From 77d6821a1c35ecf6a1d87bf57b4649dccc3c06f1 Mon Sep 17 00:00:00 2001 From: 4670101279 Date: Fri, 24 Jun 2022 17:11:24 +0800 Subject: [PATCH] =?UTF-8?q?=E6=91=84=E5=83=8F=E6=9C=BA=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ruoyi-admin/pom.xml | 22 +-- .../main/java/com/ruoyi/RuoYiApplication.java | 25 ++-- .../src/main/resources/application.yml | 32 +++-- ruoyi-common/pom.xml | 12 +- .../com/ruoyi/common/constant/Constants.java | 24 +++- .../java/com/ruoyi/common/core/page/R.java | 66 +++++++++ .../ruoyi/common/exception/RYException.java | 61 ++++++++ .../java/com/ruoyi/common/utils/BeanUtil.java | 36 +++++ .../java/com/ruoyi/common/utils/Query.java | 75 ++++++++++ .../java/com/ruoyi/common/xss/SQLFilter.java | 51 +++++++ ruoyi-framework/pom.xml | 4 +- .../ruoyi/framework/config/MyBatisConfig.java | 132 ------------------ .../framework/config/MybatisPlusConfig.java | 62 ++++++++ .../framework/config/SecurityConfig.java | 10 +- ruoyi-generator/pom.xml | 4 +- .../main/resources/vm/java/controller.java.vm | 3 +- ruoyi-quartz/pom.xml | 4 +- ruoyi-system/pom.xml | 4 +- 18 files changed, 448 insertions(+), 179 deletions(-) create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/core/page/R.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/exception/RYException.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/BeanUtil.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/Query.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/xss/SQLFilter.java delete mode 100644 ruoyi-framework/src/main/java/com/ruoyi/framework/config/MyBatisConfig.java create mode 100644 ruoyi-framework/src/main/java/com/ruoyi/framework/config/MybatisPlusConfig.java diff --git a/ruoyi-admin/pom.xml b/ruoyi-admin/pom.xml index 4034825..aa1da91 100644 --- a/ruoyi-admin/pom.xml +++ b/ruoyi-admin/pom.xml @@ -5,7 +5,7 @@ ruoyi com.ruoyi - 3.8.2 + 3.8.1 4.0.0 jar @@ -61,6 +61,12 @@ ruoyi-generator + + + com.ruoyi + ruoyi-code + + @@ -80,17 +86,17 @@ - - org.apache.maven.plugins - maven-war-plugin - 3.1.0 + + org.apache.maven.plugins + maven-war-plugin + 3.1.0 false ${project.artifactId} - - + + ${project.artifactId} - \ No newline at end of file + diff --git a/ruoyi-admin/src/main/java/com/ruoyi/RuoYiApplication.java b/ruoyi-admin/src/main/java/com/ruoyi/RuoYiApplication.java index 32eb6f1..0eebb7d 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/RuoYiApplication.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/RuoYiApplication.java @@ -1,12 +1,15 @@ package com.ruoyi; +import com.ruoyi.common.utils.BeanUtil; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.context.annotation.Bean; /** * 启动程序 - * + * * @author ruoyi */ @SpringBootApplication(exclude = { DataSourceAutoConfiguration.class }) @@ -15,16 +18,14 @@ public class RuoYiApplication public static void main(String[] args) { // System.setProperty("spring.devtools.restart.enabled", "false"); - SpringApplication.run(RuoYiApplication.class, args); - System.out.println("(♥◠‿◠)ノ゙ 若依启动成功 ლ(´ڡ`ლ)゙ \n" + - " .-------. ____ __ \n" + - " | _ _ \\ \\ \\ / / \n" + - " | ( ' ) | \\ _. / ' \n" + - " |(_ o _) / _( )_ .' \n" + - " | (_,_).' __ ___(_ o _)' \n" + - " | |\\ \\ | || |(_,_)' \n" + - " | | \\ `' /| `-' / \n" + - " | | \\ / \\ / \n" + - " ''-' `'-' `-..-' "); +// SpringApplication.run(RuoYiApplication.class, args); + SpringApplicationBuilder builder = new SpringApplicationBuilder(RuoYiApplication.class); + builder.headless(false).run(args); + System.out.println("(♥◠‿◠)ノ゙ 启动成功 ლ(´ڡ`ლ)゙ "); + } + + @Bean + public BeanUtil beanUtil() { + return new BeanUtil(); } } diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml index b1b7661..0b23548 100644 --- a/ruoyi-admin/src/main/resources/application.yml +++ b/ruoyi-admin/src/main/resources/application.yml @@ -66,7 +66,7 @@ spring: # 端口,默认为6379 port: 6379 # 数据库索引 - database: 0 + database: 6 # 密码 password: foobared # 连接超时时间 @@ -91,14 +91,20 @@ token: # 令牌有效期(默认30分钟) expireTime: 30 -# MyBatis配置 -mybatis: - # 搜索指定包别名 - typeAliasesPackage: com.ruoyi.**.domain - # 配置mapper的扫描,找到所有的mapper.xml映射文件 - mapperLocations: classpath*:mapper/**/*Mapper.xml - # 加载全局的配置文件 - configLocation: classpath:mybatis/mybatis-config.xml +# MyBatis-plus配置 +mybatis-plus: + # 搜索指定包别名 + typeAliasesPackage: com.ruoyi.**.domain + # 配置mapper的扫描,找到所有的mapper.xml映射文件 + mapperLocations: classpath*:mapper/**/*Mapper.xml + # 加载全局的配置文件 + configLocation: classpath:mybatis/mybatis-config.xml + global-config: + db-config: + logic-delete-field: flag # 全局逻辑删除的实体字段名(since 3.3.0,配置后可以忽略不配置步骤2) + logic-delete-value: 1 # 逻辑已删除值(默认为 1) + logic-not-delete-value: 0 # 逻辑未删除值(默认为 0) + # PageHelper分页插件 pagehelper: @@ -121,3 +127,11 @@ xss: excludes: /system/notice # 匹配链接 urlPatterns: /system/*,/monitor/*,/tool/* + +#camera: +# register: +# ip: 192.168.1.11 +## ip: 172.17.0.2 +# port: 8020 +# username: admin +# password: admin123 diff --git a/ruoyi-common/pom.xml b/ruoyi-common/pom.xml index 04314f8..fd6e81a 100644 --- a/ruoyi-common/pom.xml +++ b/ruoyi-common/pom.xml @@ -5,7 +5,7 @@ ruoyi com.ruoyi - 3.8.2 + 3.8.1 4.0.0 @@ -52,7 +52,7 @@ org.apache.commons commons-lang3 - + com.fasterxml.jackson.core @@ -137,6 +137,12 @@ lombok 1.18.4 + + + com.sun + jna + 1.0 + - \ No newline at end of file + diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java b/ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java index 5752c60..3d05ccf 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java @@ -4,7 +4,7 @@ import io.jsonwebtoken.Claims; /** * 通用常量信息 - * + * * @author ruoyi */ public class Constants @@ -164,4 +164,26 @@ public class Constants */ public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml", "org.springframework", "org.apache", "com.ruoyi.common.utils.file" }; + + + /** + * 当前页码 + */ + public static final String PAGE = "page"; + /** + * 每页显示记录数 + */ + public static final String LIMIT = "limit"; + /** + * 排序字段 + */ + public static final String ORDER_FIELD = "sidx"; + /** + * 排序方式 + */ + public static final String ORDER = "order"; + /** + * 升序 + */ + public static final String ASC = "asc"; } diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/core/page/R.java b/ruoyi-common/src/main/java/com/ruoyi/common/core/page/R.java new file mode 100644 index 0000000..7329aed --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/core/page/R.java @@ -0,0 +1,66 @@ +/** + * Copyright (c) 2016-2019 人人开源 All rights reserved. + * + * https://www.renren.io + * + * 版权所有,侵权必究! + */ + +package com.ruoyi.common.core.page; + +import java.util.HashMap; +import java.util.Map; + +/** + * 返回数据 + * + * @author Mark sunlightcs@gmail.com + */ +public class R extends HashMap { + private static final long serialVersionUID = 1L; + + public R() { + put("code", 0); + put("msg", "操作成功"); + } + + public R(Object o) {} + + public static R error() { + return error(500, "发生错误,请联系管理员"); + } + + public static R error(String msg) { + return error(500, msg); + } + + public static R error(int code, String msg) { + R r = new R(); + r.put("code", code); + r.put("msg", msg); + return r; + } + + public static R ok(String msg) { + R r = new R(); + r.put("msg", msg); + return r; + } + + public static R ok(Map map) { + R r = new R(); + r.putAll(map); + return r; + } + + public static R ok() { + return new R(); + } + + @Override + public R put(String key, Object value) { + super.put(key, value); + return this; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/exception/RYException.java b/ruoyi-common/src/main/java/com/ruoyi/common/exception/RYException.java new file mode 100644 index 0000000..7bb2fb5 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/exception/RYException.java @@ -0,0 +1,61 @@ +/** + * Copyright (c) 2016-2019 人人开源 All rights reserved. + * + * https://www.renren.io + * + * 版权所有,侵权必究! + */ + +package com.ruoyi.common.exception; + +/** + * 自定义异常 + * + * @author Mark sunlightcs@gmail.com + */ +public class RYException extends RuntimeException { + private static final long serialVersionUID = 1L; + + private String msg; + private int code = 500; + + public RYException(String msg) { + super(msg); + this.msg = msg; + } + + public RYException(String msg, Throwable e) { + super(msg, e); + this.msg = msg; + } + + public RYException(String msg, int code) { + super(msg); + this.msg = msg; + this.code = code; + } + + public RYException(String msg, int code, Throwable e) { + super(msg, e); + this.msg = msg; + this.code = code; + } + + public String getMsg() { + return msg; + } + + public void setMsg(String msg) { + this.msg = msg; + } + + public int getCode() { + return code; + } + + public void setCode(int code) { + this.code = code; + } + + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/BeanUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/BeanUtil.java new file mode 100644 index 0000000..4f399f2 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/BeanUtil.java @@ -0,0 +1,36 @@ +package com.ruoyi.common.utils; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.io.output.CloseShieldOutputStream; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.DisposableBean; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; +import java.util.ArrayList; +import java.util.List; + +public class BeanUtil implements ApplicationContextAware, DisposableBean { + private static ApplicationContext applicationContext = null; + + /** + * 从静态变量applicationContext中取得Bean, 自动转型为所赋值对象的类型. + */ + public static T getBean(Class requiredType) { + if(applicationContext==null){ + throw new IllegalStateException("applicaitonContext属性未注入, 请在SpringBoot启动类中注册BeanUtil."); + } + return applicationContext.getBean(requiredType); + } + + @Override + public void destroy() { + applicationContext = null; + } + + @Override + public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { + if (BeanUtil.applicationContext != null) { + System.out.println("BeanUtil中的ApplicationContext被覆盖, 原有ApplicationContext为:" + BeanUtil.applicationContext); + } + BeanUtil.applicationContext = applicationContext; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/Query.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/Query.java new file mode 100644 index 0000000..98c9788 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/Query.java @@ -0,0 +1,75 @@ +/** + * Copyright (c) 2016-2019 人人开源 All rights reserved. + * + * https://www.renren.io + * + * 版权所有,侵权必究! + */ + +package com.ruoyi.common.utils; + +import com.baomidou.mybatisplus.core.metadata.OrderItem; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import com.ruoyi.common.constant.Constants; +import com.ruoyi.common.xss.SQLFilter; + +import java.util.Map; + +/** + * 查询参数 + * + * @author Mark sunlightcs@gmail.com + */ +public class Query { + + public Page getPage(Map params) { + return this.getPage(params, null, false); + } + + public Page getPage(Map params, String defaultOrderField, boolean isAsc) { + //分页参数 + long curPage = 1; + long limit = 10; + + if(params.get(Constants.PAGE) != null){ + curPage = Long.parseLong((String)params.get(Constants.PAGE)); + } + if(params.get(Constants.LIMIT) != null){ + limit = Long.parseLong((String)params.get(Constants.LIMIT)); + } + + //分页对象 + Page page = new Page<>(curPage, limit); + + //分页参数 + params.put(Constants.PAGE, page); + + //排序字段 + //防止SQL注入(因为sidx、order是通过拼接SQL实现排序的,会有SQL注入风险) + String orderField = SQLFilter.sqlInject((String)params.get(Constants.ORDER_FIELD)); + String order = (String)params.get(Constants.ORDER); + + //前端字段排序 + if(StringUtils.isNotEmpty(orderField) && StringUtils.isNotEmpty(order)){ + if(Constants.ASC.equalsIgnoreCase(order)) { + return page.addOrder(OrderItem.asc(orderField)); + }else { + return page.addOrder(OrderItem.desc(orderField)); + } + } + + //没有排序字段,则不排序 + if(StringUtils.isBlank(defaultOrderField)){ + return page; + } + + //默认排序 + if(isAsc) { + page.addOrder(OrderItem.asc(defaultOrderField)); + }else { + page.addOrder(OrderItem.desc(defaultOrderField)); + } + + return page; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/xss/SQLFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/xss/SQLFilter.java new file mode 100644 index 0000000..ea386db --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/xss/SQLFilter.java @@ -0,0 +1,51 @@ +/** + * Copyright (c) 2016-2019 人人开源 All rights reserved. + * + * https://www.renren.io + * + * 版权所有,侵权必究! + */ + +package com.ruoyi.common.xss; + + +import com.ruoyi.common.exception.RYException; +import org.apache.commons.lang3.StringUtils; + +/** + * SQL过滤 + * + * @author Mark sunlightcs@gmail.com + */ +public class SQLFilter { + + /** + * SQL注入过滤 + * @param str 待验证的字符串 + */ + public static String sqlInject(String str){ + if(StringUtils.isBlank(str)){ + return null; + } + //去掉'|"|;|\字符 + str = StringUtils.replace(str, "'", ""); + str = StringUtils.replace(str, "\"", ""); + str = StringUtils.replace(str, ";", ""); + str = StringUtils.replace(str, "\\", ""); + + //转换成小写 + str = str.toLowerCase(); + + //非法字符 + String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"}; + + //判断是否包含非法字符 + for(String keyword : keywords){ + if(str.indexOf(keyword) != -1){ + throw new RYException("包含非法字符"); + } + } + + return str; + } +} diff --git a/ruoyi-framework/pom.xml b/ruoyi-framework/pom.xml index 562e4c3..4dcfb0c 100644 --- a/ruoyi-framework/pom.xml +++ b/ruoyi-framework/pom.xml @@ -5,7 +5,7 @@ ruoyi com.ruoyi - 3.8.2 + 3.8.1 4.0.0 @@ -61,4 +61,4 @@ - \ No newline at end of file + diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MyBatisConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MyBatisConfig.java deleted file mode 100644 index 057c941..0000000 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MyBatisConfig.java +++ /dev/null @@ -1,132 +0,0 @@ -package com.ruoyi.framework.config; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashSet; -import java.util.List; -import javax.sql.DataSource; -import org.apache.ibatis.io.VFS; -import org.apache.ibatis.session.SqlSessionFactory; -import org.mybatis.spring.SqlSessionFactoryBean; -import org.mybatis.spring.boot.autoconfigure.SpringBootVFS; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.core.env.Environment; -import org.springframework.core.io.DefaultResourceLoader; -import org.springframework.core.io.Resource; -import org.springframework.core.io.support.PathMatchingResourcePatternResolver; -import org.springframework.core.io.support.ResourcePatternResolver; -import org.springframework.core.type.classreading.CachingMetadataReaderFactory; -import org.springframework.core.type.classreading.MetadataReader; -import org.springframework.core.type.classreading.MetadataReaderFactory; -import org.springframework.util.ClassUtils; -import com.ruoyi.common.utils.StringUtils; - -/** - * Mybatis支持*匹配扫描包 - * - * @author ruoyi - */ -@Configuration -public class MyBatisConfig -{ - @Autowired - private Environment env; - - static final String DEFAULT_RESOURCE_PATTERN = "**/*.class"; - - public static String setTypeAliasesPackage(String typeAliasesPackage) - { - ResourcePatternResolver resolver = (ResourcePatternResolver) new PathMatchingResourcePatternResolver(); - MetadataReaderFactory metadataReaderFactory = new CachingMetadataReaderFactory(resolver); - List allResult = new ArrayList(); - try - { - for (String aliasesPackage : typeAliasesPackage.split(",")) - { - List result = new ArrayList(); - aliasesPackage = ResourcePatternResolver.CLASSPATH_ALL_URL_PREFIX - + ClassUtils.convertClassNameToResourcePath(aliasesPackage.trim()) + "/" + DEFAULT_RESOURCE_PATTERN; - Resource[] resources = resolver.getResources(aliasesPackage); - if (resources != null && resources.length > 0) - { - MetadataReader metadataReader = null; - for (Resource resource : resources) - { - if (resource.isReadable()) - { - metadataReader = metadataReaderFactory.getMetadataReader(resource); - try - { - result.add(Class.forName(metadataReader.getClassMetadata().getClassName()).getPackage().getName()); - } - catch (ClassNotFoundException e) - { - e.printStackTrace(); - } - } - } - } - if (result.size() > 0) - { - HashSet hashResult = new HashSet(result); - allResult.addAll(hashResult); - } - } - if (allResult.size() > 0) - { - typeAliasesPackage = String.join(",", (String[]) allResult.toArray(new String[0])); - } - else - { - throw new RuntimeException("mybatis typeAliasesPackage 路径扫描错误,参数typeAliasesPackage:" + typeAliasesPackage + "未找到任何包"); - } - } - catch (IOException e) - { - e.printStackTrace(); - } - return typeAliasesPackage; - } - - public Resource[] resolveMapperLocations(String[] mapperLocations) - { - ResourcePatternResolver resourceResolver = new PathMatchingResourcePatternResolver(); - List resources = new ArrayList(); - if (mapperLocations != null) - { - for (String mapperLocation : mapperLocations) - { - try - { - Resource[] mappers = resourceResolver.getResources(mapperLocation); - resources.addAll(Arrays.asList(mappers)); - } - catch (IOException e) - { - // ignore - } - } - } - return resources.toArray(new Resource[resources.size()]); - } - - @Bean - public SqlSessionFactory sqlSessionFactory(DataSource dataSource) throws Exception - { - String typeAliasesPackage = env.getProperty("mybatis.typeAliasesPackage"); - String mapperLocations = env.getProperty("mybatis.mapperLocations"); - String configLocation = env.getProperty("mybatis.configLocation"); - typeAliasesPackage = setTypeAliasesPackage(typeAliasesPackage); - VFS.addImplClass(SpringBootVFS.class); - - final SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean(); - sessionFactory.setDataSource(dataSource); - sessionFactory.setTypeAliasesPackage(typeAliasesPackage); - sessionFactory.setMapperLocations(resolveMapperLocations(StringUtils.split(mapperLocations, ","))); - sessionFactory.setConfigLocation(new DefaultResourceLoader().getResource(configLocation)); - return sessionFactory.getObject(); - } -} \ No newline at end of file diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MybatisPlusConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MybatisPlusConfig.java new file mode 100644 index 0000000..f712180 --- /dev/null +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MybatisPlusConfig.java @@ -0,0 +1,62 @@ +package com.ruoyi.framework.config; + +import com.baomidou.mybatisplus.annotation.DbType; +import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor; +import com.baomidou.mybatisplus.extension.plugins.inner.BlockAttackInnerInterceptor; +import com.baomidou.mybatisplus.extension.plugins.inner.OptimisticLockerInnerInterceptor; +import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.transaction.annotation.EnableTransactionManagement; + +/** + * Mybatis Plus 配置 + * + * @author ruoyi + */ +@EnableTransactionManagement(proxyTargetClass = true) +@Configuration +public class MybatisPlusConfig +{ + @Bean + public MybatisPlusInterceptor mybatisPlusInterceptor() + { + MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor(); + // 分页插件 + interceptor.addInnerInterceptor(paginationInnerInterceptor()); + // 乐观锁插件 + interceptor.addInnerInterceptor(optimisticLockerInnerInterceptor()); + // 阻断插件 + interceptor.addInnerInterceptor(blockAttackInnerInterceptor()); + return interceptor; + } + + /** + * 分页插件,自动识别数据库类型 https://baomidou.com/guide/interceptor-pagination.html + */ + public PaginationInnerInterceptor paginationInnerInterceptor() + { + PaginationInnerInterceptor paginationInnerInterceptor = new PaginationInnerInterceptor(); + // 设置数据库类型为mysql + paginationInnerInterceptor.setDbType(DbType.MYSQL); + // 设置最大单页限制数量,默认 500 条,-1 不受限制 + paginationInnerInterceptor.setMaxLimit(-1L); + return paginationInnerInterceptor; + } + + /** + * 乐观锁插件 https://baomidou.com/guide/interceptor-optimistic-locker.html + */ + public OptimisticLockerInnerInterceptor optimisticLockerInnerInterceptor() + { + return new OptimisticLockerInnerInterceptor(); + } + + /** + * 如果是对全表的删除或更新操作,就会终止该操作 https://baomidou.com/guide/interceptor-block-attack.html + */ + public BlockAttackInnerInterceptor blockAttackInnerInterceptor() + { + return new BlockAttackInnerInterceptor(); + } +} \ No newline at end of file diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java index 35e9dee..dd1dfa3 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java @@ -20,7 +20,7 @@ import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl; /** * spring security配置 - * + * * @author ruoyi */ @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) @@ -31,7 +31,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter */ @Autowired private UserDetailsService userDetailsService; - + /** * 认证失败处理类 */ @@ -49,13 +49,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter */ @Autowired private JwtAuthenticationTokenFilter authenticationTokenFilter; - + /** * 跨域过滤器 */ @Autowired private CorsFilter corsFilter; - + /** * 解决 无法直接注入 AuthenticationManager * @@ -97,7 +97,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter // 过滤请求 .authorizeRequests() // 对于登录login 注册register 验证码captchaImage 允许匿名访问 - .antMatchers("/login", "/register", "/captchaImage").anonymous() + .antMatchers("/login", "/register", "/captchaImage","/api/**").anonymous() .antMatchers( HttpMethod.GET, "/", diff --git a/ruoyi-generator/pom.xml b/ruoyi-generator/pom.xml index 51d13b7..f173cc8 100644 --- a/ruoyi-generator/pom.xml +++ b/ruoyi-generator/pom.xml @@ -5,7 +5,7 @@ ruoyi com.ruoyi - 3.8.2 + 3.8.1 4.0.0 @@ -37,4 +37,4 @@ - \ No newline at end of file + diff --git a/ruoyi-generator/src/main/resources/vm/java/controller.java.vm b/ruoyi-generator/src/main/resources/vm/java/controller.java.vm index dd39856..00e0dd9 100644 --- a/ruoyi-generator/src/main/resources/vm/java/controller.java.vm +++ b/ruoyi-generator/src/main/resources/vm/java/controller.java.vm @@ -4,6 +4,7 @@ import java.util.List; import java.util.Arrays; import java.util.Map; import javax.servlet.http.HttpServletResponse; +import javax.annotation.Resource; import com.ruoyi.common.core.page.R; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.beans.factory.annotation.Autowired; @@ -32,7 +33,7 @@ import com.ruoyi.common.utils.poi.ExcelUtil; @RequestMapping("/${moduleName}/${businessName}") public class ${ClassName}Controller extends BaseController { - @Autowired + @Resource private I${ClassName}Service ${className}Service; /** diff --git a/ruoyi-quartz/pom.xml b/ruoyi-quartz/pom.xml index b8e7d9e..289d9d1 100644 --- a/ruoyi-quartz/pom.xml +++ b/ruoyi-quartz/pom.xml @@ -5,7 +5,7 @@ ruoyi com.ruoyi - 3.8.2 + 3.8.1 4.0.0 @@ -37,4 +37,4 @@ - \ No newline at end of file + diff --git a/ruoyi-system/pom.xml b/ruoyi-system/pom.xml index e55e2a8..2f419a4 100644 --- a/ruoyi-system/pom.xml +++ b/ruoyi-system/pom.xml @@ -5,7 +5,7 @@ ruoyi com.ruoyi - 3.8.2 + 3.8.1 4.0.0 @@ -25,4 +25,4 @@ - \ No newline at end of file +