Trang chủ Khám phá Trợ giúp
Đăng nhập
zjrs
/
zjrs-jeecgBoot
8
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Browse Source

完善粤信签后端认证接口

kk 11 giờ trước cách đây
mục cha
d871846203
commit
e5d459e68b
2 tập tin đã thay đổi với 306 bổ sung87 xóa
Split View Hiển thị tình trạng sai khác
  1. 226 61
      doc/报错信息.txt
  2. 80 26
      jeecg-boot/jeecg-boot-module/jeecg-module-zjrs/src/main/java/org/jeecg/modules/zjrs/sso/service/impl/LoginSSOServiceImpl.java

+ 226 - 61
doc/报错信息.txt
Xem Tập Tin 

@@ -1,9 +1,36 @@
 
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
 
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
+2026-06-17 11:38:04.680 [http-nio-8080-exec-4] INFO  o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:178 - 粤信签小程序登录开始,loginToken: tif:yrz:...
 
+2026-06-17 11:38:05.033 [http-nio-8080-exec-5] INFO  o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:178 - 粤信签小程序登录开始,loginToken: tif:yrz:...
 
+2026-06-17 11:38:06.079 [http-nio-8080-exec-5] ERROR o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:268 - 调用粤信签网关获取Access-Token失败
 
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:926)
 
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:906)
 
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:841)
 
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:702)
 
+	at org.jeecg.common.util.RestUtil.request(RestUtil.java:240)
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:257)
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
 
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
 
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
 
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
@@ -17,8 +44,8 @@
 
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
 
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
 
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
 
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
 
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
 
@@ -90,25 +117,89 @@
 
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 
 	at java.base/java.lang.Thread.run(Thread.java:833)
 
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)
 
-	... 94 common frames omitted
 
-2026-06-15 15:35:51.295 [http-nio-8080-exec-7] INFO  org.jeecg.common.util.filter.SsrfFileTypeFilter:184 - 【文件上传校验】文件后缀 suffix: png,customPath:enterprise/images
 
-2026-06-15 15:35:51.374 [http-nio-8080-exec-8] ERROR o.j.m.j.c.interceptor.JimuGlobalExceptionHandler:108 - Subject does not have permission [enterprise:enterprise_info:edit]
 
-org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [enterprise:enterprise_info:edit]
 
-	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:332)
 
-	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
 
-	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:211)
 
-	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:85)
 
-	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:102)
 
-	at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)
 
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
 
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
+Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
 
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
 
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
 
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
 
+	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
 
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
 
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
 
+	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
 
+	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
 
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.executeHandshake(AbstractClientTlsStrategy.java:253)
 
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:211)
 
+	at org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
 
+	at org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:219)
 
+	at org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:490)
 
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:164)
 
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:174)
 
+	at org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:144)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:195)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:150)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:110)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:185)
 
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:87)
 
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
 
+	at org.apache.hc.client5.http.classic.HttpClient.executeOpen(HttpClient.java:183)
 
+	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:99)
 
+	at org.springframework.http.client.AbstractStreamingClientHttpRequest.executeInternal(AbstractStreamingClientHttpRequest.java:71)
 
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:81)
 
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:900)
 
+	... 113 common frames omitted
 
+Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
 
+	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
 
+	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
 
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
 
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
 
+	... 149 common frames omitted
 
+Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
 
+	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
 
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
 
+	... 154 common frames omitted
 
+2026-06-17 11:38:06.085 [http-nio-8080-exec-5] ERROR o.j.modules.zjrs.sso.controller.LoginSSOController:89 - 粤信签小程序登录失败
 
+java.lang.RuntimeException: 调用粤信签网关失败: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:269)
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
 
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
 
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
 
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
@@ -122,8 +213,8 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
 
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
 
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
 
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
 
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
 
@@ -195,25 +286,37 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 
 	at java.base/java.lang.Thread.run(Thread.java:833)
 
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)
 
-	... 94 common frames omitted
 
-2026-06-15 15:35:55.323 [http-nio-8080-exec-10] INFO  org.jeecg.common.util.filter.SsrfFileTypeFilter:184 - 【文件上传校验】文件后缀 suffix: png,customPath:enterprise/logo
 
-2026-06-15 15:35:55.581 [http-nio-8080-exec-1] ERROR o.j.m.j.c.interceptor.JimuGlobalExceptionHandler:108 - Subject does not have permission [enterprise:enterprise_info:edit]
 
-org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [enterprise:enterprise_info:edit]
 
-	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:332)
 
-	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
 
-	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:211)
 
-	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:85)
 
-	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:102)
 
-	at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)
 
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
 
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
+2026-06-17 11:38:06.107 [http-nio-8080-exec-4] ERROR o.j.m.zjrs.sso.service.impl.LoginSSOServiceImpl:268 - 调用粤信签网关获取Access-Token失败
 
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:926)
 
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:906)
 
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:841)
 
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:702)
 
+	at org.jeecg.common.util.RestUtil.request(RestUtil.java:240)
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:257)
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
 
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
 
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
 
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
@@ -227,8 +330,8 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
 
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
 
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
 
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
 
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
 
@@ -300,25 +403,89 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 
 	at java.base/java.lang.Thread.run(Thread.java:833)
 
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)
 
-	... 94 common frames omitted
 
-2026-06-15 15:36:03.558 [http-nio-8080-exec-3] INFO  org.jeecg.common.util.filter.SsrfFileTypeFilter:184 - 【文件上传校验】文件后缀 suffix: png,customPath:enterprise/logo
 
-2026-06-15 15:36:03.643 [http-nio-8080-exec-4] ERROR o.j.m.j.c.interceptor.JimuGlobalExceptionHandler:108 - Subject does not have permission [enterprise:enterprise_info:edit]
 
-org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [enterprise:enterprise_info:edit]
 
-	at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:332)
 
-	at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
 
-	at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:211)
 
-	at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:85)
 
-	at org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor.assertAuthorized(AnnotationsAuthorizingMethodInterceptor.java:102)
 
-	at org.apache.shiro.authz.aop.AuthorizingMethodInterceptor.invoke(AuthorizingMethodInterceptor.java:38)
 
-	at org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor.invoke(AopAllianceAnnotationsAuthorizingMethodInterceptor.java:123)
 
-	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
+Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
 
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
 
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
 
+	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
 
+	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
 
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
 
+	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
 
+	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
 
+	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
 
+	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
 
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.executeHandshake(AbstractClientTlsStrategy.java:253)
 
+	at org.apache.hc.client5.http.ssl.AbstractClientTlsStrategy.upgrade(AbstractClientTlsStrategy.java:211)
 
+	at org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy.upgrade(DefaultClientTlsStrategy.java:48)
 
+	at org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:219)
 
+	at org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:490)
 
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:164)
 
+	at org.apache.hc.client5.http.impl.classic.InternalExecRuntime.connectEndpoint(InternalExecRuntime.java:174)
 
+	at org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:144)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:195)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:150)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:110)
 
+	at org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51)
 
+	at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:185)
 
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:87)
 
+	at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55)
 
+	at org.apache.hc.client5.http.classic.HttpClient.executeOpen(HttpClient.java:183)
 
+	at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:99)
 
+	at org.springframework.http.client.AbstractStreamingClientHttpRequest.executeInternal(AbstractStreamingClientHttpRequest.java:71)
 
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:81)
 
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:900)
 
+	... 113 common frames omitted
 
+Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
 
+	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
 
+	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
 
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
 
+	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
 
+	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
 
+	... 149 common frames omitted
 
+Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 
+	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
 
+	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
 
+	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
 
+	... 154 common frames omitted
 
+2026-06-17 11:38:06.110 [http-nio-8080-exec-4] ERROR o.j.modules.zjrs.sso.controller.LoginSSOController:89 - 粤信签小程序登录失败
 
+java.lang.RuntimeException: 调用粤信签网关失败: I/O error on POST request for "https://rsj.zhanjiang.gov.cn/wx/api/auth/tyrz/miniprogram": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.getAccessTokenFromGateway(LoginSSOServiceImpl.java:269)
 
+	at org.jeecg.modules.zjrs.sso.service.impl.LoginSSOServiceImpl.yxqMiniProgramLogin(LoginSSOServiceImpl.java:185)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController.yxqMiniProgramLogin(LoginSSOController.java:86)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:360)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
 
+	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
 
+	at org.jeecg.common.aspect.DictAspect.doAround(DictAspect.java:63)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
+	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
+	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
+	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:649)
 
+	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:631)
 
+	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71)
 
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:173)
 
 	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
 
 	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
 
 	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:728)
 
-	at org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController$$SpringCGLIB$$0.edit(<generated>)
 
+	at org.jeecg.modules.zjrs.sso.controller.LoginSSOController$$SpringCGLIB$$0.yxqMiniProgramLogin(<generated>)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 
 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
 
 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 
@@ -332,8 +499,8 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 
 	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
 
 	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
 
 	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
 
-	at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:925)
 
-	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:593)
 
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
 
+	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
 
 	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
 
 	at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
 
 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195)
 
@@ -405,5 +572,3 @@ org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [
 
 	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)
 
 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
 
 	at java.base/java.lang.Thread.run(Thread.java:833)
 
-Caused by: org.apache.shiro.authz.AuthorizationException: Not authorized to invoke method: public org.jeecg.common.api.vo.Result org.jeecg.modules.zjrs.enterprise.controller.EnterpriseInfoController.edit(org.jeecg.modules.zjrs.enterprise.dto.EnterpriseInfoDTO)
 
-	at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.assertAuthorized(AuthorizingAnnotationMethodInterceptor.java:91)

+ 80 - 26
jeecg-boot/jeecg-boot-module/jeecg-module-zjrs/src/main/java/org/jeecg/modules/zjrs/sso/service/impl/LoginSSOServiceImpl.java
Xem Tập Tin 

@@ -28,12 +28,25 @@ import org.jeecg.modules.system.service.ISysDepartService;
 
 import org.jeecg.modules.system.service.ISysDictService;
 
 import org.jeecg.modules.system.service.ISysUserService;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.http.HttpEntity;
 
 import org.springframework.http.HttpHeaders;
 
 import org.springframework.http.HttpMethod;
 
 import org.springframework.http.MediaType;
 
 import org.springframework.http.ResponseEntity;
 
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 
 import org.springframework.stereotype.Service;
 
-
 
+import org.springframework.web.client.RestTemplate;
 
+
 
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
 
+import org.apache.hc.client5.http.impl.classic.HttpClients;
 
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
 
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
 
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
 
+import org.apache.hc.core5.ssl.SSLContextBuilder;
 
+
 
+import javax.net.ssl.SSLContext;
 
+import java.net.URI;
 
 import java.nio.charset.StandardCharsets;
 
 import java.security.MessageDigest;
 
 import java.util.LinkedHashMap;
 
@@ -81,6 +94,43 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
 
     @org.springframework.beans.factory.annotation.Value("${zjrs.yxq.gateway-url:https://rsj.zhanjiang.gov.cn/wx}")
 
     private String gatewayBaseUrl;
 
 
+    /**
 
+     * 创建一个跳过 SSL 证书验证的 RestTemplate(用于调用省统一认证网关)
 
+     * 网关使用政府内网证书,不在 JDK 默认信任列表中,需要跳过验证
 
+     * 不影响全局 RestUtil,仅用于粤信签网关调用
 
+     */
 
+    private RestTemplate createInsecureRestTemplate() {
 
+        try {
 
+            // 信任所有证书的 SSLContext
 
+            SSLContext sslContext = SSLContextBuilder.create()
 
+                    .loadTrustMaterial((chain, authType) -> true)
 
+                    .build();
 
+
 
+            // 创建连接管理器(跳过主机名验证 + 信任所有证书)
 
+            PoolingHttpClientConnectionManager connectionManager =
 
+                    PoolingHttpClientConnectionManagerBuilder.create()
 
+                            .setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
 
+                                    .setSslContext(sslContext)
 
+                                    .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
 
+                                    .build())
 
+                            .build();
 
+
 
+            // 创建 HttpClient
 
+            CloseableHttpClient httpClient = HttpClients.custom()
 
+                    .setConnectionManager(connectionManager)
 
+                    .build();
 
+
 
+            // 创建 RestTemplate(使用自定义 HttpClient)
 
+            HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
 
+            factory.setConnectTimeout(30000);
 
+            factory.setReadTimeout(30000);
 
+            return new RestTemplate(factory);
 
+        } catch (Exception e) {
 
+            log.error("创建跳过SSL验证的RestTemplate失败", e);
 
+            throw new RuntimeException("创建跳过SSL验证的RestTemplate失败", e);
 
+        }
 
+    }
 
+
 
 
     @Override
 
     public JSONObject ssoLoginByToken(String usertoken, HttpServletRequest request) {
 
@@ -242,7 +292,11 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
 
         headers.set("Authorization", "Basic " + basicAuth);
 
 
         try {
 
-            ResponseEntity<JSONObject> response = RestUtil.request(url, HttpMethod.POST, headers, null, params, JSONObject.class);
 
+            // 使用跳过SSL验证的RestTemplate(网关证书不在JDK信任列表中)
 
+            RestTemplate insecureRT = createInsecureRestTemplate();
 
+            HttpEntity<String> request = new HttpEntity<>(params.toJSONString(), headers);
 
+            ResponseEntity<JSONObject> response = insecureRT.exchange(
 
+                    URI.create(url), HttpMethod.POST, request, JSONObject.class);
 
             if (response.getBody() != null) {
 
                 JSONObject body = response.getBody();
 
                 // 网关返回格式:{ "Access-Token": "xxx" } 或 { "map": { "Access-Token": "xxx" } }
 
@@ -272,7 +326,11 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
 
         headers.set("Access-Token", accessToken);
 
 
         try {
 
-            ResponseEntity<JSONObject> response = RestUtil.request(url, HttpMethod.GET, headers, null, null, JSONObject.class);
 
+            // 使用跳过SSL验证的RestTemplate(网关证书不在JDK信任列表中)
 
+            RestTemplate insecureRT = createInsecureRestTemplate();
 
+            HttpEntity<String> request = new HttpEntity<>(headers);
 
+            ResponseEntity<JSONObject> response = insecureRT.exchange(
 
+                    URI.create(url), HttpMethod.GET, request, JSONObject.class);
 
             if (response.getBody() != null) {
 
                 JSONObject body = response.getBody();
 
                 // 网关返回格式可能是 { "map": { "data": {...} } } 或 { "data": {...} }
 
@@ -294,38 +352,26 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
 
     }
 
 
     /**
 
-     * 个人用户匹配:根据姓名(优先身份证号)查询PERSONAL_INFO表
 
+     * 个人用户匹配:同时按身份证号+姓名精确匹配PERSONAL_INFO表
 
      */
 
     private JSONObject matchPersonalAndCreateToken(String userName, JSONObject yxqUserInfo) {
 
-        String idNumber = yxqUserInfo.getString("aac002"); // 粤信签返回的身份证号
 
+        String idNumber = yxqUserInfo.getString("aac147"); // 粤信签返回的身份证号(网关字段为aac147)
 
 
-        PersonalInfo personalInfo = null;
 
-
 
-        // 优先用身份证号精确匹配(避免同名冲突)
 
+        // 同时按身份证号+姓名精确匹配
 
+        QueryWrapper<PersonalInfo> qw = new QueryWrapper<>();
 
         if (StringUtils.isNotBlank(idNumber)) {
 
-            QueryWrapper<PersonalInfo> qw = new QueryWrapper<>();
 
             qw.eq("id_number", idNumber);
 
-            personalInfo = personalInfoService.getOne(qw, false); // false=多条时不报错取第一条
 
-            if (personalInfo != null) {
 
-                log.info("通过身份证号匹配到个人用户,idNumber: {}***", idNumber.substring(0, Math.min(6, idNumber.length())));
 
-            }
 
-        }
 
-
 
-        // 身份证号匹配不到,再用姓名匹配
 
-        if (personalInfo == null) {
 
-            QueryWrapper<PersonalInfo> qw = new QueryWrapper<>();
 
-            qw.eq("full_name", userName);
 
-            personalInfo = personalInfoService.getOne(qw, false);
 
-            if (personalInfo != null) {
 
-                log.info("通过姓名匹配到个人用户,fullName: {}", userName);
 
-            }
 
         }
 
+        qw.eq("full_name", userName);
 
+        PersonalInfo personalInfo = personalInfoService.getOne(qw, false);
 
 
         if (personalInfo == null) {
 
-            log.warn("粤信签认证通过但未在本地数据库找到个人用户,userName: {}", userName);
 
+            log.warn("粤信签认证通过但未在本地数据库找到个人用户,userName: {}, idNumber: {}***",
 
+                    userName, idNumber != null ? idNumber.substring(0, Math.min(6, idNumber.length())) : "null");
 
             throw new RuntimeException("粤信签认证成功,但系统未找到您的个人信息,请联系管理员");
 
         }
 
 
+        log.info("通过身份证号+姓名匹配到个人用户,fullName: {}", userName);
 
         // 生成JeecgBoot token
 
         String username = "personal_" + personalInfo.getId();
 
         JSONObject obj = createToken(username, CommonConstant.CLIENT_TYPE_APP);
 
@@ -335,18 +381,26 @@ public class LoginSSOServiceImpl implements ILoginSSOService {
 
     }
 
 
     /**
 
-     * 企业用户匹配:根据企业名称查询ENTERPRISE_INFO表
 
+     * 企业用户匹配:同时按统一信用号+企业名称精确匹配ENTERPRISE_INFO表
 
      */
 
     private JSONObject matchEnterpriseAndCreateToken(String userName, JSONObject yxqUserInfo) {
 
+        String unifiedCreditCode = yxqUserInfo.getString("aab998"); // 粤信签返回的统一社会信用代码
 
+
 
+        // 同时按统一信用号+企业名称精确匹配
 
         QueryWrapper<EnterpriseInfo> qw = new QueryWrapper<>();
 
+        if (StringUtils.isNotBlank(unifiedCreditCode)) {
 
+            qw.eq("unified_credit_code", unifiedCreditCode);
 
+        }
 
         qw.eq("company_name", userName);
 
         EnterpriseInfo enterpriseInfo = enterpriseInfoService.getOne(qw, false);
 
 
         if (enterpriseInfo == null) {
 
-            log.warn("粤信签认证通过但未在本地数据库找到企业用户,companyName: {}", userName);
 
+            log.warn("粤信签认证通过但未在本地数据库找到企业用户,companyName: {}, unifiedCreditCode: {}***",
 
+                    userName, unifiedCreditCode != null ? unifiedCreditCode.substring(0, Math.min(6, unifiedCreditCode.length())) : "null");
 
             throw new RuntimeException("粤信签认证成功,但系统未找到您的企业信息,请联系管理员");
 
         }
 
 
+        log.info("通过统一信用号+企业名称匹配到企业用户,companyName: {}", userName);
 
         // 生成JeecgBoot token
 
         String username = "enterprise_" + enterpriseInfo.getId();
 
         JSONObject obj = createToken(username, CommonConstant.CLIENT_TYPE_APP);