před 1 týdnem · aa82e657a9
--- a/zjrs-service-backend/pom.xml
+++ b/zjrs-service-backend/pom.xml
@@ -144,12 +144,19 @@
 
				             <systemPath>${project.basedir}/src/main/resources/lib/leaf6-uni-log-mybatis-2.0.0-SinoBest.21.jar</systemPath>
			
 
				         </dependency>
			
 
				         <dependency>
			
 
				-            <groupId>com.yinhai</groupId>
			
 
				+            <groupId>org.bouncycastle</groupId>
			
 
				             <artifactId>bcprov-jdk15on</artifactId>
			
 
				             <version>1.60</version>
			
 
				             <scope>system</scope>
			
 
				             <systemPath>${project.basedir}/src/main/resources/lib/bcprov-jdk15on-1.60.jar</systemPath>
			
 
				         </dependency>
			
 
				+        <dependency>
			
 
				+            <groupId>com.yinhai.bcpcs</groupId>
			
 
				+            <artifactId>bcp-httpcs</artifactId>
			
 
				+            <version>1.4</version>
			
 
				+            <scope>system</scope>
			
 
				+            <systemPath>${project.basedir}/src/main/resources/lib/bcp-httpcs-1.4.jar</systemPath>
			
 
				+        </dependency>
			
 
				 
			
 
				         <dependency>
			
 
				             <groupId>org.apache.poi</groupId>
			
@@ -337,37 +344,7 @@
 
				                 <groupId>org.springframework.boot</groupId>
			
 
				                 <artifactId>spring-boot-maven-plugin</artifactId>
			
 
				             </plugin>
			
 
				-            <plugin>
			
 
				-                <groupId>org.apache.maven.plugins</groupId>
			
 
				-                <artifactId>maven-compiler-plugin</artifactId>
			
 
				-                <configuration>
			
 
				-                    <compilerArgs>
			
 
				-                        <arg>-extdirs</arg>
			
 
				-                        <arg>${project.basedir}/lib</arg>
			
 
				-                    </compilerArgs>
			
 
				-                </configuration>
			
 
				-            </plugin>
			
 
				-            <plugin>
			
 
				-                <groupId>org.springframework.boot</groupId>
			
 
				-                <artifactId>spring-boot-maven-plugin</artifactId>
			
 
				-                <configuration>
			
 
				-                    <includeSystemScope>true</includeSystemScope>
			
 
				-                </configuration>
			
 
				-            </plugin>
			
 
				         </plugins>
			
 
				-
			
 
				-        <resources>
			
 
				-            <resource>
			
 
				-                <directory>lib</directory>
			
 
				-                <targetPath>BOOT-INF/lib/</targetPath>
			
 
				-                <includes>
			
 
				-                    <include>**/*.jar</include>
			
 
				-                </includes>
			
 
				-            </resource>
			
 
				-            <resource>
			
 
				-                <directory>src/main/resources</directory>
			
 
				-            </resource>
			
 
				-        </resources>
			
 
				     </build>
			
 
				 
			
 
				 </project>
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/CaptchaAutoConfiguration.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/CaptchaAutoConfiguration.java
@@ -1,4 +1,4 @@
 
				-package com.zjrs.ggfw.config;
			
 
				+package com.zjrs.config;
			
 
				 
			
 
				 import com.google.code.kaptcha.Constants;
			
 
				 import com.google.code.kaptcha.impl.DefaultKaptcha;
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/CaptchaProperties.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/CaptchaProperties.java
@@ -1,4 +1,4 @@
 
				-package com.zjrs.ggfw.config;
			
 
				+package com.zjrs.config;
			
 
				 
			
 
				 import org.springframework.boot.context.properties.ConfigurationProperties;
			
 
				 import org.springframework.boot.context.properties.NestedConfigurationProperty;
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/DatabaseConfiguration.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/DatabaseConfiguration.java
@@ -1,4 +1,4 @@
 
				-package com.zjrs.ggfw.config;
			
 
				+package com.zjrs.config;
			
 
				 
			
 
				 import com.fasterxml.jackson.datatype.hibernate5.Hibernate5Module;
			
 
				 import org.hibernate.dialect.Dialect;
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/MybatisPlusConfig.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/MybatisPlusConfig.java
@@ -1,4 +1,4 @@
 
				-package com.zjrs.zwnw.config;
			
 
				+package com.zjrs.config;
			
 
				 
			
 
				 import com.baomidou.mybatisplus.annotation.DbType;
			
 
				 import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
			
@@ -11,7 +11,10 @@ import org.springframework.transaction.annotation.EnableTransactionManagement;
 
				 @EnableTransactionManagement
			
 
				 @Configuration
			
 
				 // 注意：MapperScan 通常建议扫描 Mapper 接口所在的包，而不是 entity 实体类包
			
 
				-@MapperScan("com.zjrs.zwnw.**.entity")
			
 
				+@MapperScan({
			
 
				+        "com.zjrs.zwnw.**.entity",
			
 
				+        "com.zjrs.ggfw.**.entity"
			
 
				+})
			
 
				 public class MybatisPlusConfig {
			
 
				 
			
 
				     /**
			
@@ -31,4 +34,4 @@ public class MybatisPlusConfig {
 
				         interceptor.addInnerInterceptor(paginationInnerInterceptor);
			
 
				         return interceptor;
			
 
				     }
			
 
				-}
			
 
				+}
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/ResourceConfig.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/ResourceConfig.java
@@ -1,4 +1,4 @@
 
				-package com.zjrs.ggfw.config;
			
 
				+package com.zjrs.config;
			
 
				 
			
 
				 import jakarta.servlet.Filter;
			
 
				 import org.mohrss.leaf.auth.exception.LeafAuthExceptionEntryPoint;
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/SwaggerConfig.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/SwaggerConfig.java
@@ -1,4 +1,4 @@
 
				-package com.zjrs.ggfw.config;
			
 
				+package com.zjrs.config;
			
 
				 
			
 
				 import io.swagger.v3.oas.models.OpenAPI;
			
 
				 import io.swagger.v3.oas.models.info.Info;
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/MybatisPlusConfig.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/config/MybatisPlusConfig.java
@@ -1,34 +0,0 @@
 
				-package com.zjrs.ggfw.config;
			
 
				-
			
 
				-import com.baomidou.mybatisplus.annotation.DbType;
			
 
				-import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
			
 
				-import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
			
 
				-import org.mybatis.spring.annotation.MapperScan;
			
 
				-import org.springframework.context.annotation.Bean;
			
 
				-import org.springframework.context.annotation.Configuration;
			
 
				-import org.springframework.transaction.annotation.EnableTransactionManagement;
			
 
				-
			
 
				-@EnableTransactionManagement
			
 
				-@Configuration
			
 
				-// 注意：MapperScan 通常建议扫描 Mapper 接口所在的包，而不是 entity 实体类包
			
 
				-@MapperScan("com.zjrs.ggfw.**.entity")
			
 
				-public class MybatisPlusConfig {
			
 
				-
			
 
				-    /**
			
 
				-     * 新版分页插件配置
			
 
				-     */
			
 
				-    @Bean
			
 
				-    public MybatisPlusInterceptor mybatisPlusInterceptor() {
			
 
				-        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
			
 
				-
			
 
				-        // 1. 添加分页内部拦截器
			
 
				-        // 建议明确指定 DbType (如 MYSQL, ORACLE, POSTGRE_SQL)，这能显著提高插件解析 SQL 的效率
			
 
				-        PaginationInnerInterceptor paginationInnerInterceptor = new PaginationInnerInterceptor(DbType.MYSQL);
			
 
				-
			
 
				-        // 2. 设置单页分页限制 (可选，默认无限制)
			
 
				-        // paginationInnerInterceptor.setMaxLimit(500L);
			
 
				-
			
 
				-        interceptor.addInnerInterceptor(paginationInnerInterceptor);
			
 
				-        return interceptor;
			
 
				-    }
			
 
				-}
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/ggfw/portal/bpo/impl/UserBPOImpl.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/ggfw/portal/bpo/impl/UserBPOImpl.java
@@ -11,7 +11,7 @@ import org.mohrss.leaf.core.framework.persistens.PageResult;
 
				 import org.mohrss.leaf.core.framework.util.CurrentUser;
			
 
				 import org.mohrss.leaf.core.framework.util.SecurityUtils;
			
 
				 import org.mohrss.leaf.core.framework.web.controller.AjaxResponse;
			
 
				-import com.zjrs.ggfw.config.CaptchaAutoConfiguration;
			
 
				+import com.zjrs.config.CaptchaAutoConfiguration;
			
 
				 import com.zjrs.ggfw.portal.blo.UserBLO;
			
 
				 import com.zjrs.ggfw.portal.bpo.UserBPO;
			
 
				 import com.zjrs.ggfw.portal.dto.*;
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/DatabaseConfiguration.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/DatabaseConfiguration.java
@@ -1,49 +0,0 @@
 
				-package com.zjrs.zwnw.config;
			
 
				-
			
 
				-import com.fasterxml.jackson.datatype.hibernate5.Hibernate5Module;
			
 
				-import org.hibernate.dialect.Dialect;
			
 
				-import org.springframework.beans.factory.annotation.Value;
			
 
				-import org.springframework.context.annotation.Bean;
			
 
				-import org.springframework.context.annotation.Configuration;
			
 
				-import org.springframework.transaction.annotation.EnableTransactionManagement;
			
 
				-
			
 
				-@Configuration
			
 
				-@EnableTransactionManagement
			
 
				-public class DatabaseConfiguration {
			
 
				-
			
 
				-    /**
			
 
				-     * 通过<code>@Bean</code>注册，即可使用Spring-Boot的自动配置功能，当为SpringMVC的HttpMessageConverters注册一个
			
 
				-     * MappingJackson2HttpMessageConverter，其中的ObjectMapper将自动注册了Hibernate5Module模块。
			
 
				-     * <p>
			
 
				-     * Any beans of type com.fasterxml.jackson.databind.Module will be automatically registered with
			
 
				-     * the auto-configured Jackson2ObjectMapperBuilder and applied to any ObjectMapper instances that it creates.
			
 
				-     * This provides a global mechanism for contributing custom modules when you add new features to your application.
			
 
				-     * </p>
			
 
				-     * 自动注册的详情参看See Also
			
 
				-     * <p>
			
 
				-     * Hibernate5Module模块主要用于解决Jackson序列化带Hibernate注解的Entity，当Entity中包含有Lazy-Loading对象时，
			
 
				-     * 若Session已关闭不能加载，默认则序列化为null（可通过Feature配置）。
			
 
				-     * <br>
			
 
				-     * Hibernate5Module.Feature 枚举类型中定义了默认的模块配置。详细可参看源码。
			
 
				-     * </p>
			
 
				-     * 不建议使用"Open session in view"的解决方案，
			
 
				-     * <a href="https://vladmihalcea.com/2016/05/30/the-open-session-in-view-anti-pattern/">详细说明</a>
			
 
				-     *
			
 
				-     * @return Hibernate5Module实例
			
 
				-     * @see
			
 
				-     * <a href="http://docs.spring.io/spring-boot/docs/current/reference/html/howto-spring-mvc.html#howto-customize-the-jackson-objectmapper">Spring文档</a>
			
 
				-     */
			
 
				-    @Bean
			
 
				-    public Hibernate5Module hibernate5Module() {
			
 
				-        return new Hibernate5Module();
			
 
				-    }
			
 
				-
			
 
				-    /**
			
 
				-     * 返回主要数据源的数据库Dialect，在某些JDBC场合可以灵活使用。
			
 
				-     */
			
 
				-    @Bean
			
 
				-    public Dialect primaryDialect(@Value("${spring.jpa.database-platform}") String databasePlatform)
			
 
				-        throws ClassNotFoundException, IllegalAccessException, InstantiationException {
			
 
				-        return (Dialect) Class.forName(databasePlatform).newInstance();
			
 
				-    }
			
 
				-}
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/ResourceConfig.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/ResourceConfig.java
@@ -1,67 +0,0 @@
 
				-package com.zjrs.zwnw.config;
			
 
				-
			
 
				-import jakarta.servlet.Filter;
			
 
				-import org.mohrss.leaf.auth.exception.LeafAuthExceptionEntryPoint;
			
 
				-import org.mohrss.leaf.auth.handler.LeafAccessDeniedHandler;
			
 
				-import org.mohrss.leaf.auth.properties.LeafOAuth2ResourceProperties;
			
 
				-import org.mohrss.leaf.auth.security.LeafFilterSecurityInterceptor;
			
 
				-import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.context.annotation.Bean;
			
 
				-import org.springframework.context.annotation.Configuration;
			
 
				-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			
 
				-import org.springframework.security.config.http.SessionCreationPolicy;
			
 
				-import org.springframework.security.web.SecurityFilterChain;
			
 
				-import org.springframework.security.web.access.intercept.AuthorizationFilter;
			
 
				-
			
 
				-@Configuration
			
 
				-@EnableWebSecurity // 替代旧版的 @EnableResourceServer
			
 
				-public class ResourceConfig {
			
 
				-
			
 
				-    @Autowired(required = false)
			
 
				-    private LeafFilterSecurityInterceptor leafFilterSecurityInterceptor;
			
 
				-
			
 
				-    @Autowired
			
 
				-    private LeafOAuth2ResourceProperties leafOAuth2ResourceProperties;
			
 
				-
			
 
				-    @Autowired
			
 
				-    private LeafAccessDeniedHandler leafAccessDeniedHandler;
			
 
				-
			
 
				-    @Bean
			
 
				-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
			
 
				-        http
			
 
				-                // 1. 禁用 CSRF 并设置无状态 Session
			
 
				-                .csrf(csrf -> csrf.disable())
			
 
				-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
			
 
				-
			
 
				-                // 2. 异常处理
			
 
				-                .exceptionHandling(exceptions -> exceptions
			
 
				-                        .authenticationEntryPoint(new LeafAuthExceptionEntryPoint())
			
 
				-                        .accessDeniedHandler(leafAccessDeniedHandler)
			
 
				-                )
			
 
				-
			
 
				-                // 3. 资源访问权限配置
			
 
				-                .authorizeHttpRequests(auth -> auth
			
 
				-                        // 动态白名单配置
			
 
				-                        .requestMatchers(leafOAuth2ResourceProperties.getUrl().getWhitelist().toArray(new String[0])).permitAll()
			
 
				-                        // 其余所有请求都需要认证
			
 
				-                        .anyRequest().authenticated()
			
 
				-                )
			
 
				-
			
 
				-                // 4. 开启 OAuth2 资源服务器配置 (Spring Security 6 标准写法)
			
 
				-                .oauth2ResourceServer(oauth2 -> oauth2
			
 
				-                        .jwt(jwt -> {}) // 如果是 JWT 校验模式
			
 
				-                        .authenticationEntryPoint(new LeafAuthExceptionEntryPoint())
			
 
				-                        .accessDeniedHandler(leafAccessDeniedHandler)
			
 
				-                );
			
 
				-
			
 
				-        // 5. 插入自定义过滤器（方法级鉴权/Leaf 增强逻辑）
			
 
				-        // 在 Spring Security 6 中，旧的 FilterSecurityInterceptor 对应的是 AuthorizationFilter
			
 
				-        if (leafOAuth2ResourceProperties.getJwt().isServiceAuthenticationEnabled()
			
 
				-                && leafFilterSecurityInterceptor != null) {
			
 
				-            http.addFilterAfter((Filter) leafFilterSecurityInterceptor, AuthorizationFilter.class);
			
 
				-        }
			
 
				-
			
 
				-        return http.build();
			
 
				-    }
			
 
				-}
			
--- a/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/Swagger3Config.java
+++ b/zjrs-service-backend/src/main/java/com/zjrs/zwnw/config/Swagger3Config.java
@@ -1,34 +0,0 @@
 
				-package com.zjrs.zwnw.config;
			
 
				-
			
 
				-import io.swagger.annotations.ApiOperation;
			
 
				-import org.springframework.context.annotation.Bean;
			
 
				-import org.springframework.context.annotation.Configuration;
			
 
				-import springfox.documentation.builders.ApiInfoBuilder;
			
 
				-import springfox.documentation.builders.PathSelectors;
			
 
				-import springfox.documentation.builders.RequestHandlerSelectors;
			
 
				-import springfox.documentation.oas.annotations.EnableOpenApi;
			
 
				-import springfox.documentation.service.ApiInfo;
			
 
				-import springfox.documentation.spi.DocumentationType;
			
 
				-import springfox.documentation.spring.web.plugins.Docket;
			
 
				-
			
 
				-@Configuration
			
 
				-@EnableOpenApi
			
 
				-public class Swagger3Config {
			
 
				-    @Bean
			
 
				-    public Docket createRestApi() {
			
 
				-
			
 
				-        return new Docket(DocumentationType.OAS_30)
			
 
				-                .apiInfo(apiInfo())
			
 
				-                .select()
			
 
				-                .apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
			
 
				-                .paths(PathSelectors.any())
			
 
				-                .build();
			
 
				-    }
			
 
				-
			
 
				-    private ApiInfo apiInfo() {
			
 
				-        return new ApiInfoBuilder()
			
 
				-                .title("接口文档")
			
 
				-                .description("--------------------------------")
			
 
				-                .build();
			
 
				-    }
			
 
				-}