添加新群号：179219821

update vue.config.js
升级element-ui到最新版本2.15.14
2024-01-11 15:47:14 +08:00 · 2024-01-11 15:47:05 +08:00 · 2023-12-07 11:19:06 +08:00 · 2023-12-07 11:18:32 +08:00 · 2023-12-04 16:46:42 +08:00 · 2023-12-04 16:45:53 +08:00
387 changed files with 13302 additions and 5962 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1 @@
+custom: http://doc.ruoyi.vip/ruoyi-cloud/other/donate.html
--- a/.gitignore
+++ b/.gitignore
@ -25,6 +25,8 @@ target/
 *.iml
 *.ipr

+### JRebel ###
+rebel.xml
 ### NetBeans ###
 nbproject/private/
 build/*
@ -37,6 +39,7 @@ nbdist/
 # Others
 *.log
 *.xml.versionsBackup
+*.swp

 !*/build/*.java
 !*/build/*.html
--- a/README.md
+++ b/README.md
@ -1,3 +1,14 @@
+<p align="center">
+	<img alt="logo" src="https://oscimg.oschina.net/oscnet/up-b99b286755aef70355a7084753f89cdb7c9.png">
+</p>
+<h1 align="center" style="margin: 30px 0 30px; font-weight: bold;">RuoYi v3.6.3</h1>
+<h4 align="center">基于 Vue/Element UI 和 Spring Boot/Spring Cloud & Alibaba 前后端分离的分布式微服务架构</h4>
+<p align="center">
+	<a href="https://gitee.com/y_project/RuoYi-Cloud/stargazers"><img src="https://gitee.com/y_project/RuoYi-Cloud/badge/star.svg?theme=dark"></a>
+	<a href="https://gitee.com/y_project/RuoYi-Cloud"><img src="https://img.shields.io/badge/RuoYi-v3.6.3-brightgreen.svg"></a>
+	<a href="https://gitee.com/y_project/RuoYi-Cloud/blob/master/LICENSE"><img src="https://img.shields.io/github/license/mashape/apistatus.svg"></a>
+</p>
+
 ## 平台简介

 若依是一套全部开源的快速开发平台，毫无保留给个人及企业免费使用。
@ -6,6 +17,7 @@
 * 后端采用Spring Boot、Spring Cloud & Alibaba。
 * 注册中心、配置中心选型Nacos，权限认证使用Redis。
 * 流量控制框架选型Sentinel，分布式事务选型Seata。
+* 提供了技术栈（[Vue3](https://v3.cn.vuejs.org) [Element Plus](https://element-plus.org/zh-CN) [Vite](https://cn.vitejs.dev)）版本[RuoYi-Cloud-Vue3](https://github.com/yangzongzhuan/RuoYi-Cloud-Vue3)，保持同步更新。
 * 如需不分离应用，请移步 [RuoYi](https://gitee.com/y_project/RuoYi)，如需分离应用，请移步 [RuoYi-Vue](https://gitee.com/y_project/RuoYi-Vue)
 * 阿里云折扣场：[点我进入](http://aly.ruoyi.vip)，腾讯云秒杀场：[点我进入](http://txy.ruoyi.vip)&nbsp;&nbsp;
 * 阿里云优惠券：[点我领取](https://www.aliyun.com/minisite/goods?userCode=brki8iof&share_source=copy_link)，腾讯云优惠券：[点我领取](https://cloud.tencent.com/redirect.php?redirect=1025&cps_key=198c8df2ed259157187173bc7f4f32fd&from=console)&nbsp;&nbsp;
@ -27,6 +39,7 @@ com.ruoyi
 │       └── ruoyi-common-datasource                   // 多数据源
 │       └── ruoyi-common-log                          // 日志记录
 │       └── ruoyi-common-redis                        // 缓存服务
+│       └── ruoyi-common-seata                        // 分布式事务
 │       └── ruoyi-common-security                     // 安全模块
 │       └── ruoyi-common-swagger                      // 系统接口
 ├── ruoyi-modules         // 业务模块
@ -115,4 +128,4 @@ com.ruoyi

 ## 若依微服务交流群

-QQ群： [![加入QQ群](https://img.shields.io/badge/已满-42799195-blue.svg)](https://jq.qq.com/?_wv=1027&k=yqInfq0S) [![加入QQ群](https://img.shields.io/badge/已满-170157040-blue.svg)](https://jq.qq.com/?_wv=1027&k=Oy1mb3p8) [![加入QQ群](https://img.shields.io/badge/已满-130643120-blue.svg)](https://jq.qq.com/?_wv=1027&k=rvxkJtXK) [![加入QQ群](https://img.shields.io/badge/225920371-blue.svg)](https://jq.qq.com/?_wv=1027&k=0Ck3PvTe) 点击按钮入群。
+QQ群： [![加入QQ群](https://img.shields.io/badge/已满-42799195-blue.svg)](https://jq.qq.com/?_wv=1027&k=yqInfq0S) [![加入QQ群](https://img.shields.io/badge/已满-170157040-blue.svg)](https://jq.qq.com/?_wv=1027&k=Oy1mb3p8) [![加入QQ群](https://img.shields.io/badge/已满-130643120-blue.svg)](https://jq.qq.com/?_wv=1027&k=rvxkJtXK) [![加入QQ群](https://img.shields.io/badge/已满-225920371-blue.svg)](https://jq.qq.com/?_wv=1027&k=0Ck3PvTe) [![加入QQ群](https://img.shields.io/badge/已满-201705537-blue.svg)](https://jq.qq.com/?_wv=1027&k=FnHHP4TT) [![加入QQ群](https://img.shields.io/badge/已满-236543183-blue.svg)](https://jq.qq.com/?_wv=1027&k=qdT1Ojpz) [![加入QQ群](https://img.shields.io/badge/已满-213618602-blue.svg)](https://jq.qq.com/?_wv=1027&k=nw3OiyXs) [![加入QQ群](https://img.shields.io/badge/已满-148794840-blue.svg)](https://jq.qq.com/?_wv=1027&k=kiU5WDls) [![加入QQ群](https://img.shields.io/badge/已满-118752664-blue.svg)](https://jq.qq.com/?_wv=1027&k=MtBy6YfT) [![加入QQ群](https://img.shields.io/badge/已满-101038945-blue.svg)](https://jq.qq.com/?_wv=1027&k=FqImHgH2) [![加入QQ群](https://img.shields.io/badge/已满-128355254-blue.svg)](http://qm.qq.com/cgi-bin/qm/qr?_wv=1027&k=G4jZ4EtdT50PhnMBudTnEwgonxkXOscJ&authKey=FkGHYfoTKlGE6wHdKdjH9bVoOgQjtLP9WM%2Fj7pqGY1msoqw9uxDiBo39E2mLgzYg&noverify=0&group_code=128355254) [![加入QQ群](https://img.shields.io/badge/179219821-blue.svg)](http://qm.qq.com/cgi-bin/qm/qr?_wv=1027&k=irnwcXhbLOQEv1g-TwGifjNTA_f4wZiA&authKey=4bpzEwhcUY%2FvsPDHvzYn6xfoS%2FtOArvZ%2BGXzfr7O0%2FEqLfkKA%2BuCDXlzHIFg8t93&noverify=0&group_code=179219821) 点击按钮入群。
--- a/bin/clean.bat
+++ b/bin/clean.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 清理生成路径。
+echo [信息] 清理工程target生成路径。
 echo.

 %~d0
--- a/bin/run-auth.bat
+++ b/bin/run-auth.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行auth工程。
+echo [信息] 使用Jar命令运行Auth工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-auth/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-auth.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-auth.jar

 cd bin
 pause
--- a/bin/run-gateway.bat
+++ b/bin/run-gateway.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行gateway工程。
+echo [信息] 使用Jar命令运行Gateway工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-gateway/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-gateway.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-gateway.jar

 cd bin
 pause
--- a/bin/run-modules-file.bat
+++ b/bin/run-modules-file.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行modules-file工程。
+echo [信息] 使用Jar命令运行Modules-File工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-modules/ruoyi-file/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-modules-file.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-modules-file.jar

 cd bin
 pause
--- a/bin/run-modules-gen.bat
+++ b/bin/run-modules-gen.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行modules-gen工程。
+echo [信息] 使用Jar命令运行Modules-Gen工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-modules/ruoyi-gen/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-modules-gen.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-modules-gen.jar

 cd bin
 pause
--- a/bin/run-modules-job.bat
+++ b/bin/run-modules-job.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行modules-job工程。
+echo [信息] 使用Jar命令运行Modules-Job工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-modules/ruoyi-job/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-modules-job.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-modules-job.jar

 cd bin
 pause
--- a/bin/run-modules-system.bat
+++ b/bin/run-modules-system.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行modules-system工程。
+echo [信息] 使用Jar命令运行Modules-System工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-modules/ruoyi-system/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-modules-system.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-modules-system.jar

 cd bin
 pause
--- a/bin/run-monitor.bat
+++ b/bin/run-monitor.bat
@ -1,6 +1,6 @@
@echo off
 echo.
-echo [信息] 运行monitor工程。
+echo [信息] 使用Jar命令运行Monitor工程。
 echo.

 cd %~dp0
@ -8,7 +8,7 @@ cd ../ruoyi-visual/ruoyi-monitor/target

 set JAVA_OPTS=-Xms512m -Xmx1024m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=512m

-java -Dfile.encoding=utf-8 -jar %JAVA_OPTS% ruoyi-visual-monitor.jar
+java -Dfile.encoding=utf-8 %JAVA_OPTS% -jar ruoyi-visual-monitor.jar

 cd bin
 pause
--- a/docker/copy.sh
+++ b/docker/copy.sh
@ -0,0 +1,41 @@
+#!/bin/sh
+
+# 复制项目的文件到对应docker路径，便于一键生成镜像。
+usage() {
+	echo "Usage: sh copy.sh"
+	exit 1
+}
+
+
+# copy sql
+echo "begin copy sql "
+cp ../sql/ry_20230706.sql ./mysql/db
+cp ../sql/ry_config_20220929.sql ./mysql/db
+
+# copy html
+echo "begin copy html "
+cp -r ../ruoyi-ui/dist/** ./nginx/html/dist
+
+
+# copy jar
+echo "begin copy ruoyi-gateway "
+cp ../ruoyi-gateway/target/ruoyi-gateway.jar ./ruoyi/gateway/jar
+
+echo "begin copy ruoyi-auth "
+cp ../ruoyi-auth/target/ruoyi-auth.jar ./ruoyi/auth/jar
+
+echo "begin copy ruoyi-visual "
+cp ../ruoyi-visual/ruoyi-monitor/target/ruoyi-visual-monitor.jar  ./ruoyi/visual/monitor/jar
+
+echo "begin copy ruoyi-modules-system "
+cp ../ruoyi-modules/ruoyi-system/target/ruoyi-modules-system.jar ./ruoyi/modules/system/jar
+
+echo "begin copy ruoyi-modules-file "
+cp ../ruoyi-modules/ruoyi-file/target/ruoyi-modules-file.jar ./ruoyi/modules/file/jar
+
+echo "begin copy ruoyi-modules-job "
+cp ../ruoyi-modules/ruoyi-job/target/ruoyi-modules-job.jar ./ruoyi/modules/job/jar
+
+echo "begin copy ruoyi-modules-gen "
+cp ../ruoyi-modules/ruoyi-gen/target/ruoyi-modules-gen.jar ./ruoyi/modules/gen/jar
+
--- a/docker/deploy.sh
+++ b/docker/deploy.sh
@ -26,12 +26,12 @@ port(){

 # 启动基础环境（必须）
 base(){
-	docker-compose up -d ruoyi-mysql ruoyi-redis ruoyi-nacos ruoyi-nginx
+	docker-compose up -d ruoyi-mysql ruoyi-redis ruoyi-nacos
 }

 # 启动程序模块（必须）
 modules(){
-	docker-compose up -d ruoyi-gateway ruoyi-auth ruoyi-modules-system
+	docker-compose up -d ruoyi-nginx ruoyi-gateway ruoyi-auth ruoyi-modules-system
 }

 # 关闭所有环境/模块
--- a/docker/nacos/conf/application.properties
+++ b/docker/nacos/conf/application.properties
@ -16,7 +16,7 @@ management.metrics.export.influx.enabled=false
 server.tomcat.accesslog.enabled=true
 server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i

-server.tomcat.basedir=
+server.tomcat.basedir=/home/ruoyi/nacos/tomcat/logs

 nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/**

--- a/docker/nginx/conf/nginx.conf
+++ b/docker/nginx/conf/nginx.conf
@ -14,23 +14,28 @@ http {
        listen       80;
        server_name  localhost;

-		location / {
+        location / {
            root   /home/ruoyi/projects/ruoyi-ui;
-			try_files $uri $uri/ /index.html;
+            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }
-		
-		location /prod-api/{
-			proxy_set_header Host $http_host;
-			proxy_set_header X-Real-IP $remote_addr;
-			proxy_set_header REMOTE-HOST $remote_addr;
-			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-			proxy_pass http://ruoyi-gateway:8080/;
-		}
+
+        location /prod-api/{
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header REMOTE-HOST $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass http://ruoyi-gateway:8080/;
+        }
+
+        # 避免actuator暴露
+        if ($request_uri ~ "/actuator") {
+            return 403;
+        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
-}# requirepass 123456
+}
--- a/pom.xml
+++ b/pom.xml
@ -6,38 +6,35 @@

    <groupId>com.ruoyi</groupId>
    <artifactId>ruoyi</artifactId>
-    <version>3.1.0</version>
+    <version>3.6.3</version>

    <name>ruoyi</name>
    <url>http://www.ruoyi.vip</url>
    <description>若依微服务系统</description>

    <properties>
-        <ruoyi.version>3.1.0</ruoyi.version>
+        <ruoyi.version>3.6.3</ruoyi.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
-        <spring-boot.version>2.5.3</spring-boot.version>
-        <spring-cloud.version>2020.0.3</spring-cloud.version>
-        <spring-cloud-alibaba.version>2021.1</spring-cloud-alibaba.version>
-        <alibaba.nacos.version>2.0.3</alibaba.nacos.version>
-        <spring-boot-admin.version>2.4.3</spring-boot-admin.version>
-        <spring-boot.mybatis>2.2.0</spring-boot.mybatis>
+        <spring-boot.version>2.7.18</spring-boot.version>
+        <spring-cloud.version>2021.0.8</spring-cloud.version>
+        <spring-cloud-alibaba.version>2021.0.5.0</spring-cloud-alibaba.version>
+        <spring-boot-admin.version>2.7.11</spring-boot-admin.version>
        <swagger.fox.version>3.0.0</swagger.fox.version>
        <swagger.core.version>1.6.2</swagger.core.version>
        <tobato.version>1.27.2</tobato.version>
-        <kaptcha.version>2.3.2</kaptcha.version>
-        <pagehelper.boot.version>1.3.1</pagehelper.boot.version>
-        <druid.version>1.2.6</druid.version>
-        <dynamic-ds.version>3.4.1</dynamic-ds.version>
-        <commons.io.version>2.11.0</commons.io.version>
-        <commons.fileupload.version>1.4</commons.fileupload.version>
-        <velocity.version>1.7</velocity.version>
-        <fastjson.version>1.2.76</fastjson.version>
+        <kaptcha.version>2.3.3</kaptcha.version>
+        <pagehelper.boot.version>2.0.0</pagehelper.boot.version>
+        <druid.version>1.2.20</druid.version>
+        <dynamic-ds.version>4.2.0</dynamic-ds.version>
+        <commons.io.version>2.13.0</commons.io.version>
+        <velocity.version>2.3</velocity.version>
+        <fastjson.version>2.0.43</fastjson.version>
+        <jjwt.version>0.9.1</jjwt.version>
        <minio.version>8.2.2</minio.version>
        <poi.version>4.1.2</poi.version>
-        <common-pool.version>2.10.0</common-pool.version>
-        <commons-collections.version>3.2.2</commons-collections.version>
+        <transmittable-thread-local.version>2.14.4</transmittable-thread-local.version>
    </properties>

    <!-- 依赖声明 -->
@ -62,13 +59,6 @@
                <scope>import</scope>
            </dependency>

-            <!-- Alibaba Nacos 配置 -->
-            <dependency>
-                <groupId>com.alibaba.nacos</groupId>
-                <artifactId>nacos-client</artifactId>
-                <version>${alibaba.nacos.version}</version>
-            </dependency>
-
            <!-- SpringBoot 依赖配置 -->
            <dependency>
                <groupId>org.springframework.boot</groupId>
@ -78,13 +68,6 @@
                <scope>import</scope>
            </dependency>

-            <!--  SpringBoot 监控客户端 -->
-            <dependency>
-                <groupId>de.codecentric</groupId>
-                <artifactId>spring-boot-admin-starter-client</artifactId>
-                <version>${spring-boot-admin.version}</version>
-            </dependency>
-
            <!-- FastDFS 分布式文件系统 -->
            <dependency>
                <groupId>com.github.tobato</groupId>
@ -92,13 +75,6 @@
                <version>${tobato.version}</version>
            </dependency>

-            <!-- Mybatis 依赖配置 -->
-            <dependency>
-                <groupId>org.mybatis.spring.boot</groupId>
-                <artifactId>mybatis-spring-boot-starter</artifactId>
-                <version>${spring-boot.mybatis}</version>
-            </dependency>
-
            <!-- Swagger 依赖配置 -->
            <dependency>
                <groupId>io.swagger</groupId>
@ -113,7 +89,7 @@

            <!-- 验证码 -->
            <dependency>
-                <groupId>com.github.penggle</groupId>
+                <groupId>pro.fessional</groupId>
                <artifactId>kaptcha</artifactId>
                <version>${kaptcha.version}</version>
            </dependency>
@ -139,45 +115,32 @@
                <version>${poi.version}</version>
            </dependency>

-            <!-- 文件上传工具类 -->
-            <dependency>
-                <groupId>commons-fileupload</groupId>
-                <artifactId>commons-fileupload</artifactId>
-                <version>${commons.fileupload.version}</version>
-            </dependency>
-
            <!-- 代码生成使用模板 -->
            <dependency>
                <groupId>org.apache.velocity</groupId>
-                <artifactId>velocity</artifactId>
+                <artifactId>velocity-engine-core</artifactId>
                <version>${velocity.version}</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>commons-collections</groupId>
-                        <artifactId>commons-collections</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
-            <!-- Collection 增强Java集合框架 -->
-            <dependency> 
-                <groupId>commons-collections</groupId> 
-                <artifactId>commons-collections</artifactId> 
-                <version>${commons-collections.version}</version>
            </dependency>

            <!-- JSON 解析器和生成器 -->
            <dependency>
-                <groupId>com.alibaba</groupId>
-                <artifactId>fastjson</artifactId>
+                <groupId>com.alibaba.fastjson2</groupId>
+                <artifactId>fastjson2</artifactId>
                <version>${fastjson.version}</version>
            </dependency>

-            <!-- 公共资源池 -->
+            <!-- JWT -->
            <dependency>
-                <groupId>org.apache.commons</groupId>
-                <artifactId>commons-pool2</artifactId>
-                <version>${common-pool.version}</version>
+                <groupId>io.jsonwebtoken</groupId>
+                <artifactId>jjwt</artifactId>
+                <version>${jjwt.version}</version>
+            </dependency>
+
+            <!-- 线程传递值 -->
+            <dependency>
+                <groupId>com.alibaba</groupId>
+                <artifactId>transmittable-thread-local</artifactId>
+                <version>${transmittable-thread-local.version}</version>
            </dependency>

            <!-- 核心模块 -->
@ -215,6 +178,13 @@
                <version>${ruoyi.version}</version>
            </dependency>

+            <!-- 分布式事务 -->
+            <dependency>
+                <groupId>com.ruoyi</groupId>
+                <artifactId>ruoyi-common-seata</artifactId>
+                <version>${ruoyi.version}</version>
+            </dependency>
+
            <!-- 日志记录 -->
            <dependency>
                <groupId>com.ruoyi</groupId>
@ -269,6 +239,47 @@
                </configuration>
            </plugin>
        </plugins>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-maven-plugin</artifactId>
+                    <version>${spring-boot.version}</version>
+                    <executions>
+                        <execution>
+                            <goals>
+                                <goal>repackage</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+            </plugins>
+        </pluginManagement>
    </build>

+    <repositories>
+        <repository>
+            <id>public</id>
+            <name>aliyun nexus</name>
+            <url>https://maven.aliyun.com/repository/public</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+        </repository>
+    </repositories>
+
+    <pluginRepositories>
+        <pluginRepository>
+            <id>public</id>
+            <name>aliyun nexus</name>
+            <url>https://maven.aliyun.com/repository/public</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </pluginRepository>
+    </pluginRepositories>
+
 </project>
--- a/ruoyi-api/pom.xml
+++ b/ruoyi-api/pom.xml
@ -4,7 +4,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

--- a/ruoyi-api/ruoyi-api-system/pom.xml
+++ b/ruoyi-api/ruoyi-api-system/pom.xml
@ -5,7 +5,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi-api</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/RemoteLogService.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/RemoteLogService.java
@ -27,7 +27,7 @@ public interface RemoteLogService
     * @return 结果
     */
    @PostMapping("/operlog")
-    public R<Boolean> saveLog(@RequestBody SysOperLog sysOperLog, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);
+    public R<Boolean> saveLog(@RequestBody SysOperLog sysOperLog, @RequestHeader(SecurityConstants.FROM_SOURCE) String source) throws Exception;

    /**
     * 保存访问记录
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysDept.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysDept.java
@ -4,6 +4,7 @@ import java.util.ArrayList;
 import java.util.List;
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@ -31,7 +32,7 @@ public class SysDept extends BaseEntity
    private String deptName;

    /** 显示顺序 */
-    private String orderNum;
+    private Integer orderNum;

    /** 负责人 */
    private String leader;
@ -96,13 +97,13 @@ public class SysDept extends BaseEntity
        this.deptName = deptName;
    }

-    @NotBlank(message = "显示顺序不能为空")
-    public String getOrderNum()
+    @NotNull(message = "显示顺序不能为空")
+    public Integer getOrderNum()
    {
        return orderNum;
    }

-    public void setOrderNum(String orderNum)
+    public void setOrderNum(Integer orderNum)
    {
        this.orderNum = orderNum;
    }
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysDictData.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysDictData.java
@ -1,4 +1,4 @@
-package com.ruoyi.system.domain;
+package com.ruoyi.system.api.domain;

 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.Size;
@ -131,7 +131,7 @@ public class SysDictData extends BaseEntity

    public boolean getDefault()
    {
-        return UserConstants.YES.equals(this.isDefault) ? true : false;
+        return UserConstants.YES.equals(this.isDefault);
    }

    public String getIsDefault()
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysDictType.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysDictType.java
@ -1,6 +1,7 @@
-package com.ruoyi.system.domain;
+package com.ruoyi.system.api.domain;

 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@ -57,6 +58,7 @@ public class SysDictType extends BaseEntity

    @NotBlank(message = "字典类型不能为空")
    @Size(min = 0, max = 100, message = "字典类型类型长度不能超过100个字符")
+    @Pattern(regexp = "^[a-z][a-z0-9_]*$", message = "字典类型必须以字母开头，且只能为（小写字母，数字，下滑线）")
    public String getDictType()
    {
        return dictType;
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysOperLog.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysOperLog.java
@ -79,6 +79,10 @@ public class SysOperLog extends BaseEntity
    @Excel(name = "操作时间", width = 30, dateFormat = "yyyy-MM-dd HH:mm:ss")
    private Date operTime;

+    /** 消耗时间 */
+    @Excel(name = "消耗时间", suffix = "毫秒")
+    private Long costTime;
+
    public Long getOperId()
    {
        return operId;
@ -238,4 +242,14 @@ public class SysOperLog extends BaseEntity
    {
        this.operTime = operTime;
    }
+
+    public Long getCostTime()
+    {
+        return costTime;
+    }
+
+    public void setCostTime(Long costTime)
+    {
+        this.costTime = costTime;
+    }
 }
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java
@ -1,6 +1,8 @@
 package com.ruoyi.system.api.domain;

+import java.util.Set;
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@ -31,7 +33,7 @@ public class SysRole extends BaseEntity

    /** 角色排序 */
    @Excel(name = "角色排序")
-    private String roleSort;
+    private Integer roleSort;

    /** 数据范围（1：所有数据权限；2：自定义数据权限；3：本部门数据权限；4：本部门及以下数据权限；5：仅本人数据权限） */
    @Excel(name = "数据范围", readConverterExp = "1=所有数据权限,2=自定义数据权限,3=本部门数据权限,4=本部门及以下数据权限,5=仅本人数据权限")
@ -59,6 +61,9 @@ public class SysRole extends BaseEntity
    /** 部门组（数据权限） */
    private Long[] deptIds;

+    /** 角色菜单权限 */
+    private Set<String> permissions;
+
    public SysRole()
    {

@ -113,13 +118,13 @@ public class SysRole extends BaseEntity
        this.roleKey = roleKey;
    }

-    @NotBlank(message = "显示顺序不能为空")
-    public String getRoleSort()
+    @NotNull(message = "显示顺序不能为空")
+    public Integer getRoleSort()
    {
        return roleSort;
    }

-    public void setRoleSort(String roleSort)
+    public void setRoleSort(Integer roleSort)
    {
        this.roleSort = roleSort;
    }
@ -203,7 +208,18 @@ public class SysRole extends BaseEntity
    {
        this.deptIds = deptIds;
    }
-    
+
+    public Set<String> getPermissions()
+    {
+        return permissions;
+    }
+
+    public void setPermissions(Set<String> permissions)
+    {
+        this.permissions = permissions;
+    }
+
+    @Override
    public String toString() {
        return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE)
            .append("roleId", getRoleId())
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java
@ -2,17 +2,15 @@ package com.ruoyi.system.api.domain;

 import java.util.Date;
 import java.util.List;
-import javax.validation.constraints.Email;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.Size;
+import javax.validation.constraints.*;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import com.ruoyi.common.core.annotation.Excel;
 import com.ruoyi.common.core.annotation.Excel.ColumnType;
 import com.ruoyi.common.core.annotation.Excel.Type;
 import com.ruoyi.common.core.annotation.Excels;
 import com.ruoyi.common.core.web.domain.BaseEntity;
+import com.ruoyi.common.core.xss.Xss;

 /**
 * 用户对象 sys_user
@ -131,6 +129,7 @@ public class SysUser extends BaseEntity
        this.deptId = deptId;
    }

+    @Xss(message = "用户昵称不能包含脚本字符")
    @Size(min = 0, max = 30, message = "用户昵称长度不能超过30个字符")
    public String getNickName()
    {
@ -142,6 +141,7 @@ public class SysUser extends BaseEntity
        this.nickName = nickName;
    }

+    @Xss(message = "用户账号不能包含脚本字符")
    @NotBlank(message = "用户账号不能为空")
    @Size(min = 0, max = 30, message = "用户账号长度不能超过30个字符")
    public String getUserName()
@ -197,7 +197,6 @@ public class SysUser extends BaseEntity
        this.avatar = avatar;
    }

-    @JsonProperty
    public String getPassword()
    {
        return password;
--- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/factory/RemoteLogFallbackFactory.java
+++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/factory/RemoteLogFallbackFactory.java
@ -28,13 +28,13 @@ public class RemoteLogFallbackFactory implements FallbackFactory<RemoteLogServic
            @Override
            public R<Boolean> saveLog(SysOperLog sysOperLog, String source)
            {
-                return null;
+                return R.fail("保存操作日志失败:" + throwable.getMessage());
            }

            @Override
            public R<Boolean> saveLogininfor(SysLogininfor sysLogininfor, String source)
            {
-                return null;
+                return R.fail("保存登录日志失败:" + throwable.getMessage());
            }
        };

--- a/ruoyi-api/ruoyi-api-system/src/main/resources/META-INF/spring.factories
+++ b/ruoyi-api/ruoyi-api-system/src/main/resources/META-INF/spring.factories
@ -1,4 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-  com.ruoyi.system.api.factory.RemoteUserFallbackFactory,\
-  com.ruoyi.system.api.factory.RemoteLogFallbackFactory, \
-  com.ruoyi.system.api.factory.RemoteFileFallbackFactory
--- a/ruoyi-api/ruoyi-api-system/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/ruoyi-api/ruoyi-api-system/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@ -0,0 +1,3 @@
+com.ruoyi.system.api.factory.RemoteUserFallbackFactory
+com.ruoyi.system.api.factory.RemoteLogFallbackFactory
+com.ruoyi.system.api.factory.RemoteFileFallbackFactory
--- a/ruoyi-auth/pom.xml
+++ b/ruoyi-auth/pom.xml
@ -4,7 +4,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java
@ -10,8 +10,11 @@ import com.ruoyi.auth.form.LoginBody;
 import com.ruoyi.auth.form.RegisterBody;
 import com.ruoyi.auth.service.SysLoginService;
 import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.JwtUtils;
 import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.auth.AuthUtil;
 import com.ruoyi.common.security.service.TokenService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.model.LoginUser;

 /**
@ -40,12 +43,12 @@ public class TokenController
    @DeleteMapping("logout")
    public R<?> logout(HttpServletRequest request)
    {
-        LoginUser loginUser = tokenService.getLoginUser(request);
-        if (StringUtils.isNotNull(loginUser))
+        String token = SecurityUtils.getToken(request);
+        if (StringUtils.isNotEmpty(token))
        {
-            String username = loginUser.getUsername();
+            String username = JwtUtils.getUserName(token);
            // 删除用户缓存记录
-            tokenService.delLoginUser(loginUser.getToken());
+            AuthUtil.logoutByToken(token);
            // 记录用户退出日志
            sysLoginService.logout(username);
        }
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
@ -2,19 +2,19 @@ package com.ruoyi.auth.service;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import com.ruoyi.common.core.constant.CacheConstants;
 import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.constant.SecurityConstants;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.enums.UserStatus;
-import com.ruoyi.common.core.exception.BaseException;
-import com.ruoyi.common.core.utils.SecurityUtils;
-import com.ruoyi.common.core.utils.ServletUtils;
+import com.ruoyi.common.core.exception.ServiceException;
+import com.ruoyi.common.core.text.Convert;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.ip.IpUtils;
-import com.ruoyi.system.api.RemoteLogService;
+import com.ruoyi.common.redis.service.RedisService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.RemoteUserService;
-import com.ruoyi.system.api.domain.SysLogininfor;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.api.model.LoginUser;

@ -27,10 +27,16 @@ import com.ruoyi.system.api.model.LoginUser;
 public class SysLoginService
 {
    @Autowired
-    private RemoteLogService remoteLogService;
+    private RemoteUserService remoteUserService;

    @Autowired
-    private RemoteUserService remoteUserService;
+    private SysPasswordService passwordService;
+
+    @Autowired
+    private SysRecordLogService recordLogService;
+
+    @Autowired
+    private RedisService redisService;

    /**
     * 登录
@ -40,60 +46,64 @@ public class SysLoginService
        // 用户名或密码为空 错误
        if (StringUtils.isAnyBlank(username, password))
        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "用户/密码必须填写");
-            throw new BaseException("用户/密码必须填写");
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户/密码必须填写");
+            throw new ServiceException("用户/密码必须填写");
        }
        // 密码如果不在指定范围内 错误
        if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                || password.length() > UserConstants.PASSWORD_MAX_LENGTH)
        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
-            throw new BaseException("用户密码不在指定范围");
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
+            throw new ServiceException("用户密码不在指定范围");
        }
        // 用户名不在指定范围内 错误
        if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                || username.length() > UserConstants.USERNAME_MAX_LENGTH)
        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "用户名不在指定范围");
-            throw new BaseException("用户名不在指定范围");
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户名不在指定范围");
+            throw new ServiceException("用户名不在指定范围");
+        }
+        // IP黑名单校验
+        String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST));
+        if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr()))
+        {
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "很遗憾，访问IP已被列入系统黑名单");
+            throw new ServiceException("很遗憾，访问IP已被列入系统黑名单");
        }
        // 查询用户信息
        R<LoginUser> userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER);

-        if (R.FAIL == userResult.getCode())
-        {
-            throw new BaseException(userResult.getMsg());
-        }
-
        if (StringUtils.isNull(userResult) || StringUtils.isNull(userResult.getData()))
        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "登录用户不存在");
-            throw new BaseException("登录用户：" + username + " 不存在");
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "登录用户不存在");
+            throw new ServiceException("登录用户：" + username + " 不存在");
        }
+
+        if (R.FAIL == userResult.getCode())
+        {
+            throw new ServiceException(userResult.getMsg());
+        }
+        
        LoginUser userInfo = userResult.getData();
        SysUser user = userResult.getData().getSysUser();
        if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
-            throw new BaseException("对不起，您的账号：" + username + " 已被删除");
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
+            throw new ServiceException("对不起，您的账号：" + username + " 已被删除");
        }
        if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
-            throw new BaseException("对不起，您的账号：" + username + " 已停用");
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
+            throw new ServiceException("对不起，您的账号：" + username + " 已停用");
        }
-        if (!SecurityUtils.matchesPassword(password, user.getPassword()))
-        {
-            recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码错误");
-            throw new BaseException("用户不存在/密码错误");
-        }
-        recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功");
+        passwordService.validate(user, password);
+        recordLogService.recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功");
        return userInfo;
    }

    public void logout(String loginName)
    {
-        recordLogininfor(loginName, Constants.LOGOUT, "退出成功");
+        recordLogService.recordLogininfor(loginName, Constants.LOGOUT, "退出成功");
    }

    /**
@ -104,17 +114,17 @@ public class SysLoginService
        // 用户名或密码为空 错误
        if (StringUtils.isAnyBlank(username, password))
        {
-            throw new BaseException("用户/密码必须填写");
+            throw new ServiceException("用户/密码必须填写");
        }
        if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                || username.length() > UserConstants.USERNAME_MAX_LENGTH)
        {
-            throw new BaseException("账户长度必须在2到20个字符之间");
+            throw new ServiceException("账户长度必须在2到20个字符之间");
        }
        if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                || password.length() > UserConstants.PASSWORD_MAX_LENGTH)
        {
-            throw new BaseException("密码长度必须在5到20个字符之间");
+            throw new ServiceException("密码长度必须在5到20个字符之间");
        }

        // 注册用户信息
@ -126,34 +136,8 @@ public class SysLoginService

        if (R.FAIL == registerResult.getCode())
        {
-            throw new BaseException(registerResult.getMsg());
+            throw new ServiceException(registerResult.getMsg());
        }
-        recordLogininfor(username, Constants.REGISTER, "注册成功");
+        recordLogService.recordLogininfor(username, Constants.REGISTER, "注册成功");
    }
-
-    /**
-     * 记录登录信息
-     * 
-     * @param username 用户名
-     * @param status 状态
-     * @param message 消息内容
-     * @return
-     */
-    public void recordLogininfor(String username, String status, String message)
-    {
-        SysLogininfor logininfor = new SysLogininfor();
-        logininfor.setUserName(username);
-        logininfor.setIpaddr(IpUtils.getIpAddr(ServletUtils.getRequest()));
-        logininfor.setMsg(message);
-        // 日志状态
-        if (StringUtils.equalsAny(status, Constants.LOGIN_SUCCESS, Constants.LOGOUT, Constants.REGISTER))
-        {
-            logininfor.setStatus("0");
-        }
-        else if (Constants.LOGIN_FAIL.equals(status))
-        {
-            logininfor.setStatus("1");
-        }
-        remoteLogService.saveLogininfor(logininfor, SecurityConstants.INNER);
-    }
-}
+}
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysPasswordService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysPasswordService.java
@ -0,0 +1,85 @@
+package com.ruoyi.auth.service;
+
+import java.util.concurrent.TimeUnit;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import com.ruoyi.common.core.constant.CacheConstants;
+import com.ruoyi.common.core.constant.Constants;
+import com.ruoyi.common.core.exception.ServiceException;
+import com.ruoyi.common.redis.service.RedisService;
+import com.ruoyi.common.security.utils.SecurityUtils;
+import com.ruoyi.system.api.domain.SysUser;
+
+/**
+ * 登录密码方法
+ * 
+ * @author ruoyi
+ */
+@Component
+public class SysPasswordService
+{
+    @Autowired
+    private RedisService redisService;
+
+    private int maxRetryCount = CacheConstants.PASSWORD_MAX_RETRY_COUNT;
+
+    private Long lockTime = CacheConstants.PASSWORD_LOCK_TIME;
+
+    @Autowired
+    private SysRecordLogService recordLogService;
+
+    /**
+     * 登录账户密码错误次数缓存键名
+     * 
+     * @param username 用户名
+     * @return 缓存键key
+     */
+    private String getCacheKey(String username)
+    {
+        return CacheConstants.PWD_ERR_CNT_KEY + username;
+    }
+
+    public void validate(SysUser user, String password)
+    {
+        String username = user.getUserName();
+
+        Integer retryCount = redisService.getCacheObject(getCacheKey(username));
+
+        if (retryCount == null)
+        {
+            retryCount = 0;
+        }
+
+        if (retryCount >= Integer.valueOf(maxRetryCount).intValue())
+        {
+            String errMsg = String.format("密码输入错误%s次，帐户锁定%s分钟", maxRetryCount, lockTime);
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL,errMsg);
+            throw new ServiceException(errMsg);
+        }
+
+        if (!matches(user, password))
+        {
+            retryCount = retryCount + 1;
+            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, String.format("密码输入错误%s次", retryCount));
+            redisService.setCacheObject(getCacheKey(username), retryCount, lockTime, TimeUnit.MINUTES);
+            throw new ServiceException("用户不存在/密码错误");
+        }
+        else
+        {
+            clearLoginRecordCache(username);
+        }
+    }
+
+    public boolean matches(SysUser user, String rawPassword)
+    {
+        return SecurityUtils.matchesPassword(rawPassword, user.getPassword());
+    }
+
+    public void clearLoginRecordCache(String loginName)
+    {
+        if (redisService.hasKey(getCacheKey(loginName)))
+        {
+            redisService.deleteObject(getCacheKey(loginName));
+        }
+    }
+}
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysRecordLogService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysRecordLogService.java
@ -0,0 +1,48 @@
+package com.ruoyi.auth.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import com.ruoyi.common.core.constant.Constants;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.core.utils.ip.IpUtils;
+import com.ruoyi.system.api.RemoteLogService;
+import com.ruoyi.system.api.domain.SysLogininfor;
+
+/**
+ * 记录日志方法
+ * 
+ * @author ruoyi
+ */
+@Component
+public class SysRecordLogService
+{
+    @Autowired
+    private RemoteLogService remoteLogService;
+
+    /**
+     * 记录登录信息
+     * 
+     * @param username 用户名
+     * @param status 状态
+     * @param message 消息内容
+     * @return
+     */
+    public void recordLogininfor(String username, String status, String message)
+    {
+        SysLogininfor logininfor = new SysLogininfor();
+        logininfor.setUserName(username);
+        logininfor.setIpaddr(IpUtils.getIpAddr());
+        logininfor.setMsg(message);
+        // 日志状态
+        if (StringUtils.equalsAny(status, Constants.LOGIN_SUCCESS, Constants.LOGOUT, Constants.REGISTER))
+        {
+            logininfor.setStatus(Constants.LOGIN_SUCCESS_STATUS);
+        }
+        else if (Constants.LOGIN_FAIL.equals(status))
+        {
+            logininfor.setStatus(Constants.LOGIN_FAIL_STATUS);
+        }
+        remoteLogService.saveLogininfor(logininfor, SecurityConstants.INNER);
+    }
+}
--- a/ruoyi-common/pom.xml
+++ b/ruoyi-common/pom.xml
@ -4,7 +4,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

@ -12,17 +12,18 @@
        <module>ruoyi-common-log</module>
        <module>ruoyi-common-core</module>
        <module>ruoyi-common-redis</module>
+        <module>ruoyi-common-seata</module>
        <module>ruoyi-common-swagger</module>
        <module>ruoyi-common-security</module>
        <module>ruoyi-common-datascope</module>
-		<module>ruoyi-common-datasource</module>
+        <module>ruoyi-common-datasource</module>
    </modules>

    <artifactId>ruoyi-common</artifactId>
    <packaging>pom</packaging>

    <description>
-	    ruoyi-common通用模块
+        ruoyi-common通用模块
    </description>

 </project>
--- a/ruoyi-common/ruoyi-common-core/pom.xml
+++ b/ruoyi-common/ruoyi-common-core/pom.xml
@ -5,7 +5,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi-common</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>

@ -41,10 +41,10 @@
            <artifactId>spring-web</artifactId>
        </dependency>

-        <!-- Apache Commons Pool2 -->
+        <!-- Transmittable ThreadLocal -->
        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-pool2</artifactId>
+            <groupId>com.alibaba</groupId>
+            <artifactId>transmittable-thread-local</artifactId>
        </dependency>

        <!-- Pagehelper -->
@ -67,8 +67,20 @@

        <!-- Alibaba Fastjson -->
        <dependency>
-            <groupId>com.alibaba</groupId>
-            <artifactId>fastjson</artifactId>
+            <groupId>com.alibaba.fastjson2</groupId>
+            <artifactId>fastjson2</artifactId>
+        </dependency>
+
+        <!-- Jwt -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+        </dependency>
+
+        <!-- Jaxb -->
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
        </dependency>

        <!-- Apache Lang3 -->
@ -83,12 +95,6 @@
            <artifactId>commons-io</artifactId>
        </dependency>

-        <!-- Commons Fileupload -->
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-        </dependency>
-
        <!-- excel工具 -->
        <dependency>
            <groupId>org.apache.poi</groupId>
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/Excel.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/Excel.java
@ -5,6 +5,9 @@ import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 import java.math.BigDecimal;
+import org.apache.poi.ss.usermodel.HorizontalAlignment;
+import org.apache.poi.ss.usermodel.IndexedColors;
+import com.ruoyi.common.core.utils.poi.ExcelHandlerAdapter;

 /**
 * 自定义导出Excel数据注解
@ -51,17 +54,12 @@ public @interface Excel
    public int roundingMode() default BigDecimal.ROUND_HALF_EVEN;

    /**
-     * 导出类型（0数字 1字符串）
-     */
-    public ColumnType cellType() default ColumnType.STRING;
-
-    /**
-     * 导出时在excel中每个列的高度 单位为字符
+     * 导出时在excel中每个列的高度
     */
    public double height() default 14;

    /**
-     * 导出时在excel中每个列的宽 单位为字符
+     * 导出时在excel中每个列的宽度
     */
    public double width() default 16;

@ -85,6 +83,11 @@ public @interface Excel
     */
    public String[] combo() default {};

+    /**
+     * 是否需要纵向合并单元格,应对需求:含有list集合单元格)
+     */
+    public boolean needMerge() default false;
+
    /**
     * 是否导出数据,应对需求:有时我们需要导出一份模板,这是标题需要但内容需要用户手工填写.
     */
@ -101,25 +104,44 @@ public @interface Excel
    public boolean isStatistics() default false;

    /**
-     * 导出字段对齐方式（0：默认；1：靠左；2：居中；3：靠右）
+     * 导出类型（0数字 1字符串）
     */
-    Align align() default Align.AUTO;
+    public ColumnType cellType() default ColumnType.STRING;

-    public enum Align
-    {
-        AUTO(0), LEFT(1), CENTER(2), RIGHT(3);
-        private final int value;
+    /**
+     * 导出列头背景颜色
+     */
+    public IndexedColors headerBackgroundColor() default IndexedColors.GREY_50_PERCENT;

-        Align(int value)
-        {
-            this.value = value;
-        }
+    /**
+     * 导出列头字体颜色
+     */
+    public IndexedColors headerColor() default IndexedColors.WHITE;

-        public int value()
-        {
-            return this.value;
-        }
-    }
+    /**
+     * 导出单元格背景颜色
+     */
+    public IndexedColors backgroundColor() default IndexedColors.WHITE;
+
+    /**
+     * 导出单元格字体颜色
+     */
+    public IndexedColors color() default IndexedColors.BLACK;
+
+    /**
+     * 导出字段对齐方式
+     */
+    public HorizontalAlignment align() default HorizontalAlignment.CENTER;
+
+    /**
+     * 自定义数据处理器
+     */
+    public Class<?> handler() default ExcelHandlerAdapter.class;
+
+    /**
+     * 自定义数据处理器参数
+     */
+    public String[] args() default {};

    /**
     * 字段类型（0：导出导入；1：仅导出；2：仅导入）
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/CacheConstants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/CacheConstants.java
@ -1,14 +1,59 @@
 package com.ruoyi.common.core.constant;

 /**
- * 缓存的key 常量
+ * 缓存常量信息
 * 
 * @author ruoyi
 */
 public class CacheConstants
 {
+    /**
+     * 缓存有效期，默认720（分钟）
+     */
+    public final static long EXPIRATION = 720;
+
+    /**
+     * 缓存刷新时间，默认120（分钟）
+     */
+    public final static long REFRESH_TIME = 120;
+
+    /**
+     * 密码最大错误次数
+     */
+    public final static int PASSWORD_MAX_RETRY_COUNT = 5;
+
+    /**
+     * 密码锁定时间，默认10（分钟）
+     */
+    public final static long PASSWORD_LOCK_TIME = 10;
+
    /**
     * 权限缓存前缀
     */
    public final static String LOGIN_TOKEN_KEY = "login_tokens:";
+
+    /**
+     * 验证码 redis key
+     */
+    public static final String CAPTCHA_CODE_KEY = "captcha_codes:";
+
+    /**
+     * 参数管理 cache key
+     */
+    public static final String SYS_CONFIG_KEY = "sys_config:";
+
+    /**
+     * 字典管理 cache key
+     */
+    public static final String SYS_DICT_KEY = "sys_dict:";
+
+    /**
+     * 登录账户密码错误次数 redis key
+     */
+    public static final String PWD_ERR_CNT_KEY = "pwd_err_cnt:";
+
+    /**
+     * 登录IP黑名单 cache key
+     */
+    public static final String SYS_LOGIN_BLACKIPLIST = SYS_CONFIG_KEY + "sys.login.blackIPList";
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
@ -17,10 +17,25 @@ public class Constants
     */
    public static final String GBK = "GBK";

+    /**
+     * www主域
+     */
+    public static final String WWW = "www.";
+
    /**
     * RMI 远程方法调用
     */
-    public static final String LOOKUP_RMI = "rmi://";
+    public static final String LOOKUP_RMI = "rmi:";
+
+    /**
+     * LDAP 远程方法调用
+     */
+    public static final String LOOKUP_LDAP = "ldap:";
+
+    /**
+     * LDAPS 远程方法调用
+     */
+    public static final String LOOKUP_LDAPS = "ldaps:";

    /**
     * http请求
@ -42,6 +57,16 @@ public class Constants
     */
    public static final Integer FAIL = 500;

+    /**
+     * 登录成功状态
+     */
+    public static final String LOGIN_SUCCESS_STATUS = "0";
+
+    /**
+     * 登录失败状态
+     */
+    public static final String LOGIN_FAIL_STATUS = "1";
+
    /**
     * 登录成功
     */
@ -82,33 +107,29 @@ public class Constants
     */
    public static final String IS_ASC = "isAsc";

-    /**
-     * 验证码 redis key
-     */
-    public static final String CAPTCHA_CODE_KEY = "captcha_codes:";
-
    /**
     * 验证码有效期（分钟）
     */
    public static final long CAPTCHA_EXPIRATION = 2;

-    /**
-     * 令牌有效期（分钟）
-     */
-    public final static long TOKEN_EXPIRE = 720;
-
-    /**
-     * 参数管理 cache key
-     */
-    public static final String SYS_CONFIG_KEY = "sys_config:";
-
-    /**
-     * 字典管理 cache key
-     */
-    public static final String SYS_DICT_KEY = "sys_dict:";
-
    /**
     * 资源映射路径 前缀
     */
    public static final String RESOURCE_PREFIX = "/profile";
+
+    /**
+     * 自动识别json对象白名单配置（仅允许解析的包名，范围越小越安全）
+     */
+    public static final String[] JSON_WHITELIST_STR = { "org.springframework", "com.ruoyi" };
+
+    /**
+     * 定时任务白名单配置（仅允许访问的包名，如其他需要可以自行添加）
+     */
+    public static final String[] JOB_WHITELIST_STR = { "com.ruoyi" };
+
+    /**
+     * 定时任务违规的字符
+     */
+    public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
+            "org.springframework", "org.apache", "com.ruoyi.common.core.utils.file" };
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/GenConstants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/GenConstants.java
@ -109,6 +109,9 @@ public class GenConstants
    /** 模糊查询 */
    public static final String QUERY_LIKE = "LIKE";

+    /** 相等查询 */
+    public static final String QUERY_EQ = "EQ";
+
    /** 需要 */
    public static final String REQUIRE = "1";
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/HttpStatus.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/HttpStatus.java
@ -86,4 +86,9 @@ public class HttpStatus
     * 接口未实现
     */
    public static final int NOT_IMPLEMENTED = 501;
+
+    /**
+     * 系统警告消息
+     */
+    public static final int WARN = 601;
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java
@ -7,16 +7,6 @@ package com.ruoyi.common.core.constant;
 */
 public class SecurityConstants
 {
-    /**
-     * 令牌自定义标识
-     */
-    public static final String TOKEN_AUTHENTICATION = "Authorization";
-
-    /**
-     * 令牌前缀
-     */
-    public static final String TOKEN_PREFIX = "Bearer ";
-
    /**
     * 用户ID字段
     */
@ -41,4 +31,19 @@ public class SecurityConstants
     * 内部请求
     */
    public static final String INNER = "inner";
+
+    /**
+     * 用户标识
+     */
+    public static final String USER_KEY = "user_key";
+
+    /**
+     * 登录用户
+     */
+    public static final String LOGIN_USER = "login_user";
+
+    /**
+     * 角色权限
+     */
+    public static final String ROLE_PERMISSION = "role_permission";
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java
@ -0,0 +1,25 @@
+package com.ruoyi.common.core.constant;
+
+/**
+ * Token的Key常量
+ * 
+ * @author ruoyi
+ */
+public class TokenConstants
+{
+    /**
+     * 令牌自定义标识
+     */
+    public static final String AUTHENTICATION = "Authorization";
+
+    /**
+     * 令牌前缀
+     */
+    public static final String PREFIX = "Bearer ";
+
+    /**
+     * 令牌秘钥
+     */
+    public final static String SECRET = "abcdefghijklmnopqrstuvwxyz";
+
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/UserConstants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/UserConstants.java
@ -60,10 +60,9 @@ public class UserConstants
    /** InnerLink组件标识 */
    public final static String INNER_LINK = "InnerLink";

-    /** 校验返回结果码 */
-    public final static String UNIQUE = "0";
-
-    public final static String NOT_UNIQUE = "1";
+    /** 校验是否唯一的返回标识 */
+    public final static boolean UNIQUE = true;
+    public final static boolean NOT_UNIQUE = false;

    /**
     * 用户名长度限制
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java
@ -0,0 +1,98 @@
+package com.ruoyi.common.core.context;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import com.alibaba.ttl.TransmittableThreadLocal;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.text.Convert;
+import com.ruoyi.common.core.utils.StringUtils;
+
+/**
+ * 获取当前线程变量中的 用户id、用户名称、Token等信息 
+ * 注意： 必须在网关通过请求头的方法传入，同时在HeaderInterceptor拦截器设置值。 否则这里无法获取
+ *
+ * @author ruoyi
+ */
+public class SecurityContextHolder
+{
+    private static final TransmittableThreadLocal<Map<String, Object>> THREAD_LOCAL = new TransmittableThreadLocal<>();
+
+    public static void set(String key, Object value)
+    {
+        Map<String, Object> map = getLocalMap();
+        map.put(key, value == null ? StringUtils.EMPTY : value);
+    }
+
+    public static String get(String key)
+    {
+        Map<String, Object> map = getLocalMap();
+        return Convert.toStr(map.getOrDefault(key, StringUtils.EMPTY));
+    }
+
+    public static <T> T get(String key, Class<T> clazz)
+    {
+        Map<String, Object> map = getLocalMap();
+        return StringUtils.cast(map.getOrDefault(key, null));
+    }
+
+    public static Map<String, Object> getLocalMap()
+    {
+        Map<String, Object> map = THREAD_LOCAL.get();
+        if (map == null)
+        {
+            map = new ConcurrentHashMap<String, Object>();
+            THREAD_LOCAL.set(map);
+        }
+        return map;
+    }
+
+    public static void setLocalMap(Map<String, Object> threadLocalMap)
+    {
+        THREAD_LOCAL.set(threadLocalMap);
+    }
+
+    public static Long getUserId()
+    {
+        return Convert.toLong(get(SecurityConstants.DETAILS_USER_ID), 0L);
+    }
+
+    public static void setUserId(String account)
+    {
+        set(SecurityConstants.DETAILS_USER_ID, account);
+    }
+
+    public static String getUserName()
+    {
+        return get(SecurityConstants.DETAILS_USERNAME);
+    }
+
+    public static void setUserName(String username)
+    {
+        set(SecurityConstants.DETAILS_USERNAME, username);
+    }
+
+    public static String getUserKey()
+    {
+        return get(SecurityConstants.USER_KEY);
+    }
+
+    public static void setUserKey(String userKey)
+    {
+        set(SecurityConstants.USER_KEY, userKey);
+    }
+
+    public static String getPermission()
+    {
+        return get(SecurityConstants.ROLE_PERMISSION);
+    }
+
+    public static void setPermission(String permissions)
+    {
+        set(SecurityConstants.ROLE_PERMISSION, permissions);
+    }
+
+    public static void remove()
+    {
+        THREAD_LOCAL.remove();
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/domain/R.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/domain/R.java
@ -102,4 +102,14 @@ public class R<T> implements Serializable
    {
        this.data = data;
    }
+
+    public static <T> Boolean isError(R<T> ret)
+    {
+        return !isSuccess(ret);
+    }
+
+    public static <T> Boolean isSuccess(R<T> ret)
+    {
+        return R.SUCCESS == ret.getCode();
+    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/CustomException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/CustomException.java
@ -1,43 +0,0 @@
-package com.ruoyi.common.core.exception;
-
-/**
- * 自定义异常
- * 
- * @author ruoyi
- */
-public class CustomException extends RuntimeException
-{
-    private static final long serialVersionUID = 1L;
-
-    private Integer code;
-
-    private String message;
-
-    public CustomException(String message)
-    {
-        this.message = message;
-    }
-
-    public CustomException(String message, Integer code)
-    {
-        this.message = message;
-        this.code = code;
-    }
-
-    public CustomException(String message, Throwable e)
-    {
-        super(message, e);
-        this.message = message;
-    }
-
-    @Override
-    public String getMessage()
-    {
-        return message;
-    }
-
-    public Integer getCode()
-    {
-        return code;
-    }
-}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/GlobalException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/GlobalException.java
@ -0,0 +1,58 @@
+package com.ruoyi.common.core.exception;
+
+/**
+ * 全局异常
+ * 
+ * @author ruoyi
+ */
+public class GlobalException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 错误提示
+     */
+    private String message;
+
+    /**
+     * 错误明细，内部调试错误
+     *
+     * 和 {@link CommonResult#getDetailMessage()} 一致的设计
+     */
+    private String detailMessage;
+
+    /**
+     * 空构造方法，避免反序列化问题
+     */
+    public GlobalException()
+    {
+    }
+
+    public GlobalException(String message)
+    {
+        this.message = message;
+    }
+
+    public String getDetailMessage()
+    {
+        return detailMessage;
+    }
+
+    public GlobalException setDetailMessage(String detailMessage)
+    {
+        this.detailMessage = detailMessage;
+        return this;
+    }
+
+    @Override
+    public String getMessage()
+    {
+        return message;
+    }
+
+    public GlobalException setMessage(String message)
+    {
+        this.message = message;
+        return this;
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/ServiceException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/ServiceException.java
@ -0,0 +1,74 @@
+package com.ruoyi.common.core.exception;
+
+/**
+ * 业务异常
+ * 
+ * @author ruoyi
+ */
+public final class ServiceException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 错误码
+     */
+    private Integer code;
+
+    /**
+     * 错误提示
+     */
+    private String message;
+
+    /**
+     * 错误明细，内部调试错误
+     *
+     * 和 {@link CommonResult#getDetailMessage()} 一致的设计
+     */
+    private String detailMessage;
+
+    /**
+     * 空构造方法，避免反序列化问题
+     */
+    public ServiceException()
+    {
+    }
+
+    public ServiceException(String message)
+    {
+        this.message = message;
+    }
+
+    public ServiceException(String message, Integer code)
+    {
+        this.message = message;
+        this.code = code;
+    }
+
+    public String getDetailMessage()
+    {
+        return detailMessage;
+    }
+
+    @Override
+    public String getMessage()
+    {
+        return message;
+    }
+
+    public Integer getCode()
+    {
+        return code;
+    }
+
+    public ServiceException setMessage(String message)
+    {
+        this.message = message;
+        return this;
+    }
+
+    public ServiceException setDetailMessage(String detailMessage)
+    {
+        this.detailMessage = detailMessage;
+        return this;
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotLoginException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotLoginException.java
@ -0,0 +1,16 @@
+package com.ruoyi.common.core.exception.auth;
+
+/**
+ * 未能通过的登录认证异常
+ * 
+ * @author ruoyi
+ */
+public class NotLoginException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public NotLoginException(String message)
+    {
+        super(message);
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotPermissionException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotPermissionException.java
@ -0,0 +1,23 @@
+package com.ruoyi.common.core.exception.auth;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * 未能通过的权限认证异常
+ * 
+ * @author ruoyi
+ */
+public class NotPermissionException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public NotPermissionException(String permission)
+    {
+        super(permission);
+    }
+
+    public NotPermissionException(String[] permissions)
+    {
+        super(StringUtils.join(permissions, ","));
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotRoleException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotRoleException.java
@ -0,0 +1,23 @@
+package com.ruoyi.common.core.exception.auth;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * 未能通过的角色认证异常
+ * 
+ * @author ruoyi
+ */
+public class NotRoleException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public NotRoleException(String role)
+    {
+        super(role);
+    }
+
+    public NotRoleException(String[] roles)
+    {
+        super(StringUtils.join(roles, ","));
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/base/BaseException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/base/BaseException.java
@ -1,79 +1,79 @@
-package com.ruoyi.common.core.exception;
-
-/**
- * 基础异常
- * 
- * @author ruoyi
- */
-public class BaseException extends RuntimeException
-{
-    private static final long serialVersionUID = 1L;
-
-    /**
-     * 所属模块
-     */
-    private String module;
-
-    /**
-     * 错误码
-     */
-    private String code;
-
-    /**
-     * 错误码对应的参数
-     */
-    private Object[] args;
-
-    /**
-     * 错误消息
-     */
-    private String defaultMessage;
-
-    public BaseException(String module, String code, Object[] args, String defaultMessage)
-    {
-        this.module = module;
-        this.code = code;
-        this.args = args;
-        this.defaultMessage = defaultMessage;
-    }
-
-    public BaseException(String module, String code, Object[] args)
-    {
-        this(module, code, args, null);
-    }
-
-    public BaseException(String module, String defaultMessage)
-    {
-        this(module, null, null, defaultMessage);
-    }
-
-    public BaseException(String code, Object[] args)
-    {
-        this(null, code, args, null);
-    }
-
-    public BaseException(String defaultMessage)
-    {
-        this(null, null, null, defaultMessage);
-    }
-
-    public String getModule()
-    {
-        return module;
-    }
-
-    public String getCode()
-    {
-        return code;
-    }
-
-    public Object[] getArgs()
-    {
-        return args;
-    }
-
-    public String getDefaultMessage()
-    {
-        return defaultMessage;
-    }
-}
+package com.ruoyi.common.core.exception.base;
+
+/**
+ * 基础异常
+ * 
+ * @author ruoyi
+ */
+public class BaseException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 所属模块
+     */
+    private String module;
+
+    /**
+     * 错误码
+     */
+    private String code;
+
+    /**
+     * 错误码对应的参数
+     */
+    private Object[] args;
+
+    /**
+     * 错误消息
+     */
+    private String defaultMessage;
+
+    public BaseException(String module, String code, Object[] args, String defaultMessage)
+    {
+        this.module = module;
+        this.code = code;
+        this.args = args;
+        this.defaultMessage = defaultMessage;
+    }
+
+    public BaseException(String module, String code, Object[] args)
+    {
+        this(module, code, args, null);
+    }
+
+    public BaseException(String module, String defaultMessage)
+    {
+        this(module, null, null, defaultMessage);
+    }
+
+    public BaseException(String code, Object[] args)
+    {
+        this(null, code, args, null);
+    }
+
+    public BaseException(String defaultMessage)
+    {
+        this(null, null, null, defaultMessage);
+    }
+
+    public String getModule()
+    {
+        return module;
+    }
+
+    public String getCode()
+    {
+        return code;
+    }
+
+    public Object[] getArgs()
+    {
+        return args;
+    }
+
+    public String getDefaultMessage()
+    {
+        return defaultMessage;
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileException.java
@ -1,6 +1,6 @@
 package com.ruoyi.common.core.exception.file;

-import com.ruoyi.common.core.exception.BaseException;
+import com.ruoyi.common.core.exception.base.BaseException;

 /**
 * 文件信息异常类
@ -11,9 +11,9 @@ public class FileException extends BaseException
 {
    private static final long serialVersionUID = 1L;

-    public FileException(String code, Object[] args)
+    public FileException(String code, Object[] args, String msg)
    {
-        super("file", code, args, null);
+        super("file", code, args, msg);
    }

 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileNameLengthLimitExceededException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileNameLengthLimitExceededException.java
@ -11,6 +11,6 @@ public class FileNameLengthLimitExceededException extends FileException

    public FileNameLengthLimitExceededException(int defaultFileNameLength)
    {
-        super("upload.filename.exceed.length", new Object[] { defaultFileNameLength });
+        super("upload.filename.exceed.length", new Object[] { defaultFileNameLength }, "the filename is too long");
    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileSizeLimitExceededException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileSizeLimitExceededException.java
@ -11,6 +11,6 @@ public class FileSizeLimitExceededException extends FileException

    public FileSizeLimitExceededException(long defaultMaxSize)
    {
-        super("upload.exceed.maxSize", new Object[] { defaultMaxSize });
+        super("upload.exceed.maxSize", new Object[] { defaultMaxSize }, "the filesize is too large");
    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileUploadException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/FileUploadException.java
@ -0,0 +1,61 @@
+package com.ruoyi.common.core.exception.file;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+/**
+ * 文件上传异常类
+ * 
+ * @author ruoyi
+ */
+public class FileUploadException extends Exception
+{
+
+    private static final long serialVersionUID = 1L;
+
+    private final Throwable cause;
+
+    public FileUploadException()
+    {
+        this(null, null);
+    }
+
+    public FileUploadException(final String msg)
+    {
+        this(msg, null);
+    }
+
+    public FileUploadException(String msg, Throwable cause)
+    {
+        super(msg);
+        this.cause = cause;
+    }
+
+    @Override
+    public void printStackTrace(PrintStream stream)
+    {
+        super.printStackTrace(stream);
+        if (cause != null)
+        {
+            stream.println("Caused by:");
+            cause.printStackTrace(stream);
+        }
+    }
+
+    @Override
+    public void printStackTrace(PrintWriter writer)
+    {
+        super.printStackTrace(writer);
+        if (cause != null)
+        {
+            writer.println("Caused by:");
+            cause.printStackTrace(writer);
+        }
+    }
+
+    @Override
+    public Throwable getCause()
+    {
+        return cause;
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/InvalidExtensionException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/file/InvalidExtensionException.java
@ -1,7 +1,6 @@
 package com.ruoyi.common.core.exception.file;

 import java.util.Arrays;
-import org.apache.commons.fileupload.FileUploadException;

 /**
 * 文件上传 误异常类
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/user/UserException.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/user/UserException.java
@ -1,6 +1,6 @@
 package com.ruoyi.common.core.exception.user;

-import com.ruoyi.common.core.exception.BaseException;
+import com.ruoyi.common.core.exception.base.BaseException;

 /**
 * 用户信息异常类
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/text/Convert.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/text/Convert.java
@ -2,6 +2,7 @@ package com.ruoyi.common.core.text;

 import java.math.BigDecimal;
 import java.math.BigInteger;
+import java.math.RoundingMode;
 import java.nio.ByteBuffer;
 import java.nio.charset.Charset;
 import java.text.NumberFormat;
@ -313,7 +314,7 @@ public class Convert
     * 转换为Integer数组<br>
     * 
     * @param split 分隔符
-     * @param split 被转换的值
+     * @param str 被转换的值
     * @return 结果
     */
    public static Integer[] toIntArray(String split, String str)
@ -370,7 +371,7 @@ public class Convert
     * 转换为String数组<br>
     * 
     * @param split 分隔符
-     * @param split 被转换的值
+     * @param str 被转换的值
     * @return 结果
     */
    public static String[] toStrArray(String split, String str)
@ -561,17 +562,12 @@ public class Convert
        switch (valueStr)
        {
            case "true":
-                return true;
-            case "false":
-                return false;
            case "yes":
-                return true;
            case "ok":
-                return true;
-            case "no":
-                return false;
            case "1":
                return true;
+            case "false":
+            case "no":
            case "0":
                return false;
            default:
@ -717,7 +713,7 @@ public class Convert
        }
        if (value instanceof Double)
        {
-            return new BigDecimal((Double) value);
+            return BigDecimal.valueOf((Double) value);
        }
        if (value instanceof Integer)
        {
@ -907,7 +903,7 @@ public class Convert
     */
    public static String toSBC(String input, Set<Character> notConvertSet)
    {
-        char c[] = input.toCharArray();
+        char[] c = input.toCharArray();
        for (int i = 0; i < c.length; i++)
        {
            if (null != notConvertSet && notConvertSet.contains(c[i]))
@ -949,7 +945,7 @@ public class Convert
     */
    public static String toDBC(String text, Set<Character> notConvertSet)
    {
-        char c[] = text.toCharArray();
+        char[] c = text.toCharArray();
        for (int i = 0; i < c.length; i++)
        {
            if (null != notConvertSet && notConvertSet.contains(c[i]))
@ -967,9 +963,7 @@ public class Convert
                c[i] = (char) (c[i] - 65248);
            }
        }
-        String returnString = new String(c);
-
-        return returnString;
+        return new String(c);
    }

    /**
@ -990,7 +984,12 @@ public class Convert
        String s = "";
        for (int i = 0; i < fraction.length; i++)
        {
-            s += (digit[(int) (Math.floor(n * 10 * Math.pow(10, i)) % 10)] + fraction[i]).replaceAll("(零.)+", "");
+            // 优化double计算精度丢失问题
+            BigDecimal nNum = new BigDecimal(n);
+            BigDecimal decimal = new BigDecimal(10);
+            BigDecimal scale = nNum.multiply(decimal).setScale(2, RoundingMode.HALF_EVEN);
+            double d = scale.doubleValue();
+            s += (digit[(int) (Math.floor(d * Math.pow(10, i)) % 10)] + fraction[i]).replaceAll("(零.)+", "");
        }
        if (s.length() < 1)
        {
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/DateUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/DateUtils.java
@ -3,12 +3,17 @@ package com.ruoyi.common.core.utils;
 import java.lang.management.ManagementFactory;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.LocalTime;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
 import java.util.Date;
 import org.apache.commons.lang3.time.DateFormatUtils;

 /**
 * 时间工具类
- * 
+ *
 * @author ruoyi
 */
 public class DateUtils extends org.apache.commons.lang3.time.DateUtils
@ -22,15 +27,15 @@ public class DateUtils extends org.apache.commons.lang3.time.DateUtils
    public static String YYYYMMDDHHMMSS = "yyyyMMddHHmmss";

    public static String YYYY_MM_DD_HH_MM_SS = "yyyy-MM-dd HH:mm:ss";
-    
+
    private static String[] parsePatterns = {
-            "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd HH:mm", "yyyy-MM", 
+            "yyyy-MM-dd", "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd HH:mm", "yyyy-MM",
            "yyyy/MM/dd", "yyyy/MM/dd HH:mm:ss", "yyyy/MM/dd HH:mm", "yyyy/MM",
            "yyyy.MM.dd", "yyyy.MM.dd HH:mm:ss", "yyyy.MM.dd HH:mm", "yyyy.MM"};

    /**
     * 获取当前Date型日期
-     * 
+     *
     * @return Date() 当前日期
     */
    public static Date getNowDate()
@ -40,7 +45,7 @@ public class DateUtils extends org.apache.commons.lang3.time.DateUtils

    /**
     * 获取当前日期, 默认格式为yyyy-MM-dd
-     * 
+     *
     * @return String
     */
    public static String getDate()
@ -121,7 +126,7 @@ public class DateUtils extends org.apache.commons.lang3.time.DateUtils
            return null;
        }
    }
-    
+
    /**
     * 获取服务器启动时间
     */
@ -132,16 +137,20 @@ public class DateUtils extends org.apache.commons.lang3.time.DateUtils
    }

    /**
-     * 计算两个时间差
+     * 计算时间差
+     *
+     * @param endDate 最后时间
+     * @param startTime 开始时间
+     * @return 时间差（天/小时/分钟）
     */
-    public static String getDatePoor(Date endDate, Date nowDate)
+    public static String timeDistance(Date endDate, Date startTime)
    {
        long nd = 1000 * 24 * 60 * 60;
        long nh = 1000 * 60 * 60;
        long nm = 1000 * 60;
        // long ns = 1000;
        // 获得两个时间的毫秒时间差异
-        long diff = endDate.getTime() - nowDate.getTime();
+        long diff = endDate.getTime() - startTime.getTime();
        // 计算差多少天
        long day = diff / nd;
        // 计算差多少小时
@ -152,4 +161,23 @@ public class DateUtils extends org.apache.commons.lang3.time.DateUtils
        // long sec = diff % nd % nh % nm / ns;
        return day + "天" + hour + "小时" + min + "分钟";
    }
+
+    /**
+     * 增加 LocalDateTime ==> Date
+     */
+    public static Date toDate(LocalDateTime temporalAccessor)
+    {
+        ZonedDateTime zdt = temporalAccessor.atZone(ZoneId.systemDefault());
+        return Date.from(zdt.toInstant());
+    }
+
+    /**
+     * 增加 LocalDate ==> Date
+     */
+    public static Date toDate(LocalDate temporalAccessor)
+    {
+        LocalDateTime localDateTime = LocalDateTime.of(temporalAccessor, LocalTime.of(0, 0, 0));
+        ZonedDateTime zdt = localDateTime.atZone(ZoneId.systemDefault());
+        return Date.from(zdt.toInstant());
+    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ExceptionUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ExceptionUtil.java
@ -18,8 +18,7 @@ public class ExceptionUtil
    {
        StringWriter sw = new StringWriter();
        e.printStackTrace(new PrintWriter(sw, true));
-        String str = sw.toString();
-        return str;
+        return sw.toString();
    }

    public static String getRootErrorMessage(Exception e)
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/JwtUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/JwtUtils.java
@ -0,0 +1,123 @@
+package com.ruoyi.common.core.utils;
+
+import java.util.Map;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.constant.TokenConstants;
+import com.ruoyi.common.core.text.Convert;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils
+{
+    public static String secret = TokenConstants.SECRET;
+
+    /**
+     * 从数据声明生成令牌
+     *
+     * @param claims 数据声明
+     * @return 令牌
+     */
+    public static String createToken(Map<String, Object> claims)
+    {
+        String token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
+        return token;
+    }
+
+    /**
+     * 从令牌中获取数据声明
+     *
+     * @param token 令牌
+     * @return 数据声明
+     */
+    public static Claims parseToken(String token)
+    {
+        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+    }
+
+    /**
+     * 根据令牌获取用户标识
+     * 
+     * @param token 令牌
+     * @return 用户ID
+     */
+    public static String getUserKey(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.USER_KEY);
+    }
+
+    /**
+     * 根据令牌获取用户标识
+     * 
+     * @param claims 身份信息
+     * @return 用户ID
+     */
+    public static String getUserKey(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.USER_KEY);
+    }
+
+    /**
+     * 根据令牌获取用户ID
+     * 
+     * @param token 令牌
+     * @return 用户ID
+     */
+    public static String getUserId(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.DETAILS_USER_ID);
+    }
+
+    /**
+     * 根据身份信息获取用户ID
+     * 
+     * @param claims 身份信息
+     * @return 用户ID
+     */
+    public static String getUserId(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.DETAILS_USER_ID);
+    }
+
+    /**
+     * 根据令牌获取用户名
+     * 
+     * @param token 令牌
+     * @return 用户名
+     */
+    public static String getUserName(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.DETAILS_USERNAME);
+    }
+
+    /**
+     * 根据身份信息获取用户名
+     * 
+     * @param claims 身份信息
+     * @return 用户名
+     */
+    public static String getUserName(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.DETAILS_USERNAME);
+    }
+
+    /**
+     * 根据身份信息获取键值
+     * 
+     * @param claims 身份信息
+     * @param key 键
+     * @return 值
+     */
+    public static String getValue(Claims claims, String key)
+    {
+        return Convert.toStr(claims.get(key), "");
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/PageUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/PageUtils.java
@ -0,0 +1,35 @@
+package com.ruoyi.common.core.utils;
+
+import com.github.pagehelper.PageHelper;
+import com.ruoyi.common.core.utils.sql.SqlUtil;
+import com.ruoyi.common.core.web.page.PageDomain;
+import com.ruoyi.common.core.web.page.TableSupport;
+
+/**
+ * 分页工具类
+ * 
+ * @author ruoyi
+ */
+public class PageUtils extends PageHelper
+{
+    /**
+     * 设置请求分页数据
+     */
+    public static void startPage()
+    {
+        PageDomain pageDomain = TableSupport.buildPageRequest();
+        Integer pageNum = pageDomain.getPageNum();
+        Integer pageSize = pageDomain.getPageSize();
+        String orderBy = SqlUtil.escapeOrderBySql(pageDomain.getOrderBy());
+        Boolean reasonable = pageDomain.getReasonable();
+        PageHelper.startPage(pageNum, pageSize, orderBy).setReasonable(reasonable);
+    }
+
+    /**
+     * 清理分页的线程变量
+     */
+    public static void clearPage()
+    {
+        PageHelper.clearPage();
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ReUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ReUtil.java
@ -1,164 +0,0 @@
-package com.ruoyi.common.core.utils;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import com.ruoyi.common.core.text.Convert;
-import com.ruoyi.common.core.utils.StringUtils;
-
-public class ReUtil
-{
-    public final static Pattern GROUP_VAR = Pattern.compile("\\$(\\d+)");
-
-    /**
-     * 正则中需要被转义的关键字
-     */
-    public final static Set<Character> RE_KEYS = new HashSet<>(
-            Arrays.asList('$', '(', ')', '*', '+', '.', '[', ']', '?', '\\', '^', '{', '}', '|'));;
-
-    /**
-     * 正则替换指定值<br>
-     * 通过正则查找到字符串，然后把匹配到的字符串加入到replacementTemplate中，$1表示分组1的字符串
-     *
-     * <p>
-     * 例如：原字符串是：中文1234，我想把1234换成(1234)，则可以：
-     *
-     * <pre>
-     * ReUtil.replaceAll("中文1234", "(\\d+)", "($1)"))
-     *
-     * 结果：中文(1234)
-     * </pre>
-     *
-     * @param content 文本
-     * @param regex 正则
-     * @param replacementTemplate 替换的文本模板，可以使用$1类似的变量提取正则匹配出的内容
-     * @return 处理后的文本
-     */
-    public static String replaceAll(CharSequence content, String regex, String replacementTemplate)
-    {
-        final Pattern pattern = Pattern.compile(regex, Pattern.DOTALL);
-        return replaceAll(content, pattern, replacementTemplate);
-    }
-
-    /**
-     * 正则替换指定值<br>
-     * 通过正则查找到字符串，然后把匹配到的字符串加入到replacementTemplate中，$1表示分组1的字符串
-     *
-     * @param content 文本
-     * @param pattern {@link Pattern}
-     * @param replacementTemplate 替换的文本模板，可以使用$1类似的变量提取正则匹配出的内容
-     * @return 处理后的文本
-     * @since 3.0.4
-     */
-    public static String replaceAll(CharSequence content, Pattern pattern, String replacementTemplate)
-    {
-        if (StringUtils.isEmpty(content))
-        {
-            return StringUtils.EMPTY;
-        }
-
-        final Matcher matcher = pattern.matcher(content);
-        boolean result = matcher.find();
-        if (result)
-        {
-            final Set<String> varNums = findAll(GROUP_VAR, replacementTemplate, 1, new HashSet<>());
-            final StringBuffer sb = new StringBuffer();
-            do
-            {
-                String replacement = replacementTemplate;
-                for (String var : varNums)
-                {
-                    int group = Integer.parseInt(var);
-                    replacement = replacement.replace("$" + var, matcher.group(group));
-                }
-                matcher.appendReplacement(sb, escape(replacement));
-                result = matcher.find();
-            }
-            while (result);
-            matcher.appendTail(sb);
-            return sb.toString();
-        }
-        return Convert.toStr(content);
-    }
- 
-    /**
-     * 取得内容中匹配的所有结果
-     *
-     * @param <T> 集合类型
-     * @param pattern 编译后的正则模式
-     * @param content 被查找的内容
-     * @param group 正则的分组
-     * @param collection 返回的集合类型
-     * @return 结果集
-     */
-    public static <T extends Collection<String>> T findAll(Pattern pattern, CharSequence content, int group,
-            T collection)
-    {
-        if (null == pattern || null == content)
-        {
-            return null;
-        }
-
-        if (null == collection)
-        {
-            throw new NullPointerException("Null collection param provided!");
-        }
-
-        final Matcher matcher = pattern.matcher(content);
-        while (matcher.find())
-        {
-            collection.add(matcher.group(group));
-        }
-        return collection;
-    }
-
-    /**
-     * 转义字符，将正则的关键字转义
-     *
-     * @param c 字符
-     * @return 转义后的文本
-     */
-    public static String escape(char c)
-    {
-        final StringBuilder builder = new StringBuilder();
-        if (RE_KEYS.contains(c))
-        {
-            builder.append('\\');
-        }
-        builder.append(c);
-        return builder.toString();
-    }
-
-    /**
-     * 转义字符串，将正则的关键字转义
-     *
-     * @param content 文本
-     * @return 转义后的文本
-     */
-    public static String escape(CharSequence content)
-    {
-        if (StringUtils.isBlank(content))
-        {
-            return StringUtils.EMPTY;
-        }
-
-        final StringBuilder builder = new StringBuilder();
-        int len = content.length();
-        char current;
-        for (int i = 0; i < len; i++)
-        {
-            current = content.charAt(i);
-            if (RE_KEYS.contains(current))
-            {
-                builder.append('\\');
-            }
-            builder.append(current);
-        }
-        return builder.toString();
-    }
-
-}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ServletUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ServletUtils.java
@ -4,9 +4,11 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
+import java.util.Collections;
 import java.util.Enumeration;
-import java.util.LinkedHashMap;
+import java.util.HashMap;
 import java.util.Map;
+import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@ -15,10 +17,11 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.util.LinkedCaseInsensitiveMap;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
-import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson2.JSON;
 import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.text.Convert;
@ -63,6 +66,50 @@ public class ServletUtils
        return Convert.toInt(getRequest().getParameter(name), defaultValue);
    }

+    /**
+     * 获取Boolean参数
+     */
+    public static Boolean getParameterToBool(String name)
+    {
+        return Convert.toBool(getRequest().getParameter(name));
+    }
+
+    /**
+     * 获取Boolean参数
+     */
+    public static Boolean getParameterToBool(String name, Boolean defaultValue)
+    {
+        return Convert.toBool(getRequest().getParameter(name), defaultValue);
+    }
+
+    /**
+     * 获得所有请求参数
+     *
+     * @param request 请求对象{@link ServletRequest}
+     * @return Map
+     */
+    public static Map<String, String[]> getParams(ServletRequest request)
+    {
+        final Map<String, String[]> map = request.getParameterMap();
+        return Collections.unmodifiableMap(map);
+    }
+
+    /**
+     * 获得所有请求参数
+     *
+     * @param request 请求对象{@link ServletRequest}
+     * @return Map
+     */
+    public static Map<String, String> getParamMap(ServletRequest request)
+    {
+        Map<String, String> params = new HashMap<>();
+        for (Map.Entry<String, String[]> entry : getParams(request).entrySet())
+        {
+            params.put(entry.getKey(), StringUtils.join(entry.getValue(), ","));
+        }
+        return params;
+    }
+
    /**
     * 获取request
     */
@ -114,9 +161,19 @@ public class ServletUtils
        }
    }

+    public static String getHeader(HttpServletRequest request, String name)
+    {
+        String value = request.getHeader(name);
+        if (StringUtils.isEmpty(value))
+        {
+            return StringUtils.EMPTY;
+        }
+        return urlDecode(value);
+    }
+
    public static Map<String, String> getHeaders(HttpServletRequest request)
    {
-        Map<String, String> map = new LinkedHashMap<>();
+        Map<String, String> map = new LinkedCaseInsensitiveMap<>();
        Enumeration<String> enumeration = request.getHeaderNames();
        if (enumeration != null)
        {
@ -135,9 +192,8 @@ public class ServletUtils
     * 
     * @param response 渲染对象
     * @param string 待渲染的字符串
-     * @return null
     */
-    public static String renderString(HttpServletResponse response, String string)
+    public static void renderString(HttpServletResponse response, String string)
    {
        try
        {
@ -150,7 +206,6 @@ public class ServletUtils
        {
            e.printStackTrace();
        }
-        return null;
    }

    /**
@ -161,13 +216,13 @@ public class ServletUtils
    public static boolean isAjaxRequest(HttpServletRequest request)
    {
        String accept = request.getHeader("accept");
-        if (accept != null && accept.indexOf("application/json") != -1)
+        if (accept != null && accept.contains("application/json"))
        {
            return true;
        }

        String xRequestedWith = request.getHeader("X-Requested-With");
-        if (xRequestedWith != null && xRequestedWith.indexOf("XMLHttpRequest") != -1)
+        if (xRequestedWith != null && xRequestedWith.contains("XMLHttpRequest"))
        {
            return true;
        }
@ -179,11 +234,7 @@ public class ServletUtils
        }

        String ajax = request.getParameter("__ajax");
-        if (StringUtils.inStringIgnoreCase(ajax, "json", "xml"))
-        {
-            return true;
-        }
-        return false;
+        return StringUtils.inStringIgnoreCase(ajax, "json", "xml");
    }

    /**
@ -200,7 +251,7 @@ public class ServletUtils
        }
        catch (UnsupportedEncodingException e)
        {
-            return "";
+            return StringUtils.EMPTY;
        }
    }

@ -218,7 +269,7 @@ public class ServletUtils
        }
        catch (UnsupportedEncodingException e)
        {
-            return "";
+            return StringUtils.EMPTY;
        }
    }

@ -276,7 +327,7 @@ public class ServletUtils
        response.setStatusCode(status);
        response.getHeaders().add(HttpHeaders.CONTENT_TYPE, contentType);
        R<?> result = R.fail(code, value.toString());
-        DataBuffer dataBuffer = response.bufferFactory().wrap(JSONObject.toJSONString(result).getBytes());
+        DataBuffer dataBuffer = response.bufferFactory().wrap(JSON.toJSONString(result).getBytes());
        return response.writeWith(Mono.just(dataBuffer));
    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java
@ -294,6 +294,32 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
        return StringUtils.startsWithAny(link, Constants.HTTP, Constants.HTTPS);
    }

+    /**
+     * 判断给定的collection列表中是否包含数组array 判断给定的数组array中是否包含给定的元素value
+     *
+     * @param collection 给定的集合
+     * @param array 给定的数组
+     * @return boolean 结果
+     */
+    public static boolean containsAny(Collection<String> collection, String... array)
+    {
+        if (isEmpty(collection) || isEmpty(array))
+        {
+            return false;
+        }
+        else
+        {
+            for (String str : array)
+            {
+                if (collection.contains(str))
+                {
+                    return true;
+                }
+            }
+            return false;
+        }
+    }
+
    /**
     * 驼峰转下划线命名
     */
@ -402,7 +428,8 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
    }

    /**
-     * 驼峰式命名法 例如：user_name->userName
+     * 驼峰式命名法
+     * 例如：user_name->userName
     */
    public static String toCamelCase(String s)
    {
@ -410,6 +437,10 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
        {
            return null;
        }
+        if (s.indexOf(SEPARATOR) == -1)
+        {
+            return s;
+        }
        s = s.toLowerCase();
        StringBuilder sb = new StringBuilder(s.length());
        boolean upperCase = false;
@ -478,4 +509,53 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
    {
        return (T) obj;
    }
-}
+
+    /**
+     * 数字左边补齐0，使之达到指定长度。注意，如果数字转换为字符串后，长度大于size，则只保留 最后size个字符。
+     * 
+     * @param num 数字对象
+     * @param size 字符串指定长度
+     * @return 返回数字的字符串格式，该字符串为指定长度。
+     */
+    public static final String padl(final Number num, final int size)
+    {
+        return padl(num.toString(), size, '0');
+    }
+
+    /**
+     * 字符串左补齐。如果原始字符串s长度大于size，则只保留最后size个字符。
+     * 
+     * @param s 原始字符串
+     * @param size 字符串指定长度
+     * @param c 用于补齐的字符
+     * @return 返回指定长度的字符串，由原字符串左补齐或截取得到。
+     */
+    public static final String padl(final String s, final int size, final char c)
+    {
+        final StringBuilder sb = new StringBuilder(size);
+        if (s != null)
+        {
+            final int len = s.length();
+            if (s.length() <= size)
+            {
+                for (int i = size - len; i > 0; i--)
+                {
+                    sb.append(c);
+                }
+                sb.append(s);
+            }
+            else
+            {
+                return s.substring(len - size, len);
+            }
+        }
+        else
+        {
+            for (int i = size; i > 0; i--)
+            {
+                sb.append(c);
+            }
+        }
+        return sb.toString();
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/bean/BeanValidators.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/bean/BeanValidators.java
@ -0,0 +1,24 @@
+package com.ruoyi.common.core.utils.bean;
+
+import java.util.Set;
+import javax.validation.ConstraintViolation;
+import javax.validation.ConstraintViolationException;
+import javax.validation.Validator;
+
+/**
+ * bean对象属性验证
+ * 
+ * @author ruoyi
+ */
+public class BeanValidators
+{
+    public static void validateWithException(Validator validator, Object object, Class<?>... groups)
+            throws ConstraintViolationException
+    {
+        Set<ConstraintViolation<Object>> constraintViolations = validator.validate(object, groups);
+        if (!constraintViolations.isEmpty())
+        {
+            throw new ConstraintViolationException(constraintViolations);
+        }
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/file/FileTypeUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/file/FileTypeUtils.java
@ -1,7 +1,10 @@
 package com.ruoyi.common.core.utils.file;

 import java.io.File;
+import java.util.Objects;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.web.multipart.MultipartFile;

 /**
 * 文件类型工具类
@ -45,6 +48,22 @@ public class FileTypeUtils
        return fileName.substring(separatorIndex + 1).toLowerCase();
    }

+    /**
+     * 获取文件名的后缀
+     * 
+     * @param file 表单文件
+     * @return 后缀名
+     */
+    public static final String getExtension(MultipartFile file)
+    {
+        String extension = FilenameUtils.getExtension(file.getOriginalFilename());
+        if (StringUtils.isEmpty(extension))
+        {
+            extension = MimeTypeUtils.getExtension(Objects.requireNonNull(file.getContentType()));
+        }
+        return extension;
+    }
+
    /**
     * 获取文件类型
     * 
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/file/FileUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/file/FileUtils.java
@ -97,8 +97,7 @@ public class FileUtils
        // 路径为文件且不为空则进行删除
        if (file.isFile() && file.exists())
        {
-            file.delete();
-            flag = true;
+            flag = file.delete();
        }
        return flag;
    }
@ -127,15 +126,8 @@ public class FileUtils
        {
            return false;
        }
-
-        // 检查允许下载的文件规则
-        if (ArrayUtils.contains(MimeTypeUtils.DEFAULT_ALLOWED_EXTENSION, FileTypeUtils.getFileType(resource)))
-        {
-            return true;
-        }
-
-        // 不在允许下载的文件规则
-        return false;
+        // 判断是否在允许下载的文件规则内
+        return ArrayUtils.contains(MimeTypeUtils.DEFAULT_ALLOWED_EXTENSION, FileTypeUtils.getFileType(resource));
    }

    /**
@ -244,6 +236,7 @@ public class FileUtils
                .append(percentEncodedFileName);

        response.setHeader("Content-disposition", contentDispositionValue.toString());
+        response.setHeader("download-filename", percentEncodedFileName);
    }

    /**
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/file/ImageUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/file/ImageUtils.java
@ -1,7 +1,6 @@
 package com.ruoyi.common.core.utils.file;

 import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.net.URL;
 import java.net.URLConnection;
@ -55,13 +54,12 @@ public class ImageUtils
    /**
     * 读取文件为字节数据
     * 
-     * @param key 地址
+     * @param url 地址
     * @return 字节数据
     */
    public static byte[] readFile(String url)
    {
        InputStream in = null;
-        ByteArrayOutputStream baos = null;
        try
        {
            // 网络地址
@ -81,7 +79,6 @@ public class ImageUtils
        finally
        {
            IOUtils.closeQuietly(in);
-            IOUtils.closeQuietly(baos);
        }
    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/EscapeUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/EscapeUtil.java
@ -69,26 +69,37 @@ public class EscapeUtil
     */
    private static String encode(String text)
    {
-        int len;
-        if ((text == null) || ((len = text.length()) == 0))
+        if (StringUtils.isEmpty(text))
        {
            return StringUtils.EMPTY;
        }
-        StringBuilder buffer = new StringBuilder(len + (len >> 2));
+
+        final StringBuilder tmp = new StringBuilder(text.length() * 6);
        char c;
-        for (int i = 0; i < len; i++)
+        for (int i = 0; i < text.length(); i++)
        {
            c = text.charAt(i);
-            if (c < 64)
+            if (c < 256)
            {
-                buffer.append(TEXT[c]);
+                tmp.append("%");
+                if (c < 16)
+                {
+                    tmp.append("0");
+                }
+                tmp.append(Integer.toString(c, 16));
            }
            else
            {
-                buffer.append(c);
+                tmp.append("%u");
+                if (c <= 0xfff)
+                {
+                    // issue#I49JU8@Gitee
+                    tmp.append("0");
+                }
+                tmp.append(Integer.toString(c, 16));
            }
        }
-        return buffer.toString();
+        return tmp.toString();
    }

    /**
@ -145,11 +156,12 @@ public class EscapeUtil
    public static void main(String[] args)
    {
        String html = "<script>alert(1);</script>";
+        String escape = EscapeUtil.escape(html);
        // String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
        // String html = "<123";
        // String html = "123>";
-        System.out.println(EscapeUtil.clean(html));
-        System.out.println(EscapeUtil.escape(html));
-        System.out.println(EscapeUtil.unescape(html));
+        System.out.println("clean: " + EscapeUtil.clean(html));
+        System.out.println("escape: " + escape);
+        System.out.println("unescape: " + EscapeUtil.unescape(escape));
    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/HTMLFilter.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/HTMLFilter.java
@ -332,7 +332,7 @@ public final class HTMLFilter
            final String name = m.group(1).toLowerCase();
            if (allowed(name))
            {
-                if (false == inArray(name, vSelfClosingTags))
+                if (!inArray(name, vSelfClosingTags))
                {
                    if (vTagCounts.containsKey(name))
                    {
@ -387,7 +387,7 @@ public final class HTMLFilter
                        {
                            paramValue = processParamProtocol(paramValue);
                        }
-                        params.append(' ').append(paramName).append("=\"").append(paramValue).append("\"");
+                        params.append(' ').append(paramName).append("=\\\"").append(paramValue).append("\\\"");
                    }
                }

--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ip/IpUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ip/IpUtils.java
@ -3,6 +3,7 @@ package com.ruoyi.common.core.utils.ip;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import javax.servlet.http.HttpServletRequest;
+import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;

 /**
@ -12,58 +13,79 @@ import com.ruoyi.common.core.utils.StringUtils;
 */
 public class IpUtils
 {
+    public final static String REGX_0_255 = "(25[0-5]|2[0-4]\\d|1\\d{2}|[1-9]\\d|\\d)";
+    // 匹配 ip
+    public final static String REGX_IP = "((" + REGX_0_255 + "\\.){3}" + REGX_0_255 + ")";
+    public final static String REGX_IP_WILDCARD = "(((\\*\\.){3}\\*)|(" + REGX_0_255 + "(\\.\\*){3})|(" + REGX_0_255 + "\\." + REGX_0_255 + ")(\\.\\*){2}" + "|((" + REGX_0_255 + "\\.){3}\\*))";
+    // 匹配网段
+    public final static String REGX_IP_SEG = "(" + REGX_IP + "\\-" + REGX_IP + ")";
+
+    /**
+     * 获取客户端IP
+     * 
+     * @return IP地址
+     */
+    public static String getIpAddr()
+    {
+        return getIpAddr(ServletUtils.getRequest());
+    }
+
+    /**
+     * 获取客户端IP
+     * 
+     * @param request 请求对象
+     * @return IP地址
+     */
    public static String getIpAddr(HttpServletRequest request)
    {
        if (request == null)
        {
-            return null;
+            return "unknown";
+        }
+        String ip = request.getHeader("x-forwarded-for");
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
+        {
+            ip = request.getHeader("Proxy-Client-IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
+        {
+            ip = request.getHeader("X-Forwarded-For");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
+        {
+            ip = request.getHeader("WL-Proxy-Client-IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
+        {
+            ip = request.getHeader("X-Real-IP");
        }

-        String ip = null;
-
-        // X-Forwarded-For：Squid 服务代理
-        String ipAddresses = request.getHeader("X-Forwarded-For");
-        if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses))
-        {
-            // Proxy-Client-IP：apache 服务代理
-            ipAddresses = request.getHeader("Proxy-Client-IP");
-        }
-        if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses))
-        {
-            // WL-Proxy-Client-IP：weblogic 服务代理
-            ipAddresses = request.getHeader("WL-Proxy-Client-IP");
-        }
-        if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses))
-        {
-            // HTTP_CLIENT_IP：有些代理服务器
-            ipAddresses = request.getHeader("HTTP_CLIENT_IP");
-        }
-        if (ipAddresses == null || ipAddresses.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses))
-        {
-            // X-Real-IP：nginx服务代理
-            ipAddresses = request.getHeader("X-Real-IP");
-        }
-
-        // 有些网络通过多层代理，那么获取到的ip就会有多个，一般都是通过逗号（,）分割开来，并且第一个ip为客户端的真实IP
-        if (ipAddresses != null && ipAddresses.length() != 0)
-        {
-            ip = ipAddresses.split(",")[0];
-        }
-
-        // 还是不能获取到，最后再通过request.getRemoteAddr();获取
-        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ipAddresses))
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
        {
            ip = request.getRemoteAddr();
        }
-        return ip.equals("0:0:0:0:0:0:0:1") ? "127.0.0.1" : ip;
+
+        return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : getMultistageReverseProxyIp(ip);
    }

+    /**
+     * 检查是否为内部IP地址
+     * 
+     * @param ip IP地址
+     * @return 结果
+     */
    public static boolean internalIp(String ip)
    {
        byte[] addr = textToNumericFormatV4(ip);
        return internalIp(addr) || "127.0.0.1".equals(ip);
    }

+    /**
+     * 检查是否为内部IP地址
+     * 
+     * @param addr byte地址
+     * @return 结果
+     */
    private static boolean internalIp(byte[] addr)
    {
        if (StringUtils.isNull(addr) || addr.length < 2)
@ -124,7 +146,8 @@ public class IpUtils
            {
                case 1:
                    l = Long.parseLong(elements[0]);
-                    if ((l < 0L) || (l > 4294967295L)){
+                    if ((l < 0L) || (l > 4294967295L))
+                    {
                        return null;
                    }
                    bytes[0] = (byte) (int) (l >> 24 & 0xFF);
@ -134,12 +157,14 @@ public class IpUtils
                    break;
                case 2:
                    l = Integer.parseInt(elements[0]);
-                    if ((l < 0L) || (l > 255L)) {
+                    if ((l < 0L) || (l > 255L))
+                    {
                        return null;
                    }
                    bytes[0] = (byte) (int) (l & 0xFF);
                    l = Integer.parseInt(elements[1]);
-                    if ((l < 0L) || (l > 16777215L)) {
+                    if ((l < 0L) || (l > 16777215L))
+                    {
                        return null;
                    }
                    bytes[1] = (byte) (int) (l >> 16 & 0xFF);
@ -150,13 +175,15 @@ public class IpUtils
                    for (i = 0; i < 2; ++i)
                    {
                        l = Integer.parseInt(elements[i]);
-                        if ((l < 0L) || (l > 255L)) {
+                        if ((l < 0L) || (l > 255L))
+                        {
                            return null;
                        }
                        bytes[i] = (byte) (int) (l & 0xFF);
                    }
                    l = Integer.parseInt(elements[2]);
-                    if ((l < 0L) || (l > 65535L)) {
+                    if ((l < 0L) || (l > 65535L))
+                    {
                        return null;
                    }
                    bytes[2] = (byte) (int) (l >> 8 & 0xFF);
@ -166,7 +193,8 @@ public class IpUtils
                    for (i = 0; i < 4; ++i)
                    {
                        l = Integer.parseInt(elements[i]);
-                        if ((l < 0L) || (l > 255L)) {
+                        if ((l < 0L) || (l > 255L))
+                        {
                            return null;
                        }
                        bytes[i] = (byte) (int) (l & 0xFF);
@ -183,6 +211,11 @@ public class IpUtils
        return bytes;
    }

+    /**
+     * 获取IP地址
+     * 
+     * @return 本地IP地址
+     */
    public static String getHostIp()
    {
        try
@ -195,6 +228,11 @@ public class IpUtils
        return "127.0.0.1";
    }

+    /**
+     * 获取主机名
+     * 
+     * @return 本地主机名
+     */
    public static String getHostName()
    {
        try
@ -206,4 +244,139 @@ public class IpUtils
        }
        return "未知";
    }
+
+    /**
+     * 从多级反向代理中获得第一个非unknown IP地址
+     *
+     * @param ip 获得的IP地址
+     * @return 第一个非unknown IP地址
+     */
+    public static String getMultistageReverseProxyIp(String ip)
+    {
+        // 多级反向代理检测
+        if (ip != null && ip.indexOf(",") > 0)
+        {
+            final String[] ips = ip.trim().split(",");
+            for (String subIp : ips)
+            {
+                if (false == isUnknown(subIp))
+                {
+                    ip = subIp;
+                    break;
+                }
+            }
+        }
+        return StringUtils.substring(ip, 0, 255);
+    }
+
+    /**
+     * 检测给定字符串是否为未知，多用于检测HTTP请求相关
+     *
+     * @param checkString 被检测的字符串
+     * @return 是否未知
+     */
+    public static boolean isUnknown(String checkString)
+    {
+        return StringUtils.isBlank(checkString) || "unknown".equalsIgnoreCase(checkString);
+    }
+
+    /**
+     * 是否为IP
+     */
+    public static boolean isIP(String ip)
+    {
+        return StringUtils.isNotBlank(ip) && ip.matches(REGX_IP);
+    }
+
+    /**
+     * 是否为IP，或 *为间隔的通配符地址
+     */
+    public static boolean isIpWildCard(String ip)
+    {
+        return StringUtils.isNotBlank(ip) && ip.matches(REGX_IP_WILDCARD);
+    }
+
+    /**
+     * 检测参数是否在ip通配符里
+     */
+    public static boolean ipIsInWildCardNoCheck(String ipWildCard, String ip)
+    {
+        String[] s1 = ipWildCard.split("\\.");
+        String[] s2 = ip.split("\\.");
+        boolean isMatchedSeg = true;
+        for (int i = 0; i < s1.length && !s1[i].equals("*"); i++)
+        {
+            if (!s1[i].equals(s2[i]))
+            {
+                isMatchedSeg = false;
+                break;
+            }
+        }
+        return isMatchedSeg;
+    }
+
+    /**
+     * 是否为特定格式如:“10.10.10.1-10.10.10.99”的ip段字符串
+     */
+    public static boolean isIPSegment(String ipSeg)
+    {
+        return StringUtils.isNotBlank(ipSeg) && ipSeg.matches(REGX_IP_SEG);
+    }
+
+    /**
+     * 判断ip是否在指定网段中
+     */
+    public static boolean ipIsInNetNoCheck(String iparea, String ip)
+    {
+        int idx = iparea.indexOf('-');
+        String[] sips = iparea.substring(0, idx).split("\\.");
+        String[] sipe = iparea.substring(idx + 1).split("\\.");
+        String[] sipt = ip.split("\\.");
+        long ips = 0L, ipe = 0L, ipt = 0L;
+        for (int i = 0; i < 4; ++i)
+        {
+            ips = ips << 8 | Integer.parseInt(sips[i]);
+            ipe = ipe << 8 | Integer.parseInt(sipe[i]);
+            ipt = ipt << 8 | Integer.parseInt(sipt[i]);
+        }
+        if (ips > ipe)
+        {
+            long t = ips;
+            ips = ipe;
+            ipe = t;
+        }
+        return ips <= ipt && ipt <= ipe;
+    }
+
+    /**
+     * 校验ip是否符合过滤串规则
+     * 
+     * @param filter 过滤IP列表,支持后缀'*'通配,支持网段如:`10.10.10.1-10.10.10.99`
+     * @param ip 校验IP地址
+     * @return boolean 结果
+     */
+    public static boolean isMatchedIp(String filter, String ip)
+    {
+        if (StringUtils.isEmpty(filter) || StringUtils.isEmpty(ip))
+        {
+            return false;
+        }
+        String[] ips = filter.split(";");
+        for (String iStr : ips)
+        {
+            if (isIP(iStr) && iStr.equals(ip))
+            {
+                return true;
+            }
+            else if (isIpWildCard(iStr) && ipIsInWildCardNoCheck(iStr, ip))
+            {
+                return true;
+            }
+            else if (isIPSegment(iStr) && ipIsInNetNoCheck(iStr, ip))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelHandlerAdapter.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelHandlerAdapter.java
@ -0,0 +1,24 @@
+package com.ruoyi.common.core.utils.poi;
+
+import org.apache.poi.ss.usermodel.Cell;
+import org.apache.poi.ss.usermodel.Workbook;
+
+/**
+ * Excel数据格式处理适配器
+ * 
+ * @author ruoyi
+ */
+public interface ExcelHandlerAdapter
+{
+    /**
+     * 格式化
+     * 
+     * @param value 单元格数据值
+     * @param args excel注解args参数组
+     * @param cell 单元格对象
+     * @param wb 工作簿对象
+     *
+     * @return 处理后的值
+     */
+    Object format(Object value, String[] args, Cell cell, Workbook wb);
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/sql/SqlUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/sql/SqlUtil.java
@ -1,6 +1,6 @@
 package com.ruoyi.common.core.utils.sql;

-import com.ruoyi.common.core.exception.BaseException;
+import com.ruoyi.common.core.exception.UtilException;
 import com.ruoyi.common.core.utils.StringUtils;

 /**
@ -10,11 +10,21 @@ import com.ruoyi.common.core.utils.StringUtils;
 */
 public class SqlUtil
 {
+    /**
+     * 定义常用的 sql关键字
+     */
+    public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()";
+
    /**
     * 仅支持字母、数字、下划线、空格、逗号、小数点（支持多个字段排序）
     */
    public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";

+    /**
+     * 限制orderBy最大长度
+     */
+    private static final int ORDER_BY_MAX_LENGTH = 500;
+
    /**
     * 检查字符，防止注入绕过
     */
@ -22,7 +32,11 @@ public class SqlUtil
    {
        if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value))
        {
-            throw new BaseException("参数不符合规范，不能进行查询");
+            throw new UtilException("参数不符合规范，不能进行查询");
+        }
+        if (StringUtils.length(value) > ORDER_BY_MAX_LENGTH)
+        {
+            throw new UtilException("参数已超过最大限制，不能进行查询");
        }
        return value;
    }
@ -34,4 +48,23 @@ public class SqlUtil
    {
        return value.matches(SQL_PATTERN);
    }
+
+    /**
+     * SQL关键字检查
+     */
+    public static void filterKeyword(String value)
+    {
+        if (StringUtils.isEmpty(value))
+        {
+            return;
+        }
+        String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|");
+        for (String sqlKeyword : sqlKeywords)
+        {
+            if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1)
+            {
+                throw new UtilException("参数存在SQL注入风险");
+            }
+        }
+    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/uuid/IdUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/uuid/IdUtils.java
@ -1,6 +1,4 @@
-package com.ruoyi.common.core.utils;
-
-import com.ruoyi.common.core.text.UUID;
+package com.ruoyi.common.core.utils.uuid;

 /**
 * ID生成器工具类
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/uuid/Seq.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/uuid/Seq.java
@ -0,0 +1,86 @@
+package com.ruoyi.common.core.utils.uuid;
+
+import java.util.concurrent.atomic.AtomicInteger;
+import com.ruoyi.common.core.utils.DateUtils;
+import com.ruoyi.common.core.utils.StringUtils;
+
+/**
+ * @author ruoyi 序列生成类
+ */
+public class Seq
+{
+    // 通用序列类型
+    public static final String commSeqType = "COMMON";
+
+    // 上传序列类型
+    public static final String uploadSeqType = "UPLOAD";
+
+    // 通用接口序列数
+    private static AtomicInteger commSeq = new AtomicInteger(1);
+
+    // 上传接口序列数
+    private static AtomicInteger uploadSeq = new AtomicInteger(1);
+
+    // 机器标识
+    private static final String machineCode = "A";
+
+    /**
+     * 获取通用序列号
+     * 
+     * @return 序列值
+     */
+    public static String getId()
+    {
+        return getId(commSeqType);
+    }
+    
+    /**
+     * 默认16位序列号 yyMMddHHmmss + 一位机器标识 + 3长度循环递增字符串
+     * 
+     * @return 序列值
+     */
+    public static String getId(String type)
+    {
+        AtomicInteger atomicInt = commSeq;
+        if (uploadSeqType.equals(type))
+        {
+            atomicInt = uploadSeq;
+        }
+        return getId(atomicInt, 3);
+    }
+
+    /**
+     * 通用接口序列号 yyMMddHHmmss + 一位机器标识 + length长度循环递增字符串
+     * 
+     * @param atomicInt 序列数
+     * @param length 数值长度
+     * @return 序列值
+     */
+    public static String getId(AtomicInteger atomicInt, int length)
+    {
+        String result = DateUtils.dateTimeNow();
+        result += machineCode;
+        result += getSeq(atomicInt, length);
+        return result;
+    }
+
+    /**
+     * 序列循环递增字符串[1, 10 的 (length)幂次方), 用0左补齐length位数
+     * 
+     * @return 序列值
+     */
+    private synchronized static String getSeq(AtomicInteger atomicInt, int length)
+    {
+        // 先取值再+1
+        int value = atomicInt.getAndIncrement();
+
+        // 如果更新后值>=10 的 (length)幂次方则重置为1
+        int maxSeq = (int) Math.pow(10, length);
+        if (atomicInt.get() >= maxSeq)
+        {
+            atomicInt.set(1);
+        }
+        // 转字符串，用0左补齐
+        return StringUtils.padl(value, length);
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/uuid/UUID.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/uuid/UUID.java
@ -1,4 +1,4 @@
-package com.ruoyi.common.core.text;
+package com.ruoyi.common.core.utils.uuid;

 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@ -66,7 +66,7 @@ public final class UUID implements java.io.Serializable, Comparable<UUID>
    }

    /**
-     * 获取类型 4（伪随机生成的）UUID 的静态工厂。 使用加密的本地线程伪随机数生成器生成该 UUID。
+     * 获取类型 4（伪随机生成的）UUID 的静态工厂。 
     * 
     * @return 随机生成的 {@code UUID}
     */
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/controller/BaseController.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/controller/BaseController.java
@ -7,16 +7,12 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.InitBinder;
-import com.github.pagehelper.PageHelper;
 import com.github.pagehelper.PageInfo;
 import com.ruoyi.common.core.constant.HttpStatus;
 import com.ruoyi.common.core.utils.DateUtils;
-import com.ruoyi.common.core.utils.StringUtils;
-import com.ruoyi.common.core.utils.sql.SqlUtil;
+import com.ruoyi.common.core.utils.PageUtils;
 import com.ruoyi.common.core.web.domain.AjaxResult;
-import com.ruoyi.common.core.web.page.PageDomain;
 import com.ruoyi.common.core.web.page.TableDataInfo;
-import com.ruoyi.common.core.web.page.TableSupport;

 /**
 * web层通用数据处理
@ -49,14 +45,15 @@ public class BaseController
     */
    protected void startPage()
    {
-        PageDomain pageDomain = TableSupport.buildPageRequest();
-        Integer pageNum = pageDomain.getPageNum();
-        Integer pageSize = pageDomain.getPageSize();
-        if (StringUtils.isNotNull(pageNum) && StringUtils.isNotNull(pageSize))
-        {
-            String orderBy = SqlUtil.escapeOrderBySql(pageDomain.getOrderBy());
-            PageHelper.startPage(pageNum, pageSize, orderBy);
-        }
+        PageUtils.startPage();
+    }
+
+    /**
+     * 清理分页的线程变量
+     */
+    protected void clearPage()
+    {
+        PageUtils.clearPage();
    }

    /**
@ -73,6 +70,54 @@ public class BaseController
        return rspData;
    }

+    /**
+     * 返回成功
+     */
+    public AjaxResult success()
+    {
+        return AjaxResult.success();
+    }
+
+    /**
+     * 返回成功消息
+     */
+    public AjaxResult success(String message)
+    {
+        return AjaxResult.success(message);
+    }
+
+    /**
+     * 返回成功消息
+     */
+    public AjaxResult success(Object data)
+    {
+        return AjaxResult.success(data);
+    }
+
+    /**
+     * 返回失败消息
+     */
+    public AjaxResult error()
+    {
+        return AjaxResult.error();
+    }
+
+    /**
+     * 返回失败消息
+     */
+    public AjaxResult error(String message)
+    {
+        return AjaxResult.error(message);
+    }
+
+    /**
+     * 返回警告消息
+     */
+    public AjaxResult warn(String message)
+    {
+        return AjaxResult.warn(message);
+    }
+
    /**
     * 响应返回结果
     * 
@ -94,36 +139,4 @@ public class BaseController
    {
        return result ? success() : error();
    }
-
-    /**
-     * 返回成功
-     */
-    public AjaxResult success()
-    {
-        return AjaxResult.success();
-    }
-
-    /**
-     * 返回失败消息
-     */
-    public AjaxResult error()
-    {
-        return AjaxResult.error();
-    }
-
-    /**
-     * 返回成功消息
-     */
-    public AjaxResult success(String message)
-    {
-        return AjaxResult.success(message);
-    }
-
-    /**
-     * 返回失败消息
-     */
-    public AjaxResult error(String message)
-    {
-        return AjaxResult.error(message);
-    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/domain/AjaxResult.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/domain/AjaxResult.java
@ -1,6 +1,7 @@
 package com.ruoyi.common.core.web.domain;

 import java.util.HashMap;
+import java.util.Objects;
 import com.ruoyi.common.core.constant.HttpStatus;
 import com.ruoyi.common.core.utils.StringUtils;

@ -57,20 +58,6 @@ public class AjaxResult extends HashMap<String, Object>
            super.put(DATA_TAG, data);
        }
    }
-    
-    /**
-     * 方便链式调用
-     *
-     * @param key
-     * @param value
-     * @return
-     */
-    @Override
-    public AjaxResult put(String key, Object value)
-    {
-        super.put(key, value);
-        return this;
-    }

    /**
     * 返回成功消息
@ -115,10 +102,33 @@ public class AjaxResult extends HashMap<String, Object>
        return new AjaxResult(HttpStatus.SUCCESS, msg, data);
    }

+    /**
+     * 返回警告消息
+     *
+     * @param msg 返回内容
+     * @return 警告消息
+     */
+    public static AjaxResult warn(String msg)
+    {
+        return AjaxResult.warn(msg, null);
+    }
+
+    /**
+     * 返回警告消息
+     *
+     * @param msg 返回内容
+     * @param data 数据对象
+     * @return 警告消息
+     */
+    public static AjaxResult warn(String msg, Object data)
+    {
+        return new AjaxResult(HttpStatus.WARN, msg, data);
+    }
+
    /**
     * 返回错误消息
     * 
-     * @return
+     * @return 错误消息
     */
    public static AjaxResult error()
    {
@ -129,7 +139,7 @@ public class AjaxResult extends HashMap<String, Object>
     * 返回错误消息
     * 
     * @param msg 返回内容
-     * @return 警告消息
+     * @return 错误消息
     */
    public static AjaxResult error(String msg)
    {
@ -141,7 +151,7 @@ public class AjaxResult extends HashMap<String, Object>
     * 
     * @param msg 返回内容
     * @param data 数据对象
-     * @return 警告消息
+     * @return 错误消息
     */
    public static AjaxResult error(String msg, Object data)
    {
@ -153,10 +163,54 @@ public class AjaxResult extends HashMap<String, Object>
     * 
     * @param code 状态码
     * @param msg 返回内容
-     * @return 警告消息
+     * @return 错误消息
     */
    public static AjaxResult error(int code, String msg)
    {
        return new AjaxResult(code, msg, null);
    }
+
+    /**
+     * 是否为成功消息
+     *
+     * @return 结果
+     */
+    public boolean isSuccess()
+    {
+        return Objects.equals(HttpStatus.SUCCESS, this.get(CODE_TAG));
+    }
+
+    /**
+     * 是否为警告消息
+     *
+     * @return 结果
+     */
+    public boolean isWarn()
+    {
+        return Objects.equals(HttpStatus.WARN, this.get(CODE_TAG));
+    }
+
+    /**
+     * 是否为错误消息
+     *
+     * @return 结果
+     */
+    public boolean isError()
+    {
+        return Objects.equals(HttpStatus.ERROR, this.get(CODE_TAG));
+    }
+
+    /**
+     * 方便链式调用
+     *
+     * @param key
+     * @param value
+     * @return
+     */
+    @Override
+    public AjaxResult put(String key, Object value)
+    {
+        super.put(key, value);
+        return this;
+    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/domain/BaseEntity.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/domain/BaseEntity.java
@ -5,6 +5,8 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;

 /**
 * Entity基类
@ -16,6 +18,7 @@ public class BaseEntity implements Serializable
    private static final long serialVersionUID = 1L;

    /** 搜索值 */
+    @JsonIgnore
    private String searchValue;

    /** 创建者 */
@ -36,6 +39,7 @@ public class BaseEntity implements Serializable
    private String remark;

    /** 请求参数 */
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
    private Map<String, Object> params;

    public String getSearchValue()
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/page/PageDomain.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/page/PageDomain.java
@ -21,6 +21,9 @@ public class PageDomain
    /** 排序的方向desc或者asc */
    private String isAsc = "asc";

+    /** 分页参数合理化 */
+    private Boolean reasonable = true;
+
    public String getOrderBy()
    {
        if (StringUtils.isEmpty(orderByColumn))
@ -81,4 +84,18 @@ public class PageDomain
            this.isAsc = isAsc;
        }
    }
+
+    public Boolean getReasonable()
+    {
+        if (StringUtils.isNull(reasonable))
+        {
+            return Boolean.TRUE;
+        }
+        return reasonable;
+    }
+
+    public void setReasonable(Boolean reasonable)
+    {
+        this.reasonable = reasonable;
+    }
 }
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/page/TableSupport.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/web/page/TableSupport.java
@ -1,5 +1,6 @@
 package com.ruoyi.common.core.web.page;

+import com.ruoyi.common.core.text.Convert;
 import com.ruoyi.common.core.utils.ServletUtils;

 /**
@ -29,16 +30,22 @@ public class TableSupport
     */
    public static final String IS_ASC = "isAsc";

+    /**
+     * 分页参数合理化
+     */
+    public static final String REASONABLE = "reasonable";
+
    /**
     * 封装分页对象
     */
    public static PageDomain getPageDomain()
    {
        PageDomain pageDomain = new PageDomain();
-        pageDomain.setPageNum(ServletUtils.getParameterToInt(PAGE_NUM));
-        pageDomain.setPageSize(ServletUtils.getParameterToInt(PAGE_SIZE));
+        pageDomain.setPageNum(Convert.toInt(ServletUtils.getParameter(PAGE_NUM), 1));
+        pageDomain.setPageSize(Convert.toInt(ServletUtils.getParameter(PAGE_SIZE), 10));
        pageDomain.setOrderByColumn(ServletUtils.getParameter(ORDER_BY_COLUMN));
        pageDomain.setIsAsc(ServletUtils.getParameter(IS_ASC));
+        pageDomain.setReasonable(ServletUtils.getParameterToBool(REASONABLE));
        return pageDomain;
    }

--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/Xss.java
@ -0,0 +1,27 @@
+package com.ruoyi.common.core.xss;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 自定义xss校验注解
+ * 
+ * @author ruoyi
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
+@Constraint(validatedBy = { XssValidator.class })
+public @interface Xss
+{
+    String message()
+
+    default "不允许任何脚本运行";
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/xss/XssValidator.java
@ -0,0 +1,34 @@
+package com.ruoyi.common.core.xss;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+import com.ruoyi.common.core.utils.StringUtils;
+
+/**
+ * 自定义xss校验注解实现
+ * 
+ * @author ruoyi
+ */
+public class XssValidator implements ConstraintValidator<Xss, String>
+{
+    private static final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
+
+    @Override
+    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)
+    {
+        if (StringUtils.isBlank(value))
+        {
+            return true;
+        }
+        return !containsHtml(value);
+    }
+
+    public static boolean containsHtml(String value)
+    {
+        Pattern pattern = Pattern.compile(HTML_PATTERN);
+        Matcher matcher = pattern.matcher(value);
+        return matcher.matches();
+    }
+}
--- a/ruoyi-common/ruoyi-common-core/src/main/resources/META-INF/spring.factories
+++ b/ruoyi-common/ruoyi-common-core/src/main/resources/META-INF/spring.factories
@ -1,4 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-  com.ruoyi.common.core.utils.SpringUtils
-
-  
--- a/ruoyi-common/ruoyi-common-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/ruoyi-common/ruoyi-common-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@ -0,0 +1 @@
+com.ruoyi.common.core.utils.SpringUtils
--- a/ruoyi-common/ruoyi-common-datascope/pom.xml
+++ b/ruoyi-common/ruoyi-common-datascope/pom.xml
@ -5,7 +5,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi-common</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    
--- a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java
+++ b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java
@ -25,4 +25,9 @@ public @interface DataScope
     * 用户表的别名
     */
    public String userAlias() default "";
+
+    /**
+     * 权限字符（用于多个角色匹配符合要求的权限）默认根据权限注解@RequiresPermissions获取，多个权限用逗号分隔开来
+     */
+    public String permission() default "";
 }
--- a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java
+++ b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java
@ -1,18 +1,17 @@
 package com.ruoyi.common.datascope.aspect;

-import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
 import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.Signature;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
-import org.aspectj.lang.annotation.Pointcut;
-import org.aspectj.lang.reflect.MethodSignature;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import com.ruoyi.common.core.context.SecurityContextHolder;
+import com.ruoyi.common.core.text.Convert;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.web.domain.BaseEntity;
 import com.ruoyi.common.datascope.annotation.DataScope;
-import com.ruoyi.common.security.service.TokenService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.api.model.LoginUser;
@ -56,40 +55,26 @@ public class DataScopeAspect
     */
    public static final String DATA_SCOPE = "dataScope";

-    @Autowired
-    private TokenService tokenService;
-
-    // 配置织入点
-    @Pointcut("@annotation(com.ruoyi.common.datascope.annotation.DataScope)")
-    public void dataScopePointCut()
-    {
-    }
-
-    @Before("dataScopePointCut()")
-    public void doBefore(JoinPoint point) throws Throwable
+    @Before("@annotation(controllerDataScope)")
+    public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable
    {
        clearDataScope(point);
-        handleDataScope(point);
+        handleDataScope(point, controllerDataScope);
    }

-    protected void handleDataScope(final JoinPoint joinPoint)
+    protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope)
    {
-        // 获得注解
-        DataScope controllerDataScope = getAnnotationLog(joinPoint);
-        if (controllerDataScope == null)
-        {
-            return;
-        }
        // 获取当前的用户
-        LoginUser loginUser = tokenService.getLoginUser();
+        LoginUser loginUser = SecurityUtils.getLoginUser();
        if (StringUtils.isNotNull(loginUser))
        {
            SysUser currentUser = loginUser.getSysUser();
            // 如果是超级管理员，则不过滤数据
            if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
            {
+                String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), SecurityContextHolder.getPermission());
                dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
-                        controllerDataScope.userAlias());
+                        controllerDataScope.userAlias(), permission);
            }
        }
    }
@ -101,17 +86,29 @@ public class DataScopeAspect
     * @param user 用户
     * @param deptAlias 部门别名
     * @param userAlias 用户别名
+     * @param permission 权限字符
     */
-    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
+    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
    {
        StringBuilder sqlString = new StringBuilder();
+        List<String> conditions = new ArrayList<String>();

        for (SysRole role : user.getRoles())
        {
            String dataScope = role.getDataScope();
+            if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
+            {
+                continue;
+            }
+            if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
+                    && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+            {
+                continue;
+            }
            if (DATA_SCOPE_ALL.equals(dataScope))
            {
                sqlString = new StringBuilder();
+                conditions.add(dataScope);
                break;
            }
            else if (DATA_SCOPE_CUSTOM.equals(dataScope))
@ -139,9 +136,16 @@ public class DataScopeAspect
                else
                {
                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
-                    sqlString.append(" OR 1=0 ");
+                    sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
                }
            }
+            conditions.add(dataScope);
+        }
+
+        // 多角色情况下，所有角色都不包含传递过来的权限字符，这个时候sqlString也会为空，所以要限制一下,不查询任何数据
+        if (StringUtils.isEmpty(conditions))
+        {
+            sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
        }

        if (StringUtils.isNotBlank(sqlString.toString()))
@ -155,22 +159,6 @@ public class DataScopeAspect
        }
    }

-    /**
-     * 是否存在注解，如果存在就获取
-     */
-    private DataScope getAnnotationLog(JoinPoint joinPoint)
-    {
-        Signature signature = joinPoint.getSignature();
-        MethodSignature methodSignature = (MethodSignature) signature;
-        Method method = methodSignature.getMethod();
-
-        if (method != null)
-        {
-            return method.getAnnotation(DataScope.class);
-        }
-        return null;
-    }
-
    /**
     * 拼接权限sql前先清空params.dataScope参数防止注入
     */
--- a/ruoyi-common/ruoyi-common-datascope/src/main/resources/META-INF/spring.factories
+++ b/ruoyi-common/ruoyi-common-datascope/src/main/resources/META-INF/spring.factories
@ -1,4 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-  com.ruoyi.common.datascope.aspect.DataScopeAspect
-
-  
--- a/ruoyi-common/ruoyi-common-datascope/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/ruoyi-common/ruoyi-common-datascope/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@ -0,0 +1 @@
+com.ruoyi.common.datascope.aspect.DataScopeAspect
--- a/ruoyi-common/ruoyi-common-datasource/pom.xml
+++ b/ruoyi-common/ruoyi-common-datasource/pom.xml
@ -5,19 +5,19 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi-common</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    
    <artifactId>ruoyi-common-datasource</artifactId>
-	
+
    <description>
        ruoyi-common-datasource多数据源
    </description>

    <dependencies>

-		<!-- Druid -->
+        <!-- Druid -->
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid-spring-boot-starter</artifactId>
@ -30,12 +30,6 @@
            <artifactId>dynamic-datasource-spring-boot-starter</artifactId>
            <version>${dynamic-ds.version}</version>
        </dependency>
-        
-        <!-- SpringBoot Seata -->
-        <dependency>
-            <groupId>com.alibaba.cloud</groupId>
-            <artifactId>spring-cloud-starter-alibaba-seata</artifactId>
-        </dependency>

    </dependencies>
 </project>
--- a/ruoyi-common/ruoyi-common-log/pom.xml
+++ b/ruoyi-common/ruoyi-common-log/pom.xml
@ -5,7 +5,7 @@
    <parent>
        <groupId>com.ruoyi</groupId>
        <artifactId>ruoyi-common</artifactId>
-        <version>3.1.0</version>
+        <version>3.6.3</version>
    </parent>
    <modelVersion>4.0.0</modelVersion>
    
--- a/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/annotation/Log.java
+++ b/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/annotation/Log.java
@ -38,4 +38,14 @@ public @interface Log
     * 是否保存请求的参数
     */
    public boolean isSaveRequestData() default true;
+
+    /**
+     * 是否保存响应的参数
+     */
+    public boolean isSaveResponseData() default true;
+
+    /**
+     * 排除指定的请求参数
+     */
+    public String[] excludeParamNames() default {};
 }
--- a/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/aspect/LogAspect.java
+++ b/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/aspect/LogAspect.java
@ -1,33 +1,32 @@
 package com.ruoyi.common.log.aspect;

-import java.lang.reflect.Method;
 import java.util.Collection;
-import java.util.Iterator;
 import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.ArrayUtils;
 import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.Signature;
 import org.aspectj.lang.annotation.AfterReturning;
 import org.aspectj.lang.annotation.AfterThrowing;
 import org.aspectj.lang.annotation.Aspect;
-import org.aspectj.lang.annotation.Pointcut;
-import org.aspectj.lang.reflect.MethodSignature;
+import org.aspectj.lang.annotation.Before;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.NamedThreadLocal;
 import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.multipart.MultipartFile;
-import com.alibaba.fastjson.JSON;
-import com.ruoyi.common.core.utils.SecurityUtils;
+import com.alibaba.fastjson2.JSON;
 import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.ip.IpUtils;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessStatus;
+import com.ruoyi.common.log.filter.PropertyPreExcludeFilter;
 import com.ruoyi.common.log.service.AsyncLogService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysOperLog;

 /**
@ -40,14 +39,23 @@ import com.ruoyi.system.api.domain.SysOperLog;
 public class LogAspect
 {
    private static final Logger log = LoggerFactory.getLogger(LogAspect.class);
-    
+
+    /** 排除敏感属性字段 */
+    public static final String[] EXCLUDE_PROPERTIES = { "password", "oldPassword", "newPassword", "confirmPassword" };
+
+    /** 计算操作消耗时间 */
+    private static final ThreadLocal<Long> TIME_THREADLOCAL = new NamedThreadLocal<Long>("Cost Time");
+
    @Autowired
    private AsyncLogService asyncLogService;

-    // 配置织入点
-    @Pointcut("@annotation(com.ruoyi.common.log.annotation.Log)")
-    public void logPointCut()
+    /**
+     * 处理请求前执行
+     */
+    @Before(value = "@annotation(controllerLog)")
+    public void boBefore(JoinPoint joinPoint, Log controllerLog)
    {
+        TIME_THREADLOCAL.set(System.currentTimeMillis());
    }

    /**
@ -55,10 +63,10 @@ public class LogAspect
     *
     * @param joinPoint 切点
     */
-    @AfterReturning(pointcut = "logPointCut()", returning = "jsonResult")
-    public void doAfterReturning(JoinPoint joinPoint, Object jsonResult)
+    @AfterReturning(pointcut = "@annotation(controllerLog)", returning = "jsonResult")
+    public void doAfterReturning(JoinPoint joinPoint, Log controllerLog, Object jsonResult)
    {
-        handleLog(joinPoint, null, jsonResult);
+        handleLog(joinPoint, controllerLog, null, jsonResult);
    }

    /**
@ -67,33 +75,23 @@ public class LogAspect
     * @param joinPoint 切点
     * @param e 异常
     */
-    @AfterThrowing(value = "logPointCut()", throwing = "e")
-    public void doAfterThrowing(JoinPoint joinPoint, Exception e)
+    @AfterThrowing(value = "@annotation(controllerLog)", throwing = "e")
+    public void doAfterThrowing(JoinPoint joinPoint, Log controllerLog, Exception e)
    {
-        handleLog(joinPoint, e, null);
+        handleLog(joinPoint, controllerLog, e, null);
    }

-    protected void handleLog(final JoinPoint joinPoint, final Exception e, Object jsonResult)
+    protected void handleLog(final JoinPoint joinPoint, Log controllerLog, final Exception e, Object jsonResult)
    {
        try
        {
-            // 获得注解
-            Log controllerLog = getAnnotationLog(joinPoint);
-            if (controllerLog == null)
-            {
-                return;
-            }
-
            // *========数据库日志=========*//
            SysOperLog operLog = new SysOperLog();
            operLog.setStatus(BusinessStatus.SUCCESS.ordinal());
            // 请求的地址
-            String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
+            String ip = IpUtils.getIpAddr();
            operLog.setOperIp(ip);
-            // 返回参数
-            operLog.setJsonResult(JSON.toJSONString(jsonResult));
-
-            operLog.setOperUrl(ServletUtils.getRequest().getRequestURI());
+            operLog.setOperUrl(StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
            String username = SecurityUtils.getUsername();
            if (StringUtils.isNotBlank(username))
            {
@ -112,17 +110,22 @@ public class LogAspect
            // 设置请求方式
            operLog.setRequestMethod(ServletUtils.getRequest().getMethod());
            // 处理设置注解上的参数
-            getControllerMethodDescription(joinPoint, controllerLog, operLog);
+            getControllerMethodDescription(joinPoint, controllerLog, operLog, jsonResult);
+            // 设置消耗时间
+            operLog.setCostTime(System.currentTimeMillis() - TIME_THREADLOCAL.get());
            // 保存数据库
            asyncLogService.saveSysLog(operLog);
        }
        catch (Exception exp)
        {
            // 记录本地异常日志
-            log.error("==前置通知异常==");
            log.error("异常信息:{}", exp.getMessage());
            exp.printStackTrace();
        }
+        finally
+        {
+            TIME_THREADLOCAL.remove();
+        }
    }

    /**
@ -132,7 +135,7 @@ public class LogAspect
     * @param operLog 操作日志
     * @throws Exception
     */
-    public void getControllerMethodDescription(JoinPoint joinPoint, Log log, SysOperLog operLog) throws Exception
+    public void getControllerMethodDescription(JoinPoint joinPoint, Log log, SysOperLog operLog, Object jsonResult) throws Exception
    {
        // 设置action动作
        operLog.setBusinessType(log.businessType().ordinal());
@ -144,7 +147,12 @@ public class LogAspect
        if (log.isSaveRequestData())
        {
            // 获取参数的信息，传入到数据库中。
-            setRequestValue(joinPoint, operLog);
+            setRequestValue(joinPoint, operLog, log.excludeParamNames());
+        }
+        // 是否需要保存response，参数和值
+        if (log.isSaveResponseData() && StringUtils.isNotNull(jsonResult))
+        {
+            operLog.setJsonResult(StringUtils.substring(JSON.toJSONString(jsonResult), 0, 2000));
        }
    }

@ -154,47 +162,37 @@ public class LogAspect
     * @param operLog 操作日志
     * @throws Exception 异常
     */
-    private void setRequestValue(JoinPoint joinPoint, SysOperLog operLog) throws Exception
+    private void setRequestValue(JoinPoint joinPoint, SysOperLog operLog, String[] excludeParamNames) throws Exception
    {
        String requestMethod = operLog.getRequestMethod();
-        if (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod))
+        Map<?, ?> paramsMap = ServletUtils.getParamMap(ServletUtils.getRequest());
+        if (StringUtils.isEmpty(paramsMap)
+                && (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod)))
        {
-            String params = argsArrayToString(joinPoint.getArgs());
+            String params = argsArrayToString(joinPoint.getArgs(), excludeParamNames);
            operLog.setOperParam(StringUtils.substring(params, 0, 2000));
        }
-    }
-
-    /**
-     * 是否存在注解，如果存在就获取
-     */
-    private Log getAnnotationLog(JoinPoint joinPoint) throws Exception
-    {
-        Signature signature = joinPoint.getSignature();
-        MethodSignature methodSignature = (MethodSignature) signature;
-        Method method = methodSignature.getMethod();
-
-        if (method != null)
+        else
        {
-            return method.getAnnotation(Log.class);
+            operLog.setOperParam(StringUtils.substring(JSON.toJSONString(paramsMap, excludePropertyPreFilter(excludeParamNames)), 0, 2000));
        }
-        return null;
    }

    /**
     * 参数拼装
     */
-    private String argsArrayToString(Object[] paramsArray)
+    private String argsArrayToString(Object[] paramsArray, String[] excludeParamNames)
    {
        String params = "";
        if (paramsArray != null && paramsArray.length > 0)
        {
-            for (int i = 0; i < paramsArray.length; i++)
+            for (Object o : paramsArray)
            {
-                if (StringUtils.isNotNull(paramsArray[i]) && !isFilterObject(paramsArray[i]))
+                if (StringUtils.isNotNull(o) && !isFilterObject(o))
                {
                    try
                    {
-                        Object jsonObj = JSON.toJSON(paramsArray[i]);
+                        String jsonObj = JSON.toJSONString(o, excludePropertyPreFilter(excludeParamNames));
                        params += jsonObj.toString() + " ";
                    }
                    catch (Exception e)
@ -206,6 +204,14 @@ public class LogAspect
        return params.trim();
    }

+    /**
+     * 忽略敏感属性
+     */
+    public PropertyPreExcludeFilter excludePropertyPreFilter(String[] excludeParamNames)
+    {
+        return new PropertyPreExcludeFilter().addExcludes(ArrayUtils.addAll(EXCLUDE_PROPERTIES, excludeParamNames));
+    }
+
    /**
     * 判断是否需要过滤的对象。
     * 
@ -223,17 +229,17 @@ public class LogAspect
        else if (Collection.class.isAssignableFrom(clazz))
        {
            Collection collection = (Collection) o;
-            for (Iterator iter = collection.iterator(); iter.hasNext();)
+            for (Object value : collection)
            {
-                return iter.next() instanceof MultipartFile;
+                return value instanceof MultipartFile;
            }
        }
        else if (Map.class.isAssignableFrom(clazz))
        {
            Map map = (Map) o;
-            for (Iterator iter = map.entrySet().iterator(); iter.hasNext();)
+            for (Object value : map.entrySet())
            {
-                Map.Entry entry = (Map.Entry) iter.next();
+                Map.Entry entry = (Map.Entry) value;
                return entry.getValue() instanceof MultipartFile;
            }
        }
--- a/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/filter/PropertyPreExcludeFilter.java
+++ b/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/filter/PropertyPreExcludeFilter.java
@ -0,0 +1,24 @@
+package com.ruoyi.common.log.filter;
+
+import com.alibaba.fastjson2.filter.SimplePropertyPreFilter;
+
+/**
+ * 排除JSON敏感属性
+ * 
+ * @author ruoyi
+ */
+public class PropertyPreExcludeFilter extends SimplePropertyPreFilter
+{
+    public PropertyPreExcludeFilter()
+    {
+    }
+
+    public PropertyPreExcludeFilter addExcludes(String... filters)
+    {
+        for (int i = 0; i < filters.length; i++)
+        {
+            this.getExcludes().add(filters[i]);
+        }
+        return this;
+    }
+}
--- a/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/service/AsyncLogService.java
+++ b/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/service/AsyncLogService.java
@ -22,7 +22,7 @@ public class AsyncLogService
     * 保存系统日志记录
     */
    @Async
-    public void saveSysLog(SysOperLog sysOperLog)
+    public void saveSysLog(SysOperLog sysOperLog) throws Exception
    {
        remoteLogService.saveLog(sysOperLog, SecurityConstants.INNER);
    }
--- a/ruoyi-common/ruoyi-common-log/src/main/resources/META-INF/spring.factories
+++ b/ruoyi-common/ruoyi-common-log/src/main/resources/META-INF/spring.factories
@ -1,3 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-  com.ruoyi.common.log.service.AsyncLogService,\
-  com.ruoyi.common.log.aspect.LogAspect
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`custom: http://doc.ruoyi.vip/ruoyi-cloud/other/donate.html`
				`@ -0,0 +1 @@`
				`com.ruoyi.common.datascope.aspect.DataScopeAspect`