diff --git a/doc/XXL-JOB官方文档.md b/doc/XXL-JOB官方文档.md index bc7eca38..01c8f7f8 100644 --- a/doc/XXL-JOB官方文档.md +++ b/doc/XXL-JOB官方文档.md @@ -2547,6 +2547,8 @@ public void execute() { - 1、【强化】AI任务(ollamaJobHandler)优化:针对 “model” 模型配置信息,从执行器侧文件类配置调整至调度中心“任务参数”动态配置,支持集成多模型、并结合任务动态配置切换。 - 2、【修复】漏洞修复(CVE-2025-7787),针对 httpJobHandler 支持配置URL白名单限制,防止服务器端请求伪造(SSRF)攻击。 - 3、【升级】升级多项maven依赖至较新版本,如 netty、groovy、mybatis、spring、spring-ai、dify 等; +- 4、【优化】登录信息页面空值处理优化,避免空值影响ftl渲染; +- 5、【优化】异常页面处理逻辑优化,新增兜底落地页配置; - 3、【规划中】登录安全升级,密码加密处理算法从Md5改为Sha256; ``` @@ -2557,9 +2559,7 @@ ALTER TABLE xxl_conf_user // 2、存量用户密码需要修改,可执行如下命令将密码初始化 “123456”;也可以自行通过 “SHA256Tool.sha256” 工具生成其他初始化密码; UPDATE xxl_conf_user t SET t.password = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92' WHERE t.username = {用户名}; ``` -- 2、【规划中】登录态持久化逻辑调整,简化代码逻辑; -- 3、【规划中】异常页面处理逻辑优化,新增兜底落地页配置; -- 4、【规划中】登录信息页面空值处理优化,避免空值影响ftl渲染; +- 2、【规划中】登录认证重构,规范登录态以及权限认证逻辑,提升系统安全; - 1、【规划中】登陆态Token生成逻辑优化,混淆登陆时间属性,降低token泄漏风险; - 2、【规划中】组件扫描改为BeanPostProcessor方式,避免小概率情况下提前初始化;底层组件移除单例写法,汇总factory统一管理; diff --git a/pom.xml b/pom.xml index e6709ae9..d697e6e2 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,8 @@ 9.4.0 4.0.28 + + 2.0.0 diff --git a/xxl-job-admin/pom.xml b/xxl-job-admin/pom.xml index 5df53a6c..d8849221 100644 --- a/xxl-job-admin/pom.xml +++ b/xxl-job-admin/pom.xml @@ -77,6 +77,13 @@ ${project.parent.version} + + + com.xuxueli + xxl-sso-core + ${xxl-sso.version} + + diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java index 56765ae6..b1c093bc 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java @@ -4,6 +4,7 @@ import com.xxl.job.admin.controller.annotation.PermissionLimit; import com.xxl.job.admin.service.impl.LoginService; import com.xxl.job.admin.service.XxlJobService; import com.xxl.job.core.biz.model.ReturnT; +import com.xxl.sso.core.annotation.XxlSso; import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -88,6 +89,17 @@ public class IndexController { return "help"; } + @RequestMapping(value = "/errorpage") + @XxlSso(login = false) + public ModelAndView errorPage(HttpServletRequest request, HttpServletResponse response, ModelAndView mv) { + + String exceptionMsg = "HTTP Status Code: "+response.getStatus(); + + mv.addObject("exceptionMsg", exceptionMsg); + mv.setViewName("common/common.errorpage"); + return mv; + } + @InitBinder public void initBinder(WebDataBinder binder) { SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java new file mode 100644 index 00000000..dd78e677 --- /dev/null +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java @@ -0,0 +1,19 @@ +package com.xxl.job.admin.controller.resolver; + +import org.springframework.boot.web.server.ErrorPage; +import org.springframework.boot.web.server.ErrorPageRegistrar; +import org.springframework.boot.web.server.ErrorPageRegistry; +import org.springframework.stereotype.Component; + +/** + * error page + */ +@Component +public class WebErrorPageRegistrar implements ErrorPageRegistrar { + + @Override + public void registerErrorPages(ErrorPageRegistry registry) { + ErrorPage errorPage = new ErrorPage("/errorpage"); + registry.addErrorPages(errorPage); + } +} diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java index dbc9cd21..7120d248 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java @@ -57,7 +57,7 @@ public class WebExceptionResolver implements HandlerExceptionResolver { } else { mv.addObject("exceptionMsg", errorResult.getMsg()); - mv.setViewName("/common/common.exception"); + mv.setViewName("/common/common.errorpage"); return mv; } } diff --git a/xxl-job-admin/src/main/resources/templates/common/common.exception.ftl b/xxl-job-admin/src/main/resources/templates/common/common.errorpage.ftl similarity index 89% rename from xxl-job-admin/src/main/resources/templates/common/common.exception.ftl rename to xxl-job-admin/src/main/resources/templates/common/common.errorpage.ftl index e448125e..1b147586 100644 --- a/xxl-job-admin/src/main/resources/templates/common/common.exception.ftl +++ b/xxl-job-admin/src/main/resources/templates/common/common.errorpage.ftl @@ -22,7 +22,7 @@

System Error

-

${exceptionMsg}

+

<#if exceptionMsg?exists>${exceptionMsg}<#else>Unknown Error.

Back

diff --git a/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl b/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl index 1a61dd39..cf633a68 100644 --- a/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl +++ b/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl @@ -84,7 +84,7 @@ <#-- login user -->