zhouweidong@lab.ibiz5.com 部署微服务接口

edcff2cb · ibizdev · a7b495d9 · edcff2cb · edcff2cb · edcff2cb
--- a/config.xml
+++ b/config.xml
@@ -37,11 +37,11 @@
 	  git clone -b master $para2 ibzuaa/
      export NODE_OPTIONS=--max-old-space-size=4096
      cd ibzuaa/
-      mvn clean package -Pweb
-      cd ibzuaa-app/ibzuaa-app-web
-      mvn -Pweb docker:build
-      mvn -Pweb docker:push
-      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzuaa-app-web.yaml ibzlab-rt --with-registry-auth
+      mvn clean package -Papi
+      cd ibzuaa-provider/ibzuaa-provider-api
+      mvn -Papi docker:build
+      mvn -Papi docker:push
+      docker -H $para1 stack deploy --compose-file=src/main/docker/ibzuaa-provider-api.yaml ibzlab-rt --with-registry-auth      
      </command>
    </hudson.tasks.Shell>
  </builders>

--- a/ibzuaa-app/ibzuaa-app-web/src/main/docker/Dockerfile
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/docker/Dockerfile
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
    sleep ${IBZ_SLEEP} && \
    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzuaa-app-web.jar

-EXPOSE 30002
+EXPOSE 8080

 ADD ibzuaa-app-web.jar /ibzuaa-app-web.jar
--- a/ibzuaa-app/ibzuaa-app-web/src/main/docker/ibzuaa-app-web.yaml
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/docker/ibzuaa-app-web.yaml
@@ -3,23 +3,9 @@ services:
  ibzuaa-app-web:
    image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzuaa-app-web:latest
    ports:
-      - "30002:30002"
+      - "8080:8080"
    networks:
      - agent_network
-    environment:
-      - SPRING_CLOUD_NACOS_DISCOVERY_IP=172.16.180.237
-      - SERVER_PORT=30002
-      - SPRING_CLOUD_NACOS_DISCOVERY_SERVER-ADDR=172.16.102.211:8848
-      - SPRING_REDIS_HOST=172.16.100.243
-      - SPRING_REDIS_PORT=6379
-      - SPRING_REDIS_DATABASE=0
-      - SPRING_DATASOURCE_USERNAME=a_A_5d9d78509
-      - SPRING_DATASOURCE_PASSWORD=@6dEfb3@
-      - SPRING_DATASOURCE_URL=jdbc:mysql://172.16.180.232:3306/a_A_5d9d78509?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true
-      - SPRING_DATASOURCE_DRIVER-CLASS-NAME=com.mysql.jdbc.Driver
-      - SPRING_DATASOURCE_DEFAULTSCHEMA=a_A_5d9d78509
-      - ABC=1
-      - DEC=2
    deploy:
      mode: replicated
      replicas: 1

--- a/ibzuaa-app/ibzuaa-app-web/src/main/java/cn/ibizlab/web/webApplication.java
+++ b/ibzuaa-app/ibzuaa-app-web/src/main/java/cn/ibizlab/web/webApplication.java
@@ -23,7 +23,7 @@ import java.util.List;
 @Configuration
 @EnableFeignClients(basePackages = {"cn.ibizlab" })
 @EnableZuulProxy
-@ComponentScan(basePackages = {"cn.ibizlab"})
+@ComponentScan(basePackages = {"cn.ibizlab.web","cn.ibizlab.util"})
 @MapperScan("cn.ibizlab.*.mapper")
 @SpringBootApplication(exclude = {
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,

--- a/ibzuaa-boot/src/main/java/cn/ibizlab/DevBootApplication.java
+++ b/ibzuaa-boot/src/main/java/cn/ibizlab/DevBootApplication.java
@@ -4,11 +4,13 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 import org.springframework.boot.SpringApplication;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.springframework.context.annotation.ComponentScan;
 import java.util.List;

 @Slf4j
@@ -19,6 +21,14 @@ import java.util.List;
 @SpringBootApplication(exclude = {
            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
 })
+@ComponentScan(basePackages = {"cn.ibizlab"}
+//        ,excludeFilters={
+//                @ComponentScan.Filter(type= org.springframework.context.annotation.FilterType.REGEX,pattern="cn.ibizlab.xxx.rest.xxx"),
+//        }
+)
+@Import({
+        org.springframework.cloud.openfeign.FeignClientsConfiguration.class
+})
 public class DevBootApplication extends WebMvcConfigurerAdapter{

    public static void main(String[] args) {

--- a/ibzuaa-core/src/main/resources/liquibase/h2_table.xml
+++ b/ibzuaa-core/src/main/resources/liquibase/h2_table.xml
--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/docker/Dockerfile
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/docker/Dockerfile
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
    sleep ${IBZ_SLEEP} && \
    java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzuaa-provider-api.jar

-EXPOSE 8081
+EXPOSE 40002

 ADD ibzuaa-provider-api.jar /ibzuaa-provider-api.jar
--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/docker/ibzuaa-provider-api.yaml
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/docker/ibzuaa-provider-api.yaml
@@ -3,9 +3,21 @@ services:
  ibzuaa-provider-api:
    image: registry.cn-shanghai.aliyuncs.com/ibizsys/ibzuaa-provider-api:latest
    ports:
-      - "8081:8081"
+      - "40002:40002"
    networks:
      - agent_network
+    environment:
+      - SPRING_CLOUD_NACOS_DISCOVERY_IP=172.16.180.237
+      - SERVER_PORT=40002
+      - SPRING_CLOUD_NACOS_DISCOVERY_SERVER-ADDR=172.16.102.211:8848
+      - SPRING_REDIS_HOST=172.16.100.243
+      - SPRING_REDIS_PORT=6379
+      - SPRING_REDIS_DATABASE=0
+      - SPRING_DATASOURCE_USERNAME=a_A_5d9d78509
+      - SPRING_DATASOURCE_PASSWORD=@6dEfb3@
+      - SPRING_DATASOURCE_URL=jdbc:mysql://172.16.180.232:3306/a_A_5d9d78509?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true
+      - SPRING_DATASOURCE_DRIVER-CLASS-NAME=com.mysql.jdbc.Driver
+      - SPRING_DATASOURCE_DEFAULTSCHEMA=a_A_5d9d78509
    deploy:
      mode: replicated
      replicas: 1

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
@@ -40,6 +40,21 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    AuthorizationTokenFilter authenticationTokenFilter;

+    @Value("${ibiz.auth.path:v7/login}")
+    private String loginPath;
+
+    @Value("${ibiz.auth.logoutpath:v7/logout}")
+    private String logoutPath;
+
+    @Value("${ibiz.file.uploadpath:ibizutil/upload}")
+    private String uploadpath;
+
+    @Value("${ibiz.file.downloadpath:ibizutil/download}")
+    private String downloadpath;
+
+    @Value("${ibiz.file.previewpath:ibizutil/preview}")
+    private String previewpath;
+
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
@@ -67,13 +82,16 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

-               httpSecurity
+       httpSecurity
                // 禁用 CSRF
                .csrf().disable()
+
                // 授权异常
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
+
                // 不创建会话
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+
                // 过滤请求
                .authorizeRequests()
                .antMatchers(
@@ -88,15 +106,21 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
                        "/**/fonts/**",
                        "/**/js/**",
                        "/**/img/**",
-                        "/",
-                        "/webjars/**",
-                        "/swagger-resources/**",
-                        "/v2/**"
+                        "/"
                ).permitAll()
-                // 服务中暂时只为重构用户身份，不进行身份认证
-                .anyRequest().permitAll()
+                //放行登录请求
+                .antMatchers( HttpMethod.POST,"/"+loginPath).permitAll()
+                //放行注销请求
+                .antMatchers( HttpMethod.GET,"/"+logoutPath).permitAll()
+                // 文件操作
+                .antMatchers("/"+downloadpath+"/**").permitAll()
+                .antMatchers("/"+uploadpath).permitAll()
+                .antMatchers("/"+previewpath+"/**").permitAll()
+                // 所有请求都需要认证
+                .anyRequest().authenticated()
                // 防止iframe 造成跨域
                .and().headers().frameOptions().disable();
+
        httpSecurity
                .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/ibzuaaapiApplication.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/ibzuaaapiApplication.java
@@ -6,6 +6,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 import org.mybatis.spring.annotation.MapperScan;
@@ -18,13 +19,20 @@ import java.util.List;
 @EnableDiscoveryClient
 @Configuration
 @EnableTransactionManagement
-@ComponentScan(basePackages = {"cn.ibizlab"})
+@ComponentScan(basePackages = {"cn.ibizlab"}
+//        ,excludeFilters={
+//                @ComponentScan.Filter(type= org.springframework.context.annotation.FilterType.REGEX,pattern="cn.ibizlab.api.rest.xxx"),
+//        }
+)
 @EnableMongoRepositories(basePackages = {"cn.ibizlab"})
 @MapperScan("cn.ibizlab.*.mapper")
 @SpringBootApplication(exclude = {
        org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
            org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.class,
 })
+@Import({
+        org.springframework.cloud.openfeign.FeignClientsConfiguration.class
+})
 @EnableFeignClients(basePackages = {"cn.ibizlab" })
 public class ibzuaaapiApplication extends WebMvcConfigurerAdapter{


--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_AUTHLOGResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_AUTHLOGResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_AUTHLOG;
 import cn.ibizlab.core.uaa.service.ISYS_AUTHLOGService;
 import cn.ibizlab.core.uaa.filter.SYS_AUTHLOGSearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_AUTHLOG" })
 @RestController("api-sys_authlog")

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PERMISSIONResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PERMISSIONResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_PERMISSION;
 import cn.ibizlab.core.uaa.service.ISYS_PERMISSIONService;
 import cn.ibizlab.core.uaa.filter.SYS_PERMISSIONSearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_PERMISSION" })
 @RestController("api-sys_permission")

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PSAPPMENUITEMResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PSAPPMENUITEMResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_PSAPPMENUITEM;
 import cn.ibizlab.core.uaa.service.ISYS_PSAPPMENUITEMService;
 import cn.ibizlab.core.uaa.filter.SYS_PSAPPMENUITEMSearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_PSAPPMENUITEM" })
 @RestController("api-sys_psappmenuitem")

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PSDEOPPRIVResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_PSDEOPPRIVResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_PSDEOPPRIV;
 import cn.ibizlab.core.uaa.service.ISYS_PSDEOPPRIVService;
 import cn.ibizlab.core.uaa.filter.SYS_PSDEOPPRIVSearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_PSDEOPPRIV" })
 @RestController("api-sys_psdeoppriv")

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLEResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLEResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_ROLE;
 import cn.ibizlab.core.uaa.service.ISYS_ROLEService;
 import cn.ibizlab.core.uaa.filter.SYS_ROLESearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_ROLE" })
 @RestController("api-sys_role")

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_ROLE_PERMISSION;
 import cn.ibizlab.core.uaa.service.ISYS_ROLE_PERMISSIONService;
 import cn.ibizlab.core.uaa.filter.SYS_ROLE_PERMISSIONSearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_ROLE_PERMISSION" })
 @RestController("api-sys_role_permission")
@@ -112,7 +105,7 @@ public class SYS_ROLE_PERMISSIONResource {
        return  ResponseEntity.status(HttpStatus.OK).body(sys_role_permissionService.checkKey(sys_role_permissionMapping.toDomain(sys_role_permissiondto)));
    }

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Save-all')")
+    @PreAuthorize("hasPermission('','Save',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
    @ApiOperation(value = "Save", tags = {"SYS_ROLE_PERMISSION" },  notes = "Save")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions/save")
    public ResponseEntity<Boolean> save(@RequestBody SYS_ROLE_PERMISSIONDTO sys_role_permissiondto) {
@@ -254,7 +247,7 @@ public class SYS_ROLE_PERMISSIONResource {
        return  ResponseEntity.status(HttpStatus.OK).body(sys_role_permissionService.checkKey(sys_role_permissionMapping.toDomain(sys_role_permissiondto)));
    }

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Save-all')")
+    @PreAuthorize("hasPermission('','Save',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
    @ApiOperation(value = "SaveBySYS_PERMISSION", tags = {"SYS_ROLE_PERMISSION" },  notes = "SaveBySYS_PERMISSION")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_permissions/{sys_permission_id}/sys_role_permissions/save")
    public ResponseEntity<Boolean> saveBySYS_PERMISSION(@PathVariable("sys_permission_id") String sys_permission_id, @RequestBody SYS_ROLE_PERMISSIONDTO sys_role_permissiondto) {
@@ -411,7 +404,7 @@ public class SYS_ROLE_PERMISSIONResource {
        return  ResponseEntity.status(HttpStatus.OK).body(sys_role_permissionService.checkKey(sys_role_permissionMapping.toDomain(sys_role_permissiondto)));
    }

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Save-all')")
+    @PreAuthorize("hasPermission('','Save',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
    @ApiOperation(value = "SaveBySYS_ROLE", tags = {"SYS_ROLE_PERMISSION" },  notes = "SaveBySYS_ROLE")
 	@RequestMapping(method = RequestMethod.POST, value = "/sys_roles/{sys_role_id}/sys_role_permissions/save")
    public ResponseEntity<Boolean> saveBySYS_ROLE(@PathVariable("sys_role_id") String sys_role_id, @RequestBody SYS_ROLE_PERMISSIONDTO sys_role_permissiondto) {

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_USERResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_USERResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_USER;
 import cn.ibizlab.core.uaa.service.ISYS_USERService;
 import cn.ibizlab.core.uaa.filter.SYS_USERSearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_USER" })
 @RestController("api-sys_user")

--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_USER_ROLEResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_USER_ROLEResource.java
@@ -6,10 +6,8 @@ import java.util.List;
 import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
-
 import lombok.extern.slf4j.Slf4j;
 import com.alibaba.fastjson.JSONObject;
-
 import javax.servlet.ServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cglib.beans.BeanCopier;
@@ -24,21 +22,16 @@ import org.springframework.data.domain.Pageable;
 import org.springframework.util.StringUtils;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.security.access.prepost.PreAuthorize;
-
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-
 import cn.ibizlab.api.dto.*;
 import cn.ibizlab.api.mapping.*;
 import cn.ibizlab.core.uaa.domain.SYS_USER_ROLE;
 import cn.ibizlab.core.uaa.service.ISYS_USER_ROLEService;
 import cn.ibizlab.core.uaa.filter.SYS_USER_ROLESearchContext;

-
-
-
 @Slf4j
 @Api(tags = {"SYS_USER_ROLE" })
 @RestController("api-sys_user_role")

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
@@ -104,6 +104,9 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        if(action.equalsIgnoreCase("create")){
            return createBatchActionPermissionValid(entityList,dataRangeList);
        }
+        else if(action.equalsIgnoreCase("save")){
+            return saveBatchActionPermissionValid(deStorageMode, entityList, dataRangeList);
+        }
        else{
            if(!action.equalsIgnoreCase("remove")){
                ids=getIds(entity,entityList);
@@ -157,6 +160,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        if(dataRangeList.size()==0)
            return false;

+        if(action.equalsIgnoreCase("save")){
+            Map<String,String> permissionField=getPermissionField(entity);
+            String keyFieldName=permissionField.get(keyFieldTag);
+            Object srfKey=entity.get(keyFieldName);
+            if(ObjectUtils.isEmpty(srfKey))
+                action="create";
+            else
+                action="update";
+        }
        if(action.equalsIgnoreCase("create")){
            return createActionPermissionValid(entity,dataRangeList);
        }
@@ -165,6 +177,43 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        }
    }

+    /**
+     * 批save校验
+     * @param deStorageMode
+     * @param entityList
+     * @param dataRangeList
+     * @return
+     */
+    private boolean saveBatchActionPermissionValid(String deStorageMode, List<EntityBase> entityList, JSONArray dataRangeList) {
+
+        if(entityList==null || entityList.size()==0)
+            return false;
+        EntityBase tempEntity=entityList.get(0);
+        Map<String,String> permissionField=getPermissionField(tempEntity);
+        String keyFieldName=permissionField.get(keyFieldTag);
+        List createList=new ArrayList();
+        List<String> updateList =new ArrayList();
+
+        for(EntityBase entity : entityList){
+            Object id = entity.get(keyFieldName);
+            if(ObjectUtils.isEmpty(id))
+                createList.add(entity);
+            else
+                updateList.add(String.valueOf(id));
+        }
+        if(updateList.size()>0){
+            boolean isUpdate = otherBatchActionPermissionValidRouter(deStorageMode, tempEntity ,updateList, dataRangeList);
+            if(!isUpdate)
+                return false;
+        }
+        if(createList.size()>0){
+            boolean isCreate=createBatchActionPermissionValid(entityList,dataRangeList);
+            if(!isCreate)
+                return false;
+        }
+        return true;
+    }
+
    /**
     * 批处理新建权限校验
     * @param entityList

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/web/FeignRequestInterceptor.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/web/FeignRequestInterceptor.java
+package cn.ibizlab.util.web;
+
+import feign.RequestInterceptor;
+import feign.RequestTemplate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import javax.servlet.http.HttpServletRequest;
+import java.util.Enumeration;
+
+/**
+ * feign请求拦截器
+ * 拦截所有使用feign发出的请求，附加原始请求Header参数及Token
+ */
+@Configuration
+public class FeignRequestInterceptor implements RequestInterceptor {
+
+    private final Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Override
+    public void apply(RequestTemplate requestTemplate) {
+
+        ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        if(requestAttributes!=null){
+            HttpServletRequest request = requestAttributes.getRequest();
+            Enumeration<String> headerNames = request.getHeaderNames();
+            if (headerNames != null) {
+                while (headerNames.hasMoreElements()) {
+                    String name = headerNames.nextElement();
+                    String values = request.getHeader(name);
+                    requestTemplate.header(name, values);
+                }
+                logger.info("feign interceptor header:{}",requestTemplate);
+            }
+        }
+    }
+}
\ No newline at end of file