diff --git a/LargeScreenServer(1)/large-admin/pom.xml b/LargeScreenServer(1)/large-admin/pom.xml
index ebe3c3c..d0811ca 100644
--- a/LargeScreenServer(1)/large-admin/pom.xml
+++ b/LargeScreenServer(1)/large-admin/pom.xml
@@ -15,14 +15,15 @@
8.8.2
+ 1.70
-
+
-
+ true <!– 表示依赖不会传递 –>
+ -->
@@ -183,7 +184,12 @@
${project.basedir}/src/main/resources/lib/com.sgscc.encryptdecrypt_1.1.jar
-
+
+
+ org.bouncycastle
+ bcprov-jdk15on
+ ${bcprov-jdk15on.version}
+
diff --git a/LargeScreenServer(1)/large-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java b/LargeScreenServer(1)/large-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
index 31d04c2..5f550b7 100644
--- a/LargeScreenServer(1)/large-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
+++ b/LargeScreenServer(1)/large-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
@@ -5,22 +5,16 @@ import java.net.URLDecoder;
import java.util.*;
import com.alibaba.fastjson.JSONObject;
-import com.alibaba.fastjson2.JSON;
import com.bonus.common.constant.Constants;
-import com.bonus.common.constant.HttpStatus;
-import com.bonus.common.core.domain.entity.*;
+import com.bonus.common.core.domain.entity.IscMenu;
+import com.bonus.common.core.domain.entity.ListHelper;
import com.bonus.common.core.domain.model.LoginUser;
-import com.bonus.common.gpt.GptUtils;
-import com.bonus.system.domain.KnowledgeEntity;
import com.bonus.system.domain.SysOperLog;
-import com.bonus.system.mapper.KnowledgeMapper;
-import com.bonus.system.mapper.SysRoleMapper;
import com.bonus.system.service.ISysUserService;
import com.sgcc.isc.core.orm.complex.FunctionContext;
import com.sgcc.isc.service.adapter.factory.AdapterFactory;
import com.sgcc.isc.service.adapter.helper.IResourceService;
import io.swagger.annotations.ApiOperation;
-import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -31,6 +25,8 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import com.bonus.common.core.domain.AjaxResult;
+import com.bonus.common.core.domain.entity.SysMenu;
+import com.bonus.common.core.domain.entity.SysUser;
import com.bonus.common.core.domain.model.LoginBody;
import com.bonus.common.utils.SecurityUtils;
import com.bonus.framework.web.service.SysLoginService;
@@ -39,8 +35,6 @@ import com.bonus.system.service.ISysMenuService;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
-import javax.annotation.Resource;
-
/**
* 登录验证
@@ -48,7 +42,8 @@ import javax.annotation.Resource;
* @author ruoyi
*/
@RestController
-public class SysLoginController {
+public class SysLoginController
+{
@Autowired
private SysLoginService loginService;
@@ -61,15 +56,6 @@ public class SysLoginController {
@Autowired
private ISysUserService userService;
- @Autowired
- private GptUtils gptUtils;
-
- @Resource
- private KnowledgeMapper mapper;
-
- @Autowired
- private SysRoleMapper roleMapper;
-
final Logger logger = LoggerFactory.getLogger(getClass());
/**
@@ -189,7 +175,6 @@ public class SysLoginController {
}
return map;
}*/
-
/**
* 登录方法
*
@@ -197,7 +182,8 @@ public class SysLoginController {
* @return 结果
*/
@PostMapping("/login")
- public AjaxResult login(@RequestBody LoginBody loginBody) {
+ public AjaxResult login(@RequestBody LoginBody loginBody)
+ {
System.out.println("--------------------------------------------------------------------------------");
System.out.println("走了login当前登录的人员信息> ");
AjaxResult ajax = AjaxResult.success();
@@ -214,10 +200,11 @@ public class SysLoginController {
* @return 用户信息
*/
@GetMapping("getInfo")
- public AjaxResult getInfo() {
+ public AjaxResult getInfo()
+ {
SysUser user = SecurityUtils.getLoginUser().getUser();
String ISCuserId = user.getIscUserId();
- // ISCuserId = null;
+ // ISCuserId = null;
/* if(ISCuserId != null){
String data = (String) (new RestTemplate()).getForObject(url_xn + "/getUserOrgPathByUserId" + "?" + "systemId" + "=" + appId + "&userId=" + ISCuserId,
String.class, new Object[0]);
@@ -234,24 +221,12 @@ public class SysLoginController {
}*/
// 角色集合
Set roles = permissionService.getRolePermission(user);
- List perms = roleMapper.selectRolePermissionByUserId(user.getUserId());
- Set permsKnow = new HashSet<>();
- for (SysRole perm : perms) {
- if (com.bonus.common.utils.StringUtils.isNotNull(perm)) {
- permsKnow.addAll(Arrays.asList(perm.getKnowId().trim().split(",")));
- }
- }
- List knowIds = permissionService.getKnowIds();
- permsKnow.addAll(knowIds);
// 权限集合
Set permissions = permissionService.getMenuPermission(user);
AjaxResult ajax = AjaxResult.success();
- String knowId = permissionService.getKnowId(user);
- ajax.put("permsKnow", permsKnow);
ajax.put("user", user);
ajax.put("roles", roles);
ajax.put("permissions", permissions);
- ajax.put("knowId", knowId);
return ajax;
}
@@ -261,45 +236,45 @@ public class SysLoginController {
* @return 路由信息
*/
@GetMapping("getRouters")
- public AjaxResult getRouters() {
+ public AjaxResult getRouters()
+ {
Long userId = SecurityUtils.getUserId();
List menus = menuService.selectMenuTreeByUserId(userId);
return AjaxResult.success(menuService.buildMenus(menus));
}
-
/**
* 获取前台页面展示路由信息
*
* @return 路由信息
*/
@GetMapping("getShowRouters")
- public AjaxResult getShowRouters() {
- // getMenuList("152F220513052722E0630417321BE312");
- String roleId = "";
- if ("3".equals(SecurityUtils.getUserId().toString())) {
- roleId = "100";
- } else {
- roleId = "101";
+ public AjaxResult getShowRouters()
+ {
+ // getMenuList("152F220513052722E0630417321BE312");
+ String roleId ="";
+ if("3".equals(SecurityUtils.getUserId().toString())){
+ roleId="100";
+ }else{
+ roleId="101";
}
List menus = menuService.selectShowMenuTreeByUserId(roleId);
return AjaxResult.success(menus);
}
-
@ApiOperation(value = "根据统一权限获取人员基本信息")
@GetMapping("getUserTicket1")
public AjaxResult getUserTicket(String ticket, String model, String accessToken) {
System.out.println("--------------------------------------------------------------------------------");
AjaxResult ajax = AjaxResult.success();
ajax.put(Constants.FALSETOKEN, "1");
- System.out.println("--------------------------------------------------------------------------------" + model);
- System.out.println("走了ticket" + ticket);
+ System.out.println("--------------------------------------------------------------------------------"+model);
+ System.out.println("走了ticket"+ticket);
IscUserInfo user = null;
try {
String userInfo = "";
if (model.equals("xn")) {
userInfo = (new RestTemplate()).getForObject(url_xn + "/serviceValidate" + "?" + "ticket" + "=" + ticket + "&service=" + targetIndex, String.class, new Object[0]);
- System.out.println("--------------------------------------------------------------------------------" + userInfo.toString());
+ System.out.println("--------------------------------------------------------------------------------"+userInfo.toString());
} else {
userInfo = (new RestTemplate()).getForObject(url_aq + "/oauth2.0/profile" + "?" + "access_token" + "=" + accessToken, String.class, new Object[0]);
}
@@ -308,49 +283,34 @@ public class SysLoginController {
throw new RuntimeException("ticket或accessToken不正确,请重新校验其可用性");
} else {
String cd = URLDecoder.decode(userInfo, "UTF-8");
- System.out.println("+++++++++++++++++++++++++++++++" + cd);
+ System.out.println("+++++++++++++++++++++++++++++++"+cd);
if (model.equals("xn")) {
cd = cd.substring(cd.indexOf(""), cd.indexOf(""));
cd = cd.replace("", "");
}
user = JSONObject.parseObject(cd, IscUserInfo.class);
- System.out.println("+++++++++++++++++++++++++++++++" + user.toString());
+ System.out.println("+++++++++++++++++++++++++++++++"+user.toString());
// 用户校验
- SysUser sysuser = new SysUser();
+ SysUser sysuser = new SysUser();
//sysuser.setMenus(getMenuList(user.getIscUserId()));
sysuser.setIscUserId(user.getIscUserId());
sysuser.setUserName(user.getIscAdCode());
sysuser.setNickName(user.getName());
sysuser.setDeptId(105L);
- if (userService.ISCcheckUserNameUnique(sysuser)) {
+ if (userService.ISCcheckUserNameUnique(sysuser)){
sysuser.setCreateBy(user.getName());
sysuser.setPassword(SecurityUtils.encryptPassword("Bonus@1234!"));
- int i = userService.insertUser(sysuser);
- if (i > 0) {
- Map map = new HashMap<>(1);
- map.put("knowledge_base_name", sysuser.getUserName());
- String knowledgeBase = gptUtils.createKnowledgeBase(map);
- if (ObjectUtils.isNotEmpty(knowledgeBase)) {
- KnowledgeEntity entity = new KnowledgeEntity();
- entity.setKnowName(sysuser.getUserName());
- entity.setUserId(sysuser.getUserId());
- entity.setKnowType("2");
- com.alibaba.fastjson2.JSONObject jsonObject = JSON.parseObject(knowledgeBase);
- if (jsonObject.getInteger(AjaxResult.CODE_TAG) == HttpStatus.SUCCESS) {
- mapper.insertKnowledge(entity);
- }
- }
- }
+ userService.insertUser(sysuser);
}
// 资源获取接口
// Map resultMap = tokenService.createToken(loginUser);
Map resultMap = null;
- System.out.println("sysuser.getUserName()" + sysuser.getUserName());
+ System.out.println("sysuser.getUserName()"+sysuser.getUserName());
//生产是wb_zhouy2028 测试是
- if (sysuser.getUserName().equals("wb_huzw3813")) {
+ if(sysuser.getUserName().equals("wb_huzw3813")){
sysuser.setUserName("admin");
}
- String token = loginService.login(sysuser.getUserName(), "Bonus@1234!", "", "");
+ String token = loginService.login(sysuser.getUserName(), "Bonus@1234!","","");
// addLoginLog(user.getLogintime(), "用户登录", "系统登录", "com.securityControl.auth.controller.getUserTicket()", "/auth/getUserTicket");
ajax.put(Constants.TOKEN, token);
}
@@ -360,47 +320,31 @@ public class SysLoginController {
}
return ajax;
}
-
@GetMapping("getUserTicket")
public AjaxResult getUserTicket1(String ticket, String model, String accessToken) {
System.out.println("--------------------------------------------------------------------------------");
System.out.println("走了getUserTicket当前登录的人员信息> ");
AjaxResult ajax = AjaxResult.success();
ajax.put(Constants.FALSETOKEN, "1");
- // 资源获取接口
- SysUser sysuser = new SysUser();
- sysuser.setIscUserId("sdsdfsf3434324234abc");
- sysuser.setUserName("test1234");
+ // 资源获取接口
+ SysUser sysuser = new SysUser();
+ sysuser.setIscUserId("sdsdfsf3434324234");
+ sysuser.setUserName("李振华");
sysuser.setDeptId(105L);
sysuser.setNickName(sysuser.getUserName());
try {
- if (userService.ISCcheckUserNameUnique(sysuser)) {
+ if (userService.ISCcheckUserNameUnique(sysuser)){
sysuser.setCreateBy(sysuser.getUserName());
sysuser.setPassword(SecurityUtils.encryptPassword("Bonus@1234!"));
- int i = userService.insertUser(sysuser);
- if (i > 0) {
- Map map = new HashMap<>(1);
- map.put("knowledge_base_name", sysuser.getUserName());
- String knowledgeBase = gptUtils.createKnowledgeBase(map);
- if (ObjectUtils.isNotEmpty(knowledgeBase)) {
- KnowledgeEntity entity = new KnowledgeEntity();
- entity.setKnowName(sysuser.getUserName());
- entity.setUserId(sysuser.getUserId());
- entity.setKnowType("2");
- com.alibaba.fastjson2.JSONObject jsonObject = JSON.parseObject(knowledgeBase);
- if (jsonObject.getInteger(AjaxResult.CODE_TAG) == HttpStatus.SUCCESS) {
- mapper.insertKnowledge(entity);
- }
- }
- }
+ userService.insertUser(sysuser);
}
Map resultMap = null;
/* if(sysuser.getUserName().equals("李振华")){
sysuser.setUserName("admin");
}*/
- String token = loginService.login(sysuser.getUserName(), "Bonus@1234!", "", "");
+ String token = loginService.login(sysuser.getUserName(), "Bonus@1234!","","");
ajax.put(Constants.TOKEN, token);
- } catch (Exception e) {
+ }catch (Exception e){
ajax.put(Constants.FALSETOKEN, "无法获取用户信息");
e.printStackTrace();
}
@@ -408,7 +352,6 @@ public class SysLoginController {
return ajax;
}
-
/**
* 记录登录信息
*
@@ -434,71 +377,70 @@ public class SysLoginController {
}
- private List getMenuList(String userId) {
- List menuList = new ArrayList<>();
- System.out.println("IscMenu 请求路径----------------------------------------------------------------------->=" + userId);
- System.out.println("IscMenu 请求路径----------------------------------------------------------------------->service" + appId);
- try {
- System.out.println("IscMenu 请求路径-----------------999999------------------------------------------------------>service" + appId);
+ private List getMenuList(String userId){
+ List menuList=new ArrayList<>();
+ System.out.println("IscMenu 请求路径----------------------------------------------------------------------->="+userId);
+ System.out.println("IscMenu 请求路径----------------------------------------------------------------------->service"+appId);
+ try{
+ System.out.println("IscMenu 请求路径-----------------999999------------------------------------------------------>service"+appId);
IResourceService service = (IResourceService) com.sgcc.isc.service.adapter.factory.AdapterFactory.getInstance(com.sgcc.isc.framework.common.constant.Constants.CLASS_RESOURCE);
- System.out.println("IscMenu 请求路径--------------------------------------------2--------------------------->service2222222lzh" + appId);
- List map = service.getUserPermitionFuncs(userId, appId, "001", new HashMap<>());
- List map2 = service.getUserPermitionFuncs(userId, appId, "002", new HashMap<>());
- System.out.println("------------------------------------------------>key" + map.toString());
- System.out.println("------------------------------------------------>key" + map2.toString());
+ System.out.println("IscMenu 请求路径--------------------------------------------2--------------------------->service2222222lzh"+appId);
+ List map = service.getUserPermitionFuncs (userId,appId,"001",new HashMap<>());
+ List map2 = service.getUserPermitionFuncs (userId,appId,"002",new HashMap<>());
+ System.out.println("------------------------------------------------>key"+map.toString());
+ System.out.println("------------------------------------------------>key"+map2.toString());
// com.alibaba.fastjson2.JSONObject obj = com.alibaba.fastjson2.JSONObject.parseObject(data);
// com.alibaba.fastjson2.JSONArray jsonArray=obj.getJSONArray("data");
// List list= jsonArray.toList(IscMenu.class);
- // System.out.println("list 菜单数据----------->"+list);
- // getChilderList(menuList,list);
- } catch (Exception e) {
+ // System.out.println("list 菜单数据----------->"+list);
+ // getChilderList(menuList,list);
+ }catch (Exception e){
e.printStackTrace();
}
- return menuList;
+ return menuList;
}
- private static void getChilderList(List menuList, List iscList) {
- try {
- for (IscMenu isc : iscList) {
- if (StringUtils.isEmpty(isc.getParentId())) {//没有上级节点的为父节点
- SysMenu menu = new SysMenu();
+ private static void getChilderList(List menuList, List iscList){
+ try{
+ for (IscMenu isc: iscList) {
+ if(StringUtils.isEmpty(isc.getParentId())){//没有上级节点的为父节点
+ SysMenu menu=new SysMenu();
menu.setMenuId(1L);
menu.setMenuName(isc.getName());
menu.setUrl(isc.getConent());
menu.setLast(false);
- getChilderList2(menu, iscList);
- if ("Y".equals(isc.getStatus())) {
+ getChilderList2(menu,iscList);
+ if("Y".equals(isc.getStatus())){
menuList.add(menu);
}
}
}
- } catch (Exception e) {
- e.toString();
+ }catch (Exception e){
+ e.toString();
}
}
-
- private static void getChilderList2(SysMenu sysMenu, List iscLis) {
- List childer = new ArrayList<>();
- for (IscMenu isc : iscLis) {
- if (StringUtils.isNotEmpty(sysMenu.getMenuId() + "")) {
- if (sysMenu.getMenuId().equals(isc.getParentId())) {
- SysMenu menu = new SysMenu();
+ private static void getChilderList2(SysMenu sysMenu,List iscLis){
+ List childer=new ArrayList<>();
+ for (IscMenu isc:iscLis) {
+ if(StringUtils.isNotEmpty(sysMenu.getMenuId()+"")){
+ if (sysMenu.getMenuId().equals(isc.getParentId())){
+ SysMenu menu=new SysMenu();
menu.setMenuId(1L);
menu.setMenuName(isc.getName());
menu.setUrl(isc.getConent());
menu.setLast(true);
- if ("Y".equals(isc.getStatus())) {
+ if("Y".equals(isc.getStatus())){
childer.add(menu);
}
}
}
}
- if (ListHelper.isEmpty(childer)) {
+ if(ListHelper.isEmpty(childer)){
sysMenu.setLast(true);
- } else {
+ }else{
sysMenu.setLast(false);
- sysMenu.setChildren(childer);
+ sysMenu.setChildren(childer );
}
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/StringUtils.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/StringUtils.java
index a7abb7e..45bb84a 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/StringUtils.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/StringUtils.java
@@ -6,6 +6,9 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.regex.Pattern;
+
+import com.bonus.common.core.domain.entity.SysDept;
import org.springframework.util.AntPathMatcher;
import com.bonus.common.constant.Constants;
import com.bonus.common.core.text.StrFormatter;
@@ -635,4 +638,17 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
}
return sb.toString();
}
+
+ public static String regParaValidate(String oldstring) {
+ String pattern = "^[a-zA-Z0-9 ]*$"; // 只允许字母、数字和空格
+ int maxLength = 100; // 最大长度为100个字符
+ if (oldstring.length() > maxLength) {
+ System.out.println("Input is too long");
+ } else if (!Pattern.matches(pattern, oldstring)) {
+ System.out.println("Input contains invalid characters");
+ } else {
+ System.out.println("Input is valid");
+ }
+ return oldstring;
+ }
}
\ No newline at end of file
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/FileUtils.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/FileUtils.java
index 4d3e435..d70184d 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/FileUtils.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/FileUtils.java
@@ -48,8 +48,17 @@ public class FileUtils {
} catch (IOException e) {
throw e;
} finally {
- IOUtils.close(os);
- IOUtils.close(fis);
+
+ if(fis != null){
+ try{
+ fis.close();
+ IOUtils.close(os);
+ IOUtils.close(fis);
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+
+ }
}
}
@@ -82,7 +91,15 @@ public class FileUtils {
fos = new FileOutputStream(file);
fos.write(data);
} finally {
- IOUtils.close(fos);
+ if(fos != null){
+ try{
+ fos.close();
+ IOUtils.close(fos);
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+
+ }
}
return FileUploadUtils.getPathFileName(uploadDir, pathName);
}
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/ImageUtils.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/ImageUtils.java
index 66bcabb..43eec97 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/ImageUtils.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/ImageUtils.java
@@ -92,6 +92,14 @@ public class ImageUtils
}
finally
{
+ if(in != null){
+ try{
+ in.close();
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+
+ }
IOUtils.closeQuietly(in);
}
}
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/http/HttpUtils.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/http/HttpUtils.java
index de00370..b1f9b5c 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/http/HttpUtils.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/http/HttpUtils.java
@@ -189,6 +189,7 @@ public class HttpUtils
return result.toString();
}
+
public static String sendSSLPost(String url, String param)
{
StringBuilder result = new StringBuilder();
@@ -196,8 +197,8 @@ public class HttpUtils
try
{
log.info("sendSSLPost - {}", urlNameString);
- SSLContext sc = SSLContext.getInstance("SSL");
- sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
+ // SSLContext sc = SSLContext.getInstance("SSL");
+ // sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
URL console = new URL(urlNameString);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
conn.setRequestProperty("accept", "*/*");
@@ -208,7 +209,7 @@ public class HttpUtils
conn.setDoOutput(true);
conn.setDoInput(true);
- conn.setSSLSocketFactory(sc.getSocketFactory());
+ // conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.connect();
InputStream is = conn.getInputStream();
@@ -223,7 +224,14 @@ public class HttpUtils
}
log.info("recv - {}", result);
conn.disconnect();
- br.close();
+ if(br != null){
+ try{
+ br.close();
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+
+ }
}
catch (ConnectException e)
{
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/poi/ExcelUtil.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/poi/ExcelUtil.java
index 03abb3b..b8fd7e0 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/poi/ExcelUtil.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/poi/ExcelUtil.java
@@ -85,6 +85,7 @@ import com.bonus.common.core.domain.AjaxResult;
import com.bonus.common.core.text.Convert;
import com.bonus.common.exception.UtilException;
import com.bonus.common.utils.reflect.ReflectUtils;
+import org.springframework.util.ReflectionUtils;
/**
* Excel相关处理
@@ -650,8 +651,17 @@ public class ExcelUtil
}
finally
{
- IOUtils.closeQuietly(wb);
- IOUtils.closeQuietly(out);
+ if(out != null){
+ try{
+ out.close();
+ IOUtils.closeQuietly(wb);
+ IOUtils.closeQuietly(out);
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+
+ }
+
}
}
@@ -748,7 +758,8 @@ public class ExcelUtil
{
if (subField.isAnnotationPresent(Excel.class))
{
- subField.setAccessible(true);
+ // subField.setAccessible(true);
+ ReflectionUtils.makeAccessible(subField);
Excel attr = subField.getAnnotation(Excel.class);
this.addCell(attr, row, (T) obj, subField, column + subIndex);
}
@@ -1410,7 +1421,8 @@ public class ExcelUtil
{
Class clazz = o.getClass();
Field field = clazz.getDeclaredField(name);
- field.setAccessible(true);
+ // field.setAccessible(true);
+ ReflectionUtils.makeAccessible(field);
o = field.get(o);
}
return o;
@@ -1445,7 +1457,8 @@ public class ExcelUtil
Excel attr = field.getAnnotation(Excel.class);
if (attr != null && (attr.type() == Type.ALL || attr.type() == type))
{
- field.setAccessible(true);
+ //field.setAccessible(true);
+ ReflectionUtils.makeAccessible(field);
fields.add(new Object[] { field, attr });
}
if (Collection.class.isAssignableFrom(field.getType()))
@@ -1467,7 +1480,8 @@ public class ExcelUtil
if (!ArrayUtils.contains(this.excludeFields, field.getName() + "." + attr.targetAttr())
&& (attr != null && (attr.type() == Type.ALL || attr.type() == type)))
{
- field.setAccessible(true);
+ // field.setAccessible(true);
+ ReflectionUtils.makeAccessible(field);
fields.add(new Object[] { field, attr });
}
}
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/reflect/ReflectUtils.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/reflect/ReflectUtils.java
index 0b51ebf..51ce8f2 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/reflect/ReflectUtils.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/reflect/ReflectUtils.java
@@ -15,6 +15,7 @@ import org.apache.commons.lang3.Validate;
import org.apache.poi.ss.usermodel.DateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.util.ReflectionUtils;
/**
* 反射工具类. 提供调用getter/setter方法, 访问私有变量, 调用私有方法, 获取泛型类型Class, 被AOP过的真实类等工具函数.
@@ -316,7 +317,8 @@ public class ReflectUtils
if ((!Modifier.isPublic(method.getModifiers()) || !Modifier.isPublic(method.getDeclaringClass().getModifiers()))
&& !method.isAccessible())
{
- method.setAccessible(true);
+ //method.setAccessible(true);
+ ReflectionUtils.makeAccessible(method);
}
}
@@ -328,7 +330,8 @@ public class ReflectUtils
if ((!Modifier.isPublic(field.getModifiers()) || !Modifier.isPublic(field.getDeclaringClass().getModifiers())
|| Modifier.isFinal(field.getModifiers())) && !field.isAccessible())
{
- field.setAccessible(true);
+ //field.setAccessible(true);
+ ReflectionUtils.makeAccessible(field);
}
}
diff --git a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/uuid/UUID.java b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/uuid/UUID.java
index db79e9c..cec616a 100644
--- a/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/uuid/UUID.java
+++ b/LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/uuid/UUID.java
@@ -94,8 +94,8 @@ public final class UUID implements java.io.Serializable, Comparable
*/
public static UUID randomUUID(boolean isSecure)
{
- final Random ng = isSecure ? Holder.numberGenerator : getRandom();
-
+ // final Random ng = isSecure ? Holder.numberGenerator : getRandom();
+ final SecureRandom ng = isSecure ? Holder.numberGenerator : getSecureRandom();
byte[] randomBytes = new byte[16];
ng.nextBytes(randomBytes);
randomBytes[6] &= 0x0f; /* clear version */
diff --git a/LargeScreenServer(1)/large-framework/src/main/java/com/bonus/framework/config/KaptchaTextCreator.java b/LargeScreenServer(1)/large-framework/src/main/java/com/bonus/framework/config/KaptchaTextCreator.java
index 5f3b113..f2db949 100644
--- a/LargeScreenServer(1)/large-framework/src/main/java/com/bonus/framework/config/KaptchaTextCreator.java
+++ b/LargeScreenServer(1)/large-framework/src/main/java/com/bonus/framework/config/KaptchaTextCreator.java
@@ -1,5 +1,6 @@
package com.bonus.framework.config;
+import java.security.SecureRandom;
import java.util.Random;
import com.google.code.kaptcha.text.impl.DefaultTextCreator;
@@ -16,7 +17,8 @@ public class KaptchaTextCreator extends DefaultTextCreator
public String getText()
{
Integer result = 0;
- Random random = new Random();
+ // Random random = new Random();
+ SecureRandom random = new SecureRandom();
int x = random.nextInt(10);
int y = random.nextInt(10);
StringBuilder suChinese = new StringBuilder();
diff --git a/LargeScreenServer(1)/large-generator/src/main/java/com/bonus/generator/service/GenTableServiceImpl.java b/LargeScreenServer(1)/large-generator/src/main/java/com/bonus/generator/service/GenTableServiceImpl.java
index 6470367..62d8ebd 100644
--- a/LargeScreenServer(1)/large-generator/src/main/java/com/bonus/generator/service/GenTableServiceImpl.java
+++ b/LargeScreenServer(1)/large-generator/src/main/java/com/bonus/generator/service/GenTableServiceImpl.java
@@ -4,6 +4,8 @@ import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
+import java.text.Normalizer;
+import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
@@ -11,6 +13,8 @@ import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
+
+import com.bonus.generator.util.CleanPathUtil;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.velocity.Template;
@@ -241,9 +245,9 @@ public class GenTableServiceImpl implements IGenTableService
*/
@Override
public void generatorCode(String tableName)
- {
+ {
// 查询表信息
- GenTable table = genTableMapper.selectGenTableByName(tableName);
+ GenTable table = genTableMapper.selectGenTableByName(CleanPathUtil.cleanString(tableName));
// 设置主子表信息
setSubTable(table);
// 设置主键列信息
@@ -266,6 +270,7 @@ public class GenTableServiceImpl implements IGenTableService
try
{
String path = getGenPath(table, template);
+ path = CleanPathUtil.cleanString(path);
FileUtils.writeStringToFile(new File(path), sw.toString(), CharsetKit.UTF_8);
}
catch (IOException e)
@@ -275,7 +280,6 @@ public class GenTableServiceImpl implements IGenTableService
}
}
}
-
/**
* 同步数据库
*
@@ -349,6 +353,25 @@ public class GenTableServiceImpl implements IGenTableService
IOUtils.closeQuietly(zip);
return outputStream.toByteArray();
}
+ /**
+ * Log Forging漏洞校验
+ * @param logs
+ * @return
+ */
+ public static String vaildLog(String logs) {
+ List list=new ArrayList();
+ list.add("%0d");
+ list.add("%0a");
+ list.add("%0A");
+ list.add("%0D");
+ list.add("\r");
+ list.add("\n");
+ String normalize = Normalizer.normalize(logs, Normalizer.Form.NFKC);
+ for (String str : list) {
+ normalize=normalize.replace(str, "");
+ }
+ return normalize;
+ }
/**
* 查询表信息并生成代码
@@ -356,6 +379,7 @@ public class GenTableServiceImpl implements IGenTableService
private void generatorCode(String tableName, ZipOutputStream zip)
{
// 查询表信息
+ tableName = vaildLog(tableName);
GenTable table = genTableMapper.selectGenTableByName(tableName);
// 设置主子表信息
setSubTable(table);
@@ -385,7 +409,7 @@ public class GenTableServiceImpl implements IGenTableService
}
catch (IOException e)
{
- log.error("渲染模板失败,表名:" + table.getTableName(), e);
+ log.error("渲染模板失败,表名:" + vaildLog(table.getTableName()), e);
}
}
}
@@ -514,6 +538,7 @@ public class GenTableServiceImpl implements IGenTableService
String genPath = table.getGenPath();
if (StringUtils.equals(genPath, "/"))
{
+ template = CleanPathUtil.cleanString(template);
return System.getProperty("user.dir") + File.separator + "src" + File.separator + VelocityUtils.getFileName(template, table);
}
return genPath + File.separator + VelocityUtils.getFileName(template, table);
diff --git a/LargeScreenServer(1)/large-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java b/LargeScreenServer(1)/large-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java
index 4b4316e..f90b780 100644
--- a/LargeScreenServer(1)/large-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java
+++ b/LargeScreenServer(1)/large-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java
@@ -232,7 +232,8 @@ public class SysDeptServiceImpl implements ISysDeptService
public int updateDept(SysDept dept)
{
SysDept newParentDept = deptMapper.selectDeptById(dept.getParentId());
- SysDept oldDept = deptMapper.selectDeptById(dept.getDeptId());
+ String team = StringUtils.regParaValidate(dept.getDeptId()+"");
+ SysDept oldDept = deptMapper.selectDeptById(Long.parseLong(team));
if (StringUtils.isNotNull(newParentDept) && StringUtils.isNotNull(oldDept))
{
String newAncestors = newParentDept.getAncestors() + "," + newParentDept.getDeptId();
diff --git a/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysDeptMapper.xml b/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysDeptMapper.xml
index d8906c4..7704232 100644
--- a/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysDeptMapper.xml
+++ b/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysDeptMapper.xml
@@ -42,8 +42,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
AND status = #{status}
-
- ${params.dataScope}
+
order by d.parent_id, d.order_num
diff --git a/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysRoleMapper.xml b/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysRoleMapper.xml
index 6d264ab..2229dda 100644
--- a/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysRoleMapper.xml
+++ b/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysRoleMapper.xml
@@ -53,8 +53,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
and date_format(r.create_time,'%y%m%d') <= date_format(#{params.endTime},'%y%m%d')
-
- ${params.dataScope}
+
+
order by r.role_sort
diff --git a/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysUserMapper.xml b/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysUserMapper.xml
index b369438..3d5a1ae 100644
--- a/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysUserMapper.xml
+++ b/LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysUserMapper.xml
@@ -86,8 +86,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
AND (u.dept_id = #{deptId} OR u.dept_id IN ( SELECT t.dept_id FROM sys_dept t WHERE find_in_set(#{deptId}, ancestors) ))
-
- ${params.dataScope}
+