diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/config/WebMvcConfig.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/config/WebMvcConfig.java index 2a4cc56..c82ea59 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/config/WebMvcConfig.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/config/WebMvcConfig.java @@ -1,6 +1,7 @@ package com.bonus.common.security.config; //import com.bonus.common.security.interceptor.ParamSecureHandler; +import com.bonus.common.security.interceptor.ParamSecureHandler; import org.springframework.context.annotation.Bean; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -23,11 +24,12 @@ public class WebMvcConfig implements WebMvcConfigurer .addPathPatterns("/**") .excludePathPatterns(EXCLUDEURLS) .order(-10); -// //自定义拦截器 -// registry.addInterceptor(getParamSecureInterceptor()) -// .addPathPatterns("/**") -// .excludePathPatterns(EXCLUDEURLS) -// .order(-10); + //自定义拦截器 + registry.addInterceptor(getParamSecureInterceptor()) + .addPathPatterns("/**") + .excludePathPatterns(EXCLUDEURLS) + .order(-10); + } /** @@ -42,9 +44,9 @@ public class WebMvcConfig implements WebMvcConfigurer /** * 自定义参数拦截器 */ -// public ParamSecureHandler getParamSecureInterceptor() -// { -// return new ParamSecureHandler(); -// } + public ParamSecureHandler getParamSecureInterceptor() + { + return new ParamSecureHandler(); + } } diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java index 660df27..42432db 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java @@ -19,14 +19,13 @@ import static org.springframework.http.MediaType.MULTIPART_FORM_DATA_VALUE; /** * @author bonus * @data 2023/2/6 17:22 - * @description 安全参数验证,暂时弃用 + * @description 安全参数验证 */ @Slf4j public class ParamSecureHandler implements AsyncHandlerInterceptor { private static String OPERLOG_URL = "/operlog/addLogs"; private static final String REGISTER = "/user/register"; - private static final String RECOGNITION = "/ocr/recognition"; private String rnd = null; public static String ur = "/"; @@ -61,9 +60,9 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor { if (REGISTER.equals(requestUrl)) { return true; } - if (RECOGNITION.equals(requestUrl)) { - return true; - } +// if (RECOGNITION.equals(requestUrl)) { +// return true; +// } /** * 白名单中不验证参数 */ diff --git a/sql/bns_20240604.sql b/sql/bns_20240604.sql index 14b9558..fa6e798 100644 --- a/sql/bns_20240604.sql +++ b/sql/bns_20240604.sql @@ -63,14 +63,16 @@ create table sys_user ( remark varchar(500) default null comment '备注', login_type varchar(100) default null comment '登录类型', approval_status char(1) default '1' comment '审批状态0:未审批,1:已审批', + is_permanent char(1) default '1' comment '长期和临时用户标识0:临时用户,1:长期用户', + is_built_in char(1) default '0' comment '是否内置用户0:非内置用户,1:内置用户', primary key (user_id) ) engine=innodb auto_increment=100 comment = '用户信息表'; -- ---------------------------- -- 初始化-用户信息表数据 -- ---------------------------- -insert into sys_user values(1, 103, 'admin', '博诺思', '00', 'ry@163.com', '15888888888', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '管理员','0','1'); -insert into sys_user values(2, 105, 'bonus', '博诺思', '00', 'ry@qq.com', '15666666666', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '测试员','0','1'); +insert into sys_user values(1, 103, 'bonus', '博诺思', '00', 'ry@163.com', '15888888888', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '系统管理员','0','1','1'); +insert into sys_user values(2, 103, 'audit', '博诺思', '00', 'ry@163.com', '15888888889', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '审计管理员','0','1','1'); -- ---------------------------- @@ -120,14 +122,17 @@ create table sys_role ( update_by varchar(64) default '' comment '更新者', update_time datetime comment '更新时间', remark varchar(500) default null comment '备注', + is_built_in char(1) default '0' comment '是否内置0:非内置,1:内置', + primary key (role_id) ) engine=innodb auto_increment=100 comment = '角色信息表'; -- ---------------------------- -- 初始化-角色信息表数据 -- ---------------------------- -insert into sys_role values('1', '超级管理员', 'admin', 1, 1, 1, 1, '0', '0', 'admin', sysdate(), '', null, '超级管理员'); -insert into sys_role values('2', '普通角色', 'common', 2, 2, 1, 1, '0', '0', 'admin', sysdate(), '', null, '普通角色'); +insert into sys_role values('1', '超级管理员', 'admin', 1, 1, 1, 1, '0', '0', 'admin', sysdate(), '', null, '超级管理员','1'); +insert into sys_role values('2', '审计管理员', 'audit', 1, 1, 1, 1, '0', '0', 'admin', sysdate(), '', null, '审计管理员','1'); +insert into sys_role values('3', '普通角色', 'common', 2, 2, 1, 1, '0', '0', 'admin', sysdate(), '', null, '普通角色'); -- ---------------------------- @@ -755,3 +760,4 @@ create table sys_logs_set ( ) engine = innodb comment = '数据库日志容量设置表'; insert into sys_logs_set values ('2048'); +