完善粤信签后端认证接口

doc/报错信息.txt

@@ -1,9 +1,36 @@
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
+2026-06-17 11:38:04.680 [http-nio-8080-exec-4] INFO  o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:178 - 粤信签小程序登录开始，loginToken: tif:yrz:...
+2026-06-17 11:38:05.033 [http-nio-8080-exec-5] INFO  o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:178 - 粤信签小程序登录开始，loginToken: tif:yrz:...
+2026-06-17 11:38:06.079 [http-nio-8080-exec-5] ERROR o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:268 - 调用粤信签网关获取Access-Token失败
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:926)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:906)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:841)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:702)
+	at org.jeecg.common.util.RestUtil.request(RestUtil.java:240)
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:257)
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
@@ -17,8 +44,8 @@
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
@@ -90,25 +117,89 @@
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 	at java.base/java.lang.Thread.run(Thread.java:833)
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)
-	... 94 common frames omitted
-2026-06-15 15:35:51.295 [http-nio-8080-exec-7] INFO  org.jeecg.common.util.filter.SsrfFileTypeFilter:184 - 【文件上传校验】文件后缀 suffix: png，customPath：enterprise/images
-2026-06-15 15:35:51.374 [http-nio-8080-exec-8] ERROR o.j.m.j.c.interceptor.JimuGlobalExceptionHandler:108 - Subject does not have permission [enterprise:enterprise_info:edit]
-org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [enterprise:enterprise_info:edit]
-	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:332)
-	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
-	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:211)
-	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:85)
-	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:102)
-	at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
+Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
+	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
+	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
+	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
+	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505)
+	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420)
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.executeHandshake(AbstractClientTlsStrategy.java:253)
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:211)
+	at org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
+	at org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:219)
+	at org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:490)
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:164)
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:174)
+	at org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:144)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:195)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:150)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:110)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:185)
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:87)
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
+	at org.apache.hc.client5.http.classic.HttpClient.executeOpen(HttpClient.java:183)
+	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:99)
+	at org.springframework.http.client.AbstractStreamingClientHttpRequest.executeInternal(AbstractStreamingClientHttpRequest.java:71)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:81)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:900)
+	... 113 common frames omitted
+Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
+	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
+	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
+	... 149 common frames omitted
+Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
+	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
+	... 154 common frames omitted
+2026-06-17 11:38:06.085 [http-nio-8080-exec-5] ERROR o.j.modules.zjrs.sso.controller.LoginSSOController:89 - 粤信签小程序登录失败
+java.lang.RuntimeException: 调用粤信签网关失败: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:269)
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
@@ -122,8 +213,8 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
@@ -195,25 +286,37 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 	at java.base/java.lang.Thread.run(Thread.java:833)
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)
-	... 94 common frames omitted
-2026-06-15 15:35:55.323 [http-nio-8080-exec-10] INFO  org.jeecg.common.util.filter.SsrfFileTypeFilter:184 - 【文件上传校验】文件后缀 suffix: png，customPath：enterprise/logo
-2026-06-15 15:35:55.581 [http-nio-8080-exec-1] ERROR o.j.m.j.c.interceptor.JimuGlobalExceptionHandler:108 - Subject does not have permission [enterprise:enterprise_info:edit]
-org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [enterprise:enterprise_info:edit]
-	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:332)
-	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
-	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:211)
-	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:85)
-	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:102)
-	at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
+2026-06-17 11:38:06.107 [http-nio-8080-exec-4] ERROR o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:268 - 调用粤信签网关获取Access-Token失败
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:926)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:906)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:841)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:702)
+	at org.jeecg.common.util.RestUtil.request(RestUtil.java:240)
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:257)
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
@@ -227,8 +330,8 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
@@ -300,25 +403,89 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 	at java.base/java.lang.Thread.run(Thread.java:833)
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)
-	... 94 common frames omitted
-2026-06-15 15:36:03.558 [http-nio-8080-exec-3] INFO  org.jeecg.common.util.filter.SsrfFileTypeFilter:184 - 【文件上传校验】文件后缀 suffix: png，customPath：enterprise/logo
-2026-06-15 15:36:03.643 [http-nio-8080-exec-4] ERROR o.j.m.j.c.interceptor.JimuGlobalExceptionHandler:108 - Subject does not have permission [enterprise:enterprise_info:edit]
-org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [enterprise:enterprise_info:edit]
-	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:332)
-	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
-	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:211)
-	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:85)
-	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:102)
-	at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
+Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
+	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
+	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
+	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
+	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505)
+	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420)
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.executeHandshake(AbstractClientTlsStrategy.java:253)
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:211)
+	at org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
+	at org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:219)
+	at org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:490)
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:164)
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:174)
+	at org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:144)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:195)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:150)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:110)
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
+	at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:185)
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:87)
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
+	at org.apache.hc.client5.http.classic.HttpClient.executeOpen(HttpClient.java:183)
+	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:99)
+	at org.springframework.http.client.AbstractStreamingClientHttpRequest.executeInternal(AbstractStreamingClientHttpRequest.java:71)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:81)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:900)
+	... 113 common frames omitted
+Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
+	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
+	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
+	... 149 common frames omitted
+Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
+	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
+	... 154 common frames omitted
+2026-06-17 11:38:06.110 [http-nio-8080-exec-4] ERROR o.j.modules.zjrs.sso.controller.LoginSSOController:89 - 粤信签小程序登录失败
+java.lang.RuntimeException: 调用粤信签网关失败: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:269)
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
@@ -332,8 +499,8 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
@@ -405,5 +572,3 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 	at java.base/java.lang.Thread.run(Thread.java:833)
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)

jeecg-boot/jeecg-boot-module/jeecg-module-zjrs/src/main/java/org/jeecg/modules/zjrs/sso/service/impl/LoginSSOServiceImpl.java

@@ -28,12 +28,25 @@ import org.jeecg.modules.system.service.ISysDepartService;
 import org.jeecg.modules.system.service.ISysDictService;
 import org.jeecg.modules.system.service.ISysUserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.stereotype.Service;
-
+import org.springframework.web.client.RestTemplate;
+
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
+import org.apache.hc.core5.ssl.SSLContextBuilder;
+
+import javax.net.ssl.SSLContext;
+import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.util.LinkedHashMap;
@@ -81,6 +94,43 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
     @org.springframework.beans.factory.annotation.Value("${zjrs.yxq.gateway-url:https://rsj.zhanjiang.gov.cn/wx}")
     private String gatewayBaseUrl;
 
+    /**
+     * 创建一个跳过 SSL 证书验证的 RestTemplate（用于调用省统一认证网关）
+     * 网关使用政府内网证书，不在 JDK 默认信任列表中，需要跳过验证
+     * 不影响全局 RestUtil，仅用于粤信签网关调用
+     */
+    private RestTemplate createInsecureRestTemplate() {
+        try {
+            // 信任所有证书的 SSLContext
+            SSLContext sslContext = SSLContextBuilder.create()
+                    .loadTrustMaterial((chain, authType) -> true)
+                    .build();
+
+            // 创建连接管理器（跳过主机名验证 + 信任所有证书）
+            PoolingHttpClientConnectionManager connectionManager =
+                    PoolingHttpClientConnectionManagerBuilder.create()
+                            .setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
+                                    .setSslContext(sslContext)
+                                    .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                                    .build())
+                            .build();
+
+            // 创建 HttpClient
+            CloseableHttpClient httpClient = HttpClients.custom()
+                    .setConnectionManager(connectionManager)
+                    .build();
+
+            // 创建 RestTemplate（使用自定义 HttpClient）
+            HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
+            factory.setConnectTimeout(30000);
+            factory.setReadTimeout(30000);
+            return new RestTemplate(factory);
+        } catch (Exception e) {
+            log.error("创建跳过SSL验证的RestTemplate失败", e);
+            throw new RuntimeException("创建跳过SSL验证的RestTemplate失败", e);
+        }
+    }
+
 
     @Override
     public JSONObject ssoLoginByToken(String usertoken, HttpServletRequest request) {
@@ -242,7 +292,11 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
         headers.set("Authorization", "Basic " + basicAuth);
 
         try {
-            ResponseEntity<JSONObject> response = RestUtil.request(url, HttpMethod.POST, headers, null, params, JSONObject.class);
+            // 使用跳过SSL验证的RestTemplate（网关证书不在JDK信任列表中）
+            RestTemplate insecureRT = createInsecureRestTemplate();
+            HttpEntity<String> request = new HttpEntity<>(params.toJSONString(), headers);
+            ResponseEntity<JSONObject> response = insecureRT.exchange(
+                    URI.create(url), HttpMethod.POST, request, JSONObject.class);
             if (response.getBody() != null) {
                 JSONObject body = response.getBody();
                 // 网关返回格式：{ "Access-Token": "xxx" } 或 { "map": { "Access-Token": "xxx" } }
@@ -272,7 +326,11 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
         headers.set("Access-Token", accessToken);
 
         try {
-            ResponseEntity<JSONObject> response = RestUtil.request(url, HttpMethod.GET, headers, null, null, JSONObject.class);
+            // 使用跳过SSL验证的RestTemplate（网关证书不在JDK信任列表中）
+            RestTemplate insecureRT = createInsecureRestTemplate();
+            HttpEntity<String> request = new HttpEntity<>(headers);
+            ResponseEntity<JSONObject> response = insecureRT.exchange(
+                    URI.create(url), HttpMethod.GET, request, JSONObject.class);
             if (response.getBody() != null) {
                 JSONObject body = response.getBody();
                 // 网关返回格式可能是 { "map": { "data": {...} } } 或 { "data": {...} }
@@ -294,38 +352,26 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
     }
 
     /**
-     * 个人用户匹配：根据姓名（优先身份证号）查询PERSONAL_INFO表
+     * 个人用户匹配：同时按身份证号+姓名精确匹配PERSONAL_INFO表
      */
     private JSONObject matchPersonalAndCreateToken(String userName, JSONObject yxqUserInfo) {
-        String idNumber = yxqUserInfo.getString("aac002"); // 粤信签返回的身份证号
+        String idNumber = yxqUserInfo.getString("aac147"); // 粤信签返回的身份证号（网关字段为aac147）
 
-        PersonalInfo personalInfo = null;
-
-        // 优先用身份证号精确匹配（避免同名冲突）
+        // 同时按身份证号+姓名精确匹配
+        QueryWrapper<PersonalInfo> qw = new QueryWrapper<>();
         if (StringUtils.isNotBlank(idNumber)) {
-            QueryWrapper<PersonalInfo> qw = new QueryWrapper<>();
             qw.eq("id_number", idNumber);
-            personalInfo = personalInfoService.getOne(qw, false); // false=多条时不报错取第一条
-            if (personalInfo != null) {
-                log.info("通过身份证号匹配到个人用户，idNumber: {}***", idNumber.substring(0, Math.min(6, idNumber.length())));
-            }
-        }
-
-        // 身份证号匹配不到，再用姓名匹配
-        if (personalInfo == null) {
-            QueryWrapper<PersonalInfo> qw = new QueryWrapper<>();
-            qw.eq("full_name", userName);
-            personalInfo = personalInfoService.getOne(qw, false);
-            if (personalInfo != null) {
-                log.info("通过姓名匹配到个人用户，fullName: {}", userName);
-            }
         }
+        qw.eq("full_name", userName);
+        PersonalInfo personalInfo = personalInfoService.getOne(qw, false);
 
         if (personalInfo == null) {
-            log.warn("粤信签认证通过但未在本地数据库找到个人用户，userName: {}", userName);
+            log.warn("粤信签认证通过但未在本地数据库找到个人用户，userName: {}, idNumber: {}***",
+                    userName, idNumber != null ? idNumber.substring(0, Math.min(6, idNumber.length())) : "null");
             throw new RuntimeException("粤信签认证成功，但系统未找到您的个人信息，请联系管理员");
         }
 
+        log.info("通过身份证号+姓名匹配到个人用户，fullName: {}", userName);
         // 生成JeecgBoot token
         String username = "personal_" + personalInfo.getId();
         JSONObject obj = createToken(username, CommonConstant.CLIENT_TYPE_APP);
@@ -335,18 +381,26 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
     }
 
     /**
-     * 企业用户匹配：根据企业名称查询ENTERPRISE_INFO表
+     * 企业用户匹配：同时按统一信用号+企业名称精确匹配ENTERPRISE_INFO表
      */
     private JSONObject matchEnterpriseAndCreateToken(String userName, JSONObject yxqUserInfo) {
+        String unifiedCreditCode = yxqUserInfo.getString("aab998"); // 粤信签返回的统一社会信用代码
+
+        // 同时按统一信用号+企业名称精确匹配
         QueryWrapper<EnterpriseInfo> qw = new QueryWrapper<>();
+        if (StringUtils.isNotBlank(unifiedCreditCode)) {
+            qw.eq("unified_credit_code", unifiedCreditCode);
+        }
         qw.eq("company_name", userName);
         EnterpriseInfo enterpriseInfo = enterpriseInfoService.getOne(qw, false);
 
         if (enterpriseInfo == null) {
-            log.warn("粤信签认证通过但未在本地数据库找到企业用户，companyName: {}", userName);
+            log.warn("粤信签认证通过但未在本地数据库找到企业用户，companyName: {}, unifiedCreditCode: {}***",
+                    userName, unifiedCreditCode != null ? unifiedCreditCode.substring(0, Math.min(6, unifiedCreditCode.length())) : "null");
             throw new RuntimeException("粤信签认证成功，但系统未找到您的企业信息，请联系管理员");
         }
 
+        log.info("通过统一信用号+企业名称匹配到企业用户，companyName: {}", userName);
         // 生成JeecgBoot token
         String username = "enterprise_" + enterpriseInfo.getId();
         JSONObject obj = createToken(username, CommonConstant.CLIENT_TYPE_APP);