bonus
/
hn_cloud_service
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修改maven

This commit is contained in:
haozq 2025-12-02 17:21:22 +08:00
parent 972afc8844
commit 805abc5e78
52 changed files with 772 additions and 2005 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.idea/compiler.xml
View File

@ -2,7 +2,7 @@
<project version="4">
<component name="CompilerConfiguration">
<annotationProcessing>
<profile default="true" name="Default">
<profile default="true" name="Default" enabled="true">
<processorPath useClasspath="false">
<entry name="$USER_HOME$/Desktop/hn_cloud_service" />
</processorPath>

1378
.idea/workspace.xml
View File

File diff suppressed because it is too large Load Diff

8
HnRealNameBmw/HnRealNameBmw.iml
View File

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<module version="4">
<component name="FacetManager">
<facet type="Spring" name="Spring">
<configuration />
</facet>
</component>
</module>

2
HnRealNameBmw/pom.xml
View File

@ -58,11 +58,13 @@
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<!-- SpringCloud Alibaba Nacos Config -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<!-- SpringCloud Alibaba Sentinel -->
<dependency>

86
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/manager/config/BnsSecurityConfig.java
View File

@ -55,7 +55,7 @@ public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
return new BCryptPasswordEncoder();
}
/* @Override
@Override
protected void configure(HttpSecurity http) throws Exception {
// 添加安全过滤器在认证前执行 -- 防御 sql 注入攻击 xss 攻击
http.addFilterBefore(new SecurityFilter(), BasicAuthenticationFilter.class);
@ -81,51 +81,51 @@ public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
http.headers().cacheControl();
// http.headers().frameOptions().sameOrigin();
http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
}*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// 添加安全过滤器在认证前执行 -- 防御 sql 注入攻击 xss 攻击
http.addFilterBefore(new SecurityFilter(), BasicAuthenticationFilter.class);
http.csrf().disable();
// 使用新的跨域配置
//http.cors(cors -> cors.configurationSource(corsConfigurationSource));
// 基于token所以不需要session
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()
.antMatchers("/", "/gzRealName/**","/attendance/**","/*.html", "/favicon.ico", "/css/**", "/js/**", "/fonts/**", "/layui/**", "/layui-v2.9.2/**","/layui2.3.6/**", "/layer-v3.1.0/**","/img/**",
"/v2/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**", "/druid/**","/interface/**",
"/statics/**","/download/**","/register/**","/companyManager/resetUserPwd","/getCode/**","/OwnContract/updateDownloadState")
.permitAll().anyRequest().authenticated();
http.formLogin().loginProcessingUrl("/login")
.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
.addFilterBefore(new VerifyFilter(redisTemplate,prefix,authenticationFailureHandler), UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 添加CSP配置 - 在这里添加
http.headers()
.contentSecurityPolicy("default-src 'self'; " +
"script-src 'self' https://trusted.cdn.com 'unsafe-inline' 'unsafe-eval'; " +
"style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data: https://trusted.image.com; " +
"font-src 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"form-action 'self';") // 添加form-action限制
.and()
.frameOptions().sameOrigin() // 改用sameOrigin提高安全性
.cacheControl();
// 注意上面的 .frameOptions().disable() 可能会降低安全性考虑使用 .sameOrigin() 替代
http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
}
// @Override
// protected void configure(HttpSecurity http) throws Exception {
// // 添加安全过滤器在认证前执行 -- 防御 sql 注入攻击 xss 攻击
// http.addFilterBefore(new SecurityFilter(), BasicAuthenticationFilter.class);
// http.csrf().disable();
//
// // 使用新的跨域配置
// //http.cors(cors -> cors.configurationSource(corsConfigurationSource));
//
// // 基于token所以不需要session
// http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//
// http.authorizeRequests()
// .antMatchers("/", "/gzRealName/**","/attendance/**","/*.html", "/favicon.ico", "/css/**", "/js/**", "/fonts/**", "/layui/**", "/layui-v2.9.2/**","/layui2.3.6/**", "/layer-v3.1.0/**","/img/**",
// "/v2/api-docs/**", "/swagger-resources/**", "/webjars/**", "/pages/**", "/druid/**","/interface/**",
// "/statics/**","/download/**","/register/**","/companyManager/resetUserPwd","/getCode/**","/OwnContract/updateDownloadState")
// .permitAll().anyRequest().authenticated();
// http.formLogin().loginProcessingUrl("/login")
// .successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler).and()
// .addFilterBefore(new VerifyFilter(redisTemplate,prefix,authenticationFailureHandler), UsernamePasswordAuthenticationFilter.class)
// .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
// http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
//
// // 添加CSP配置 - 在这里添加
// http.headers()
// .contentSecurityPolicy("default-src 'self'; " +
// "script-src 'self' https://trusted.cdn.com 'unsafe-inline' 'unsafe-eval'; " +
// "style-src 'self' 'unsafe-inline'; " +
// "img-src 'self' data: https://trusted.image.com; " +
// "font-src 'self'; " +
// "object-src 'none'; " +
// "base-uri 'self'; " +
// "form-action 'self';") // 添加form-action限制
// .and()
// .frameOptions().sameOrigin() // 改用sameOrigin提高安全性
// .cacheControl();
//
// // 注意上面的 .frameOptions().disable() 可能会降低安全性考虑使用 .sameOrigin() 替代
//
// http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
// }
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(new DecodePwdAuthenticationProvider(userDetailsService));

472
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/manager/config/CspFilter.java
View File

@ -1,236 +1,236 @@
package com.bonus.hnrn.rnbmw.manager.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
@Component
@Order(1) // 确保过滤器优先级
public class CspFilter implements Filter {
// 静态资源扩展名模式
private static final Pattern STATIC_RESOURCE_PATTERN = Pattern.compile(
".*\\.(css|js|map|png|jpg|jpeg|gif|ico|svg|webp|bmp|" +
"woff|woff2|ttf|eot|otf|pdf|txt|xml|json|" +
"zip|rar|7z|tar|gz|mp4|mp3|wav|avi|mov|webm|" +
"doc|docx|xls|xlsx|ppt|pptx)$",
Pattern.CASE_INSENSITIVE
);
// 静态资源路径前缀
private static final List<String> STATIC_PATH_PREFIXES = Arrays.asList(
"/static/", "/public/", "/resources/", "/assets/", "/css/", "/js/",
"/images/", "/img/", "/fonts/", "/webjars/", "/vendor/", "/dist/",
"/uploads/", "/downloads/", "/libs/", "/layui/"
);
// WebGL和3D地图相关页面路径
private static final List<String> WEBGL_PAGE_PATHS = Arrays.asList(
"/pages/synthesisQuery/digitalSignage.html",
"/pages/basic/lineManagement/child/setSpanTowerLonAndLat.html"
);
@Value("${spring.profiles.active:prod}")
private String activeProfile;
@Value("${csp.report-only:false}")
private boolean cspReportOnly;
@Value("${csp.allow-iframe:true}")
private boolean allowIframe;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String requestUri = httpRequest.getRequestURI();
// 设置所有必要的安全头
setSecurityHeaders(httpResponse, requestUri);
chain.doFilter(request, response);
}
private void setSecurityHeaders(HttpServletResponse response, String requestUri) {
// 1. 设置ClickJacking防护头优先解决
setClickJackingProtectionHeaders(response, requestUri);
// 2. 设置CSP头
setCspHeader(response, requestUri);
// 3. 设置其他安全头
setAdditionalSecurityHeaders(response);
}
private void setCspHeader(HttpServletResponse response, String requestUri) {
String cspPolicy;
if (isStaticResource(requestUri)) {
// 静态资源使用简单策略
cspPolicy = "default-src 'self'";
}
else if (isLoginPage(requestUri)) {
// 登录页面 - 使用安全的CSP策略移除不安全的指令
String frameAncestors = allowIframe ? "'self'" : "'none'";
cspPolicy = "default-src 'self'; " +
// 允许同源脚本和外部JavaScript库
"script-src 'self' 'unsafe-inline' https:; " +
// 只允许同源样式
"style-src 'self' 'unsafe-inline' https:; " +
// 只允许同源图片和数据URI
"img-src 'self' data: blob: https:; " +
// 只允许同源字体和数据URI
"font-src 'self' data: https:; " +
// 只允许同源连接
"connect-src 'self' https:; " +
"frame-ancestors " + frameAncestors + "; " +
"form-action 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"report-uri /api/csp-violation";
}
else if (isWebglPage(requestUri)) {
// WebGL和3D地图页面 - 需要更宽松的策略支持WebGLWorker等
String frameAncestors = allowIframe ? "'self'" : "'none'";
cspPolicy = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; " +
"style-src 'self' 'unsafe-inline' data: blob:; " +
"img-src 'self' data: blob: https:; " +
"font-src 'self' data: blob: https:; " +
"connect-src 'self' https: blob: data: http://data.mars3d.cn; " +
"frame-ancestors " + frameAncestors + "; " +
"form-action 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"worker-src 'self' blob: data:; " +
"child-src 'self' blob: data:; " +
"report-uri /api/csp-violation"; // 移除 upgrade-insecure-requests避免强制HTTPS
} else {
// 普通HTML页面 - 根据配置决定是否允许iframe
String frameAncestors = allowIframe ? "'self'" : "'none'";
cspPolicy = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; " +
"style-src 'self' 'unsafe-inline' https:; " +
"img-src 'self' data: blob: https:; " +
"font-src 'self' data: https:; " +
"connect-src 'self' https:; " +
"frame-ancestors " + frameAncestors + "; " +
"form-action 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"report-uri /api/csp-violation"; // 移除 upgrade-insecure-requests避免强制HTTPS
}
String headerName = cspReportOnly ?
"Content-Security-Policy-Report-Only" : "Content-Security-Policy";
response.setHeader(headerName, cspPolicy);
}
private void setClickJackingProtectionHeaders(HttpServletResponse response, String requestUri) {
// 对于静态资源使用宽松的ClickJacking防护
if (isStaticResource(requestUri)) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
return;
}
// 对于HTML页面根据配置决定防护级别
if (allowIframe) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
} else {
response.setHeader("X-Frame-Options", "DENY");
}
}
private void setAdditionalSecurityHeaders(HttpServletResponse response) {
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
response.setHeader("Permissions-Policy",
"geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=()");
// 注意HSTS 只应在 HTTPS 部署下开启当前未在此处强制设置
// 如需开启请在 HTTPS 部署完成后通过配置控制
// 例如Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
}
private boolean isStaticResource(String uri) {
if (uri == null || uri.isEmpty()) {
return false;
}
String path = uri.split("\\?")[0];
if (STATIC_RESOURCE_PATTERN.matcher(path).matches()) {
return true;
}
return STATIC_PATH_PREFIXES.stream().anyMatch(path::startsWith);
}
/**
* 判断是否为登录页面
*/
private boolean isLoginPage(String requestUri) {
return requestUri != null && (
requestUri.endsWith("/login.html") ||
requestUri.endsWith("/login") ||
requestUri.contains("/login")
);
}
/**
* 生成随机nonce值
*/
private String generateNonce() {
byte[] nonceBytes = new byte[16];
new java.util.Random().nextBytes(nonceBytes);
return java.util.Base64.getEncoder().encodeToString(nonceBytes);
}
/**
* 生成内容的SHA-256哈希值
*/
private String generateHash(String content) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(content.getBytes("UTF-8"));
return "'sha256-" + java.util.Base64.getEncoder().encodeToString(hash) + "'";
} catch (Exception e) {
return "";
}
}
private boolean isWebglPage(String uri) {
if (uri == null || uri.isEmpty()) {
return false;
}
String path = uri.split("\\?")[0];
return WEBGL_PAGE_PATHS.stream().anyMatch(path::contains);
}
private boolean isProduction() {
return "prod".equals(activeProfile) || "production".equals(activeProfile);
}
@Override
public void destroy() {
// 清理资源
}
}
//package com.bonus.hnrn.rnbmw.manager.config;
//
//import org.springframework.beans.factory.annotation.Value;
//import org.springframework.core.annotation.Order;
//import org.springframework.stereotype.Component;
//
//import javax.servlet.*;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//import java.security.MessageDigest;
//import java.security.NoSuchAlgorithmException;
//import java.util.Arrays;
//import java.util.List;
//import java.util.regex.Pattern;
//
//@Component
//@Order(1) // 确保过滤器优先级
//public class CspFilter implements Filter {
//
// // 静态资源扩展名模式
// private static final Pattern STATIC_RESOURCE_PATTERN = Pattern.compile(
// ".*\\.(css|js|map|png|jpg|jpeg|gif|ico|svg|webp|bmp|" +
// "woff|woff2|ttf|eot|otf|pdf|txt|xml|json|" +
// "zip|rar|7z|tar|gz|mp4|mp3|wav|avi|mov|webm|" +
// "doc|docx|xls|xlsx|ppt|pptx)$",
// Pattern.CASE_INSENSITIVE
// );
//
// // 静态资源路径前缀
// private static final List<String> STATIC_PATH_PREFIXES = Arrays.asList(
// "/static/", "/public/", "/resources/", "/assets/", "/css/", "/js/",
// "/images/", "/img/", "/fonts/", "/webjars/", "/vendor/", "/dist/",
// "/uploads/", "/downloads/", "/libs/", "/layui/"
// );
//
// // WebGL和3D地图相关页面路径
// private static final List<String> WEBGL_PAGE_PATHS = Arrays.asList(
// "/pages/synthesisQuery/digitalSignage.html",
// "/pages/basic/lineManagement/child/setSpanTowerLonAndLat.html"
// );
//
// @Value("${spring.profiles.active:prod}")
// private String activeProfile;
//
// @Value("${csp.report-only:false}")
// private boolean cspReportOnly;
//
// @Value("${csp.allow-iframe:true}")
// private boolean allowIframe;
//
// @Override
// public void doFilter(ServletRequest request, ServletResponse response,
// FilterChain chain) throws IOException, ServletException {
//
// HttpServletRequest httpRequest = (HttpServletRequest) request;
// HttpServletResponse httpResponse = (HttpServletResponse) response;
// String requestUri = httpRequest.getRequestURI();
//
// // 设置所有必要的安全头
// setSecurityHeaders(httpResponse, requestUri);
//
// chain.doFilter(request, response);
// }
//
// private void setSecurityHeaders(HttpServletResponse response, String requestUri) {
// // 1. 设置ClickJacking防护头优先解决
// setClickJackingProtectionHeaders(response, requestUri);
//
// // 2. 设置CSP头
// setCspHeader(response, requestUri);
//
// // 3. 设置其他安全头
// setAdditionalSecurityHeaders(response);
// }
//
// private void setCspHeader(HttpServletResponse response, String requestUri) {
// String cspPolicy;
//
// if (isStaticResource(requestUri)) {
// // 静态资源使用简单策略
// cspPolicy = "default-src 'self'";
// }
// else if (isLoginPage(requestUri)) {
// // 登录页面 - 使用安全的CSP策略移除不安全的指令
// String frameAncestors = allowIframe ? "'self'" : "'none'";
//
// cspPolicy = "default-src 'self'; " +
// // 允许同源脚本和外部JavaScript库
// "script-src 'self' 'unsafe-inline' https:; " +
// // 只允许同源样式
// "style-src 'self' 'unsafe-inline' https:; " +
// // 只允许同源图片和数据URI
// "img-src 'self' data: blob: https:; " +
// // 只允许同源字体和数据URI
// "font-src 'self' data: https:; " +
// // 只允许同源连接
// "connect-src 'self' https:; " +
// "frame-ancestors " + frameAncestors + "; " +
// "form-action 'self'; " +
// "object-src 'none'; " +
// "base-uri 'self'; " +
// "report-uri /api/csp-violation";
// }
// else if (isWebglPage(requestUri)) {
// // WebGL和3D地图页面 - 需要更宽松的策略支持WebGLWorker等
// String frameAncestors = allowIframe ? "'self'" : "'none'";
//
// cspPolicy = "default-src 'self'; " +
// "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; " +
// "style-src 'self' 'unsafe-inline' data: blob:; " +
// "img-src 'self' data: blob: https:; " +
// "font-src 'self' data: blob: https:; " +
// "connect-src 'self' https: blob: data: http://data.mars3d.cn; " +
// "frame-ancestors " + frameAncestors + "; " +
// "form-action 'self'; " +
// "object-src 'none'; " +
// "base-uri 'self'; " +
// "worker-src 'self' blob: data:; " +
// "child-src 'self' blob: data:; " +
// "report-uri /api/csp-violation"; // 移除 upgrade-insecure-requests避免强制HTTPS
// } else {
// // 普通HTML页面 - 根据配置决定是否允许iframe
// String frameAncestors = allowIframe ? "'self'" : "'none'";
//
// cspPolicy = "default-src 'self'; " +
// "script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; " +
// "style-src 'self' 'unsafe-inline' https:; " +
// "img-src 'self' data: blob: https:; " +
// "font-src 'self' data: https:; " +
// "connect-src 'self' https:; " +
// "frame-ancestors " + frameAncestors + "; " +
// "form-action 'self'; " +
// "object-src 'none'; " +
// "base-uri 'self'; " +
// "report-uri /api/csp-violation"; // 移除 upgrade-insecure-requests避免强制HTTPS
// }
//
// String headerName = cspReportOnly ?
// "Content-Security-Policy-Report-Only" : "Content-Security-Policy";
//
// response.setHeader(headerName, cspPolicy);
// }
//
// private void setClickJackingProtectionHeaders(HttpServletResponse response, String requestUri) {
// // 对于静态资源使用宽松的ClickJacking防护
// if (isStaticResource(requestUri)) {
// response.setHeader("X-Frame-Options", "SAMEORIGIN");
// return;
// }
//
// // 对于HTML页面根据配置决定防护级别
// if (allowIframe) {
// response.setHeader("X-Frame-Options", "SAMEORIGIN");
// } else {
// response.setHeader("X-Frame-Options", "DENY");
// }
// }
//
// private void setAdditionalSecurityHeaders(HttpServletResponse response) {
// response.setHeader("X-Content-Type-Options", "nosniff");
// response.setHeader("X-XSS-Protection", "1; mode=block");
// response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
// response.setHeader("Permissions-Policy",
// "geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=()");
//
// // 注意HSTS 只应在 HTTPS 部署下开启当前未在此处强制设置
// // 如需开启请在 HTTPS 部署完成后通过配置控制
// // 例如Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
// }
//
// private boolean isStaticResource(String uri) {
// if (uri == null || uri.isEmpty()) {
// return false;
// }
//
// String path = uri.split("\\?")[0];
//
// if (STATIC_RESOURCE_PATTERN.matcher(path).matches()) {
// return true;
// }
//
// return STATIC_PATH_PREFIXES.stream().anyMatch(path::startsWith);
// }
//
// /**
// * 判断是否为登录页面
// */
// private boolean isLoginPage(String requestUri) {
// return requestUri != null && (
// requestUri.endsWith("/login.html") ||
// requestUri.endsWith("/login") ||
// requestUri.contains("/login")
// );
// }
//
// /**
// * 生成随机nonce值
// */
// private String generateNonce() {
// byte[] nonceBytes = new byte[16];
// new java.util.Random().nextBytes(nonceBytes);
// return java.util.Base64.getEncoder().encodeToString(nonceBytes);
// }
//
// /**
// * 生成内容的SHA-256哈希值
// */
// private String generateHash(String content) {
// try {
// MessageDigest digest = MessageDigest.getInstance("SHA-256");
// byte[] hash = digest.digest(content.getBytes("UTF-8"));
// return "'sha256-" + java.util.Base64.getEncoder().encodeToString(hash) + "'";
// } catch (Exception e) {
// return "";
// }
// }
//
// private boolean isWebglPage(String uri) {
// if (uri == null || uri.isEmpty()) {
// return false;
// }
//
// String path = uri.split("\\?")[0];
// return WEBGL_PAGE_PATHS.stream().anyMatch(path::contains);
// }
//
// private boolean isProduction() {
// return "prod".equals(activeProfile) || "production".equals(activeProfile);
// }
//
// @Override
// public void destroy() {
// // 清理资源
// }
//}

18
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/manager/config/WebMvcConfig.java
View File

@ -26,24 +26,6 @@ public class WebMvcConfig implements WebMvcConfigurer {
@Autowired
private ParamLengthInterceptor paramLengthInterceptor;
/**
* 跨域支持 - 修复 CORS 漏洞
*/
/*@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
// 明确指定允许的源不要使用通配符 *
.allowedOrigins(
"http://localhost:19118",
"http://192.168.0.14:19118",
"https://您的生产域名.com" // 添加您的生产环境域名
)
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("*")
.allowCredentials(true) // 如果需要凭证如cookies
.maxAge(3600); // 预检请求缓存时间
}*/
/**
* datatable分页解析
*

1
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/manager/controller/UserController.java
View File

@ -35,7 +35,6 @@ import javax.annotation.Resource;
/**
* 用户相关接口
*/
@SuppressWarnings("AlibabaLowerCamelCaseVariableNaming")
@Api(tags = "用户")
@RestController

2
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/ownPerson/controller/AnnouncementController.java
View File

@ -165,7 +165,7 @@ public class AnnouncementController {
String imageFiles = "/rdata/gz_real_name/" + mkdirsName + "/"; // linux 系统路径
String os = System.getProperty("os.name");
if (os.toLowerCase().startsWith("win")) {
imageFiles = "E://files/" + mkdirsName;
imageFiles = "F://files/" + mkdirsName;
}
String path = imageFiles + "/" + DateTimeHelper.getYear(new Date()) + "/" + DateTimeHelper.getMonth(new Date()) + "/" + fileName;

2
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/ownPerson/controller/PaySlipController.java
View File

@ -46,7 +46,7 @@ public class PaySlipController {
@Resource(name = "PaySlipDao")
private PaySlipDao dao;
public static Logger logger = LoggerFactory.getLogger(PaySlipController.class);
@GetMapping
@PostMapping
@ApiOperation(value = "自有人员-工资条信息-列表")
@PreAuthorize("hasAuthority('sys:workerOn:query')")
public PageTableResponse listList(PageTableRequest request) {

2
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/ownPerson/controller/WorkerController.java
View File

@ -105,7 +105,7 @@ public class WorkerController{
@Resource(name = "userDao")
private UserDao userdao;
@GetMapping
@PostMapping("list")
@ApiOperation(value = "自有人员-在职信息-列表")
@PreAuthorize("hasAuthority('sys:workerOn:query')")
public PageTableResponse listList(PageTableRequest request) {

2
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/ownPerson/controller/WorkerDepartController.java
View File

@ -51,7 +51,7 @@ public class WorkerDepartController {
@Resource(name = "WorkerDao")
private WorkerDao workerDao;
@GetMapping
@PostMapping
@ApiOperation(value = "自有人员-离职信息列表")
@PreAuthorize("hasAuthority('sys:workerDepart:query')")
public PageTableResponse listList(PageTableRequest request) {

55
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/person/controller/SalaryAppealController.java
View File

@ -14,10 +14,10 @@ import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
@SuppressWarnings("AlibabaLowerCamelCaseVariableNaming")
@Api(tags = "欠薪申诉")
@RestController
@RequestMapping("/salaryAppeal")
@ -29,33 +29,38 @@ public class SalaryAppealController {
@Resource(name = "ProjectService")
private com.bonus.hnrn.rnbmw.basic.service.ProjectService ProjectService;
@GetMapping
@PostMapping
@ApiOperation(value = "欠薪申诉列表")
@PreAuthorize("hasAuthority('sys:salaryAppeal:query')")
public PageTableResponse listPayroll(PageTableRequest request) {
SysUser user= UserUtil.getLoginUser();
request.getParams().put("orgId",user.getOrgId());
request.getParams().put("subId",user.getSubId());
request.getParams().put("companyId",user.getCompanyId());
request.getParams().put("roleLevel",user.getRoleLevel());
return new PageTableHandler(new PageTableHandler.CountHandler() {
@Override
public int count(PageTableRequest request) {
//String orgId = UserUtil.getLoginUser().getOrgId();
//String companyId = ProjectService.getCompanyId(orgId);
//request.getParams().put("companyId", companyId);
return service.getAppealListCount(request.getParams());
}
}, new PageTableHandler.ListHandler() {
@Override
public List<SalaryAppealBean> list(PageTableRequest request) {
//String orgId = UserUtil.getLoginUser().getOrgId();
// String companyId = ProjectService.getCompanyId(orgId);
//request.getParams().put("companyId", companyId);
List<SalaryAppealBean> list = service.getAppealList(request.getParams(), request.getOffset(), request.getLimit());
return list;
}
}).handle(request);
try{
SysUser user= UserUtil.getLoginUser();
request.getParams().put("orgId",user.getOrgId());
request.getParams().put("subId",user.getSubId());
request.getParams().put("companyId",user.getCompanyId());
request.getParams().put("roleLevel",user.getRoleLevel());
return new PageTableHandler(new PageTableHandler.CountHandler() {
@Override
public int count(PageTableRequest request) {
//String orgId = UserUtil.getLoginUser().getOrgId();
//String companyId = ProjectService.getCompanyId(orgId);
//request.getParams().put("companyId", companyId);
return service.getAppealListCount(request.getParams());
}
}, new PageTableHandler.ListHandler() {
@Override
public List<SalaryAppealBean> list(PageTableRequest request) {
//String orgId = UserUtil.getLoginUser().getOrgId();
// String companyId = ProjectService.getCompanyId(orgId);
//request.getParams().put("companyId", companyId);
List<SalaryAppealBean> list = service.getAppealList(request.getParams(), request.getOffset(), request.getLimit());
return list;
}
}).handle(request);
}catch (Exception e){
e.printStackTrace();
}
return new PageTableResponse(0,0,new ArrayList<>());
}
@PostMapping("getPhoto")

3
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/push/controller/AttController.java
View File

@ -21,7 +21,6 @@ import java.util.List;
* 互联网公司接入考勤数据
*/
@RestController
@CrossOrigin
@RequestMapping("/attendance/")
public class AttController {
@ -31,7 +30,7 @@ public class AttController {
private AttService attService;
@RequestMapping(value="insertAttendanceData",method = RequestMethod.POST)
@CrossOrigin
//@CrossOrigin
public String insertAttendanceData(@RequestBody String params) throws Exception {
List<AttDataBean> list = new ArrayList<>();
// String params = StringHelper.fetchPostByTextPlain(request);

40
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/salaryfile/controller/AnalysisWagesController.java
View File

@ -1,19 +1,17 @@
package com.bonus.hnrn.rnbmw.salaryfile.controller;
import com.bonus.hnrn.rnbmw.manager.model.SysUser;
import com.bonus.hnrn.rnbmw.manager.table.PageTableHandler;
import com.bonus.hnrn.rnbmw.manager.table.PageTableRequest;
import com.bonus.hnrn.rnbmw.manager.table.PageTableResponse;
import com.bonus.hnrn.rnbmw.manager.utils.UserUtil;
import com.bonus.hnrn.rnbmw.salaryfile.entity.AnalysisWagesBean;
import com.bonus.hnrn.rnbmw.salaryfile.entity.SalaryCheckBean;
import com.bonus.hnrn.rnbmw.salaryfile.service.AnalysisWagesService;
import com.bonus.hnrn.rnbmw.salaryfile.service.SalaryCheckService;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.List;
/**
@ -25,10 +23,11 @@ import java.util.List;
* @date 2025/8/15
* @description 核定工资分析
*/
@CrossOrigin
//@CrossOrigin
@RestController
@RequestMapping("/analysisWages")
@RequiredArgsConstructor
@Slf4j
public class AnalysisWagesController {
@Resource(name = "analysisWagesService")
@ -63,19 +62,26 @@ public class AnalysisWagesController {
*/
@PostMapping("getProList")
public PageTableResponse getProList(PageTableRequest request) {
return new PageTableHandler(new PageTableHandler.CountHandler() {
@Override
public int count(PageTableRequest request) {
return analysisWagesService.getProListNum(request.getParams());
}
}, new PageTableHandler.ListHandler() {
try{
return new PageTableHandler(new PageTableHandler.CountHandler() {
@Override
public int count(PageTableRequest request) {
return analysisWagesService.getProListNum(request.getParams());
}
}, new PageTableHandler.ListHandler() {
@Override
public List<AnalysisWagesBean> list(PageTableRequest request) {
List<AnalysisWagesBean> list = analysisWagesService.getProList(request.getParams(), request.getOffset(), request.getLimit());
return list;
}
}).handle(request);
@Override
public List<AnalysisWagesBean> list(PageTableRequest request) {
List<AnalysisWagesBean> list = analysisWagesService.getProList(request.getParams(), request.getOffset(), request.getLimit());
return list;
}
}).handle(request);
}catch(Exception e){
log.error(e.toString(),e);
e.printStackTrace();
}
return new PageTableResponse(0,0,new ArrayList<>());
}
/**

2
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/salaryfile/controller/SalaryCheckController.java
View File

@ -29,7 +29,7 @@ import java.util.Map;
*
* @author jsk
*/
@CrossOrigin
//@CrossOrigin
@RestController
@RequestMapping("/salaryCheck")
@RequiredArgsConstructor

2
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/salaryfile/controller/SalaryFileController.java
View File

@ -18,7 +18,7 @@ import java.util.List;
*
* @author zys
*/
@CrossOrigin
//@CrossOrigin
@RestController
@RequestMapping("/salaryFile")
@RequiredArgsConstructor

43
HnRealNameBmw/src/main/java/com/bonus/hnrn/rnbmw/salaryfile/service/SalaryCheckServiceImpl.java
View File

@ -21,6 +21,7 @@ import com.bonus.hnrn.rnbmw.salaryfile.dao.SalaryCheckDao;
import com.bonus.hnrn.rnbmw.salaryfile.entity.*;
import com.bonus.hnrn.rnbmw.util.WebConfig;
import com.bonus.hnrn.rnbmw.util.excel.StringUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.poi.ss.usermodel.*;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
@ -55,6 +56,7 @@ import java.util.zip.ZipOutputStream;
* @author zys
*/
@Service("salaryCheckService")
@Slf4j
public class SalaryCheckServiceImpl implements SalaryCheckService {
/**
@ -353,25 +355,30 @@ public class SalaryCheckServiceImpl implements SalaryCheckService {
@Override
public PageTableResponse getList(PageTableRequest request) {
if (request.getParams().get("state") != null && request.getParams().get("state") != "") {
List<String> stateList = Arrays.asList(request.getParams().get("state").toString().split(","));
request.getParams().put("stateList", stateList);
} else {
request.getParams().put("stateList", null);
}
return new PageTableHandler(new PageTableHandler.CountHandler() {
@Override
public int count(PageTableRequest request) {
return salaryCheckDao.getListNum(request.getParams());
}
}, new PageTableHandler.ListHandler() {
try{
if (request.getParams().get("state") != null && request.getParams().get("state") != "") {
List<String> stateList = Arrays.asList(request.getParams().get("state").toString().split(","));
request.getParams().put("stateList", stateList);
} else {
request.getParams().put("stateList", null);
}
return new PageTableHandler(new PageTableHandler.CountHandler() {
@Override
public int count(PageTableRequest request) {
return salaryCheckDao.getListNum(request.getParams());
}
}, new PageTableHandler.ListHandler() {
@Override
public List<SalaryCheckBean> list(PageTableRequest request) {
List<SalaryCheckBean> list = salaryCheckDao.getList(request.getParams(), request.getOffset(), request.getLimit());
return list;
}
}).handle(request);
@Override
public List<SalaryCheckBean> list(PageTableRequest request) {
List<SalaryCheckBean> list = salaryCheckDao.getList(request.getParams(), request.getOffset(), request.getLimit());
return list;
}
}).handle(request);
}catch (Exception e){
log.error(e.toString(),e);
}
return new PageTableResponse(0,0,new ArrayList<>());
}
@Override

93
HnRealNameBmw/src/main/resources/application.yml
View File

@ -1,93 +0,0 @@
server:
port: 1918
tomcat:
connection-timeout: 10
uri-encoding: UTF-8
max-http-header-size: 102400
multipart:
max-file-size: 20MB
max-request-size: 20MB
maxFileSize: 10Mb
maxRequestSize: 10Mb
# 数据源配置
spring:
application:
name: bonus-realname
profiles:
# 环境配置
active: dev
cloud:
nacos:
config:
server-addr: 192.168.0.14:18848
namespace: e0337b55-080d-456e-8449-46d68dceee5b
# 配置文件格式
file-extension: yml
group: DEFAULT_GROUP
# nacos.core.auth.enabled=true 开启权限验证
discovery:
# nacos地址
server-addr: 192.168.0.14:18848
namespace: e0337b55-080d-456e-8449-46d68dceee5b
datasource:
driverClassName: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://192.168.0.14:4418/hn_real_name_test?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&useSSL=false
username: root
password: Bonus@admin123!
max-idle: 10
max-wait: 60000
min-idle: 5
initial-size: 5
redis:
host: 192.168.0.14
port: 2004
password: Plzbns@Redis123!
# mybatis配置
mybatis:
mapper-locations: classpath:mappers/*/*Mapper.xml
type-aliases-package: com.bonus.hnrn.rnbmw.*.entity
logging:
level:
root: INFO
pattern:
console: "%d{yyyy-MM-dd HH:mm:ss} - %msg%n"
log:
level:
root: info
my: debug
file: logs/sys-back.log
maxsize: 30M
files:
path: /rdata/gz_real_name/
upload_path: /rdata/gz_real_name
token:
expire:
seconds: 7200
loginCode:
expiration: 3
prefix: login_code
jasypt:
encryptor:
password: Encrypt
oss:
# endpoint: http://oss-ah-2-a.ops.sgmc.sgcc.com.cn/
endpoint: oss-cn-beijing.aliyuncs.com
accessKeyId: LTAI5tRkHKiF1GJiwK5dGFRj
accessKeySecret: jXewIIKO0ZmuuQedpN728M7bMFTNBO
bucketName: lsun
cors:
allowed-origins: http://localhost:19118,http://127.0.0.1:19118,http://192.168.0.14:19118,http://116.63.172.211:1918
allowed-methods: GET,POST,PUT,DELETE,OPTIONS
allowed-headers: Content-Type,X-Requested-With,Token,Authorization,X-Custom-Header
allow-credentials: true
max-age: 3600

38
HnRealNameBmw/src/main/resources/mappers/basic/IntegratedQueryMapper.xml
View File

@ -17,7 +17,7 @@
LEFT JOIN bm_outstanding_team bot on bot.foreman_idnumber = bwr.ID_NUMBER and bot.IS_ACTIVE = '1'
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE bp.IS_ACTIVE = '1' and bs.id is not null
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.companyId != null and params.companyId != ''">
AND bp.company_id = #{params.companyId}
</if>
@ -49,7 +49,7 @@
LEFT JOIN bm_outstanding_team bot on bot.foreman_idnumber = bwr.ID_NUMBER and bot.IS_ACTIVE = '1'
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE bp.IS_ACTIVE = '1' and bs.id is not null
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.companyId != null and params.companyId != ''">
AND bp.company_id = #{params.companyId}
</if>
@ -72,7 +72,7 @@
LEFT JOIN bm_sub_team bst on bst.SUB_ID = bs.ID and bst.IS_ACTIVE = '1'
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
LEFT JOIN bm_worker_record bwr2 ON bwr2.team_id = bst.id
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bwr2.project_id = #{params.proId}
</if>
@ -107,7 +107,7 @@
LEFT JOIN bm_sub_team bst on bst.SUB_ID = bs.ID and bst.IS_ACTIVE = '1'
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
LEFT JOIN bm_worker_record bwr2 ON bwr2.team_id = bst.id
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bwr2.project_id = #{params.proId}
</if>
@ -116,7 +116,7 @@
LEFT JOIN bm_outstanding_team bot on bot.foreman_idnumber = bwr.ID_NUMBER and bot.IS_ACTIVE = '1'
WHERE
bp.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -137,7 +137,7 @@ select COUNT(1) from (
LEFT JOIN bm_sub_team bst on bst.SUB_ID = bs.ID and bst.IS_ACTIVE = '1'
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
LEFT JOIN bm_worker_record bwr2 ON bwr2.team_id = bst.id
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bwr2.project_id = #{params.proId}
</if>
@ -149,7 +149,7 @@ select COUNT(1) from (
and bwr2.IS_ACTIVE = '1'
LEFT JOIN bm_outstanding_team bot on bot.foreman_idnumber = bwr.ID_NUMBER and bot.IS_ACTIVE = '1'
WHERE bp.IS_ACTIVE = '1' and bst.`NAME` is not null
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -185,7 +185,7 @@ select COUNT(1) from (
LEFT JOIN bm_sub_team bst on bst.SUB_ID = bs.ID and bst.IS_ACTIVE = '1'
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
LEFT JOIN bm_worker_record bwr2 ON bwr2.team_id = bst.id and bst.`NAME` is not null
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bwr2.project_id = #{params.proId}
</if>
@ -197,7 +197,7 @@ select COUNT(1) from (
and bwr2.IS_ACTIVE = '1'
LEFT JOIN bm_outstanding_team bot on bot.foreman_idnumber = bwr2.ID_NUMBER and bot.IS_ACTIVE = '1'
WHERE bp.IS_ACTIVE = '1' and bst.`NAME` is not null
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -240,7 +240,7 @@ select COUNT(1) from (
WHERE
bs.IS_ACTIVE = '1'
AND bwr.ein_status = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -284,7 +284,7 @@ select COUNT(1) from (
WHERE
bs.IS_ACTIVE = '1'
AND bwr.ein_status = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -324,7 +324,7 @@ select COUNT(1) from (
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE
bs.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subId != null and params.subId != ''">
AND bs.id = #{params.subId}
</if>
@ -357,7 +357,7 @@ select COUNT(1) from (
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE
bs.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subId != null and params.subId != ''">
AND bs.id = #{params.subId}
</if>
@ -384,7 +384,7 @@ select COUNT(1) from (
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE
bs.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subId != null and params.subId != ''">
AND bs.id = #{params.subId}
</if>
@ -418,7 +418,7 @@ select COUNT(1) from (
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE
bs.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subId != null and params.subId != ''">
AND bs.id = #{params.subId}
</if>
@ -445,7 +445,7 @@ select COUNT(1) from (
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE
bs.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subId != null and params.subId != ''">
AND bs.id = #{params.subId}
</if>
@ -489,7 +489,7 @@ select COUNT(1) from (
LEFT JOIN bm_redlist_worker brw ON brw.ID_NUMBER = bwr.ID_NUMBER
WHERE
bs.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subId != null and params.subId != ''">
AND bs.id = #{params.subId}
</if>
@ -525,7 +525,7 @@ select COUNT(1) from (
WHERE
bs.IS_ACTIVE = '1'
AND bwr.ein_status = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -568,7 +568,7 @@ select COUNT(1) from (
WHERE
bs.IS_ACTIVE = '1'
AND bwr.ein_status = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>

4
HnRealNameBmw/src/main/resources/mappers/basic/SalaryPaymentAndAttendanceRecordsMapper.xml
View File

@ -22,7 +22,7 @@
WHERE
jr.is_active=1
and jr.state=5
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.startMonth != null and params.endMonth != null">
and jr.`month` BETWEEN #{params.startMonth} AND #{params.endMonth}
</if>
@ -61,7 +61,7 @@
WHERE
jr.is_active=1
and jr.state=5
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.startMonth != null and params.endMonth != null">
and jr.`month` BETWEEN #{params.startMonth} AND #{params.endMonth}
</if>

4
HnRealNameBmw/src/main/resources/mappers/basic/SubContractorMapper.xml
View File

@ -39,7 +39,7 @@
LEFT JOIN pm_company pc ON pc.ID = bs.COMPANY_ID
where
bs.IS_ACTIVE = 1
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.subName != null and params.subName != ''">
AND bs.SUB_NAME LIKE concat ('%',#{params.subName},'%')
</if>
@ -62,7 +62,7 @@
SELECT COUNT(*) FROM bm_subcontractor bs
LEFT JOIN sys_user suser on suser.ID = bs.UPLOADER
where bs.IS_ACTIVE = 1
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.companyId != null and params.companyId != '' and params.companyId != '-1'">
AND bs.COMPANY_ID = #{params.companyId}
</if>

4
HnRealNameBmw/src/main/resources/mappers/basic/SubPrincipalManagementMapper.xml
View File

@ -32,7 +32,7 @@
LEFT JOIN bm_subcontractor bs ON bspm.SUB_ID = bs.ID
WHERE bspm.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>
@ -62,7 +62,7 @@
LEFT JOIN bm_project bp ON bspm.PRO_ID = bp.ID
LEFT JOIN bm_subcontractor bs ON bspm.SUB_ID = bs.ID
WHERE bspm.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.proId != null and params.proId != ''">
AND bp.id = #{params.proId}
</if>

4
HnRealNameBmw/src/main/resources/mappers/basic/SuperTeamListMapper.xml
View File

@ -31,7 +31,7 @@
FROM
`bm_outstanding_team` bot
WHERE bot.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.companyId != null and params.companyId != ''">
AND bot.company_id = #{params.companyId}
</if>
@ -62,7 +62,7 @@
FROM
`bm_outstanding_team` bot
WHERE bot.IS_ACTIVE = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<if test="params.companyId != null and params.companyId != ''">
AND bot.company_id = #{params.companyId}
</if>

4
HnRealNameBmw/src/main/resources/mappers/jobType/JobTypeMapper.xml
View File

@ -8,7 +8,7 @@
SELECT count(1)
FROM sys_dic_detail
WHERE dic_type = 3 AND IS_ACTIVE = 1
<if test="params != null and params !=''">
<if test="params != null and params.size() > 0">
<if test="params.keyWord != null and params.keyWord !=''">
and instr(name,#{params.keyWord}) &gt; 0
</if>
@ -22,7 +22,7 @@
SELECT id,name , job_type as jobType
FROM sys_dic_detail
WHERE dic_type = 3 AND IS_ACTIVE = 1
<if test="params != null and params !=''">
<if test="params != null and params.size() > 0">
<if test="params.keyWord != null and params.keyWord !=''">
and instr(name,#{params.keyWord}) &gt; 0
</if>

32
HnRealNameBmw/src/main/resources/mappers/person/CertificateMapper.xml
View File

@ -119,7 +119,7 @@
FROM
`bm_certificate_type`
WHERE is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.keyWord != null and params.keyWord !=''">
and instr(name,#{params.keyWord}) &gt; 0
</if>
@ -142,7 +142,7 @@
FROM
`bm_certificate_type`
WHERE is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.keyWord != null and params.keyWord !=''">
and instr(name,#{params.keyWord}) &gt; 0
</if>
@ -174,7 +174,7 @@
FROM
bm_certificate_type bct
WHERE bct.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.keyWord != null and params.keyWord !=''">
and instr(bct.`NAME`,#{params.keyWord}) &gt; 0
</if>
@ -192,7 +192,7 @@
bm_certificate_type bct
LEFT JOIN bm_certificate_post bcp ON bcp.certificate_id = bct.id and bcp.post_id = #{params.postId}
WHERE bct.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.keyWord != null and params.keyWord !=''">
and instr(bct.`NAME`,#{params.keyWord}) &gt; 0
</if>
@ -248,7 +248,7 @@
AND bwc.IS_ACTIVE = '1'
LEFT JOIN bm_certificate_type bct2 ON bwc.certificate_id = bct2.ID
WHERE 1=1
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -301,7 +301,7 @@
AND bwc.IS_ACTIVE = '1'
LEFT JOIN bm_certificate_type bct2 ON bwc.certificate_id = bct2.ID
WHERE 1=1
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -416,7 +416,7 @@
LEFT JOIN bm_subcontractor bs on bwr.SUB_ID = bs.ID
LEFT JOIN bm_sub_team bst ON bwr.TEAM_ID = bst.ID
WHERE bwc.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -441,7 +441,7 @@
</if>
) a
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.remind !=null and params.remind !='' and params.remind !='全部' ">
and a.remind = #{params.remind}
</if>
@ -486,7 +486,7 @@
LEFT JOIN bm_subcontractor bs on bwr.SUB_ID = bs.ID
LEFT JOIN bm_sub_team bst ON bwr.TEAM_ID = bst.ID
WHERE bwc.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -512,7 +512,7 @@
)yyy
) a
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.remind !=null and params.remind !='' and params.remind !='全部' ">
and a.remind = #{params.remind}
</if>
@ -563,7 +563,7 @@
LEFT JOIN bm_subcontractor bs on bwr.SUB_ID = bs.ID
LEFT JOIN bm_sub_team bst ON bst.ID = bwr.TEAM_ID
WHERE bwc.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -589,7 +589,7 @@
)yyy
) a
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.remind !=null and params.remind !='' and params.remind !='全部' ">
and a.remind = #{params.remind}
</if>
@ -635,7 +635,7 @@
LEFT JOIN bm_subcontractor bs on bwr.SUB_ID = bs.ID
LEFT JOIN bm_sub_team bst ON bwr.TEAM_ID = bst.ID
WHERE bwc.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -661,7 +661,7 @@
)yyy
) a
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.remind !=null and params.remind !='' and params.remind !='全部' ">
and a.remind = #{params.remind}
</if>
@ -769,7 +769,7 @@
LEFT JOIN bm_subcontractor bs on bwr.SUB_ID = bs.ID
LEFT JOIN bm_sub_team bst ON bwr.TEAM_ID = bst.ID
WHERE bwc.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>
@ -795,7 +795,7 @@
)yyy
) a
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.remind !=null and params.remind !='' and params.remind !='全部' ">
and a.remind = #{params.remind}
</if>

16
HnRealNameBmw/src/main/resources/mappers/person/ContractMapper.xml
View File

@ -96,7 +96,7 @@
AND bp.id in (SELECT pro_id FROM bm_sub_pro_relation WHERE sub_id = #{params.subId})
</if>
</if>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<!--
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
@ -125,7 +125,7 @@
${params.orderBy}
) r
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.contractStatus != null and params.contractStatus !=''">
and r.stauts = #{params.contractStatus}
</if>
@ -221,7 +221,7 @@
AND bp.id in (SELECT pro_id FROM bm_sub_pro_relation WHERE sub_id = #{params.subId})
</if>
</if>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<!--
<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
@ -247,7 +247,7 @@
${params.orderBy}
) r
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.contractStatus != null and params.contractStatus !=''">
and r.stauts = #{params.contractStatus}
</if>
@ -389,7 +389,7 @@
LEFT JOIN bm_project bp ON bp.id = bwc.pro_id
left join bm_subcontractor bs on bs.id =bwc.sub_id
where bwr.IS_ACTIVE = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<!--<if test="params.companyId != null and params.companyId !=''">
and bp.company_id = #{params.companyId}
</if>-->
@ -490,7 +490,7 @@
LEFT JOIN bm_project bp ON bp.id = bwc.pro_id
left join bm_subcontractor bs on bs.id =bwc.sub_id
where bwr.IS_ACTIVE = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<!-- <if test="params.companyId != null and params.companyId !=''">-->
<!-- and bp.company_id = #{params.companyId}-->
<!-- </if>-->
@ -630,7 +630,7 @@
AND bp.id in (SELECT pro_id FROM bm_sub_pro_relation WHERE sub_id = #{params.subId})
</if>
</if>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.proId != null and params.proId !=''">
and bp.id = #{params.proId}
</if>
@ -650,7 +650,7 @@
GROUP BY aa.ID_NUMBER
) r
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.contractStatus != null and params.contractStatus !=''">
and r.stauts = #{params.contractStatus}
</if>

2
HnRealNameBmw/src/main/resources/mappers/person/ContractModeMapper.xml
View File

@ -22,7 +22,7 @@
left join pm_company pc on pc.ID = po.company_id
LEFT JOIN sys_user su on su.ID = bci.creator
where bci.is_active = '1'
<if test="params != null and params != ''">
<if test="params != null and params.size() > 0">
<!-- <if test="params.companyId != null and params.companyId !='' ">-->
<!-- and pc.id = #{params.companyId}-->
<!-- </if>-->

4
HnRealNameBmw/src/main/resources/mappers/person/WhiteListMapper.xml
View File

@ -24,7 +24,7 @@
FROM
v_white_worker vww
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.companyId != null and params.companyId !=''">
and vww.company_id = #{params.companyId}
</if>
@ -55,7 +55,7 @@
FROM
v_white_worker vww
<where>
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.orgId != null and params.orgId !=''">
and vww.company_id = #{params.orgId}
</if>

6
HnRealNameBmw/src/main/resources/mappers/personnelWarning/AttentionWarningMapper.xml
View File

@ -11,7 +11,7 @@
left join sys_dic_detail sdd ON bwr.POST_ID = sdd.id
left join bm_project bp on bwr.PROJECT_ID = bp.ID
WHERE bwr.IS_ACTIVE = 1 and bwr.examine_status = '1' AND ( bw.ETHNIC = '彝' OR bwr.ID_NUMBER LIKE '5134%')
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.name != null and params.name !=''">
and bw.name like concat('%',#{params.name},'%')
</if>
@ -40,7 +40,7 @@
left join sys_dic_detail sdd ON bwr.POST_ID = sdd.id
left join bm_project bp on bwr.PROJECT_ID = bp.ID
where bwr.IS_ACTIVE='1' and bwr.examine_status = '1' AND ( bw.ETHNIC = '彝' OR bwr.ID_NUMBER LIKE '5134%')
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.name != null and params.name !=''">
and bw.name like concat('%',#{params.name},'%')
</if>
@ -73,7 +73,7 @@
left join sys_dic_detail sdd ON bwr.POST_ID = sdd.id
left join bm_project bp on bwr.PROJECT_ID = bp.ID
where bwr.IS_ACTIVE='1' and bw.ETHNIC= '彝'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.name != null and params.name !=''">
and bw.name like concat('%',#{params.name},'%')
</if>

6
HnRealNameBmw/src/main/resources/mappers/personnelWarning/SpecialWarningMapper.xml
View File

@ -11,7 +11,7 @@
left join sys_dic_detail sdd ON bwr.POST_ID = sdd.id
left join bm_project bp on bwr.PROJECT_ID = bp.ID
where bwr.is_active='1' and bw.sex='女' and sdd.job_type= 2
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.name != null and params.name !=''">
and bw.name like concat('%',#{params.name},'%')
</if>
@ -39,7 +39,7 @@
left join sys_dic_detail sdd ON bwr.POST_ID = sdd.id
left join bm_project bp on bwr.PROJECT_ID = bp.ID
where bwr.is_active='1' and bw.sex='女' and sdd.job_type= 2 and bwr.examine_status='1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.name != null and params.name !=''">
and bw.name like concat('%',#{params.name},'%')
</if>
@ -70,7 +70,7 @@
left join sys_dic_detail sdd ON bwr.POST_ID = sdd.id
left join bm_project bp on bwr.PROJECT_ID = bp.ID
where bwr.is_active='1' and bw.sex='女' and sdd.job_type= 2
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.name != null and params.name !=''">
and bw.name like concat('%',#{params.name},'%')
</if>

18
HnRealNameBmw/src/main/resources/mappers/salaryfile/AnalysisWagesMapper.xml
View File

@ -30,7 +30,7 @@
jr.is_active = 1
AND jr.state = 5
AND bp.is_active = 1
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -73,7 +73,7 @@
jr.is_active = 1
AND jr.state = 5
AND bp.is_active = 1
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -119,7 +119,7 @@
AND jcp.post = jwp.post -- 添加岗位匹配条件
WHERE jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -206,7 +206,7 @@
WHERE
jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0 '>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -247,7 +247,7 @@
WHERE
jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -288,7 +288,7 @@
WHERE
jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -400,7 +400,7 @@
WHERE
jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -468,7 +468,7 @@
WHERE
jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>
@ -535,7 +535,7 @@
WHERE
jr.is_active = 1
AND jr.state = 5
<if test='params != null and params != "" '>
<if test='params != null and params.size()>0'>
<if test='params.proId != null and params.proId != "" '>
AND bp.id = #{params.proId}
</if>

4
HnRealNameBmw/src/main/resources/mappers/smallSubManagement/SmallSubPermissionMapper.xml
View File

@ -8,7 +8,7 @@
SELECT count(1)
FROM bm_subcontractor
WHERE IS_SUB = 1 AND IS_ACTIVE = 1
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.subName != null and params.subName !=''">
and instr(SUB_NAME,#{params.subName}) &gt; 0
</if>
@ -19,7 +19,7 @@
SELECT id as subId,SUB_NAME as subName
FROM bm_subcontractor as bs
WHERE IS_SUB = 1 AND IS_ACTIVE = 1
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.subName != null and params.subName !=''">
and bs.SUB_NAME like concat('%',#{params.subName},'%')
</if>

10
HnRealNameBmw/src/main/resources/mappers/smallSubManagement/TotalProWorkloadManageMapper.xml
View File

@ -10,7 +10,7 @@
left join bm_project bp on bls.pro_id=bp.ID
left join sys_user su ON bls.created_user = su.ID
WHERE bls.is_active='1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.proId != null and params.proId !=''">
and bls.pro_id = #{params.proId}
</if>
@ -40,7 +40,7 @@
left join bm_project bp on bls.pro_id=bp.ID
left join sys_user su ON bls.created_user = su.ID
where bls.is_active='1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.proId != null and params.proId !=''">
and bls.pro_id = #{params.proId}
</if>
@ -131,7 +131,7 @@
left join bm_project bp on bls.pro_id=bp.ID
left join sys_user su ON bls.created_user = su.ID
where bls.is_active='1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.proId != null and params.proId !=''">
and bls.pro_id = #{params.proId}
</if>
@ -173,7 +173,7 @@
left join bm_project bp on bls.pro_id=bp.ID
left join sys_user su ON bls.created_user = su.ID
WHERE bls.is_active='1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.proId != null and params.proId !=''">
and bls.pro_id = #{params.proId}
</if>
@ -194,7 +194,7 @@
LEFT JOIN bm_project bp ON bls.pro_id = bp.ID
LEFT JOIN sys_user su ON bls.created_user = su.ID
WHERE bls.is_active = '1'
<if test="params != null and params !=''">
<if test="params != null and params.size()>0">
<if test="params.proId != null and params.proId !=''">
and bls.pro_id = #{params.proId}
</if>

338
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/core/config/BnsSecurityConfig.java
View File

@ -1,169 +1,169 @@
package com.bonus.hnrn.rnmw.core.config;
import com.bonus.hnrn.rnmw.core.service.TokenService;
import com.bonus.hnrn.rnmw.core.service.UserServiceImp;
import com.bonus.hnrn.rnmw.core.util.ResponseUtil;
import com.bonus.hnrn.rnmw.core.entity.UserBean;
import com.bonus.hnrn.rnmw.core.util.StringHelper;
import com.bonus.hnrn.rnmw.core.util.Token;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import javax.annotation.Resource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@EnableWebSecurity
public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private TokenFilter tokenFilter;
@Resource(name = "tokenService")
private TokenService tokenService;
@Autowired
private RedisTemplate<String, UserBean> redisTemplate;
/*
* 解决跨域问题
*/
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
// 包含前端实际请求源http://localhost:63343
configuration.setAllowedOrigins(Arrays.asList(
"http://localhost:8080",
"http://127.0.0.1:8080",
"http://localhost:63343"
));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
configuration.setAllowCredentials(true);
configuration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
/*
* 授权规则
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// 配置跨域
.cors().and()
// 彻底禁用CSRF
.csrf().disable()
// 关键处理未认证请求替代默认重定向
.exceptionHandling()
.authenticationEntryPoint(new AuthenticationEntryPoint() {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException {
// 未认证时返回JSON提示而非重定向
Map<String, Object> map = new HashMap<>();
map.put("status", "error");
map.put("msg", "未登录或token已过期请重新登录");
ResponseUtil.responseJson(response, HttpStatus.UNAUTHORIZED.value(), map);
}
})
.and()
// 授权配置
.authorizeRequests()
.antMatchers("/login", "/logout", "/gzRealName/**").permitAll() // 匿名接口
.anyRequest().authenticated() // 其他接口需认证
.and()
// 表单登录配置前后端分离可简化
.formLogin()
.successHandler(new AuthenticationSuccessHandler() {
@Override
public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException {
Map<String, Object> map = new HashMap<>();
UserBean loginUser = (UserBean) authentication.getPrincipal();
Token token = tokenService.saveToken(loginUser);
loginUser.setToken(token.getToken());
if(StringHelper.isEmpty(loginUser.getProId())){
loginUser.setProId("null");
}
map.put("status","success");
map.put("user",loginUser);
ResponseUtil.responseJson(resp, HttpStatus.OK.value(), map);
}
})
.failureHandler(new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException exception) throws IOException {
Map<String, Object> map = new HashMap<>();
String msg = exception instanceof BadCredentialsException ? "密码错误" : exception.getMessage();
map.put("status","error");
map.put("msg",msg);
ResponseUtil.responseJson(resp, HttpStatus.OK.value(), map);
}
})
.permitAll()
.and()
// 退出登录配置
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException {
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
out.write("{\"status\":\"success\",\"msg\":\"logout success\"}");
out.flush();
}
})
.permitAll()
.and()
// 禁用HTTP Basic认证
.httpBasic().disable();
// 添加token过滤器验证请求中的token
http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
}
/*
* 认证规则
*/
@Resource(name = "userService")
private UserServiceImp userServiceImp;
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(new DecodePwdAuthenticationProvider(userServiceImp));
auth.userDetailsService(userServiceImp).passwordEncoder(new BCryptPasswordEncoder());
}
}
//package com.bonus.hnrn.rnmw.core.config;
//
//import com.bonus.hnrn.rnmw.core.service.TokenService;
//import com.bonus.hnrn.rnmw.core.service.UserServiceImp;
//import com.bonus.hnrn.rnmw.core.util.ResponseUtil;
//import com.bonus.hnrn.rnmw.core.entity.UserBean;
//import com.bonus.hnrn.rnmw.core.util.StringHelper;
//import com.bonus.hnrn.rnmw.core.util.Token;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.data.redis.core.RedisTemplate;
//import org.springframework.http.HttpStatus;
//import org.springframework.security.authentication.BadCredentialsException;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.core.Authentication;
//import org.springframework.security.core.AuthenticationException;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.AuthenticationEntryPoint;
//import org.springframework.security.web.authentication.AuthenticationFailureHandler;
//import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
//import org.springframework.web.cors.CorsConfiguration;
//import org.springframework.web.cors.CorsConfigurationSource;
//import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
//
//import javax.annotation.Resource;
//import javax.servlet.ServletException;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//import java.io.PrintWriter;
//import java.util.Arrays;
//import java.util.HashMap;
//import java.util.Map;
//
////@EnableWebSecurity
//public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
//
// @Autowired
// private TokenFilter tokenFilter;
// @Resource(name = "tokenService")
// private TokenService tokenService;
// @Autowired
// private RedisTemplate<String, UserBean> redisTemplate;
//
// /*
// * 解决跨域问题
// */
// @Bean
// public CorsConfigurationSource corsConfigurationSource() {
// CorsConfiguration configuration = new CorsConfiguration();
// // 包含前端实际请求源http://localhost:63343
// configuration.setAllowedOrigins(Arrays.asList(
// "http://localhost:8080",
// "http://127.0.0.1:8080",
// "http://localhost:63343"
// ));
// configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
// configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
// configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
// configuration.setAllowCredentials(true);
// configuration.setMaxAge(3600L);
//
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// source.registerCorsConfiguration("/**", configuration);
// return source;
// }
//
// /*
// * 授权规则
// */
// @Override
// protected void configure(HttpSecurity http) throws Exception {
// http
// // 配置跨域
// .cors().and()
// // 彻底禁用CSRF
// .csrf().disable()
// // 关键处理未认证请求替代默认重定向
// .exceptionHandling()
// .authenticationEntryPoint(new AuthenticationEntryPoint() {
// @Override
// public void commence(HttpServletRequest request, HttpServletResponse response,
// AuthenticationException authException) throws IOException {
// // 未认证时返回JSON提示而非重定向
// Map<String, Object> map = new HashMap<>();
// map.put("status", "error");
// map.put("msg", "未登录或token已过期请重新登录");
// ResponseUtil.responseJson(response, HttpStatus.UNAUTHORIZED.value(), map);
// }
// })
// .and()
// // 授权配置
// .authorizeRequests()
// .antMatchers("/login", "/logout", "/gzRealName/**").permitAll() // 匿名接口
// .anyRequest().authenticated() // 其他接口需认证
// .and()
// // 表单登录配置前后端分离可简化
// .formLogin()
// .successHandler(new AuthenticationSuccessHandler() {
// @Override
// public void onAuthenticationSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException {
// Map<String, Object> map = new HashMap<>();
// UserBean loginUser = (UserBean) authentication.getPrincipal();
// Token token = tokenService.saveToken(loginUser);
// loginUser.setToken(token.getToken());
// if(StringHelper.isEmpty(loginUser.getProId())){
// loginUser.setProId("null");
// }
// map.put("status","success");
// map.put("user",loginUser);
// ResponseUtil.responseJson(resp, HttpStatus.OK.value(), map);
// }
// })
// .failureHandler(new AuthenticationFailureHandler() {
// @Override
// public void onAuthenticationFailure(HttpServletRequest req, HttpServletResponse resp, AuthenticationException exception) throws IOException {
// Map<String, Object> map = new HashMap<>();
// String msg = exception instanceof BadCredentialsException ? "密码错误" : exception.getMessage();
// map.put("status","error");
// map.put("msg",msg);
// ResponseUtil.responseJson(resp, HttpStatus.OK.value(), map);
// }
// })
// .permitAll()
// .and()
// // 退出登录配置
// .logout()
// .logoutUrl("/logout")
// .logoutSuccessHandler(new LogoutSuccessHandler() {
// @Override
// public void onLogoutSuccess(HttpServletRequest req, HttpServletResponse resp, Authentication authentication) throws IOException {
// resp.setContentType("application/json;charset=utf-8");
// PrintWriter out = resp.getWriter();
// out.write("{\"status\":\"success\",\"msg\":\"logout success\"}");
// out.flush();
// }
// })
// .permitAll()
// .and()
// // 禁用HTTP Basic认证
// .httpBasic().disable();
//
// // 添加token过滤器验证请求中的token
// http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
// }
//
// /*
// * 认证规则
// */
// @Resource(name = "userService")
// private UserServiceImp userServiceImp;
//
// @Bean
// public PasswordEncoder passwordEncoder(){
// return new BCryptPasswordEncoder();
// }
//
// @Override
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.authenticationProvider(new DecodePwdAuthenticationProvider(userServiceImp));
// auth.userDetailsService(userServiceImp).passwordEncoder(new BCryptPasswordEncoder());
// }
//}

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/core/controller/UserController.java
View File

@ -17,7 +17,7 @@ import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/user")
public class UserController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/AttendanceController.java
View File

@ -14,7 +14,7 @@ import javax.annotation.Resource;
import java.util.*;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/attendance")
public class AttendanceController {

8
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/CompanyController.java
View File

@ -12,7 +12,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/company")
public class CompanyController {
@ -22,7 +22,7 @@ public class CompanyController {
/**
* 分公司/企业注册
*/
@CrossOrigin
//@CrossOrigin
@PostMapping(value = "/addCompany")
public AjaxRes addCompany(CompanyEntity bean) {
AjaxRes ar = new AjaxRes();
@ -48,7 +48,7 @@ public class CompanyController {
/**
* 获取单位类型
*/
@CrossOrigin
//@CrossOrigin
@PostMapping(value = "/findOrgType")
public AjaxRes findOrgType() {
AjaxRes ar = new AjaxRes();
@ -139,7 +139,7 @@ public class CompanyController {
// /**
// * 验证码
// */
// @CrossOrigin
// //@CrossOrigin
// @PostMapping(value = "/findMsg")
// public AjaxRes findMsg(CompanyEntity bean, HttpServletRequest request) {
// AjaxRes ar = new AjaxRes();

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/ContractController.java
View File

@ -22,7 +22,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/contract")
public class ContractController {

24
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/HomeController.java
View File

@ -10,7 +10,7 @@ import javax.annotation.Resource;
import java.util.*;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/home")
public class HomeController {
@ -21,7 +21,7 @@ public class HomeController {
/**
* 年龄结构
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getAgeStructureList", method = RequestMethod.POST)
public AjaxRes getAgeStructureList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -40,7 +40,7 @@ public class HomeController {
/**
* 工种统计
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getProList", method = RequestMethod.POST)
public AjaxRes getProList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -59,7 +59,7 @@ public class HomeController {
/**
* 出入场信息
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getWorkerRecordList", method = RequestMethod.POST)
public AjaxRes getWorkerRecordList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -88,7 +88,7 @@ public class HomeController {
/**
* 数据统计
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getWorkerPostList", method = RequestMethod.POST)
public AjaxRes getWorkerPostList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -131,7 +131,7 @@ public class HomeController {
}
return ar;
}
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getWorkerPostCardList", method = RequestMethod.POST)
public AjaxRes getWorkerPostCardList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -174,7 +174,7 @@ public class HomeController {
/**
* 红黑名单
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getWorkerRedBlackWhiteList", method = RequestMethod.POST)
public AjaxRes getWorkerRedBlackWhiteList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -195,7 +195,7 @@ public class HomeController {
/**
* 人员管理
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getWorkerList", method = RequestMethod.POST)
public AjaxRes getWorkerList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -244,7 +244,7 @@ public class HomeController {
/**
* 工资统计
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getSalaryList", method = RequestMethod.POST)
public AjaxRes getSalaryList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -273,7 +273,7 @@ public class HomeController {
/**
* 施工人脸甄别
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getWorkerAttendanceList", method = RequestMethod.POST)
public AjaxRes getWorkerAttendanceList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -290,7 +290,7 @@ public class HomeController {
/**
* 地图展示
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getMapList", method = RequestMethod.POST)
public AjaxRes getMapList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();
@ -309,7 +309,7 @@ public class HomeController {
/**
* 合同管理
*/
@CrossOrigin
//@CrossOrigin
@RequestMapping(value = "/getContractList", method = RequestMethod.POST)
public AjaxRes getContractList(HomeEntity bean) {
AjaxRes ar = new AjaxRes();

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/MapController.java
View File

@ -12,7 +12,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/map")
public class MapController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/ProInfoController.java
View File

@ -22,7 +22,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/proInfo")
public class ProInfoController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/RedBlackController.java
View File

@ -21,7 +21,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/redBlack")
public class RedBlackController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/SalaryController.java
View File

@ -21,7 +21,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/salary")
public class SalaryController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/WorkerAttendanceController.java
View File

@ -24,7 +24,7 @@ import java.text.SimpleDateFormat;
import java.util.*;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/workerAttendance")
public class WorkerAttendanceController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/WorkerPeopleController.java
View File

@ -21,7 +21,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/workerPeople")
public class WorkerPeopleController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/WorkerPostController.java
View File

@ -17,7 +17,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/workerPost")
public class WorkerPostController {

2
HnRealNameMw/src/main/java/com/bonus/hnrn/rnmw/person/controller/WorkerRecordController.java
View File

@ -21,7 +21,7 @@ import java.util.List;
import java.util.Map;
@RestController
@CrossOrigin
//@CrossOrigin
@RequestMapping("/workerRecord")
public class WorkerRecordController {

2
HnRealNameMw/src/main/resources/logback-boot.xml
View File

@ -69,6 +69,7 @@
<logger name="adminLogger" level="${mylevel}" additivity="true">
<appender-ref ref="adminLog" />
</logger>
<logger name="com.alibaba.nacos" level="DEBUG"/>
<logger name="com.bonus.gzrn" level="DEBUG" additivity="true">
<appender-ref ref="sqlLog" />
@ -79,6 +80,7 @@
</logger>
<root level="${rootlevel}">
<appender-ref ref="STDOUT" />
<appender-ref ref="errorLog" />
</root>

1
hn-czl-service/src/main/java/com/bonus/hn/bearing/capacity/backstage/manager/config/WebMvcConfig.java
View File

@ -9,7 +9,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.ResourceUtils;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**

12
hn-gateway/bonus-gateway/src/main/java/com/bonus/gateway/config/CorsConfig.java
View File

@ -19,10 +19,22 @@ public class CorsConfig {
// 用于处理跨源资源共享CORS, Cross-Origin Resource Sharing的过滤器
public CorsWebFilter corsFilter() { //网关过滤器写法基本是固定的
CorsConfiguration config = new CorsConfiguration();
// 允许的前端域名生产环境建议限定具体域名
config.addAllowedOrigin("*");
// 允许携带Cookie如需
config.setAllowCredentials(true);
// 允许所有请求方法GET/POST/OPTIONS等
config.addAllowedMethod("*");
// 允许所有请求头包括前端自定义头
config.addAllowedHeader("*");
// 预检请求缓存时间减少OPTIONS请求次数
config.setMaxAge(3600L);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedMethods(Collections.singletonList("*")); // 允许所有方法也可以指定如GET, POST等具体方法
config.setAllowedHeaders(Collections.singletonList("*")); // 允许所有头信息也可以指定具体头信息
config.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config); // 对所有路径应用此CORS配置
return new CorsWebFilter(source);

1
hn_czl_screen/src/main/java/com/bonus/hn/bearing/capacity/screen/manager/config/WebMvcConfig.java
View File

@ -6,7 +6,6 @@ import com.bonus.hn.bearing.capacity.screen.manager.table.PageTableArgumentResol
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;