGroupByExpressionList().getExpressions()) {
+                expression.accept(this);
+            }
+        }
+    }
+
+    private boolean isConst(Expression expression) {
+        return constAnalyzer.isConstExpression(expression);
+    }
+
+    private void checkConstExpress(Expression expression) {
+        if (constAnalyzer.isConstExpression(expression)) {
+            /** 禁用常量表达式 */
+            throw new JeecgSqlInjectionException("DISABLE CONST EXPRESSION " + expression);
+        }
+    }
+}
+
+

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/SqlInjectionAnalyzer.java

@@ -0,0 +1,65 @@
+package org.jeecg.common.util.sqlInjection;
+
+import org.jeecg.common.exception.JeecgSqlInjectionException;
+import org.jeecg.common.util.sqlInjection.parse.ParserSupport;
+;
+
+/**
+ * SQL注入攻击分析器
+ *
+ * @author guyadong
+ * 参考:
+ * https://blog.csdn.net/10km/article/details/127767358
+ * https://gitee.com/l0km/sql2java/tree/dev/sql2java-manager/src/main/java/gu/sql2java/parser
+ */
+public class SqlInjectionAnalyzer {
+
+    //启用/关闭注入攻击检查
+    private boolean injectCheckEnable = true;
+    //防止SQL注入攻击分析实现
+    private final InjectionSyntaxObjectAnalyzer injectionChecker;
+    private final InjectionAstNodeVisitor injectionVisitor;
+
+    public SqlInjectionAnalyzer() {
+        this.injectionChecker = new InjectionSyntaxObjectAnalyzer();
+        this.injectionVisitor = new InjectionAstNodeVisitor();
+    }
+
+    /**
+     * 启用/关闭注入攻击检查,默认启动
+     *
+     * @param enable
+     * @return
+     */
+    public SqlInjectionAnalyzer injectCheckEnable(boolean enable) {
+        injectCheckEnable = enable;
+        return this;
+    }
+
+    /**
+     * 对解析后的SQL对象执行注入攻击分析，有注入攻击的危险则抛出异常{@link JeecgSqlInjectionException}
+     *
+     * @param sqlParserInfo
+     * @throws JeecgSqlInjectionException
+     */
+    public ParserSupport.SqlParserInfo injectAnalyse(ParserSupport.SqlParserInfo sqlParserInfo) throws JeecgSqlInjectionException {
+        if (null != sqlParserInfo && injectCheckEnable) {
+            /** SQL注入攻击检查 */
+            sqlParserInfo.statement.accept(injectionChecker);
+            sqlParserInfo.simpleNode.jjtAccept(injectionVisitor, null);
+        }
+        return sqlParserInfo;
+    }
+
+    /**
+     * sql校验
+     */
+    public static void checkSql(String sql,boolean check){
+        SqlInjectionAnalyzer sqlInjectionAnalyzer = new SqlInjectionAnalyzer();
+        sqlInjectionAnalyzer.injectCheckEnable(check);
+        ParserSupport.SqlParserInfo sqlParserInfo = ParserSupport.parse0(sql, null,null);
+        sqlInjectionAnalyzer.injectAnalyse(sqlParserInfo);
+    }
+}
+
+

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/parse/ConstAnalyzer.java

@@ -0,0 +1,601 @@
+package org.jeecg.common.util.sqlInjection.parse;
+
+import net.sf.jsqlparser.expression.AllValue;
+import net.sf.jsqlparser.expression.AnalyticExpression;
+import net.sf.jsqlparser.expression.AnyComparisonExpression;
+import net.sf.jsqlparser.expression.ArrayConstructor;
+import net.sf.jsqlparser.expression.ArrayExpression;
+import net.sf.jsqlparser.expression.BinaryExpression;
+import net.sf.jsqlparser.expression.CaseExpression;
+import net.sf.jsqlparser.expression.CastExpression;
+import net.sf.jsqlparser.expression.CollateExpression;
+import net.sf.jsqlparser.expression.ConnectByRootOperator;
+import net.sf.jsqlparser.expression.DateTimeLiteralExpression;
+import net.sf.jsqlparser.expression.DateValue;
+import net.sf.jsqlparser.expression.DoubleValue;
+import net.sf.jsqlparser.expression.Expression;
+import net.sf.jsqlparser.expression.ExpressionVisitor;
+import net.sf.jsqlparser.expression.ExtractExpression;
+import net.sf.jsqlparser.expression.Function;
+import net.sf.jsqlparser.expression.HexValue;
+import net.sf.jsqlparser.expression.IntervalExpression;
+import net.sf.jsqlparser.expression.JdbcNamedParameter;
+import net.sf.jsqlparser.expression.JdbcParameter;
+import net.sf.jsqlparser.expression.JsonAggregateFunction;
+import net.sf.jsqlparser.expression.JsonExpression;
+import net.sf.jsqlparser.expression.JsonFunction;
+import net.sf.jsqlparser.expression.JsonFunctionExpression;
+import net.sf.jsqlparser.expression.KeepExpression;
+import net.sf.jsqlparser.expression.LongValue;
+import net.sf.jsqlparser.expression.MySQLGroupConcat;
+import net.sf.jsqlparser.expression.NextValExpression;
+import net.sf.jsqlparser.expression.NotExpression;
+import net.sf.jsqlparser.expression.NullValue;
+import net.sf.jsqlparser.expression.NumericBind;
+import net.sf.jsqlparser.expression.OracleHierarchicalExpression;
+import net.sf.jsqlparser.expression.OracleHint;
+import net.sf.jsqlparser.expression.OracleNamedFunctionParameter;
+import net.sf.jsqlparser.expression.Parenthesis;
+import net.sf.jsqlparser.expression.RowConstructor;
+import net.sf.jsqlparser.expression.RowGetExpression;
+import net.sf.jsqlparser.expression.SignedExpression;
+import net.sf.jsqlparser.expression.StringValue;
+import net.sf.jsqlparser.expression.TimeKeyExpression;
+import net.sf.jsqlparser.expression.TimeValue;
+import net.sf.jsqlparser.expression.TimestampValue;
+import net.sf.jsqlparser.expression.TimezoneExpression;
+import net.sf.jsqlparser.expression.TryCastExpression;
+import net.sf.jsqlparser.expression.UserVariable;
+import net.sf.jsqlparser.expression.ValueListExpression;
+import net.sf.jsqlparser.expression.VariableAssignment;
+import net.sf.jsqlparser.expression.WhenClause;
+import net.sf.jsqlparser.expression.XMLSerializeExpr;
+import net.sf.jsqlparser.expression.operators.arithmetic.Addition;
+import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseAnd;
+import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseLeftShift;
+import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseOr;
+import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseRightShift;
+import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseXor;
+import net.sf.jsqlparser.expression.operators.arithmetic.Concat;
+import net.sf.jsqlparser.expression.operators.arithmetic.Division;
+import net.sf.jsqlparser.expression.operators.arithmetic.IntegerDivision;
+import net.sf.jsqlparser.expression.operators.arithmetic.Modulo;
+import net.sf.jsqlparser.expression.operators.arithmetic.Multiplication;
+import net.sf.jsqlparser.expression.operators.arithmetic.Subtraction;
+import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
+import net.sf.jsqlparser.expression.operators.conditional.XorExpression;
+import net.sf.jsqlparser.expression.operators.relational.Between;
+import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
+import net.sf.jsqlparser.expression.operators.relational.ExistsExpression;
+import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
+import net.sf.jsqlparser.expression.operators.relational.FullTextSearch;
+import net.sf.jsqlparser.expression.operators.relational.GeometryDistance;
+import net.sf.jsqlparser.expression.operators.relational.GreaterThan;
+import net.sf.jsqlparser.expression.operators.relational.GreaterThanEquals;
+import net.sf.jsqlparser.expression.operators.relational.InExpression;
+import net.sf.jsqlparser.expression.operators.relational.IsBooleanExpression;
+import net.sf.jsqlparser.expression.operators.relational.IsDistinctExpression;
+import net.sf.jsqlparser.expression.operators.relational.IsNullExpression;
+import net.sf.jsqlparser.expression.operators.relational.ItemsListVisitor;
+import net.sf.jsqlparser.expression.operators.relational.JsonOperator;
+import net.sf.jsqlparser.expression.operators.relational.LikeExpression;
+import net.sf.jsqlparser.expression.operators.relational.Matches;
+import net.sf.jsqlparser.expression.operators.relational.MinorThan;
+import net.sf.jsqlparser.expression.operators.relational.MinorThanEquals;
+import net.sf.jsqlparser.expression.operators.relational.MultiExpressionList;
+import net.sf.jsqlparser.expression.operators.relational.NamedExpressionList;
+import net.sf.jsqlparser.expression.operators.relational.NotEqualsTo;
+import net.sf.jsqlparser.expression.operators.relational.RegExpMatchOperator;
+import net.sf.jsqlparser.expression.operators.relational.RegExpMySQLOperator;
+import net.sf.jsqlparser.expression.operators.relational.SimilarToExpression;
+import net.sf.jsqlparser.schema.Column;
+import net.sf.jsqlparser.statement.select.AllColumns;
+import net.sf.jsqlparser.statement.select.AllTableColumns;
+import net.sf.jsqlparser.statement.select.OrderByElement;
+import net.sf.jsqlparser.statement.select.SubSelect;
+
+/**
+ * 判断表达是否为常量的分析器
+ *
+ * @author guyadong
+ */
+public class ConstAnalyzer implements ExpressionVisitor, ItemsListVisitor {
+
+    private static ThreadLocal<Boolean> constFlag = new ThreadLocal<Boolean>() {
+        @Override
+        protected Boolean initialValue() {
+            return true;
+        }
+    };
+
+    @Override
+    public void visit(NullValue value) {
+    }
+
+    @Override
+    public void visit(Function function) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(SignedExpression expr) {
+        expr.getExpression().accept(this);
+    }
+
+    @Override
+    public void visit(JdbcParameter parameter) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(JdbcNamedParameter parameter) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(DoubleValue value) {
+
+    }
+
+    @Override
+    public void visit(LongValue value) {
+
+    }
+
+    @Override
+    public void visit(DateValue value) {
+
+    }
+
+    @Override
+    public void visit(TimeValue value) {
+
+    }
+
+    @Override
+    public void visit(TimestampValue value) {
+
+    }
+
+    @Override
+    public void visit(Parenthesis parenthesis) {
+        parenthesis.getExpression().accept(this);
+    }
+
+    @Override
+    public void visit(StringValue value) {
+
+    }
+
+    @Override
+    public void visit(Addition expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(Division expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(IntegerDivision expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(Multiplication expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(Subtraction expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(AndExpression expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(OrExpression expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(XorExpression expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(Between expr) {
+        expr.getLeftExpression().accept(this);
+        expr.getBetweenExpressionStart().accept(this);
+        expr.getBetweenExpressionEnd().accept(this);
+    }
+
+    @Override
+    public void visit(EqualsTo expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(GreaterThan expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(GreaterThanEquals expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(InExpression expr) {
+        if (expr.getLeftExpression() != null) {
+            expr.getLeftExpression().accept(this);
+        }
+    }
+
+    @Override
+    public void visit(IsNullExpression expr) {
+        expr.getLeftExpression().accept(this);
+    }
+
+    @Override
+    public void visit(FullTextSearch expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(IsBooleanExpression expr) {
+        expr.getLeftExpression().accept(this);
+    }
+
+    @Override
+    public void visit(LikeExpression expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(MinorThan expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(MinorThanEquals expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(NotEqualsTo expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(Column column) {
+        if (!ParserSupport.isBoolean(column)) {
+            constFlag.set(false);
+        }
+    }
+
+    @Override
+    public void visit(SubSelect subSelect) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(CaseExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(WhenClause expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(ExistsExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(AnyComparisonExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(Concat expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(Matches expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(BitwiseAnd expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(BitwiseOr expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(BitwiseXor expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(CastExpression expr) {
+        expr.getLeftExpression().accept(this);
+    }
+
+    @Override
+    public void visit(TryCastExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(Modulo expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(AnalyticExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(ExtractExpression expr) {
+        expr.getExpression().accept(this);
+    }
+
+    @Override
+    public void visit(IntervalExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(OracleHierarchicalExpression expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(RegExpMatchOperator expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(ExpressionList expressionList) {
+        for (Expression expr : expressionList.getExpressions()) {
+            expr.accept(this);
+        }
+    }
+
+    @Override
+    public void visit(NamedExpressionList namedExpressionList) {
+        for (Expression expr : namedExpressionList.getExpressions()) {
+            expr.accept(this);
+        }
+    }
+
+    @Override
+    public void visit(MultiExpressionList multiExprList) {
+        for (ExpressionList list : multiExprList.getExpressionLists()) {
+            visit(list);
+        }
+    }
+
+    @Override
+    public void visit(NotExpression notExpr) {
+        notExpr.getExpression().accept(this);
+    }
+
+    @Override
+    public void visit(BitwiseRightShift expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(BitwiseLeftShift expr) {
+        visitBinaryExpression(expr);
+    }
+
+    protected void visitBinaryExpression(BinaryExpression expr) {
+        expr.getLeftExpression().accept(this);
+        expr.getRightExpression().accept(this);
+    }
+
+    @Override
+    public void visit(JsonExpression jsonExpr) {
+        jsonExpr.getExpression().accept(this);
+    }
+
+    @Override
+    public void visit(JsonOperator expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(RegExpMySQLOperator expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(UserVariable var) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(NumericBind bind) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(KeepExpression expr) {
+        for (OrderByElement element : expr.getOrderByElements()) {
+            element.getExpression().accept(this);
+        }
+    }
+
+    @Override
+    public void visit(MySQLGroupConcat groupConcat) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(ValueListExpression valueListExpression) {
+        for (Expression expr : valueListExpression.getExpressionList().getExpressions()) {
+            expr.accept(this);
+        }
+    }
+
+    @Override
+    public void visit(AllColumns allColumns) {
+
+    }
+
+    @Override
+    public void visit(AllTableColumns allTableColumns) {
+
+    }
+
+    @Override
+    public void visit(AllValue allValue) {
+
+    }
+
+    @Override
+    public void visit(IsDistinctExpression isDistinctExpression) {
+        visitBinaryExpression(isDistinctExpression);
+    }
+
+    @Override
+    public void visit(RowGetExpression rowGetExpression) {
+        rowGetExpression.getExpression().accept(this);
+    }
+
+    @Override
+    public void visit(HexValue hexValue) {
+
+    }
+
+    @Override
+    public void visit(OracleHint hint) {
+
+    }
+
+    @Override
+    public void visit(TimeKeyExpression timeKeyExpression) {
+
+    }
+
+    @Override
+    public void visit(DateTimeLiteralExpression literal) {
+    }
+
+    @Override
+    public void visit(NextValExpression nextVal) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(CollateExpression col) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(SimilarToExpression expr) {
+        visitBinaryExpression(expr);
+    }
+
+    @Override
+    public void visit(ArrayExpression array) {
+        array.getObjExpression().accept(this);
+        if (array.getIndexExpression() != null) {
+            array.getIndexExpression().accept(this);
+        }
+        if (array.getStartIndexExpression() != null) {
+            array.getStartIndexExpression().accept(this);
+        }
+        if (array.getStopIndexExpression() != null) {
+            array.getStopIndexExpression().accept(this);
+        }
+    }
+
+    @Override
+    public void visit(ArrayConstructor aThis) {
+        for (Expression expression : aThis.getExpressions()) {
+            expression.accept(this);
+        }
+    }
+
+    @Override
+    public void visit(VariableAssignment var) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(XMLSerializeExpr expr) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(TimezoneExpression expr) {
+        expr.getLeftExpression().accept(this);
+    }
+
+    @Override
+    public void visit(JsonAggregateFunction expression) {
+        Expression expr = expression.getExpression();
+        if (expr != null) {
+            expr.accept(this);
+        }
+
+        expr = expression.getFilterExpression();
+        if (expr != null) {
+            expr.accept(this);
+        }
+    }
+
+    @Override
+    public void visit(JsonFunction expression) {
+        for (JsonFunctionExpression expr : expression.getExpressions()) {
+            expr.getExpression().accept(this);
+        }
+    }
+
+    @Override
+    public void visit(ConnectByRootOperator connectByRootOperator) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(OracleNamedFunctionParameter oracleNamedFunctionParameter) {
+        constFlag.set(false);
+    }
+
+    @Override
+    public void visit(GeometryDistance geometryDistance) {
+        visitBinaryExpression(geometryDistance);
+    }
+
+    @Override
+    public void visit(RowConstructor rowConstructor) {
+        constFlag.set(false);
+    }
+
+    public boolean isConstExpression(Expression expression) {
+        if (null != expression) {
+            constFlag.set(true);
+            expression.accept(this);
+            return constFlag.get();
+        }
+        return false;
+    }
+}
+

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/parse/ParserSupport.java

@@ -0,0 +1,177 @@
+package org.jeecg.common.util.sqlInjection.parse;
+
+import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.JSQLParserException;
+import net.sf.jsqlparser.parser.*;
+import net.sf.jsqlparser.schema.Column;
+import net.sf.jsqlparser.statement.Statement;
+import net.sf.jsqlparser.statement.select.PlainSelect;
+import net.sf.jsqlparser.statement.select.Select;
+import net.sf.jsqlparser.statement.select.SelectBody;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import com.google.common.base.Throwables;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.exception.JeecgSqlInjectionException;
+
+/**
+ * 解析sql支持
+ */
+@Slf4j
+public class ParserSupport {
+    /**
+     * 解析SELECT SQL语句,解析失败或非SELECT语句则抛出异常
+     *
+     * @param sql
+     * @return
+     */
+    public static Select parseSelect(String sql) {
+        Statement stmt;
+        try {
+            stmt = CCJSqlParserUtil.parse(checkNotNull(sql, "sql is null"));
+        } catch (JSQLParserException e) {
+            throw new JeecgBootException(e);
+        }
+        checkArgument(stmt instanceof Select, "%s is not  SELECT statment", sql);
+        Select select = (Select) stmt;
+        SelectBody selectBody = select.getSelectBody();
+        // 暂时只支持简单的SELECT xxxx FROM ....语句不支持复杂语句如WITH
+        checkArgument(selectBody instanceof PlainSelect, "ONLY SUPPORT plain select statement %s", sql);
+        return (Select) stmt;
+    }
+
+    /**
+     * 解析SELECT SQL语句,解析失败或非SELECT语句则
+     *
+     * @param sql
+     * @return
+     */
+    public static Select parseSelectUnchecked(String sql) {
+        try {
+            return parseSelect(sql);
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    /**
+     * 实现SQL语句解析,解析成功则返回解析后的{@link Statement}，
+     * 并通过{@code visitor}参数提供基于AST(抽象语法树)的遍历所有节点的能力。
+     *
+     * @param sql                 SQL语句
+     * @param visitor             遍历所有节点的{@link SimpleNodeVisitor}接口实例，为{@code null}忽略
+     * @param sqlSyntaxNormalizer SQL语句分析转换器，为{@code null}忽略
+     * @throws JSQLParserException 输入的SQL语句有语法错误
+     * @see #parse0(String, CCJSqlParserVisitor, SqlSyntaxNormalizer)
+     */
+    public static Statement parse(String sql, CCJSqlParserVisitor visitor, SqlSyntaxNormalizer sqlSyntaxNormalizer) throws JSQLParserException {
+        return parse0(sql, visitor, sqlSyntaxNormalizer).statement;
+    }
+
+    /**
+     * 参照{@link CCJSqlParserUtil#parseAST(String)}和{@link CCJSqlParserUtil#parse(String)}实现SQL语句解析,
+     * 解析成功则返回解析后的{@link SqlParserInfo}对象，
+     * 并通过{@code visitor}参数提供基于AST(抽象语法树)的遍历所有节点的能力。
+     *
+     * @param sql               SQL语句
+     * @param visitor           遍历所有节点的{@link SimpleNodeVisitor}接口实例，为{@code null}忽略
+     * @param sqlSyntaxAnalyzer SQL语句分析转换器，为{@code null}忽略
+     * @throws JSQLParserException 输入的SQL语句有语法错误
+     * @see net.sf.jsqlparser.parser.Node#jjtAccept(SimpleNodeVisitor, Object)
+     */
+    public static SqlParserInfo parse0(String sql, CCJSqlParserVisitor visitor, SqlSyntaxNormalizer sqlSyntaxAnalyzer) throws JeecgSqlInjectionException {
+
+        //检查是否非select开头，暂不支持
+        if(!sql.toLowerCase().trim().startsWith("select ")) {
+            log.warn("传入sql 非select开头，不支持非select开头的语句解析！");
+            return null;
+        }
+
+        //检查是否存储过程，暂不支持
+        if(sql.toLowerCase().trim().startsWith("call ")){
+            log.warn("传入call 开头存储过程，不支持存储过程解析！");
+            return null;
+        }
+
+        //检查特殊语义的特殊字符，目前检查冒号、$、#三种特殊语义字符
+        String specialCharacters = "[:$#]";
+        Pattern pattern = Pattern.compile(specialCharacters);
+        Matcher matcher = pattern.matcher(sql);
+        if (matcher.find()) {
+            sql = sql.replaceAll("[:$#]", "@");
+        }
+
+        checkArgument(null != sql, "sql is null");
+        boolean allowComplexParsing = CCJSqlParserUtil.getNestingDepth(sql) <= CCJSqlParserUtil.ALLOWED_NESTING_DEPTH;
+
+        CCJSqlParser parser = CCJSqlParserUtil.newParser(sql).withAllowComplexParsing(allowComplexParsing);
+        Statement stmt;
+        try {
+            stmt = parser.Statement();
+        } catch (Exception ex) {
+            log.error("请注意，SQL语法可能存在问题---> {}", ex.getMessage());
+            throw new JeecgSqlInjectionException("请注意，SQL语法可能存在问题:"+sql);
+        }
+        if (null != visitor) {
+            parser.getASTRoot().jjtAccept(visitor, null);
+        }
+        if (null != sqlSyntaxAnalyzer) {
+            stmt.accept(sqlSyntaxAnalyzer.resetChanged());
+        }
+        return new SqlParserInfo(stmt.toString(), stmt, (SimpleNode) parser.getASTRoot());
+    }
+
+    /**
+     * 调用{@link CCJSqlParser}解析SQL语句部件返回解析生成的对象,如{@code 'ORDER BY id DESC'}
+     *
+     * @param <T>
+     * @param input
+     * @param method     指定调用的{@link CCJSqlParser}解析方法
+     * @param targetType 返回的解析对象类型
+     * @return
+     * @since 3.18.3
+     */
+    public static <T> T parseComponent(String input, String method, Class<T> targetType) {
+        try {
+            CCJSqlParser parser = new CCJSqlParser(new StringProvider(input));
+            try {
+                return checkNotNull(targetType, "targetType is null").cast(parser.getClass().getMethod(method).invoke(parser));
+            } catch (InvocationTargetException e) {
+                Throwables.throwIfUnchecked(e.getTargetException());
+                throw new RuntimeException(e.getTargetException());
+            }
+        } catch (IllegalAccessException | NoSuchMethodException | SecurityException e) {
+            Throwables.throwIfUnchecked(e);
+            throw new RuntimeException(e);
+        }
+    }
+
+    /**
+     * 如果{@link Column}没有定义table,且字段名为true/false(不区分大小写)则视为布尔常量
+     *
+     * @param column
+     */
+    public static boolean isBoolean(Column column) {
+        return null != column && null == column.getTable() &&
+                Pattern.compile("(true|false)", Pattern.CASE_INSENSITIVE).matcher(column.getColumnName()).matches();
+    }
+
+    public static class SqlParserInfo {
+        public String nativeSql;
+        public Statement statement;
+        public SimpleNode simpleNode;
+
+        SqlParserInfo(String nativeSql, Statement statement, SimpleNode simpleNode) {
+            this.nativeSql = nativeSql;
+            this.statement = statement;
+            this.simpleNode = simpleNode;
+        }
+    }
+}
+

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlInjection/parse/SqlSyntaxNormalizer.java

@@ -0,0 +1,37 @@
+package org.jeecg.common.util.sqlInjection.parse;
+
+import net.sf.jsqlparser.util.TablesNamesFinder;
+
+/**
+ *  SQL语句分析转换器基类<br>
+ * 基于SQL语法对象实现对SQL的修改
+ * （暂时用不到）
+ *
+ * @author guyadong
+ * @since 3.17.0
+ */
+public class SqlSyntaxNormalizer extends TablesNamesFinder {
+    protected static final ThreadLocal<Boolean> changed = new ThreadLocal<>();
+
+    public SqlSyntaxNormalizer() {
+        super();
+        init(true);
+
+    }
+
+    /**
+     * 语句改变返回{@code true},否则返回{@code false}
+     */
+    public boolean changed() {
+        return Boolean.TRUE.equals(changed.get());
+    }
+
+    /**
+     * 复位线程局部变量{@link #changed}状态
+     */
+    public SqlSyntaxNormalizer resetChanged() {
+        changed.remove();
+        return this;
+    }
+}
+

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlparse/JSqlParserAllTableManager.java

@@ -0,0 +1,255 @@
+package org.jeecg.common.util.sqlparse;
+
+import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.JSQLParserException;
+import net.sf.jsqlparser.expression.*;
+import net.sf.jsqlparser.parser.CCJSqlParserManager;
+import net.sf.jsqlparser.schema.Column;
+import net.sf.jsqlparser.schema.Table;
+import net.sf.jsqlparser.statement.Statement;
+import net.sf.jsqlparser.statement.select.*;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
+
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 解析所有表名和字段的类
+ */
+@Slf4j
+public class JSqlParserAllTableManager {
+
+    private final String sql;
+    private final Map<String, SelectSqlInfo> allTableMap = new HashMap<>();
+    /**
+     * 别名对应实际表名
+     */
+    private final Map<String, String> tableAliasMap = new HashMap<>();
+
+    /**
+     * 解析后的sql
+     */
+    private String parsedSql = null;
+
+    JSqlParserAllTableManager(String selectSql) {
+        this.sql = selectSql;
+    }
+
+    /**
+     * 开始解析
+     *
+     * @return
+     * @throws JSQLParserException
+     */
+    public Map<String, SelectSqlInfo> parse() throws JSQLParserException {
+        // 1. 创建解析器
+        CCJSqlParserManager mgr = new CCJSqlParserManager();
+        // 2. 使用解析器解析sql生成具有层次结构的java类
+        Statement stmt = mgr.parse(new StringReader(this.sql));
+        if (stmt instanceof Select) {
+            Select selectStatement = (Select) stmt;
+            SelectBody selectBody = selectStatement.getSelectBody();
+            this.parsedSql = selectBody.toString();
+            // 3. 解析select查询sql的信息
+            if (selectBody instanceof PlainSelect) {
+                PlainSelect plainSelect = (PlainSelect) selectBody;
+                // 4. 合并 fromItems
+                List<FromItem> fromItems = new ArrayList<>();
+                fromItems.add(plainSelect.getFromItem());
+                // 4.1 处理join的表
+                List<Join> joins = plainSelect.getJoins();
+                if (joins != null) {
+                    joins.forEach(join -> fromItems.add(join.getRightItem()));
+                }
+                // 5. 处理 fromItems
+                for (FromItem fromItem : fromItems) {
+                    // 5.1 通过表名的方式from
+                    if (fromItem instanceof Table) {
+                        this.addSqlInfoByTable((Table) fromItem);
+                    }
+                    // 5.2 通过子查询的方式from
+                    else if (fromItem instanceof SubSelect) {
+                        this.handleSubSelect((SubSelect) fromItem);
+                    }
+                }
+                // 6. 解析 selectFields
+                List<SelectItem> selectItems = plainSelect.getSelectItems();
+                for (SelectItem selectItem : selectItems) {
+                    // 6.1 查询的是全部字段
+                    if (selectItem instanceof AllColumns) {
+                        // 当 selectItem 为 AllColumns 时，fromItem 必定为 Table
+                        String tableName = plainSelect.getFromItem(Table.class).getName();
+                        // 此处必定不为空，因为在解析 fromItem 时，已经将表名添加到 allTableMap 中
+                        SelectSqlInfo sqlInfo = this.allTableMap.get(tableName);
+                        assert sqlInfo != null;
+                        // 设置为查询全部字段
+                        sqlInfo.setSelectAll(true);
+                        sqlInfo.setSelectFields(null);
+                        sqlInfo.setRealSelectFields(null);
+                    }
+                    // 6.2 查询的是带表别名（ u.* )的全部字段
+                    else if (selectItem instanceof AllTableColumns) {
+                        AllTableColumns allTableColumns = (AllTableColumns) selectItem;
+                        String aliasName = allTableColumns.getTable().getName();
+                        // 通过别名获取表名
+                        String tableName = this.tableAliasMap.get(aliasName);
+                        if (tableName == null) {
+                            tableName = aliasName;
+                        }
+                        SelectSqlInfo sqlInfo = this.allTableMap.get(tableName);
+                        // 如果此处为空，则说明该字段是通过子查询获取的，所以可以不处理，只有实际表才需要处理
+                        if (sqlInfo != null) {
+                            // 设置为查询全部字段
+                            sqlInfo.setSelectAll(true);
+                            sqlInfo.setSelectFields(null);
+                            sqlInfo.setRealSelectFields(null);
+                        }
+                    }
+                    // 6.3 各种字段表达式处理
+                    else if (selectItem instanceof SelectExpressionItem) {
+                        SelectExpressionItem selectExpressionItem = (SelectExpressionItem) selectItem;
+                        Expression expression = selectExpressionItem.getExpression();
+                        Alias alias = selectExpressionItem.getAlias();
+                        this.handleExpression(expression, alias, plainSelect.getFromItem());
+                    }
+                }
+            } else {
+                log.warn("暂时尚未处理该类型的 SelectBody: {}", selectBody.getClass().getName());
+                throw new JeecgBootException("暂时尚未处理该类型的 SelectBody");
+            }
+        } else {
+            // 非 select 查询sql，不做处理
+            throw new JeecgBootException("非 select 查询sql，不做处理");
+        }
+        return this.allTableMap;
+    }
+
+    /**
+     * 处理子查询
+     *
+     * @param subSelect
+     */
+    private void handleSubSelect(SubSelect subSelect) {
+        try {
+            String subSelectSql = subSelect.getSelectBody().toString();
+            // 递归调用解析
+            Map<String, SelectSqlInfo> map = JSqlParserUtils.parseAllSelectTable(subSelectSql);
+            if (map != null) {
+                this.assignMap(map);
+            }
+        } catch (Exception e) {
+            log.error("解析子查询出错", e);
+        }
+    }
+
+    /**
+     * 处理查询字段表达式
+     *
+     * @param expression
+     */
+    private void handleExpression(Expression expression, Alias alias, FromItem fromItem) {
+        // 处理函数式字段  CONCAT(name,'(',age,')')
+        if (expression instanceof Function) {
+            Function functionExp = (Function) expression;
+            List<Expression> expressions = functionExp.getParameters().getExpressions();
+            for (Expression expItem : expressions) {
+                this.handleExpression(expItem, null, fromItem);
+            }
+            return;
+        }
+        // 处理字段上的子查询
+        if (expression instanceof SubSelect) {
+            this.handleSubSelect((SubSelect) expression);
+            return;
+        }
+        // 不处理字面量
+        if (expression instanceof StringValue ||
+                expression instanceof NullValue ||
+                expression instanceof LongValue ||
+                expression instanceof DoubleValue ||
+                expression instanceof HexValue ||
+                expression instanceof DateValue ||
+                expression instanceof TimestampValue ||
+                expression instanceof TimeValue
+        ) {
+            return;
+        }
+
+        // 处理字段
+        if (expression instanceof Column) {
+            Column column = (Column) expression;
+            // 查询字段名
+            String fieldName = column.getColumnName();
+            String aliasName = fieldName;
+            if (alias != null) {
+                aliasName = alias.getName();
+            }
+            String tableName;
+            if (column.getTable() != null) {
+                // 通过列的表名获取 sqlInfo
+                // 例如 user.name，这里的 tableName 就是 user
+                tableName = column.getTable().getName();
+                // 有可能是别名，需要转换为真实表名
+                if (this.tableAliasMap.get(tableName) != null) {
+                    tableName = this.tableAliasMap.get(tableName);
+                }
+            } else {
+                // 当column的table为空时，说明是 fromItem 中的字段
+                tableName = ((Table) fromItem).getName();
+            }
+            SelectSqlInfo $sqlInfo = this.allTableMap.get(tableName);
+            if ($sqlInfo != null) {
+                $sqlInfo.addSelectField(aliasName, fieldName);
+            } else {
+                log.warn("发生意外情况，未找到表名为 {} 的 SelectSqlInfo", tableName);
+            }
+        }
+    }
+
+    /**
+     * 根据表名添加sqlInfo
+     *
+     * @param table
+     */
+    private void addSqlInfoByTable(Table table) {
+        String tableName = table.getName();
+        // 解析 aliasName
+        if (table.getAlias() != null) {
+            this.tableAliasMap.put(table.getAlias().getName(), tableName);
+        }
+        SelectSqlInfo sqlInfo = new SelectSqlInfo(this.parsedSql);
+        sqlInfo.setFromTableName(table.getName());
+        this.allTableMap.put(sqlInfo.getFromTableName(), sqlInfo);
+    }
+
+    /**
+     * 合并map
+     *
+     * @param source
+     */
+    private void assignMap(Map<String, SelectSqlInfo> source) {
+        for (Map.Entry<String, SelectSqlInfo> entry : source.entrySet()) {
+            SelectSqlInfo sqlInfo = this.allTableMap.get(entry.getKey());
+            if (sqlInfo == null) {
+                this.allTableMap.put(entry.getKey(), entry.getValue());
+            } else {
+                // 合并
+                if (sqlInfo.getSelectFields() == null) {
+                    sqlInfo.setSelectFields(entry.getValue().getSelectFields());
+                } else {
+                    sqlInfo.getSelectFields().addAll(entry.getValue().getSelectFields());
+                }
+                if (sqlInfo.getRealSelectFields() == null) {
+                    sqlInfo.setRealSelectFields(entry.getValue().getRealSelectFields());
+                } else {
+                    sqlInfo.getRealSelectFields().addAll(entry.getValue().getRealSelectFields());
+                }
+            }
+        }
+    }
+
+}

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlparse/JSqlParserUtils.java

@@ -0,0 +1,184 @@
+package org.jeecg.common.util.sqlparse;
+
+import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.JSQLParserException;
+import net.sf.jsqlparser.expression.*;
+import net.sf.jsqlparser.parser.CCJSqlParserManager;
+import net.sf.jsqlparser.schema.Column;
+import net.sf.jsqlparser.schema.Table;
+import net.sf.jsqlparser.statement.Statement;
+import net.sf.jsqlparser.statement.select.*;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.common.util.sqlparse.vo.SelectSqlInfo;
+
+import java.io.StringReader;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+public class JSqlParserUtils {
+
+    /**
+     * 解析 查询（select）sql的信息，
+     * 此方法会展开所有子查询到一个map里，
+     * key只存真实的表名，如果查询的没有真实的表名，则会被忽略。
+     * value只存真实的字段名，如果查询的没有真实的字段名，则会被忽略。
+     * <p>
+     * 例如：SELECT a.*,d.age,(SELECT count(1) FROM sys_depart) AS count FROM (SELECT username AS foo, realname FROM sys_user) a, demo d
+     * 解析后的结果为：{sys_user=[username, realname], demo=[age], sys_depart=[]}
+     *
+     * @param selectSql
+     * @return
+     */
+    public static Map<String, SelectSqlInfo> parseAllSelectTable(String selectSql) throws JSQLParserException {
+        if (oConvertUtils.isEmpty(selectSql)) {
+            return null;
+        }
+        // log.info("解析查询Sql：{}", selectSql);
+        JSqlParserAllTableManager allTableManager = new JSqlParserAllTableManager(selectSql);
+        return allTableManager.parse();
+    }
+
+    /**
+     * 解析 查询（select）sql的信息，子查询嵌套
+     *
+     * @param selectSql
+     * @return
+     */
+    public static SelectSqlInfo parseSelectSqlInfo(String selectSql) throws JSQLParserException {
+        if (oConvertUtils.isEmpty(selectSql)) {
+            return null;
+        }
+        // log.info("解析查询Sql：{}", selectSql);
+        // 使用 JSqlParer 解析sql
+        // 1、创建解析器
+        CCJSqlParserManager mgr = new CCJSqlParserManager();
+        // 2、使用解析器解析sql生成具有层次结构的java类
+        Statement stmt = mgr.parse(new StringReader(selectSql));
+        if (stmt instanceof Select) {
+            Select selectStatement = (Select) stmt;
+            // 3、解析select查询sql的信息
+            return JSqlParserUtils.parseBySelectBody(selectStatement.getSelectBody());
+        } else {
+            // 非 select 查询sql，不做处理
+            throw new JeecgBootException("非 select 查询sql，不做处理");
+        }
+    }
+
+    /**
+     * 解析 select 查询sql的信息
+     *
+     * @param selectBody
+     * @return
+     */
+    private static SelectSqlInfo parseBySelectBody(SelectBody selectBody) {
+        // 简单的select查询
+        if (selectBody instanceof PlainSelect) {
+            SelectSqlInfo sqlInfo = new SelectSqlInfo(selectBody);
+            PlainSelect plainSelect = (PlainSelect) selectBody;
+            FromItem fromItem = plainSelect.getFromItem();
+            // 解析 aliasName
+            if (fromItem.getAlias() != null) {
+                sqlInfo.setFromTableAliasName(fromItem.getAlias().getName());
+            }
+            // 解析 表名
+            if (fromItem instanceof Table) {
+                // 通过表名的方式from
+                Table fromTable = (Table) fromItem;
+                sqlInfo.setFromTableName(fromTable.getName());
+            } else if (fromItem instanceof SubSelect) {
+                // 通过子查询的方式from
+                SubSelect fromSubSelect = (SubSelect) fromItem;
+                SelectSqlInfo subSqlInfo = JSqlParserUtils.parseBySelectBody(fromSubSelect.getSelectBody());
+                sqlInfo.setFromSubSelect(subSqlInfo);
+            }
+            // 解析 selectFields
+            List<SelectItem> selectItems = plainSelect.getSelectItems();
+            for (SelectItem selectItem : selectItems) {
+                if (selectItem instanceof AllColumns || selectItem instanceof AllTableColumns) {
+                    // 全部字段
+                    sqlInfo.setSelectAll(true);
+                    sqlInfo.setSelectFields(null);
+                    sqlInfo.setRealSelectFields(null);
+                    break;
+                } else if (selectItem instanceof SelectExpressionItem) {
+                    // 获取单个查询字段名
+                    SelectExpressionItem selectExpressionItem = (SelectExpressionItem) selectItem;
+                    Expression expression = selectExpressionItem.getExpression();
+                    Alias alias = selectExpressionItem.getAlias();
+                    JSqlParserUtils.handleExpression(sqlInfo, expression, alias);
+                }
+            }
+            return sqlInfo;
+        } else {
+            log.warn("暂时尚未处理该类型的 SelectBody: {}", selectBody.getClass().getName());
+            throw new JeecgBootException("暂时尚未处理该类型的 SelectBody");
+        }
+    }
+
+    /**
+     * 处理查询字段表达式
+     *
+     * @param sqlInfo
+     * @param expression
+     * @param alias      是否有别名，无传null
+     */
+    private static void handleExpression(SelectSqlInfo sqlInfo, Expression expression, Alias alias) {
+        // 处理函数式字段  CONCAT(name,'(',age,')')
+        if (expression instanceof Function) {
+            JSqlParserUtils.handleFunctionExpression((Function) expression, sqlInfo);
+            return;
+        }
+        // 处理字段上的子查询
+        if (expression instanceof SubSelect) {
+            SubSelect subSelect = (SubSelect) expression;
+            SelectSqlInfo subSqlInfo = JSqlParserUtils.parseBySelectBody(subSelect.getSelectBody());
+            // 注：字段上的子查询，必须只查询一个字段，否则会报错，所以可以放心合并
+            sqlInfo.getSelectFields().addAll(subSqlInfo.getSelectFields());
+            sqlInfo.getRealSelectFields().addAll(subSqlInfo.getAllRealSelectFields());
+            return;
+        }
+        // 不处理字面量
+        if (expression instanceof StringValue ||
+                expression instanceof NullValue ||
+                expression instanceof LongValue ||
+                expression instanceof DoubleValue ||
+                expression instanceof HexValue ||
+                expression instanceof DateValue ||
+                expression instanceof TimestampValue ||
+                expression instanceof TimeValue
+        ) {
+            return;
+        }
+
+        // 查询字段名
+        String selectField = expression.toString();
+        // 实际查询字段名
+        String realSelectField = selectField;
+        // 判断是否有别名
+        if (alias != null) {
+            selectField = alias.getName();
+        }
+        // 获取真实字段名
+        if (expression instanceof Column) {
+            Column column = (Column) expression;
+            realSelectField = column.getColumnName();
+        }
+        sqlInfo.addSelectField(selectField, realSelectField);
+    }
+
+    /**
+     * 处理函数式字段
+     *
+     * @param functionExp
+     * @param sqlInfo
+     */
+    private static void handleFunctionExpression(Function functionExp, SelectSqlInfo sqlInfo) {
+        List<Expression> expressions = functionExp.getParameters().getExpressions();
+        for (Expression expression : expressions) {
+            JSqlParserUtils.handleExpression(sqlInfo, expression, null);
+        }
+    }
+
+}

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/sqlparse/vo/SelectSqlInfo.java

@@ -0,0 +1,101 @@
+package org.jeecg.common.util.sqlparse.vo;
+
+import lombok.Data;
+import net.sf.jsqlparser.statement.select.SelectBody;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * select 查询 sql 的信息
+ */
+@Data
+public class SelectSqlInfo {
+
+    /**
+     * 查询的表名，如果是子查询，则此处为null
+     */
+    private String fromTableName;
+    /**
+     * 表别名
+     */
+    private String fromTableAliasName;
+    /**
+     * 通过子查询获取的表信息，例如：select name from (select * from user) u
+     * 如果不是子查询，则为null
+     */
+    private SelectSqlInfo fromSubSelect;
+    /**
+     * 查询的字段集合，如果是 * 则为null，如果设了别名则为别名
+     */
+    private Set<String> selectFields;
+    /**
+     * 真实的查询字段集合，如果是 * 则为null，如果设了别名则为原始字段名
+     */
+    private Set<String> realSelectFields;
+    /**
+     * 是否是查询所有字段
+     */
+    private boolean selectAll;
+
+    /**
+     * 解析之后的 SQL （关键字都是大写）
+     */
+    private final String parsedSql;
+
+    public SelectSqlInfo(String parsedSql) {
+        this.parsedSql = parsedSql;
+    }
+
+    public SelectSqlInfo(SelectBody selectBody) {
+        this.parsedSql = selectBody.toString();
+    }
+
+    public void addSelectField(String selectField, String realSelectField) {
+        if (this.selectFields == null) {
+            this.selectFields = new HashSet<>();
+        }
+        if (this.realSelectFields == null) {
+            this.realSelectFields = new HashSet<>();
+        }
+        this.selectFields.add(selectField);
+        this.realSelectFields.add(realSelectField);
+    }
+
+    /**
+     * 获取所有字段，包括子查询里的。
+     *
+     * @return
+     */
+    public Set<String> getAllRealSelectFields() {
+        Set<String> fields = new HashSet<>();
+        // 递归获取所有字段，起个直观的方法名为：
+        this.recursiveGetAllFields(this, fields);
+        return fields;
+    }
+
+    /**
+     * 递归获取所有字段
+     */
+    private void recursiveGetAllFields(SelectSqlInfo sqlInfo, Set<String> fields) {
+        if (!sqlInfo.isSelectAll() && sqlInfo.getRealSelectFields() != null) {
+            fields.addAll(sqlInfo.getRealSelectFields());
+        }
+        if (sqlInfo.getFromSubSelect() != null) {
+            recursiveGetAllFields(sqlInfo.getFromSubSelect(), fields);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return "SelectSqlInfo{" +
+                "fromTableName='" + fromTableName + '\'' +
+                ", fromSubSelect=" + fromSubSelect +
+                ", aliasName='" + fromTableAliasName + '\'' +
+                ", selectFields=" + selectFields +
+                ", realSelectFields=" + realSelectFields +
+                ", selectAll=" + selectAll +
+                "}";
+    }
+
+}

jeecg-boot-base-core/src/main/java/org/jeecg/config/AutoPoiDictConfig.java

@@ -59,7 +59,9 @@ public class AutoPoiDictConfig implements AutoPoiDictServiceI {
 
 
 		for (DictModel t : dictList) {
-			if(t!=null){
+			//update-begin---author:liusq   Date:20230517  for：[issues/4917]excel 导出异常---
+			if(t!=null && t.getText()!=null && t.getValue()!=null){
+			//update-end---author:liusq     Date:20230517  for：[issues/4917]excel 导出异常---
 				//update-begin---author:scott   Date:20211220  for：[issues/I4MBB3]@Excel dicText字段的值有下划线时，导入功能不能正确解析---
 				if(t.getValue().contains(EXCEL_SPLIT_TAG)){
 					String val = t.getValue().replace(EXCEL_SPLIT_TAG,TEMP_EXCEL_SPLIT_TAG);

jeecg-boot-base-core/src/main/java/org/jeecg/config/JeecgBaseConfig.java

@@ -1,8 +1,6 @@
 package org.jeecg.config;
 
-import org.jeecg.config.vo.DomainUrl;
-import org.jeecg.config.vo.Path;
-import org.jeecg.config.vo.Shiro;
+import org.jeecg.config.vo.*;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
@@ -28,10 +26,12 @@ public class JeecgBaseConfig {
      * 本地：local\Minio：minio\阿里云：alioss
      */
     private String uploadType;
+    
     /**
-     * 是否启用安全模式
+     * 平台安全模式配置
      */
-    private Boolean safeMode = false;
+    private Firewall firewall;
+    
     /**
      * shiro拦截排除
      */
@@ -52,13 +52,32 @@ public class JeecgBaseConfig {
      * 文件预览
      */
     private String fileViewDomain;
+     /**
+     * ES配置
+     */
+    private Elasticsearch elasticsearch;
 
-    public Boolean getSafeMode() {
-        return safeMode;
+    /**
+     * 微信支付
+     * @return
+     */
+    private WeiXinPay weiXinPay;
+    
+    
+    public Elasticsearch getElasticsearch() {
+        return elasticsearch;
     }
 
-    public void setSafeMode(Boolean safeMode) {
-        this.safeMode = safeMode;
+    public void setElasticsearch(Elasticsearch elasticsearch) {
+        this.elasticsearch = elasticsearch;
+    }
+
+    public Firewall getFirewall() {
+        return firewall;
+    }
+
+    public void setFirewall(Firewall firewall) {
+        this.firewall = firewall;
     }
 
     public String getSignatureSecret() {
@@ -108,4 +127,21 @@ public class JeecgBaseConfig {
     public void setFileViewDomain(String fileViewDomain) {
         this.fileViewDomain = fileViewDomain;
     }
+
+    public String getUploadType() {
+        return uploadType;
+    }
+
+    public void setUploadType(String uploadType) {
+        this.uploadType = uploadType;
+    }
+
+    public WeiXinPay getWeiXinPay() {
+        return weiXinPay;
+    }
+
+    public void setWeiXinPay(WeiXinPay weiXinPay) {
+        this.weiXinPay = weiXinPay;
+    }
+    
 }

jeecg-boot-base-core/src/main/java/org/jeecg/config/StaticConfig.java

@@ -12,13 +12,13 @@ import org.springframework.stereotype.Component;
 @Data
 public class StaticConfig {
 
-    @Value("${jeecg.oss.accessKey}")
+    @Value("${jeecg.oss.accessKey:}")
     private String accessKeyId;
 
-    @Value("${jeecg.oss.secretKey}")
+    @Value("${jeecg.oss.secretKey:}")
     private String accessKeySecret;
 
-    @Value(value = "${spring.mail.username}")
+    @Value(value = "${spring.mail.username:}")
     private String emailFrom;
 
 //    /**

jeecg-boot-base-core/src/main/java/org/jeecg/config/WebMvcConfiguration.java

@@ -25,6 +25,7 @@ import org.springframework.http.converter.json.MappingJackson2HttpMessageConvert
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistration;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -59,12 +60,13 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
      */
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        registry.addResourceHandler("/**")
-                //update-begin-author:taoyan date:20211116 for: jeecg.path.webapp配置无效 #3126
+        ResourceHandlerRegistration resourceHandlerRegistration = registry.addResourceHandler("/**");
+        if (jeecgBaseConfig.getPath() != null && jeecgBaseConfig.getPath().getUpload() != null) {
+            resourceHandlerRegistration
                     .addResourceLocations("file:" + jeecgBaseConfig.getPath().getUpload() + "//")
-                .addResourceLocations("file:" + jeecgBaseConfig.getPath().getWebapp() + "//")
-                //update-end-author:taoyan date:20211116 for: jeecg.path.webapp配置无效 #3126
-                .addResourceLocations(staticLocations.split(","));
+                    .addResourceLocations("file:" + jeecgBaseConfig.getPath().getWebapp() + "//");
+        }
+        resourceHandlerRegistration.addResourceLocations(staticLocations.split(","));
     }
 
     /**

jeecg-boot-base-core/src/main/java/org/jeecg/config/WebSocketConfig.java

@@ -31,7 +31,7 @@ public class WebSocketConfig {
         FilterRegistrationBean bean = new FilterRegistrationBean();
         bean.setFilter(websocketFilter());
         //TODO 临时注释掉，测试下线上socket总断的问题
-        bean.addUrlPatterns("/websocket/*","/eoaSocket/*", "/newsWebsocket/*", "/vxeSocket/*");
+        bean.addUrlPatterns("/taskCountSocket/*", "/websocket/*","/eoaSocket/*","/eoaNewChatSocket/*", "/newsWebsocket/*", "/vxeSocket/*");
         return bean;
     }
 

jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/SqlInjection/IDictTableWhiteListHandler.java

@@ -0,0 +1,38 @@
+package org.jeecg.config.firewall.SqlInjection;
+
+/**
+ * 字典表查询 :: 白名单配置
+ *
+ * @Author taoYan
+ * @Date 2022/3/17 11:21
+ **/
+public interface IDictTableWhiteListHandler {
+
+    /**
+     * 校验【表名】【字段】是否合法允许查询，允许则返回 true
+     *
+     * @param sql
+     * @return
+     */
+    boolean isPassBySql(String sql);
+
+    /**
+     * 校验字典是否通过
+     *
+     * @param dictCodeString 字典表配置
+     * @return
+     */
+    boolean isPassByDict(String dictCodeString);
+
+    boolean isPassByDict(String tableName, String... fields);
+
+    /**
+     * 清空缓存，使更改生效
+     *
+     * @return
+     */
+    boolean clear();
+
+    String getErrorMsg();
+
+}

jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/SqlInjection/SysDictTableWhite.java

@@ -0,0 +1,102 @@
+package org.jeecg.config.firewall.SqlInjection;
+
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.common.util.oConvertUtils;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * 查询的表的信息
+ */
+@Slf4j
+public class SysDictTableWhite {
+    //表名
+    private String name;
+    //表的别名
+    private String alias;
+    // 字段名集合
+    private Set<String> fields;
+    // 是否查询所有字段
+    private boolean all;
+
+    public SysDictTableWhite() {
+        
+    }
+
+    public SysDictTableWhite(String name, String alias) {
+        this.name = name;
+        this.alias = alias;
+        this.all = false;
+        this.fields = new HashSet<>();
+    }
+
+    public void addField(String field) {
+        this.fields.add(field);
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public Set<String> getFields() {
+        return new HashSet<>(fields);
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public void setFields(Set<String> fields) {
+        this.fields = fields;
+    }
+
+    public String getAlias() {
+        return alias;
+    }
+
+    public void setAlias(String alias) {
+        this.alias = alias;
+    }
+
+    public boolean isAll() {
+        return all;
+    }
+
+    public void setAll(boolean all) {
+        this.all = all;
+    }
+
+    /**
+     * 判断是否有相同字段
+     *
+     * @param fieldControlString
+     * @return
+     */
+    public boolean isAllFieldsValid(String fieldControlString) {
+        //如果白名单中没有配置字段，则返回false
+        String[] controlFields = fieldControlString.split(",");
+        if (oConvertUtils.isEmpty(fieldControlString)) {
+            return false;
+        }
+
+        for (String queryField : fields) {
+            if (oConvertUtils.isIn(queryField, controlFields)) {
+                log.warn("字典表白名单校验，表【" + name + "】中字段【" + queryField + "】无权限查询");
+                return false;
+            }
+        }
+
+        return true;
+    }
+    
+
+    @Override
+    public String toString() {
+        return "QueryTable{" +
+                "name='" + name + '\'' +
+                ", alias='" + alias + '\'' +
+                ", fields=" + fields +
+                ", all=" + all +
+                '}';
+    }
+}

jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeConfiguration.java

@@ -0,0 +1,19 @@
+package org.jeecg.config.firewall.interceptor;
+
+import org.jeecg.config.firewall.interceptor.enums.LowCodeUrlsEnum;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class LowCodeModeConfiguration implements WebMvcConfigurer {
+
+    public LowCodeModeInterceptor payInterceptor() {
+        return new LowCodeModeInterceptor();
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(payInterceptor()).addPathPatterns(LowCodeUrlsEnum.getLowCodeInterceptUrls());
+    }
+}

jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java

@@ -0,0 +1,113 @@
+package org.jeecg.config.firewall.interceptor;
+
+import com.alibaba.fastjson.JSON;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.shiro.SecurityUtils;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.system.util.JwtUtil;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.CommonUtils;
+import org.jeecg.common.util.SpringContextUtils;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.firewall.interceptor.enums.LowCodeUrlsEnum;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Set;
+
+/**
+ * 低代码模式（dev:开发模式，prod:发布模式——关闭所有在线开发配置能力）
+ * <p>
+ * prod开启后会关闭以下功能，只保留功能测试（拥有admin角色账号，可以使用配置能力）
+ * 1.online表单的所有配置功能，代码生成和导入表功能
+ * 2.online报表的所有配置功能，和sql解析
+ * 3.online图表的所有配置功能，和sql解析
+ * 4.仪表盘的在线配置功能，和sql解析
+ * 5.大屏的在线配置功能，和sql解析
+ * 
+ * 积木的逻辑单独处理
+ * 1.积木报表的在线配置功能，和sql解析
+ *
+ * @author qinfeng
+ * @date 20230904
+ */
+@Slf4j
+public class LowCodeModeInterceptor implements HandlerInterceptor {
+    /**
+     * 低代码开发模式
+     */
+    public static final String LOW_CODE_MODE_DEV = "dev";
+    public static final String LOW_CODE_MODE_PROD = "prod";
+
+    @Resource
+    private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired
+    private CommonAPI commonAPI;
+
+    /**
+     * 在请求处理之前进行调用
+     */
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        //1、验证是否开启低代码开发模式控制
+        if (jeecgBaseConfig == null) {
+            jeecgBaseConfig = SpringContextUtils.getBean(JeecgBaseConfig.class);
+        }
+
+        if (jeecgBaseConfig.getFirewall()!=null && LowCodeModeInterceptor.LOW_CODE_MODE_PROD.equals(jeecgBaseConfig.getFirewall().getLowCodeMode())) {
+            String requestURI = request.getRequestURI().substring(request.getContextPath().length());
+            log.info("低代码模式，拦截请求路径：" + requestURI);
+            LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
+            Set<String> hasRoles = null;
+            if (loginUser == null) {
+                loginUser = commonAPI.getUserByName(JwtUtil.getUserNameByToken(SpringContextUtils.getHttpServletRequest()));
+                //当前登录人拥有的角色
+                hasRoles = commonAPI.queryUserRoles(loginUser.getUsername());
+            }
+            
+            log.info("get loginUser info: {}", loginUser);
+            log.info("get loginRoles info: {}", hasRoles != null ? hasRoles.toArray() : "空");
+            
+            //拥有的角色 和 允许开发角色存在交集
+            boolean hasIntersection = CommonUtils.hasIntersection(hasRoles, CommonConstant.allowDevRoles);
+            //如果是超级管理员 或者 允许开发的角色，则不做限制
+            if (loginUser!=null && ("admin".equals(loginUser.getUsername()) || hasIntersection)) {
+                return true;
+            }
+            
+            this.returnErrorMessage(response);
+            return false;
+        }
+        return true;
+    }
+
+
+    /**
+     * 返回结果
+     *
+     * @param response
+     */
+    private void returnErrorMessage(HttpServletResponse response) {
+        //校验失败返回前端
+        response.setCharacterEncoding("UTF-8");
+        response.setContentType("application/json; charset=utf-8");
+        PrintWriter out = null;
+        try {
+            out = response.getWriter();
+            Result<?> result = Result.error("低代码开发模式为发布模式，不允许使用在线配置！！");
+            out.print(JSON.toJSON(result));
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+}
+

jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/enums/LowCodeUrlsEnum.java

@@ -0,0 +1,104 @@
+package org.jeecg.config.firewall.interceptor.enums;
+
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * 
+ * @author: qinfeng
+ * @date: 2023/09/04 11:44
+ */
+public enum LowCodeUrlsEnum {
+    /**
+     * online表单配置请求 TODO 增改删
+     */
+    NEW_LOW_APP_ADD_URL("/online/cgform/api/addAll", "添加online表单"),
+    NEW_LOW_APP_EDIT_URL("/online/cgform/api/editAll", "编辑online表单"),
+    ONLINE_DB_SYNC("/online/cgform/api/doDbSynch/**/**", "online表单同步数据库"),
+    ONLINE_DEL_BATCH("/online/cgform/head/deleteBatch", "online表单批量删除"),
+    ONLINE_DELETE("/online/cgform/head/delete", "online表单删除"),
+    ONLINE_REMOVE("/online/cgform/head/removeRecord", "online表单移除"),
+    ONLINE_COPY("/online/cgform/head/copyOnline", "online表单生成视图"),
+    ONLINE_TABLE("/online/cgform/head/copyOnlineTable", "online表单复制表"),
+    ONLINE_BUTTON_AI_TEST("/online/cgform/button/aitest", "online表单自定义按钮生成数据"),
+    ONLINE_BUTTON_ADD("/online/cgform/button/add", "online表单自定义按钮新增"),
+    ONLINE_BUTTON_EDIT("/online/cgform/button/edit", "online表单自定义按钮编辑"),
+    ONLINE_BUTTON_DEL("/online/cgform/button/deleteBatch", "online表单自定义按钮删除"),
+    ONLINE_ENHANCE_JS("/online/cgform/head/enhanceJs/**", "online表单JS增强"),
+    ONLINE_ENHANCE_JAVA("/online/cgform/head/enhanceJava/**", "online表单JAVA增强"),
+    /**
+     * online报表配置请求
+     */
+    ONLINE_CG_REPORT_ADD("/online/cgreport/head/add", "online报表新增"),
+    ONLINE_CG_REPORT_EDIT("/online/cgreport/head/editAll", "online报表编辑"),
+    ONLINE_CG_REPORT_DEL("/online/cgreport/head/delete", "online报表删除"),
+    ONLINE_CG_REPORT_PARSE_SQL("/online/cgreport/head/parseSql", "online报表SQL解析"),
+    /**
+     * online图表配置请求
+     */
+    ONLINE_GRAPH_REPORT_ADD("/online/graphreport/head/add", "online图表新增"),
+    ONLINE_GRAPH_REPORT_EDIT("/online/graphreport/head/edit", "online图表编辑"),
+    ONLINE_GRAPH_REPORT_DEL("/online/graphreport/head/deleteBatch", "online图表删除"),
+    ONLINE_GRAPH_REPORT_PARSE_SQL("/online/cgreport/head/parseSql", "online图表解析SQL"),
+
+    /**
+     * 大屏配置请求
+     */
+    BIG_SCREEN_DB_ADD("/bigscreen/bigScreenDb/add", "大屏数据源新增"),
+    BIG_SCREEN_DB_EDIT("/bigscreen/bigScreenDb/edit", "大屏数据源编辑"),
+    BIG_SCREEN_DB_DEL("/bigscreen/bigScreenDb/delete", "大屏数据源删除"),
+    BIG_SCREEN_DB_TEST_CONNECTION("/bigscreen/bigScreenDb/testConnection", "大屏数据源连接测试"),
+//    BIG_SCREEN_SAVE("/bigscreen/visual/save", "大屏新增"),
+//    BIG_SCREEN_EDIT("/bigscreen/visual/update", "大屏编辑"),
+//    BIG_SCREEN_COPY("/bigscreen/visual/copy", "大屏复制"),
+//    BIG_SCREEN_REMOVE("/bigscreen/visual/remove", "大屏移除"),
+//    BIG_SCREEN_DEL("/bigscreen/visual/deleteById", "大屏删除"),
+
+    /**
+     * 仪表盘配置请求
+     */
+    DRAG_DB_ADD("/drag/onlDragDataSource/add", "仪表盘数据源新增"),
+    DRAG_DB_TEST_CONNECTION("/drag/onlDragDataSource/testConnection", "仪表盘数据源连接测试"),
+    DRAG_PARSE_SQL("/drag/onlDragDatasetHead/queryFieldBySql", "仪表盘数据集SQL解析"),
+    DRAG_DATASET_ADD("/drag/onlDragDatasetHead/add", "仪表盘数据集新增");
+
+    /**
+     * 其他配置请求
+     */
+
+    private String url;
+    private String title;
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+
+    public String getTitle() {
+        return title;
+    }
+
+    public void setTitle(String title) {
+        this.title = title;
+    }
+
+    LowCodeUrlsEnum(String url, String title) {
+        this.url = url;
+        this.title = title;
+    }
+
+    /**
+     * 根据code获取可用的数量
+     *
+     * @return
+     */
+    public static List<String> getLowCodeInterceptUrls() {
+        return Arrays.stream(LowCodeUrlsEnum.values()).map(LowCodeUrlsEnum::getUrl).collect(Collectors.toList());
+    }
+
+}

jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisInterceptor.java

@@ -7,6 +7,8 @@ import org.apache.ibatis.mapping.MappedStatement;
 import org.apache.ibatis.mapping.SqlCommandType;
 import org.apache.ibatis.plugin.*;
 import org.apache.shiro.SecurityUtils;
+import org.jeecg.common.config.TenantContext;
+import org.jeecg.common.constant.TenantConstant;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.springframework.stereotype.Component;
@@ -82,6 +84,23 @@ public class MybatisInterceptor implements Interceptor {
 							}
 						}
 					}
+
+					//------------------------------------------------------------------------------------------------
+					//注入租户ID（是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】）
+					if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
+						if (TenantConstant.TENANT_ID.equals(field.getName())) {
+							field.setAccessible(true);
+							Object localTenantId = field.get(parameter);
+							field.setAccessible(false);
+							if (localTenantId == null) {
+								field.setAccessible(true);
+								field.set(parameter, oConvertUtils.getInt(TenantContext.getTenant(),0));
+								field.setAccessible(false);
+							}
+						}
+					}
+					//------------------------------------------------------------------------------------------------
+					
 				} catch (Exception e) {
 				}
 			}

jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisPlusSaasConfig.java

@@ -5,8 +5,12 @@ import java.util.List;
 
 import cn.hutool.core.util.ObjectUtil;
 import com.baomidou.mybatisplus.extension.plugins.inner.DynamicTableNameInnerInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.OptimisticLockerInnerInterceptor;
 import org.jeecg.common.config.TenantContext;
 import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.constant.TenantConstant;
+import org.jeecg.common.util.SpringContextUtils;
+import org.jeecg.common.util.TokenUtils;
 import org.jeecg.common.util.oConvertUtils;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.context.annotation.Bean;
@@ -28,22 +32,41 @@ import net.sf.jsqlparser.expression.LongValue;
 @Configuration
 @MapperScan(value={"org.jeecg.modules.**.mapper*"})
 public class MybatisPlusSaasConfig {
+
     /**
-     * tenant_id 字段名
+     * 是否开启系统模块的租户隔离
+     *  控制范围：用户、角色、部门、我的部门、字典、分类字典、多数据源、职务、通知公告
+     *  
+     *  实现功能
+     *  1.用户表通过硬编码实现租户ID隔离
+     *  2.角色、部门、我的部门、字典、分类字典、多数据源、职务、通知公告除了硬编码还加入的 TENANT_TABLE 配置中，实现租户隔离更安全
+     *  3.菜单表、租户表不做租户隔离
+     *  4.通过拦截器MybatisInterceptor实现，增删改查数据 自动注入租户ID
      */
-    private static final String TENANT_FIELD_NAME = "tenant_id";
+    public static final Boolean OPEN_SYSTEM_TENANT_CONTROL = false;
+    
     /**
      * 哪些表需要做多租户 表需要添加一个字段 tenant_id
      */
-    private static final List<String> TENANT_TABLE = new ArrayList<String>();
+    public static final List<String> TENANT_TABLE = new ArrayList<String>();
 
     static {
-        TENANT_TABLE.add("demo");
+        //1.需要租户隔离的表请在此配置
+        if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
+            //a.系统管理表
+            //TENANT_TABLE.add("sys_role");
+            //TENANT_TABLE.add("sys_user_role");
+            TENANT_TABLE.add("sys_depart");
+            TENANT_TABLE.add("sys_category");
+            TENANT_TABLE.add("sys_data_source");
+            TENANT_TABLE.add("sys_position");
+            //TENANT_TABLE.add("sys_announcement");
+        }
 
-//        //角色、菜单、部门
-//        tenantTable.add("sys_role");
-//        tenantTable.add("sys_permission");
-//        tenantTable.add("sys_depart");
+        //2.示例测试
+        //TENANT_TABLE.add("demo");
+        //3.online租户隔离测试
+        //TENANT_TABLE.add("ceapp_issue");
     }
 
 
@@ -54,13 +77,24 @@ public class MybatisPlusSaasConfig {
         interceptor.addInnerInterceptor(new TenantLineInnerInterceptor(new TenantLineHandler() {
             @Override
             public Expression getTenantId() {
-                String tenantId = oConvertUtils.getString(TenantContext.getTenant(),"0");
+                String tenantId = TenantContext.getTenant();
+                //如果通过线程获取租户ID为空，则通过当前请求的request获取租户（shiro排除拦截器的请求会获取不到租户ID）
+                if(oConvertUtils.isEmpty(tenantId)){
+                    try {
+                        tenantId = TokenUtils.getTenantIdByRequest(SpringContextUtils.getHttpServletRequest());
+                    } catch (Exception e) {
+                        //e.printStackTrace();
+                    }
+                }
+                if(oConvertUtils.isEmpty(tenantId)){
+                    tenantId = "0";
+                }
                 return new LongValue(tenantId);
             }
 
             @Override
             public String getTenantIdColumn(){
-                return TENANT_FIELD_NAME;
+                return TenantConstant.TENANT_ID_TABLE;
             }
 
             // 返回 true 表示不走租户逻辑
@@ -74,10 +108,12 @@ public class MybatisPlusSaasConfig {
                 return true;
             }
         }));
-        interceptor.addInnerInterceptor(new PaginationInnerInterceptor());
         //update-begin-author:zyf date:20220425 for:【VUEN-606】注入动态表名适配拦截器解决多表名问题
         interceptor.addInnerInterceptor(dynamicTableNameInnerInterceptor());
         //update-end-author:zyf date:20220425 for:【VUEN-606】注入动态表名适配拦截器解决多表名问题
+        interceptor.addInnerInterceptor(new PaginationInnerInterceptor());
+        //【jeecg-boot/issues/3847】增加@Version乐观锁支持 
+        interceptor.addInnerInterceptor(new OptimisticLockerInnerInterceptor());
         return interceptor;
     }
 

jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/MinioConfig.java

@@ -5,6 +5,7 @@ import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.util.MinioUtil;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -14,6 +15,7 @@ import org.springframework.context.annotation.Configuration;
  */
 @Slf4j
 @Configuration
+@ConditionalOnProperty(prefix = "jeecg.minio", name = "minio_url")
 public class MinioConfig {
     @Value(value = "${jeecg.minio.minio_url}")
     private String minioUrl;

jeecg-boot-base-core/src/main/java/org/jeecg/config/oss/OssConfiguration.java

@@ -2,6 +2,7 @@ package org.jeecg.config.oss;
 
 import org.jeecg.common.util.oss.OssBootUtil;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -10,6 +11,7 @@ import org.springframework.context.annotation.Configuration;
  * @author: jeecg-boot
  */
 @Configuration
+@ConditionalOnProperty(prefix = "jeecg.oss", name = "endpoint")
 public class OssConfiguration {
 
     @Value("${jeecg.oss.endpoint}")

jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java

@@ -9,10 +9,7 @@ import org.apache.shiro.spring.LifecycleBeanPostProcessor;
 import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.crazycake.shiro.IRedisManager;
-import org.crazycake.shiro.RedisCacheManager;
-import org.crazycake.shiro.RedisClusterManager;
-import org.crazycake.shiro.RedisManager;
+import org.crazycake.shiro.*;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
@@ -20,17 +17,21 @@ import org.jeecg.config.shiro.filters.CustomShiroFilterFactoryBean;
 import org.jeecg.config.shiro.filters.JwtFilter;
 import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
 import org.springframework.core.env.Environment;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import redis.clients.jedis.HostAndPort;
 import redis.clients.jedis.JedisCluster;
 
 import javax.annotation.Resource;
+import javax.servlet.DispatcherType;
 import javax.servlet.Filter;
 import java.util.*;
 
@@ -50,6 +51,8 @@ public class ShiroConfig {
     private Environment env;
     @Resource
     private JeecgBaseConfig jeecgBaseConfig;
+    @Autowired(required = false)
+    private RedisProperties redisProperties;
     
     /**
      * Filter Chain定义说明
@@ -75,6 +78,7 @@ public class ShiroConfig {
                 }
             }
         }
+
         // 配置不会被拦截的链接 顺序判断
         filterChainDefinitionMap.put("/sys/cas/client/validateLogin", "anon"); //cas验证登录
         filterChainDefinitionMap.put("/sys/randomImage/**", "anon"); //登录验证码接口排除
@@ -93,6 +97,9 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/auth/2step-code", "anon");//登录验证码
         filterChainDefinitionMap.put("/sys/common/static/**", "anon");//图片预览 &下载文件不限制token
         filterChainDefinitionMap.put("/sys/common/pdf/**", "anon");//pdf预览
+
+        //filterChainDefinitionMap.put("/sys/common/view/**", "anon");//图片预览不限制token
+        //filterChainDefinitionMap.put("/sys/common/download/**", "anon");//文件下载不限制token
         filterChainDefinitionMap.put("/generic/**", "anon");//pdf预览需要文件
 
         filterChainDefinitionMap.put("/sys/getLoginQrcode/**", "anon"); //登录二维码
@@ -100,6 +107,7 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/sys/checkAuth", "anon"); //授权接口排除
 
 
+        //update-begin--Author:scott Date:20221116 for：排除静态资源后缀
         filterChainDefinitionMap.put("/", "anon");
         filterChainDefinitionMap.put("/doc.html", "anon");
         filterChainDefinitionMap.put("/**/*.js", "anon");
@@ -111,12 +119,10 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/**/*.png", "anon");
         filterChainDefinitionMap.put("/**/*.gif", "anon");
         filterChainDefinitionMap.put("/**/*.ico", "anon");
-
-        // update-begin--Author:sunjianlei Date:20190813 for：排除字体格式的后缀
         filterChainDefinitionMap.put("/**/*.ttf", "anon");
         filterChainDefinitionMap.put("/**/*.woff", "anon");
         filterChainDefinitionMap.put("/**/*.woff2", "anon");
-        // update-begin--Author:sunjianlei Date:20190813 for：排除字体格式的后缀
+        //update-end--Author:scott Date:20221116 for：排除静态资源后缀
 
         filterChainDefinitionMap.put("/druid/**", "anon");
         filterChainDefinitionMap.put("/swagger-ui.html", "anon");
@@ -124,13 +130,21 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/webjars/**", "anon");
         filterChainDefinitionMap.put("/v2/**", "anon");
 
+        // update-begin--Author:sunjianlei Date:20210510 for：排除消息通告查看详情页面（用于第三方APP）
         filterChainDefinitionMap.put("/sys/annountCement/show/**", "anon");
+        // update-end--Author:sunjianlei Date:20210510 for：排除消息通告查看详情页面（用于第三方APP）
 
         //积木报表排除
         filterChainDefinitionMap.put("/jmreport/**", "anon");
         filterChainDefinitionMap.put("/**/*.js.map", "anon");
         filterChainDefinitionMap.put("/**/*.css.map", "anon");
         
+        //拖拽仪表盘设计器排除
+        filterChainDefinitionMap.put("/drag/view", "anon");
+        filterChainDefinitionMap.put("/drag/page/queryById", "anon");
+        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getAllChartData", "anon");
+        filterChainDefinitionMap.put("/drag/onlDragDatasetHead/getTotalData", "anon");
+        filterChainDefinitionMap.put("/drag/mock/json/**", "anon");
         //大屏模板例子
         filterChainDefinitionMap.put("/test/bigScreen/**", "anon");
         filterChainDefinitionMap.put("/bigscreen/template1/**", "anon");
@@ -144,13 +158,16 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/newsWebsocket/**", "anon");//CMS模块
         filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTable无痕刷新示例
 
-
-        //性能监控，放开排除会存在安全漏洞泄露TOEKN（durid连接池也有）
+        //性能监控——安全隐患泄露TOEKN（durid连接池也有）
         //filterChainDefinitionMap.put("/actuator/**", "anon");
-
         //测试模块排除
         filterChainDefinitionMap.put("/test/seata/**", "anon");
 
+        //错误路径排除
+        filterChainDefinitionMap.put("/error", "anon");
+        // 企业微信证书排除
+        filterChainDefinitionMap.put("/WW_verify*", "anon");
+
         // 添加自己的过滤器并且取名为jwt
         Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
         //如果cloudServer为空 则说明是单体 需要加载跨域配置【微服务跨域切换】
@@ -167,6 +184,20 @@ public class ShiroConfig {
         return shiroFilterFactoryBean;
     }
 
+    //update-begin---author:chenrui ---date:20240126  for：【QQYUN-7932】AI助手------------
+    @Bean
+    public FilterRegistrationBean shiroFilterRegistration() {
+        FilterRegistrationBean registration = new FilterRegistrationBean();
+        registration.setFilter(new DelegatingFilterProxy("shiroFilterFactoryBean"));
+        registration.setEnabled(true);
+        registration.addUrlPatterns("/*");
+        //支持异步
+        registration.setAsyncSupported(true);
+        registration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
+        return registration;
+    }
+    //update-end---author:chenrui ---date:20240126  for：【QQYUN-7932】AI助手------------
+
     @Bean("securityManager")
     public DefaultWebSecurityManager securityManager(ShiroRealm myRealm) {
         DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
@@ -244,11 +275,24 @@ public class ShiroConfig {
     public IRedisManager redisManager() {
         log.info("===============(2)创建RedisManager,连接Redis..");
         IRedisManager manager;
+        // sentinel cluster redis（【issues/5569】shiro集成 redis 不支持 sentinel 方式部署的redis集群 #5569）
+        if (Objects.nonNull(redisProperties)
+                && Objects.nonNull(redisProperties.getSentinel())
+                && !CollectionUtils.isEmpty(redisProperties.getSentinel().getNodes())) {
+            RedisSentinelManager sentinelManager = new RedisSentinelManager();
+            sentinelManager.setMasterName(redisProperties.getSentinel().getMaster());
+            sentinelManager.setHost(String.join(",", redisProperties.getSentinel().getNodes()));
+            sentinelManager.setPassword(redisProperties.getSentinel().getPassword());
+            sentinelManager.setDatabase(redisProperties.getDatabase());
+
+            return sentinelManager;
+        }
+        
         // redis 单机支持，在集群为空，或者集群无机器时候使用 add by jzyadmin@163.com
         if (lettuceConnectionFactory.getClusterConfiguration() == null || lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().isEmpty()) {
             RedisManager redisManager = new RedisManager();
-            redisManager.setHost(lettuceConnectionFactory.getHostName());
-            redisManager.setPort(lettuceConnectionFactory.getPort());
+            redisManager.setHost(lettuceConnectionFactory.getHostName() + ":" + lettuceConnectionFactory.getPort());
+            //(lettuceConnectionFactory.getPort());
             redisManager.setDatabase(lettuceConnectionFactory.getDatabase());
             redisManager.setTimeout(0);
             if (!StringUtils.isEmpty(lettuceConnectionFactory.getPassword())) {

jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java

@@ -11,6 +11,7 @@ import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.config.TenantContext;
+import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
@@ -61,9 +62,11 @@ public class ShiroRealm extends AuthorizingRealm {
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         log.debug("===============Shiro权限认证开始============ [ roles、permissions]==========");
         String username = null;
+        String userId = null;
         if (principals != null) {
             LoginUser sysUser = (LoginUser) principals.getPrimaryPrincipal();
             username = sysUser.getUsername();
+            userId = sysUser.getId();
         }
         SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
 
@@ -73,7 +76,7 @@ public class ShiroRealm extends AuthorizingRealm {
         info.setRoles(roleSet);
 
         // 设置用户拥有的权限集合，比如“sys:role:add,sys:user:add”
-        Set<String> permissionSet = commonApi.queryUserAuths(username);
+        Set<String> permissionSet = commonApi.queryUserAuths(userId);
         info.addStringPermissions(permissionSet);
         //System.out.println(permissionSet);
         log.info("===============Shiro权限认证成功==============");
@@ -140,12 +143,35 @@ public class ShiroRealm extends AuthorizingRealm {
         String userTenantIds = loginUser.getRelTenantIds();
         if(oConvertUtils.isNotEmpty(userTenantIds)){
             String contextTenantId = TenantContext.getTenant();
+            log.debug("登录租户：" + contextTenantId);
+            log.debug("用户拥有那些租户：" + userTenantIds);
+             //登录用户无租户，前端header中租户ID值为 0
             String str ="0";
             if(oConvertUtils.isNotEmpty(contextTenantId) && !str.equals(contextTenantId)){
                 //update-begin-author:taoyan date:20211227 for: /issues/I4O14W 用户租户信息变更判断漏洞
                 String[] arr = userTenantIds.split(",");
                 if(!oConvertUtils.isIn(contextTenantId, arr)){
-                    throw new AuthenticationException("用户租户信息变更,请重新登陆!");
+                    boolean isAuthorization = false;
+                    //========================================================================
+                    // 查询用户信息（如果租户不匹配从数据库中重新查询一次用户信息）
+                    String loginUserKey = CacheConstant.SYS_USERS_CACHE + "::" + username;
+                    redisUtil.del(loginUserKey);
+                    LoginUser loginUserFromDb = commonApi.getUserByName(username);
+                    if (oConvertUtils.isNotEmpty(loginUserFromDb.getRelTenantIds())) {
+                        String[] newArray = loginUserFromDb.getRelTenantIds().split(",");
+                        if (oConvertUtils.isIn(contextTenantId, newArray)) { 
+                            isAuthorization = true;
+                        }
+                    }
+                    //========================================================================
+
+                    //*********************************************
+                    if(!isAuthorization){
+                        log.info("租户异常——登录租户：" + contextTenantId);
+                        log.info("租户异常——用户拥有租户组：" + userTenantIds);
+                        throw new AuthenticationException("登录租户授权变更，请重新登陆!");
+                    }
+                    //*********************************************
                 }
                 //update-end-author:taoyan date:20211227 for: /issues/I4O14W 用户租户信息变更判断漏洞
             }

jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/interceptor/SignAuthInterceptor.java

@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.util.DateUtils;
+import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.sign.util.BodyReaderHttpServletRequestWrapper;
 import org.jeecg.config.sign.util.HttpUtils;
 import org.jeecg.config.sign.util.SignUtil;
@@ -39,6 +40,18 @@ public class SignAuthInterceptor implements HandlerInterceptor {
         //对参数进行签名验证
         String headerSign = request.getHeader(CommonConstant.X_SIGN);
         String xTimestamp = request.getHeader(CommonConstant.X_TIMESTAMP);
+        
+        if(oConvertUtils.isEmpty(xTimestamp)){
+            Result<?> result = Result.error("Sign签名校验失败，时间戳为空！");
+            log.error("Sign 签名校验失败！Header xTimestamp 为空");
+            //校验失败返回前端
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("application/json; charset=utf-8");
+            PrintWriter out = response.getWriter();
+            out.print(JSON.toJSON(result));
+            return false;
+        }
+
         //客户端时间
         Long clientTimestamp = Long.parseLong(xTimestamp);
 
@@ -66,6 +79,7 @@ public class SignAuthInterceptor implements HandlerInterceptor {
             log.debug("Sign 签名通过！Header Sign : {}",headerSign);
             return true;
         } else {
+            log.info("sign allParams: {}", allParams);
             log.error("request URI = " + request.getRequestURI());
             log.error("Sign 签名校验失败！Header Sign : {}",headerSign);
             //校验失败返回前端

jeecg-boot-base-core/src/main/java/org/jeecg/config/sign/util/HttpUtils.java

@@ -43,6 +43,16 @@ public class HttpUtils {
         if (pathVariable.contains(SymbolConstant.COMMA)) {
             log.info(" pathVariable: {}",pathVariable);
             String deString = URLDecoder.decode(pathVariable, "UTF-8");
+          
+            //https://www.52dianzi.com/category/article/37/565371.html
+            if(deString.contains("%")){
+                try {
+                    deString = URLDecoder.decode(deString, "UTF-8");
+                    log.info("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
+                } catch (Exception e) {
+                    //e.printStackTrace();
+                }
+            }
             log.info(" pathVariable decode: {}",deString);
             result.put(SignUtil.X_PATH_VARIABLE, deString);
         }
@@ -81,6 +91,12 @@ public class HttpUtils {
         if (pathVariable.contains(SymbolConstant.COMMA)) {
             log.info(" pathVariable: {}",pathVariable);
             String deString = URLDecoder.decode(pathVariable, "UTF-8");
+           
+            //https://www.52dianzi.com/category/article/37/565371.html
+            if(deString.contains("%")){
+                deString = URLDecoder.decode(deString, "UTF-8");
+                log.info("存在%情况下，执行两次解码 — pathVariable decode: {}",deString);
+            }
             log.info(" pathVariable decode: {}",deString);
             result.put(SignUtil.X_PATH_VARIABLE, deString);
         }
@@ -156,8 +172,12 @@ public class HttpUtils {
         String[] params = param.split("&");
         for (String s : params) {
             int index = s.indexOf("=");
+            //update-begin---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
+            if (index != -1) {
                 result.put(s.substring(0, index), s.substring(index + 1));
             }
+            //update-end---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
+        }
         return result;
     }
 
@@ -180,8 +200,12 @@ public class HttpUtils {
         String[] params = param.split("&");
         for (String s : params) {
             int index = s.indexOf("=");
+            //update-begin---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
+            if (index != -1) {
                 result.put(s.substring(0, index), s.substring(index + 1));
             }
+            //update-end---author:chenrui ---date:20240222  for：[issues/5879]数据查询传ds=“”造成的异常------------
+        }
         return result;
     }
 }

jeecg-boot-base-core/src/main/java/org/jeecg/config/thirdapp/ThirdAppConfig.java

@@ -1,80 +0,0 @@
-package org.jeecg.config.thirdapp;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * 第三方App对接配置
- * @author: jeecg-boot
- */
-@Configuration
-public class ThirdAppConfig {
-
-    /**
-     * 钉钉
-     */
-    public final static String DINGTALK = "DINGTALK";
-    /**
-     * 企业微信
-     */
-    public final static String WECHAT_ENTERPRISE = "WECHAT_ENTERPRISE";
-
-    /**
-     * 是否启用 第三方App对接
-     */
-    @Value("${third-app.enabled:false}")
-    private boolean enabled;
-
-    /**
-     * 系统类型，目前支持：WECHAT_ENTERPRISE（企业微信）；DINGTALK （钉钉）
-     */
-    @Autowired
-    private ThirdAppTypeConfig type;
-
-    public boolean isEnabled() {
-        return enabled;
-    }
-
-    public ThirdAppConfig setEnabled(boolean enabled) {
-        this.enabled = enabled;
-        return this;
-    }
-
-    /**
-     * 获取企业微信配置
-     */
-    public ThirdAppTypeItemVo getWechatEnterprise() {
-        return this.type.getWECHAT_ENTERPRISE();
-    }
-
-    /**
-     * 获取钉钉配置
-     */
-    public ThirdAppTypeItemVo getDingtalk() {
-        return this.type.getDINGTALK();
-    }
-
-    /**
-     * 获取企业微信是否启用
-     */
-    public boolean isWechatEnterpriseEnabled() {
-        try {
-            return this.enabled && this.getWechatEnterprise().isEnabled();
-        } catch (Exception e) {
-            return false;
-        }
-    }
-
-    /**
-     * 获取钉钉是否启用
-     */
-    public boolean isDingtalkEnabled() {
-        try {
-            return this.enabled && this.getDingtalk().isEnabled();
-        } catch (Exception e) {
-            return false;
-        }
-    }
-
-}

jeecg-boot-base-core/src/main/java/org/jeecg/config/thirdapp/ThirdAppTypeConfig.java

@@ -1,26 +0,0 @@
-package org.jeecg.config.thirdapp;
-
-import lombok.Data;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * 第三方APP配置
- *
- * @author sunjianlei
- */
-@Data
-@Configuration
-@ConfigurationProperties(prefix = "third-app.type")
-public class ThirdAppTypeConfig {
-
-    /**
-     * 对应企业微信配置
-     */
-    private ThirdAppTypeItemVo WECHAT_ENTERPRISE;
-    /**
-     * 对应钉钉配置
-     */
-    private ThirdAppTypeItemVo DINGTALK;
-
-}

jeecg-boot-base-core/src/main/java/org/jeecg/config/thirdapp/ThirdAppTypeItemVo.java

@@ -1,37 +0,0 @@
-package org.jeecg.config.thirdapp;
-
-import lombok.Data;
-
-/**
- * 第三方App对接
- * @author: jeecg-boot
- */
-@Data
-public class ThirdAppTypeItemVo {
-
-    /**
-     * 是否启用
-     */
-    private boolean enabled;
-    /**
-     * 应用Key
-     */
-    private String clientId;
-    /**
-     * 应用Secret
-     */
-    private String clientSecret;
-    /**
-     * 应用ID
-     */
-    private String agentId;
-    /**
-     * 目前仅企业微信用到：自建应用Secret
-     */
-    private String agentAppSecret;
-
-    public int getAgentIdInt() {
-        return Integer.parseInt(agentId);
-    }
-
-}