合并分支 'dev' 到 'master'

Dev 查看合并请求 !10

合并分支 'dev' 到 'master'
Dev 查看合并请求 !10
2784cff4 · ibiz4j · 37899421 · c9ad4d48 · 2784cff4 · 2784cff4
--- a/SLN/%PUBPRJ%-app/%PUBPRJ%-app-%APP_PKGPATH%/src/main/resources/application-%APP_PKGPATH%-prod.yml.ftl
+++ b/SLN/%PUBPRJ%-app/%PUBPRJ%-app-%APP_PKGPATH%/src/main/resources/application-%APP_PKGPATH%-prod.yml.ftl
@@ -57,6 +57,10 @@ zuul:
      path: /uaa/**
      serviceId: ibzuaa-api
      stripPrefix: false
+    config:
+      path: /config/**
+      serviceId: ibzuaa-api
+      stripPrefix: false
      <#if sys.getCodeName()!='ibzou' && sys.getCodeName()!='ibzrt'>
    oucore:
      path: /ibzorganizations/**

--- a/SLN/%PUBPRJ%-boot/src/main/resources/application-dev.yml.ftl
+++ b/SLN/%PUBPRJ%-boot/src/main/resources/application-dev.yml.ftl
@@ -73,6 +73,10 @@ zuul:
        path: /uaa/**
        serviceId: ibzuaa-api
        stripPrefix: false
+      config:
+        path: /config/**
+        serviceId: ibzuaa-api
+        stripPrefix: false
        <#if sys.getCodeName()!='ibzou' && sys.getCodeName()!='ibzrt'>
      oucore:
        path: /ibzorganizations/**

--- a/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/domain/%DE%.java.ftl
+++ b/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/domain/%DE%.java.ftl
@@ -10,6 +10,7 @@ import java.util.Map;
 import java.math.BigInteger;
 import java.util.HashMap;
 import java.math.BigDecimal;
+import java.text.SimpleDateFormat;
 import com.alibaba.fastjson.annotation.JSONField;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -27,10 +28,10 @@ import org.springframework.data.annotation.Transient;
 <#comment>SQL存储-Mybatis</#comment>
 <#if de.getStorageMode()==1>
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.baomidou.mybatisplus.annotation.*;
 import ${pub.getPKGCodeName()}.util.domain.EntityMP;
 /**
 * 实体[${item.getLogicName()}]
 */
@@ -38,7 +39,7 @@ import ${pub.getPKGCodeName()}.util.domain.EntityMP;
 @Getter
 @Setter
 @NoArgsConstructor
-@AllArgsConstructor
+@JsonIgnoreProperties(value = "handler")
 @TableName(value = "${item.getTableName()}",resultMap = "${item.codeName}ResultMap")
 public class ${item.getCodeName()} extends EntityMP implements Serializable {
@@ -209,6 +210,8 @@ public class ${item.getCodeName()} extends EntityMP implements Serializable {
            <#assign prvateCodeName = srfcaseformat(defield.getCodeName(),'l_u2lC') >
            <#assign publicCodeName = prvateCodeName?cap_first >
            <#assign jsonfield = defield.getCodeName()?lower_case >
+            <#assign defieldIsDate=false>
+            <#assign defieldFormatStr="">
            <#if defield.isPhisicalDEField()==true && defield.isKeyDEField()==false && defDataType!='ONE2MANYDATA'>
            <#if defield.getPredefinedType()?? && defield.getPredefinedType()!=''>
                <#else >
@@ -219,6 +222,29 @@ public class ${item.getCodeName()} extends EntityMP implements Serializable {
        this.${prvateCodeName} = ${prvateCodeName} ;
        this.modify("${columnname}",${prvateCodeName});
    }
+                    <#if defDataType == "DATETIME" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="yyyy-MM-dd HH:mm:ss">
+                    <#elseif defDataType == "DATE" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tY-%1$tm-%1$td")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="yyyy-MM-dd">
+                    <#elseif defDataType == "TIME" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tH:%1$tM:%1$tS")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="HH:mm">
+                    </#if>
+                    <#if defieldIsDate && defieldFormatStr != "">
+    /**
+     * 格式化日期 [${defield.getLogicName()}]
+     */
+    public String format${publicCodeName}(){
+        if (this.${prvateCodeName} == null) {
+            return null;
+        }
+        SimpleDateFormat sdf = new SimpleDateFormat("${defieldFormatStr}");
+        return sdf.format(${prvateCodeName});
+    }
+                    </#if>
                </#if>
            </#if>
        </#list>
@@ -552,6 +578,8 @@ public class ${item.getCodeName()} extends EntityClient implements Serializable
            <#assign prvateCodeName = srfcaseformat(defield.getCodeName(),'l_u2lC') >
            <#assign publicCodeName = prvateCodeName?cap_first >
            <#assign jsonfield = defield.getCodeName()?lower_case >
+            <#assign defieldIsDate=false>
+            <#assign defieldFormatStr="">
            <#if defield.isPhisicalDEField()==true && defield.isKeyDEField()==false && defDataType!='ONE2MANYDATA'>
            <#if defield.getPredefinedType()?? && defield.getPredefinedType()!=''>
                <#else >
@@ -562,6 +590,29 @@ public class ${item.getCodeName()} extends EntityClient implements Serializable
        this.${prvateCodeName} = ${prvateCodeName} ;
        this.modify("${columnname}",${prvateCodeName});
    }
+                    <#if defDataType == "DATETIME" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="yyyy-MM-dd HH:mm:ss">
+                    <#elseif defDataType == "DATE" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tY-%1$tm-%1$td")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="yyyy-MM-dd">
+                    <#elseif defDataType == "TIME" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tH:%1$tM:%1$tS")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="HH:mm">
+                    </#if>
+                    <#if defieldIsDate && defieldFormatStr != "">
+    /**
+     * 格式化日期 [${defield.getLogicName()}]
+     */
+    public String format${publicCodeName}(){
+        if (this.${prvateCodeName} == null) {
+            return null;
+        }
+        SimpleDateFormat sdf = new SimpleDateFormat("${defieldFormatStr}");
+        return sdf.format(${prvateCodeName});
+    }
+                    </#if>
                </#if>
            </#if>
        </#list>
@@ -695,7 +746,42 @@ public class ${item.getCodeName()} extends EntityBase implements Serializable {
            </#list>
        </#if>
+        <#list de.getPSDEFields() as defield>
+            <#assign defDataType = (defield.getDataType())!"">
+            <#assign columnname = defield.getName()?lower_case>
+            <#assign prvateCodeName = srfcaseformat(defield.getCodeName(),'l_u2lC') >
+            <#assign publicCodeName = prvateCodeName?cap_first >
+            <#assign jsonfield = defield.getCodeName()?lower_case >
+            <#assign defieldIsDate=false>
+            <#assign defieldFormatStr="">
+            <#if defield.isPhisicalDEField()==true && defield.isKeyDEField()==false && defDataType!='ONE2MANYDATA'>
+            <#if defield.getPredefinedType()?? && defield.getPredefinedType()!=''>
+                <#else >
+                    <#if defDataType == "DATETIME" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="yyyy-MM-dd HH:mm:ss">
+                    <#elseif defDataType == "DATE" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tY-%1$tm-%1$td")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="yyyy-MM-dd">
+                    <#elseif defDataType == "TIME" || (defDataType=='PICKUPDATA' && srfdatatype(defield.getStdDataType())== "DATETIME" && defield.getValueFormat()=="%1$tH:%1$tM:%1$tS")>
+                        <#assign defieldIsDate=true>
+                        <#assign defieldFormatStr="HH:mm">
+                    </#if>
+                    <#if defieldIsDate && defieldFormatStr != "">
+    /**
+     * 格式化日期 [${defield.getLogicName()}]
+     */
+    public String format${publicCodeName}(){
+        if (this.${prvateCodeName} == null) {
+            return null;
+        }
+        SimpleDateFormat sdf = new SimpleDateFormat("${defieldFormatStr}");
+        return sdf.format(${prvateCodeName});
+    }
+                    </#if>
+                </#if>
+            </#if>
+        </#list>
    </#if>
 }

--- a/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/service/impl/%DE%ServiceImpl.java.ftl
+++ b/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/service/impl/%DE%ServiceImpl.java.ftl
@@ -231,12 +231,12 @@ ${deaction.getRender().code}
        </#if>
        <#comment>附加数据逻辑-操作前</#comment>
        <@addBoforeLogic deaction/>
-        if(!this.retBool(this.baseMapper.insert(et)))
+        <#comment>同步创建索引主实体、继承主实体数据：继承子实体属性来源与父，先保存父，再保存子，最后get一次获取父数据返回</#comment>
-            return false;
+        <#if isIndexSubDE>
-        <#comment>同步创建继承主实体数据</#comment>
-        <#if isIndexSubDE && indexPSDER.getDERType()=="DERINHERIT">
        createIndexMajorEntityData(et);
        </#if>
+        if(!this.retBool(this.baseMapper.insert(et)))
+            return false;
 		<#comment>1：N关系中，在父实体中创建子实体的List集合</#comment>
 		<#if de.getMajorPSDERs?? && de.getMajorPSDERs()??>
 			<#list de.getMajorPSDERs() as MajorPSDER>
@@ -263,10 +263,6 @@ ${deaction.getRender().code}
 		</#if>
        <#comment>成功后get填充一次完整信息</#comment>
        CachedBeanCopier.copy(get(et.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}()),et);
-        <#comment>同步创建索引主实体数据</#comment>
-        <#if isIndexSubDE && indexPSDER.getDERType()=="DERINDEX">
-        createIndexMajorEntityData(et);
-        </#if>
        <#comment>附加数据逻辑-操作后</#comment>
        <@addAfterLogic deaction/>
        return true;
@@ -294,13 +290,13 @@ ${deaction.getRender().code}
        </#if>
        <#comment>附加数据逻辑-操作前</#comment>
        <@addBoforeLogic deaction/>
+        <#comment>同步更新索引主实体、继承主实体数据：继承子实体属性来源与父，先保存父，再保存子，最后get一次获取父数据返回</#comment>
+        <#if isIndexSubDE>
+        ${srfcaseformat(majorIndexDECodeName,'l_u2lC')}Service.update(${de.codeName?lower_case}InheritMapping.to${majorIndexDECodeNameCamel}(et));
+        </#if>
        <#if de.getKeyPSDEField()??>
        if(!update(et,(Wrapper) et.getUpdateWrapper(true).eq("${keyfield.name?lower_case}",et.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}())))
            return false;
-        <#comment>同步更新继承主实体数据</#comment>
-        <#if isIndexSubDE && indexPSDER.getDERType()=="DERINHERIT">
-        ${srfcaseformat(majorIndexDECodeName,'l_u2lC')}Service.update(${de.codeName?lower_case}InheritMapping.to${majorIndexDECodeNameCamel}(et));
-        </#if>
 		<#comment>1：N关系中，在父实体中创建子实体的List集合</#comment>
 		<#if de.getMajorPSDERs?? && de.getMajorPSDERs()??>
 			<#list de.getMajorPSDERs() as MajorPSDER>
@@ -327,10 +323,6 @@ ${deaction.getRender().code}
 		</#if>
        <#comment>成功后get填充一次完整信息</#comment>
        CachedBeanCopier.copy(get(et.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}()),et);
-        <#comment>同步更新索引主实体数据</#comment>
-        <#if isIndexSubDE && indexPSDER.getDERType()=="DERINDEX">
-        ${srfcaseformat(majorIndexDECodeName,'l_u2lC')}Service.update(${de.codeName?lower_case}InheritMapping.to${majorIndexDECodeNameCamel}(et));
-        </#if>
        <#comment>附加数据逻辑-操作后</#comment>
        <@addAfterLogic deaction/>
        return true;
@@ -438,7 +430,19 @@ ${deaction.getRender().code}
    public boolean checkKey(${item.getCodeName()} et) {
        return (!ObjectUtils.isEmpty(et.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}()))&&(!Objects.isNull(this.getById(et.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}())));
    }
+                    <#comment>用户扩展新建、更新</#comment>
+                    <#elseif deaction.getActionType()== "USERCREATE" || deaction.getActionType()== "USERUPDATE">
+    @Override
+    @Transactional
+    public ${item.getCodeName()} ${srfmethodname(deaction.getCodeName())}(${item.getCodeName()} et) {
+                        <#comment>附加数据逻辑-操作前</#comment>
+                        <@addBoforeLogic deaction/>
+                        <#comment>附加实体行为参数</#comment>
+                        <@addDEActionParam deaction/>
+                        <#comment>附加数据逻辑-操作后</#comment>
+                        <@addAfterLogic deaction/>
+        return et;
+    }
                    <#else>
    @Override
    @Transactional
@@ -1995,4 +1999,43 @@ ${deaction.getRender().code}
    private ${pub.getPKGCodeName()}.core.${de.getPSSystemModule().getCodeName()?lower_case}.service.logic.I${de.getCodeName()}${deLogic.codeName}Logic ${deLogic.getCodeName()?lower_case}Logic;
    </#if>
 </#macro>
+<#comment>实体行为参数</#comment>
+<#macro addDEActionParam deaction>
+<#if deaction.getParamMode?? && deaction.getParamMode()?? && deaction.getPSDEActionParams()??>
+    <#list deaction.getPSDEActionParams() as actionParam>
+        <#assign  actionParamValue="null">
+        <#assign targetFieldName="null">
+        <#if actionParam.getValueType()=='SESSION' || actionParam.getValueType()=='PARAM'|| actionParam.getValueType()=='CONTEXT'>
+            <#assign targetFieldName=actionParam.getValue()>
+            <#if de.getPSDEField(targetFieldName,true)??>
+                <#assign targetFieldName=srfcaseformat(de.getPSDEField(targetFieldName,true).getCodeName(),'l_u2lC')>
+            </#if>
+        </#if>
+        <#assign actionParamFieldCodeName=actionParam.getPSDEField().codeName>
+        <#if actionParam.getValueType()=='VALUE'><#comment>指定值</#comment>
+            <#assign  actionParamValue="\""+actionParam.getValue()+"\"">
+        <#elseif actionParam.getValueType()=='PARAM'><#comment>数据对象属性</#comment>
+            <#assign actionParamValue="et.get(\""+targetFieldName?lower_case+"\")">
+        <#elseif actionParam.getValueType()=='NULLVALUE'><#comment>空值</#comment>
+        <#elseif actionParam.getValueType()=='SESSION'><#comment>用户全局对象</#comment>
+            <#assign actionParamValue=pub.getPKGCodeName()+".util.security.AuthenticationUser.getAuthenticationUser().getSessionParams().get(\""+targetFieldName?lower_case+"\")">
+        <#elseif actionParam.getValueType()=='APPLICATION'><#comment>系统全局对象</#comment>
+        <#elseif actionParam.getValueType()=='UNIQUEID'><#comment>唯一编码</#comment>
+            <#assign actionParamValue="et.getDefaultKey(true)">
+        <#elseif actionParam.getValueType()=='CONTEXT'><#comment>网页请求</#comment>
+            <#assign actionParamValue="et.getExtensionparams().get(\""+targetFieldName?lower_case+"\")">
+        <#elseif actionParam.getValueType()=='OPERATOR'><#comment>当前操作用户(编号)</#comment>
+            <#assign actionParamValue=pub.getPKGCodeName()+".util.security.AuthenticationUser.getAuthenticationUser().getUserid()">
+        <#elseif actionParam.getValueType()=='OPERATORNAME'><#comment>当前操作用户(名称)</#comment>
+            <#assign actionParamValue=pub.getPKGCodeName()+".util.security.AuthenticationUser.getAuthenticationUser().getPersonname()">
+        <#elseif actionParam.getValueType()=='CURTIME'><#comment>当前时间</#comment>
+            <#assign actionParamValue="new java.sql.Timestamp(new java.util.Date().getTime())">
+        <#elseif actionParam.getValueType()=='APPDATA'><#comment>当前应用数据</#comment>
+        </#if>
+        et.set("${actionParamFieldCodeName}",${actionParamValue});
+    </#list>
+</#if>
+</#macro>
 </#if>
--- a/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/extensions.service/%DE%ServiceEx.java.ftl
+++ b/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/extensions.service/%DE%ServiceEx.java.ftl
+<#ibiztemplate>
+TARGET=PSDATAENTITY
+</#ibiztemplate>
+<#comment>判断当前实体是否包含自定义行为</#comment>
+<#assign hasServiceEx=false>
+<#if item.getAllPSDEActions()??>
+    <#list item.getAllPSDEActions() as deaction>
+        <#if deaction.isEnableBackend() && deaction.getActionType()=='USERCUSTOM'>
+        <#assign hasServiceEx=true>
+        <#break>
+        </#if>
+    </#list>
+</#if>
+<#if hasServiceEx && (de.getStorageMode()==1 || de.getStorageMode()==2 ||de.getStorageMode()==4||de.getStorageMode()==0 ) >
+package ${pub.getPKGCodeName()}.core.extensions.service;
+import ${pub.getPKGCodeName()}.core.${item.getPSSystemModule().getCodeName()?lower_case}.service.impl.${item.codeName}ServiceImpl;
+import lombok.extern.slf4j.Slf4j;
+import ${pub.getPKGCodeName()}.core.${item.getPSSystemModule().getCodeName()?lower_case}.domain.${item.codeName};
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.context.annotation.Primary;
+/**
+ * 实体[${item.getLogicName()}] 自定义服务对象
+ */
+@Slf4j
+@Primary
+@Service("${item.codeName}ServiceEx")
+public class ${item.codeName}ServiceEx extends ${item.codeName}ServiceImpl {
+    <#comment>SQL存储：解决mybatis继承service批操作报错</#comment>
+    <#if de.getStorageMode()==1>
+    @Override
+    protected Class currentModelClass() {
+        return com.baomidou.mybatisplus.core.toolkit.ReflectionKit.getSuperClassGenericType(this.getClass().getSuperclass(), 1);
+    }
+    </#if>
+    <#comment>输出实体行为</#comment>
+    <#if item.getAllPSDEActions()??>
+        <#list item.getAllPSDEActions() as deaction>
+            <#if deaction.isEnableBackend() && deaction.getActionType()=='USERCUSTOM'>
+    /**
+     * 自定义行为[${deaction.getCodeName()}]用户扩展
+     * @param et
+     * @return
+     */
+    @Override
+    @Transactional
+    public ${item.getCodeName()} ${srfmethodname(deaction.getCodeName())}(${item.getCodeName()} et) {
+        return super.${srfmethodname(deaction.getCodeName())}(et);
+    }
+            </#if>
+        </#list>
+    </#if>
+}
+</#if>
--- a/SLN/%PUBPRJ%-core/src/main/resources/workflow/%ITEM%.bpmn.ftl
+++ b/SLN/%PUBPRJ%-core/src/main/resources/workflow/%ITEM%.bpmn.ftl
@@ -142,6 +142,9 @@ TARGET=PSWFVERSION
                                           <#assign assignGroupCond=assignGroupCond+",">
                                       </#if>
                                       <#assign assignGroupCond=assignGroupCond+processRole.getPSWFRole().getCodeName()>
+                                       <#if processRole.getUserData()?? && processRole.getUserData2()?? && processRole.getUserData()!="" && processRole.getUserData()!="">
+                                       <#assign assignGroupCond=assignGroupCond+"|"+processRole.getUserData()+"|"+processRole.getUserData2()>
+                                       </#if>
                                   </#if>
                                <#else>
                                   <#if processRole.getUDField()?? && processRole.getUDField()!="">

--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/cache/redis/CustomJacksonSerializer.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/cache/redis/CustomJacksonSerializer.java.ftl
@@ -13,6 +13,10 @@ public class CustomJacksonSerializer<T> extends Jackson2JsonRedisSerializer<T>
    public static final String DEFAULT_PACKAGE ="[\\w+\\.]+\\.AuthenticationUser";
+    public static final String CLASSNAME_EX="_$$_";
+    public static final String CLASSNAME_EX_PATTEN="(_\\$\\$_)(\\w+)";
    public static final String USER_PACKAGE= AuthenticationUser.class.getName();
    public CustomJacksonSerializer(Class type) {
@@ -23,6 +27,12 @@ public class CustomJacksonSerializer<T> extends Jackson2JsonRedisSerializer<T>
    public T deserialize(byte[] bytes) throws SerializationException {
        String serializerContent = new String(bytes, DEFAULT_CHARSET);
        Matcher matcher = Pattern.compile(DEFAULT_PACKAGE).matcher(serializerContent);
-        return matcher.find()?super.deserialize(serializerContent.replaceAll(DEFAULT_PACKAGE,USER_PACKAGE).getBytes()):super.deserialize(bytes);
+        if(matcher.find()){
+            serializerContent=serializerContent.replaceAll(DEFAULT_PACKAGE,USER_PACKAGE);
+        }
+        if(serializerContent.contains(CLASSNAME_EX)){
+            serializerContent=serializerContent.replaceAll(CLASSNAME_EX_PATTEN,"");
+        }
+        return super.deserialize(serializerContent.getBytes());
    }
 }
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFallback.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFallback.java.ftl
@@ -25,4 +25,9 @@ public class IBZUAAFallback implements IBZUAAFeignClient {
    public AuthenticationUser loginByUsername(String username) {
        return null;
    }
+    @Override
+    public String getPublicKey() {
+        return null;
+    }
 }
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFeignClient.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFeignClient.java.ftl
@@ -5,6 +5,7 @@ package ${pub.getPKGCodeName()}.util.client;
 import ${pub.getPKGCodeName()}.util.security.AuthenticationUser;
 import ${pub.getPKGCodeName()}.util.security.AuthorizationLogin;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.*;
 import com.alibaba.fastjson.JSONObject;
@@ -31,4 +32,8 @@ public interface IBZUAAFeignClient
 	@PostMapping(value = "/uaa/loginbyusername")
 	AuthenticationUser loginByUsername(@RequestBody String username);
+    @Cacheable(value="ibzuaa_publickey")
+	@GetMapping(value = "/uaa/publickey")
+	String getPublicKey();
 }
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthTokenUtil.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthTokenUtil.java.ftl
@@ -3,171 +3,15 @@ TARGET=PSSYSTEM
 </#ibiztemplate>
 package ${pub.getPKGCodeName()}.util.security;
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.Clock;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
-import io.jsonwebtoken.impl.DefaultClock;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.stereotype.Component;
-import java.io.Serializable;
+public interface AuthTokenUtil {
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Optional;
-import java.util.function.Function;
-@Component
+    String generateToken(UserDetails userDetails);
-public class AuthTokenUtil implements Serializable {
-    private static final long serialVersionUID = -3301605591108950415L;
+    Boolean validateToken(String token, UserDetails userDetails);
-    private Clock clock = DefaultClock.INSTANCE;
-    @Value(${r'"${ibiz.jwt.secret:ibzsecret}"'})
+    String getUsernameFromToken(String token);
-    private String secret;
-    @Value(${r'"${ibiz.jwt.expiration:7200000}"'})
-    private Long expiration;
-    @Value(${r'"${ibiz.jwt.header:Authorization}"'})
-    private String tokenHeader;
-    public String getUsernameFromToken(String token) {
-        return getClaimFromToken(token, Claims::getSubject);
-    }
-    public Date getIssuedAtDateFromToken(String token) {
-        return getClaimFromToken(token, Claims::getIssuedAt);
-    }
-    public Date getExpirationDateFromToken(String token) {
-        return getClaimFromToken(token, Claims::getExpiration);
-    }
-    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
-        final Claims claims = getAllClaimsFromToken(token);
-        return claimsResolver.apply(claims);
-    }
-    private Claims getAllClaimsFromToken(String token) {
-        return Jwts.parser()
-                .setSigningKey(secret)
-                .parseClaimsJws(token)
-                .getBody();
-    }
-    private Boolean isTokenExpired(String token) {
-        final Date expiration = getExpirationDateFromToken(token);
-        return expiration.before(clock.now());
-    }
-    private Boolean isCreatedBeforeLastPasswordReset(Date created, Date lastPasswordReset) {
-        return (lastPasswordReset != null && created.before(lastPasswordReset));
-    }
-    private Boolean ignoreTokenExpiration(String token) {
-        // here you specify tokens, for that the expiration is ignored
-        return false;
-    }
-    public String generateToken(UserDetails userDetails) {
-        Map<String, Object> claims = new HashMap<>();
-        return doGenerateToken(claims, userDetails.getUsername());
-    }
-    private String doGenerateToken(Map<String, Object> claims, String subject) {
-        final Date createdDate = clock.now();
-        final Date expirationDate = calculateExpirationDate(createdDate);
-        return Jwts.builder()
-                .setClaims(claims)
-                .setSubject(subject)
-                .setIssuedAt(createdDate)
-                .setExpiration(expirationDate)
-                .signWith(SignatureAlgorithm.HS512, secret)
-                .compact();
-    }
-    public Boolean canTokenBeRefreshed(String token, Date lastPasswordReset) {
-        final Date created = getIssuedAtDateFromToken(token);
-        return !isCreatedBeforeLastPasswordReset(created, lastPasswordReset)
-                && (!isTokenExpired(token) || ignoreTokenExpiration(token));
-    }
-    public String refreshToken(String token) {
-        final Date createdDate = clock.now();
-        final Date expirationDate = calculateExpirationDate(createdDate);
-        final Claims claims = getAllClaimsFromToken(token);
-        claims.setIssuedAt(createdDate);
-        claims.setExpiration(expirationDate);
-        return Jwts.builder()
-                .setClaims(claims)
-                .signWith(SignatureAlgorithm.HS512, secret)
-                .compact();
-    }
-    public Boolean validateToken(String token, UserDetails userDetails) {
-        AuthenticationUser user = (AuthenticationUser) userDetails;
-        final Date created = getIssuedAtDateFromToken(token);
-        return (!isTokenExpired(token) );
-    }
-    private Date calculateExpirationDate(Date createdDate) {
-        return new Date(createdDate.getTime() + expiration);
-    }
-    /**
-     * Get the login of the current user.
-     *
-     * @return the login of the current user
-     */
-    public static Optional<String> getCurrentUserLogin() {
-        SecurityContext securityContext = SecurityContextHolder.getContext();
-        return Optional.ofNullable(securityContext.getAuthentication())
-                .map(authentication -> {
-                    if (authentication.getPrincipal() instanceof UserDetails) {
-                        UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
-                        return springSecurityUser.getUsername();
-                    } else if (authentication.getPrincipal() instanceof String) {
-                        return (String) authentication.getPrincipal();
-                    }
-                    return null;
-                });
-    }
-    /**
-     * Check if a user is authenticated.
-     *
-     * @return true if the user is authenticated, false otherwise
-     */
-    public static boolean isAuthenticated() {
-        SecurityContext securityContext = SecurityContextHolder.getContext();
-        return Optional.ofNullable(securityContext.getAuthentication())
-                .map(authentication -> authentication.getAuthorities().stream()
-                        .noneMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ANONYMOUS")))
-                .orElse(false);
-    }
-    /**
-     * If the current user has a specific authority (security role).
-     * <p>
-     * The name of this method comes from the isUserInRole() method in the Servlet API
-     *
-     * @param authority the authority to check
-     * @return true if the current user has the authority, false otherwise
-     */
-    public static boolean isCurrentUserInRole(String authority) {
-        SecurityContext securityContext = SecurityContextHolder.getContext();
-        return Optional.ofNullable(securityContext.getAuthentication())
-                .map(authentication -> authentication.getAuthorities().stream()
-                        .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals(authority)))
-                .orElse(false);
-    }
 }
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/SimpleTokenUtil.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/SimpleTokenUtil.java.ftl
+<#ibiztemplate>
+TARGET=PSSYSTEM
+</#ibiztemplate>
+package ${pub.getPKGCodeName()}.util.security;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Clock;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.impl.DefaultClock;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import java.io.Serializable;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Function;
+@Component
+@ConditionalOnExpression("(!${r'${ibiz.enablePermissionValid:false}'})&&'${r'${ibiz.auth.token.util:'}<#if sys.getPSSystemSetting()?? && sys.getPSSystemSetting().getDataAccCtrlArch()?? && sys.getPSSystemSetting().getDataAccCtrlArch()==1>UAATokenUtil<#else>SimpleTokenUtil</#if>${r'}'}'.equals('SimpleTokenUtil')")
+public class SimpleTokenUtil implements AuthTokenUtil,Serializable {
+    private static final long serialVersionUID = -3301605591108950415L;
+    private Clock clock = DefaultClock.INSTANCE;
+    @Value(${r'"${ibiz.jwt.secret:ibzsecret}"'})
+    private String secret;
+    @Value(${r'"${ibiz.jwt.expiration:7200000}"'})
+    private Long expiration;
+    @Value(${r'"${ibiz.jwt.header:Authorization}"'})
+    private String tokenHeader;
+    public String getUsernameFromToken(String token) {
+        return getClaimFromToken(token, Claims::getSubject);
+    }
+    public Date getIssuedAtDateFromToken(String token) {
+        return getClaimFromToken(token, Claims::getIssuedAt);
+    }
+    public Date getExpirationDateFromToken(String token) {
+        return getClaimFromToken(token, Claims::getExpiration);
+    }
+    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = getAllClaimsFromToken(token);
+        return claimsResolver.apply(claims);
+    }
+    private Claims getAllClaimsFromToken(String token) {
+        return Jwts.parser()
+                .setSigningKey(secret)
+                .parseClaimsJws(token)
+                .getBody();
+    }
+    private Boolean isTokenExpired(String token) {
+        final Date expiration = getExpirationDateFromToken(token);
+        return expiration.before(clock.now());
+    }
+    private Boolean isCreatedBeforeLastPasswordReset(Date created, Date lastPasswordReset) {
+        return (lastPasswordReset != null && created.before(lastPasswordReset));
+    }
+    private Boolean ignoreTokenExpiration(String token) {
+        // here you specify tokens, for that the expiration is ignored
+        return false;
+    }
+    public String generateToken(UserDetails userDetails) {
+        Map<String, Object> claims = new HashMap<>();
+        return doGenerateToken(claims, userDetails.getUsername());
+    }
+    private String doGenerateToken(Map<String, Object> claims, String subject) {
+        final Date createdDate = clock.now();
+        final Date expirationDate = calculateExpirationDate(createdDate);
+        return Jwts.builder()
+                .setClaims(claims)
+                .setSubject(subject)
+                .setIssuedAt(createdDate)
+                .setExpiration(expirationDate)
+                .signWith(SignatureAlgorithm.HS512, secret)
+                .compact();
+    }
+    public Boolean canTokenBeRefreshed(String token, Date lastPasswordReset) {
+        final Date created = getIssuedAtDateFromToken(token);
+        return !isCreatedBeforeLastPasswordReset(created, lastPasswordReset)
+                && (!isTokenExpired(token) || ignoreTokenExpiration(token));
+    }
+    public String refreshToken(String token) {
+        final Date createdDate = clock.now();
+        final Date expirationDate = calculateExpirationDate(createdDate);
+        final Claims claims = getAllClaimsFromToken(token);
+        claims.setIssuedAt(createdDate);
+        claims.setExpiration(expirationDate);
+        return Jwts.builder()
+                .setClaims(claims)
+                .signWith(SignatureAlgorithm.HS512, secret)
+                .compact();
+    }
+    public Boolean validateToken(String token, UserDetails userDetails) {
+        AuthenticationUser user = (AuthenticationUser) userDetails;
+        final Date created = getIssuedAtDateFromToken(token);
+        return (!isTokenExpired(token) );
+    }
+    private Date calculateExpirationDate(Date createdDate) {
+        return new Date(createdDate.getTime() + expiration);
+    }
+    /**
+     * Get the login of the current user.
+     *
+     * @return the login of the current user
+     */
+    public static Optional<String> getCurrentUserLogin() {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return Optional.ofNullable(securityContext.getAuthentication())
+                .map(authentication -> {
+                    if (authentication.getPrincipal() instanceof UserDetails) {
+                        UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
+                        return springSecurityUser.getUsername();
+                    } else if (authentication.getPrincipal() instanceof String) {
+                        return (String) authentication.getPrincipal();
+                    }
+                    return null;
+                });
+    }
+    /**
+     * Check if a user is authenticated.
+     *
+     * @return true if the user is authenticated, false otherwise
+     */
+    public static boolean isAuthenticated() {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return Optional.ofNullable(securityContext.getAuthentication())
+                .map(authentication -> authentication.getAuthorities().stream()
+                        .noneMatch(grantedAuthority -> grantedAuthority.getAuthority().equals("ANONYMOUS")))
+                .orElse(false);
+    }
+    /**
+     * If the current user has a specific authority (security role).
+     * <p>
+     * The name of this method comes from the isUserInRole() method in the Servlet API
+     *
+     * @param authority the authority to check
+     * @return true if the current user has the authority, false otherwise
+     */
+    public static boolean isCurrentUserInRole(String authority) {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return Optional.ofNullable(securityContext.getAuthentication())
+                .map(authentication -> authentication.getAuthorities().stream()
+                        .anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals(authority)))
+                .orElse(false);
+    }
+}
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/UAATokenUtil.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/UAATokenUtil.java.ftl
+<#ibiztemplate>
+TARGET=PSSYSTEM
+</#ibiztemplate>
+package ${pub.getPKGCodeName()}.util.security;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Clock;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.impl.DefaultClock;
+import lombok.SneakyThrows;
+import ${pub.getPKGCodeName()}.util.client.IBZUAAFeignClient;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.Serializable;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.Function;
+@Component
+@ConditionalOnExpression("${r'${ibiz.enablePermissionValid:false}'}||'${r'${ibiz.auth.token.util:'}<#if sys.getPSSystemSetting()?? && sys.getPSSystemSetting().getDataAccCtrlArch()?? && sys.getPSSystemSetting().getDataAccCtrlArch()==1>UAATokenUtil<#else>SimpleTokenUtil</#if>${r'}'}'.equals('UAATokenUtil')")
+public class UAATokenUtil implements AuthTokenUtil, Serializable {
+    private static final long serialVersionUID = -3301605591108950415L;
+    private Clock clock = DefaultClock.INSTANCE;
+    @Value(${r'"${ibiz.jwt.secret:ibzsecret}"'})
+    private String secret;
+    @Value(${r'"${ibiz.jwt.expiration:7200000}"'})
+    private Long expiration;
+    @Value(${r'"${ibiz.jwt.header:Authorization}"'})
+    private String tokenHeader;
+    @Autowired
+    private IBZUAAFeignClient uaaFeignClient;
+    public String getUsernameFromToken(String token) {
+        return getClaimFromToken(token, Claims::getSubject);
+    }
+    public Date getIssuedAtDateFromToken(String token) {
+        return getClaimFromToken(token, Claims::getIssuedAt);
+    }
+    public Date getExpirationDateFromToken(String token) {
+        return getClaimFromToken(token, Claims::getExpiration);
+    }
+    public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = getAllClaimsFromToken(token);
+        return claimsResolver.apply(claims);
+    }
+    public Claims getAllClaimsFromToken(String token) {
+        PublicKey publicKey = getPublicKey(getPublicKeyString());
+        return Jwts.parser()
+                .setSigningKey(publicKey)
+                .parseClaimsJws(token)
+                .getBody();
+    }
+    private Boolean isTokenExpired(String token) {
+        final Date expiration = getExpirationDateFromToken(token);
+        return expiration.before(clock.now());
+    }
+    public String generateToken(UserDetails userDetails) {
+        return null;
+    }
+    public Boolean validateToken(String token, UserDetails userDetails) {
+        AuthenticationUser user = (AuthenticationUser) userDetails;
+        final Date created = getIssuedAtDateFromToken(token);
+        return (!isTokenExpired(token) );
+    }
+    private String getPublicKeyString(){
+        return uaaFeignClient.getPublicKey();
+    }
+    /**
+     * 获取PublicKey对象
+     * @param publicKeyBase64
+     * @return
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeySpecException
+     */
+    @SneakyThrows
+    public PublicKey getPublicKey(String publicKeyBase64) {
+        byte[] byteKey = Base64.decodeBase64(publicKeyBase64);
+        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(byteKey);
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        return keyFactory.generatePublic(x509EncodedKeySpec);
+    }
+}