From ce3298b9b01d83aea11bd144ccdc2e890a75cd97 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 26 六月 2024 19:52:25 +0800
Subject: [PATCH] 升级spring-security到安全版本，防止漏洞风险

---
 src/main/java/com/ruoyi/framework/aspectj/LogAspect.java |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java b/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
index 88e2fa7..19a857f 100644
--- a/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
+++ b/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
@@ -29,6 +29,7 @@
 import com.ruoyi.framework.manager.factory.AsyncFactory;
 import com.ruoyi.framework.security.LoginUser;
 import com.ruoyi.project.monitor.domain.SysOperLog;
+import com.ruoyi.project.system.domain.SysUser;
 
 /**
  * 鎿嶄綔鏃ュ織璁板綍澶勭悊
@@ -90,12 +91,17 @@
             SysOperLog operLog = new SysOperLog();
             operLog.setStatus(BusinessStatus.SUCCESS.ordinal());
             // 璇锋眰鐨勫湴鍧�
-            String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
+            String ip = IpUtils.getIpAddr();
             operLog.setOperIp(ip);
             operLog.setOperUrl(StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
             if (loginUser != null)
             {
                 operLog.setOperName(loginUser.getUsername());
+                SysUser currentUser = loginUser.getUser();
+                if (StringUtils.isNotNull(currentUser) && StringUtils.isNotNull(currentUser.getDept()))
+                {
+                    operLog.setDeptName(currentUser.getDept().getDeptName());
+                }
             }
 
             if (e != null)
@@ -165,14 +171,15 @@
     private void setRequestValue(JoinPoint joinPoint, SysOperLog operLog, String[] excludeParamNames) throws Exception
     {
         String requestMethod = operLog.getRequestMethod();
-        if (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod))
+        Map<?, ?> paramsMap = ServletUtils.getParamMap(ServletUtils.getRequest());
+        if (StringUtils.isEmpty(paramsMap)
+                && (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod)))
         {
             String params = argsArrayToString(joinPoint.getArgs(), excludeParamNames);
             operLog.setOperParam(StringUtils.substring(params, 0, 2000));
         }
         else
         {
-            Map<?, ?> paramsMap = ServletUtils.getParamMap(ServletUtils.getRequest());
             operLog.setOperParam(StringUtils.substring(JSON.toJSONString(paramsMap, excludePropertyPreFilter(excludeParamNames)), 0, 2000));
         }
     }

--
Gitblit v1.9.3