修复已知安全漏洞：

1、PDF型XSS漏洞
2、点击劫持：缺少X-Frame-Options标头
3、明文传输
4、CORS跨域攻击

README.md

@@ -5,13 +5,55 @@
 ### 工业互联网CAS统一认证开始/关闭：
     
 ```` java
-    CAS配置文件：application-cas.yml    
+    一 CAS配置文件：application-cas.yml    
+    
+    二 打开注解即开始认证，注释注解即关闭认证
+      /**
+       * TODO 甲方部署时打开：CAS统一认证拦截器
+       */
+      @EnableCasClient
+      @Configuration
+      public class CasConfigure extends CasClientConfigurerAdapter 
+
+    三 打包发布的时候，注释掉登录接口
+        SysLoginController.class
+             /**
+             * 登录方法
+             *
+             * @param loginBody 登录信息
+             * @return 结果
+             */
+            //TODO 打包屏蔽-甲方部署时注释：甲方不需要本地登录功能采用单点登录
+            @PostMapping("/login")
+            public AjaxResult login(@RequestBody LoginBody loginBody) {
+                AjaxResult ajax = AjaxResult.success();
+        
+                // 生成令牌
+                String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(), loginBody.getUuid(), true);
+                ajax.put(Constants.TOKEN, token);
+                return ajax;
+            }
+    
+    四 打包时注释允许的：Access-Control-Allow-Origin
+        RestCorsFilter.class 
+            保留前三个，后面的都注释掉
+            String[] allowDomain = {"http://10.152.70.21:8080"//CAS服务器
+                    , "http://10.152.72.7:8181"//岗检前端Nginx
+                    , "*.connc.*"
+                    //TODO 打包屏蔽-甲方部署时注释：甲方不需要本地登录功能采用单点登录
+                    // , "http://192.168.3.32:81"//前端开发
+                    // , "http://101.42.248.108:17003"//前端开发
+                    // , "http://localhost"//前端开发
+            };
     
-    打开注解即开始认证，注释注解即关闭认证
-    //@EnableCasClient
-    //@Configuration
-    public class CasConfigure extends CasClientConfigurerAdapter {
     
+    五 修改配置文件：application.yml
+        甲方部署时修改 单点登录 和 数据库 的配置文件：
+            active: druid-test,cas-test
+    
+    六 修改数据库链接：application-druid-dev.yml 或者 application-druid-test.yml
+
+    七 修改CAS单点登录信息：application-cas-dev.yml 或者 application-cas-test.yml
     
 ````
 

ruoyi-admin/src/main/java/com/ruoyi/web/controller/cas/CASLoginController.java

@@ -200,8 +200,8 @@ public class CASLoginController {
      * @param loginBody 登录信息
      * @return 结果
      */
-//    @RequestMapping("/postcheck/login")
-//    @ResponseBody
+    @RequestMapping("/postcheck/login")
+    @ResponseBody
     public AjaxResult casLogin(@RequestBody LoginBody loginBody, HttpServletRequest request) {
 //        String serverLoginUrl = casConfig.getServerLoginUrl();
 //        String serverLogoutUrl = casConfig.getServerLogoutUrl();

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -42,7 +42,8 @@ public class SysLoginController {
      * @param loginBody 登录信息
      * @return 结果
      */
-    @PostMapping("/login")
+    //TODO 打包屏蔽-甲方部署时注释：甲方不需要本地登录功能采用单点登录
+    /*@PostMapping("/login")
     public AjaxResult login(@RequestBody LoginBody loginBody) {
         AjaxResult ajax = AjaxResult.success();
 
@@ -50,7 +51,7 @@ public class SysLoginController {
         String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(), loginBody.getUuid(), true);
         ajax.put(Constants.TOKEN, token);
         return ajax;
-    }
+    }*/
 
     /**
      * 获取用户信息

ruoyi-admin/src/main/resources/application-cas-dev.yml

@@ -5,7 +5,7 @@ caseitc:
   # cas服务器认证登出地址：API未提供，代码中岗检系统自己做跳转使用到 cas client 没用到
   server-logout-url: http://10.152.70.21:8080/cas/logout
   # 前端页面地址 服务器IP
-  webStartPage: http://10.152.72.5:8181/postcheck
+  webStartPage: http://10.152.72.7:8181/postcheck
 #  webStartPage: http://10.152.164.68/postcheck
 
 # cas client 配置文件
@@ -14,7 +14,7 @@ cas:
   server-url-prefix: http://10.152.70.21:8080/cas
   # cas服务器认证登录地址
   server-login-url: http://10.152.70.21:8080/cas/login
-  # cas认证完成返回地址
+  # 服务器IP 岗检系统后端（JAVA后台）回调地址 验证票据号
   client-host-url: http://10.152.164.68:8180/postcheck
   validation-type: CAS
 #  use-session: true

ruoyi-admin/src/main/resources/application-cas-test.yml

@@ -5,8 +5,7 @@ caseitc:
   # cas服务器认证登出地址：API未提供，代码中岗检系统自己做跳转使用到 cas client 没用到
   server-logout-url: http://10.152.70.21:8080/cas/logout
   # 前端页面地址 服务器IP
-  webStartPage: http://10.152.72.5:8181/postcheck
-#  webStartPage: http://10.152.164.68/postcheck
+  webStartPage: http://10.152.72.7:8181/postcheck
 
 # cas client 配置文件
 cas:
@@ -15,9 +14,8 @@ cas:
   # cas服务器认证登录地址
   server-login-url: http://10.152.70.21:8080/cas/login
   # cas认证完成返回地址
-  # 服务器IP 岗检系统后端回调地址 验证票据号
-  client-host-url: http://10.152.72.5:8180/postcheck
-  # 开发本机IP 岗检系统后端回调地址 验证票据号
+  # 服务器IP 岗检系统后端（JAVA后台）回调地址 验证票据号
+  client-host-url: http://10.152.72.7:8180/postcheck
 #  client-host-url: http://10.152.164.68:8180/postcheck
   validation-type: CAS
 #  use-session: true

ruoyi-admin/src/main/resources/application-druid-dev.yml

@@ -31,8 +31,8 @@ spring:
         druid:
             # 主库数据源
             master:
-#                url: jdbc:kingbase8://localhost:54321/postcheck
-                url: jdbc:kingbase8://39.106.66.72:54321/postcheck
+                url: jdbc:kingbase8://localhost:54321/postcheck
+#                url: jdbc:kingbase8://39.106.66.72:54321/postcheck
                 username: postcheckuser
                 password: Hzsh.eitc@6626.pcu
             # 从库数据源

ruoyi-admin/src/main/resources/application-druid-test.yml

@@ -32,8 +32,8 @@ spring:
         druid:
             # 主库数据源
             master:
-#                url: jdbc:kingbase8://localhost:54321/postcheck
 #                url: jdbc:kingbase8://10.152.164.68:54321/postcheck
+#                url: jdbc:kingbase8://localhost:9300/postcheck
                 url: jdbc:kingbase8://10.152.72.7:9300/postcheck
                 username: postcheckuser
                 password: Hzsh.eitc@6626.pcu

ruoyi-admin/src/main/resources/application.yml

@@ -3,7 +3,7 @@ ruoyi:
 #  name: 惠州石化岗检信息平台
   name: 惠州石化岗检系统
   # 版本
-  version: 1.0.0
+  version: 1.0.1
   # 版权年份
   copyrightYear: 2023
   # 文件路径 示例（ Windows配置D:/ruoyi/uploadPath，Linux配置 /home/ruoyi/uploadPath）
@@ -48,7 +48,7 @@ user:
     # 密码最大错误次数
     maxRetryCount: 500
     # 密码锁定时间（默认10分钟）
-    lockTime: 10
+    lockTime: 5
 
 # Spring配置
 spring:
@@ -57,15 +57,17 @@ spring:
     # 国际化资源文件路径
     basename: i18n/messages
   profiles:
-    active: druid-dev,cas-dev
-#    active: druid-test,cas-test
+# 本地开发时
+#    active: druid-dev,cas-dev
+# 甲方部署时
+    active: druid-test,cas-test
   # 文件上传
   servlet:
     multipart:
       # 单个文件大小
-      max-file-size: 10MB
+      max-file-size: 50MB
       # 设置总上传的文件大小
-      max-request-size: 20MB
+      max-request-size: 100MB
   # 服务模块
   devtools:
     restart:

ruoyi-admin/src/test/java/com/post/FlinkStreamingExample.java

@@ -0,0 +1,38 @@
+package com.post;
+//import org.apache.flink.api.common.functions.MapFunction;
+//import org.apache.flink.api.common.functions.ReduceFunction;
+//import org.apache.flink.streaming.api.datastream.DataStream;
+//import org.apache.flink.streaming.api.environment.StreamExecutionEnvironment;
+//import org.apache.flink.streaming.api.windowing.time.Time;
+
+public class FlinkStreamingExample {
+    /*
+    public static void main(String[] args) throws Exception {
+        final StreamExecutionEnvironment env = StreamExecutionEnvironment.getExecutionEnvironment();
+
+        DataStream<String> text = env.readTextFile("path/to/your/input/file");
+
+        DataStream<Tuple2<String, Integer>> wordCounts = text
+                .flatMap(new Tokenizer())
+                .keyBy(0)
+                .timeWindow(Time.seconds(5))
+                .reduce(new ReduceFunction<Tuple2<String, Integer>>() {
+                    @Override
+                    public Tuple2<String, Integer> reduce(Tuple2<String, Integer> t1, Tuple2<String, Integer> t2) throws Exception {
+                        return new Tuple2<>(t1.f0, t1.f1 + t2.f1);
+                    }
+                });
+
+        wordCounts.print();
+
+        env.execute("Word Count Example");
+    }
+
+    public static class Tokenizer implements MapFunction<String, Tuple2<String, Integer>> {
+        @Override
+        public Tuple2<String, Integer> map(String value) {
+            return new Tuple2<>(value.toLowerCase(), 1);
+        }
+    }
+    */
+}

ruoyi-admin/src/test/java/com/post/WordpayXml.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<set xmlns="http://www.springframework.org/schema/util">
+
+</set>

ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

@@ -24,13 +24,24 @@ public class RestCorsFilter implements Filter {
         HttpServletResponse response = (HttpServletResponse) res;
         HttpServletRequest request = (HttpServletRequest) req;
 
-        String[] allowDomain={"http://10.152.72.*","http://10.152.70.*","*.connc.*"};
-        Set<String> allowedOrigins=new HashSet<>(Arrays.asList(allowDomain));
-        String originHeader=request.getHeader("Origin");
-        if(allowedOrigins.contains(originHeader)){
-            response.setHeader("Access-Control-Allow-Origin",originHeader);
+//        岗检服务器IP：10.152.72.7，访问时就是直接IP没有域名
+//        1、统一登录的地址（甲方系统）：http://10.152.70.21:8080/cas/login
+//        2、岗检系统前端页面Nginx（统一登录成功后的跳转地址）：http://10.152.72.5:8181/postcheck
+//        3、岗检系统后端接口：http://10.152.72.7:8180
+        String[] allowDomain = {"http://10.152.70.21:8080"//CAS服务器
+                , "http://10.152.72.7:8181"//岗检前端Nginx
+                , "*.connc.*"
+                //TODO 打包屏蔽-甲方部署时注释：甲方不需要本地登录功能采用单点登录
+//                , "http://192.168.3.32:81"//前端开发
+//                , "http://101.42.248.108:17003"//前端开发
+//                , "http://localhost"//前端开发
+        };
+        Set<String> allowedOrigins = new HashSet<>(Arrays.asList(allowDomain));
+        String originHeader = request.getHeader("Origin");//http://IP:port
+        if (allowedOrigins.contains(originHeader)) {
+            response.setHeader("Access-Control-Allow-Origin", originHeader);
         }
-        response.setHeader("Access-Control-Allow-Credentials","true");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "POST, GET,DELETE,PUT");
         response.setHeader("Access-Control-Max-Age", "31536000");
         response.setHeader("Access-Control-Allow-Headers", "*");
@@ -46,8 +57,7 @@ public class RestCorsFilter implements Filter {
     }
 
 
-
     @Override
     public void destroy() {
     }
-}
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/cas/CasConfigure.java

@@ -7,10 +7,10 @@ import net.unicon.cas.client.configuration.CasClientConfigurerAdapter;
 import net.unicon.cas.client.configuration.EnableCasClient;
 
 /**
- * TODO $CAS统一认证：拦截器类CAS
+ * TODO 甲方部署时打开：CAS统一认证拦截器
  */
-//@EnableCasClient
-//@Configuration
+@EnableCasClient
+@Configuration
 public class CasConfigure extends CasClientConfigurerAdapter {
     @Override
     public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) {
@@ -20,7 +20,7 @@ public class CasConfigure extends CasClientConfigurerAdapter {
 //        authenticationFilter.addInitParameter("ignorePattern", "/Content/*|/context/*|/actuator/*|/assets/*|/instances/*|login/*|/loginv2/*|/captchaImage/*");
 //              "|/captchaImage/*|/system/*|/common/*|/monitor/*|/register/*|/login/*|/getInfo/*|/getRouters/*|/test/user/*|/tool/gen/*|/postcheck/login|/redirectpostcheck");
         authenticationFilter.addInitParameter("ignorePattern", "/Content/*|/context/*|/actuator/*|/assets/*|/instances/*" +
-                "|/postCheck/*|/captchaImage/*|/system/*|/common/*|/monitor/*|/register/*|/login/*|/logout/*|/getInfo/*|/getRouters/*|/test/user/*|/tool/gen/*|/postcheck/login|/redirectpostcheck|/redirectpostcheckout"+
+                "|/postCheck/*|/captchaImage/*|/system/*|/common/*|/monitor/*|/register/*|/login/*|/logout/*|/getInfo/*|/getRouters/*|/test/user/*|/tool/gen/*|/postcheck/login|/redirectpostcheck|/redirectpostcheckout" +
                 "|/avatar/*|/swagger-ui/*");
         authenticationFilter.getInitParameters().put("authenticationRedirectStrategyClass", "com.patterncat.CustomAuthRedirectStrategy");
     }