From b54ca22e9e7228a99a3056e3ed551427da642e74 Mon Sep 17 00:00:00 2001
From: xuxueli <931591021@qq.com>
Date: Sat, 23 Aug 2025 16:56:24 +0800
Subject: [PATCH] =?UTF-8?q?-=204=E3=80=81=E3=80=90=E4=BC=98=E5=8C=96?=
 =?UTF-8?q?=E3=80=91=E7=99=BB=E5=BD=95=E4=BF=A1=E6=81=AF=E9=A1=B5=E9=9D=A2?=
 =?UTF-8?q?=E7=A9=BA=E5=80=BC=E5=A4=84=E7=90=86=E4=BC=98=E5=8C=96=EF=BC=8C?=
 =?UTF-8?q?=E9=81=BF=E5=85=8D=E7=A9=BA=E5=80=BC=E5=BD=B1=E5=93=8Dftl?=
 =?UTF-8?q?=E6=B8=B2=E6=9F=93=EF=BC=9B=20-=205=E3=80=81=E3=80=90=E4=BC=98?=
 =?UTF-8?q?=E5=8C=96=E3=80=91=E5=BC=82=E5=B8=B8=E9=A1=B5=E9=9D=A2=E5=A4=84?=
 =?UTF-8?q?=E7=90=86=E9=80=BB=E8=BE=91=E4=BC=98=E5=8C=96=EF=BC=8C=E6=96=B0?=
 =?UTF-8?q?=E5=A2=9E=E5=85=9C=E5=BA=95=E8=90=BD=E5=9C=B0=E9=A1=B5=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=EF=BC=9B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/XXL-JOB官方文档.md                    |  6 +++---
 pom.xml                                       |  2 ++
 xxl-job-admin/pom.xml                         |  7 +++++++
 .../job/admin/controller/IndexController.java | 12 ++++++++++++
 .../resolver/WebErrorPageRegistrar.java       | 19 +++++++++++++++++++
 .../resolver/WebExceptionResolver.java        |  2 +-
 ...mon.exception.ftl => common.errorpage.ftl} |  2 +-
 .../templates/common/common.macro.ftl         |  2 +-
 8 files changed, 46 insertions(+), 6 deletions(-)
 create mode 100644 xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java
 rename xxl-job-admin/src/main/resources/templates/common/{common.exception.ftl => common.errorpage.ftl} (89%)

diff --git a/doc/XXL-JOB官方文档.md b/doc/XXL-JOB官方文档.md
index bc7eca38..01c8f7f8 100644
--- a/doc/XXL-JOB官方文档.md
+++ b/doc/XXL-JOB官方文档.md
@@ -2547,6 +2547,8 @@ public void execute() {
 - 1、【强化】AI任务（ollamaJobHandler）优化：针对 “model” 模型配置信息，从执行器侧文件类配置调整至调度中心“任务参数”动态配置，支持集成多模型、并结合任务动态配置切换。
 - 2、【修复】漏洞修复（CVE-2025-7787），针对 httpJobHandler 支持配置URL白名单限制，防止服务器端请求伪造（SSRF）攻击。
 - 3、【升级】升级多项maven依赖至较新版本，如 netty、groovy、mybatis、spring、spring-ai、dify 等；
+- 4、【优化】登录信息页面空值处理优化，避免空值影响ftl渲染；
+- 5、【优化】异常页面处理逻辑优化，新增兜底落地页配置；
 
 - 3、【规划中】登录安全升级，密码加密处理算法从Md5改为Sha256；
 ```
@@ -2557,9 +2559,7 @@ ALTER TABLE xxl_conf_user
 // 2、存量用户密码需要修改，可执行如下命令将密码初始化 “123456”；也可以自行通过 “SHA256Tool.sha256” 工具生成其他初始化密码；
 UPDATE xxl_conf_user t SET t.password = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92' WHERE t.username = {用户名};
 ```
-- 2、【规划中】登录态持久化逻辑调整，简化代码逻辑；
-- 3、【规划中】异常页面处理逻辑优化，新增兜底落地页配置；
-- 4、【规划中】登录信息页面空值处理优化，避免空值影响ftl渲染；
+- 2、【规划中】登录认证重构，规范登录态以及权限认证逻辑，提升系统安全；
 - 1、【规划中】登陆态Token生成逻辑优化，混淆登陆时间属性，降低token泄漏风险；
 - 2、【规划中】组件扫描改为BeanPostProcessor方式，避免小概率情况下提前初始化；底层组件移除单例写法，汇总factory统一管理；
 
diff --git a/pom.xml b/pom.xml
index e6709ae9..d697e6e2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,6 +44,8 @@
 		<mysql-connector-j.version>9.4.0</mysql-connector-j.version>
 		<!-- dynamic language -->
 		<groovy.version>4.0.28</groovy.version>
+		<!-- xxl-sso (+xxl-tool、gson) -->
+		<xxl-sso.version>2.0.0</xxl-sso.version>
 	</properties>
 
 	<build>
diff --git a/xxl-job-admin/pom.xml b/xxl-job-admin/pom.xml
index 5df53a6c..d8849221 100644
--- a/xxl-job-admin/pom.xml
+++ b/xxl-job-admin/pom.xml
@@ -77,6 +77,13 @@
 			<version>${project.parent.version}</version>
 		</dependency>
 
+		<!-- xxl-sso (xxl-tool、gson) -->
+		<dependency>
+			<groupId>com.xuxueli</groupId>
+			<artifactId>xxl-sso-core</artifactId>
+			<version>${xxl-sso.version}</version>
+		</dependency>
+
 	</dependencies>
 
 	<build>
diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java
index 56765ae6..b1c093bc 100644
--- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java
+++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java
@@ -4,6 +4,7 @@ import com.xxl.job.admin.controller.annotation.PermissionLimit;
 import com.xxl.job.admin.service.impl.LoginService;
 import com.xxl.job.admin.service.XxlJobService;
 import com.xxl.job.core.biz.model.ReturnT;
+import com.xxl.sso.core.annotation.XxlSso;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -88,6 +89,17 @@ public class IndexController {
 		return "help";
 	}
 
+	@RequestMapping(value = "/errorpage")
+	@XxlSso(login = false)
+	public ModelAndView errorPage(HttpServletRequest request, HttpServletResponse response, ModelAndView mv) {
+
+		String exceptionMsg = "HTTP Status Code: "+response.getStatus();
+
+		mv.addObject("exceptionMsg", exceptionMsg);
+		mv.setViewName("common/common.errorpage");
+		return mv;
+	}
+
 	@InitBinder
 	public void initBinder(WebDataBinder binder) {
 		SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java
new file mode 100644
index 00000000..dd78e677
--- /dev/null
+++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebErrorPageRegistrar.java
@@ -0,0 +1,19 @@
+package com.xxl.job.admin.controller.resolver;
+
+import org.springframework.boot.web.server.ErrorPage;
+import org.springframework.boot.web.server.ErrorPageRegistrar;
+import org.springframework.boot.web.server.ErrorPageRegistry;
+import org.springframework.stereotype.Component;
+
+/**
+ * error page
+ */
+@Component
+public class WebErrorPageRegistrar implements ErrorPageRegistrar {
+
+    @Override
+    public void registerErrorPages(ErrorPageRegistry registry) {
+        ErrorPage errorPage = new ErrorPage("/errorpage");
+        registry.addErrorPages(errorPage);
+    }
+}
diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java
index dbc9cd21..7120d248 100644
--- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java
+++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/resolver/WebExceptionResolver.java
@@ -57,7 +57,7 @@ public class WebExceptionResolver implements HandlerExceptionResolver {
 		} else {
 
 			mv.addObject("exceptionMsg", errorResult.getMsg());
-			mv.setViewName("/common/common.exception");
+			mv.setViewName("/common/common.errorpage");
 			return mv;
 		}
 	}
diff --git a/xxl-job-admin/src/main/resources/templates/common/common.exception.ftl b/xxl-job-admin/src/main/resources/templates/common/common.errorpage.ftl
similarity index 89%
rename from xxl-job-admin/src/main/resources/templates/common/common.exception.ftl
rename to xxl-job-admin/src/main/resources/templates/common/common.errorpage.ftl
index e448125e..1b147586 100644
--- a/xxl-job-admin/src/main/resources/templates/common/common.exception.ftl
+++ b/xxl-job-admin/src/main/resources/templates/common/common.errorpage.ftl
@@ -22,7 +22,7 @@
 
 	<div class="dialog"> 
 	    <h1>System Error</h1>
-	    <p>${exceptionMsg}</p>
+		<p><#if exceptionMsg?exists>${exceptionMsg}<#else>Unknown Error.</#if></p>
 		<a href="javascript:window.location.href='${request.contextPath}/'">Back</a>
 	    </p> 
 	</div>
diff --git a/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl b/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl
index 1a61dd39..cf633a68 100644
--- a/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl
+++ b/xxl-job-admin/src/main/resources/templates/common/common.macro.ftl
@@ -84,7 +84,7 @@
 					<#-- login user -->
                     <li class="dropdown">
                         <a href="javascript:" class="dropdown-toggle" data-toggle="dropdown" aria-expanded="false">
-                            ${I18n.system_welcome} ${loginUser.username}
+                            ${I18n.system_welcome} ${loginUser.username!}
                             <span class="caret"></span>
                         </a>
                         <ul class="dropdown-menu" role="menu">