高位漏洞修改

2 months ago · 4b33b0695f
parent 0cc0f6d9c1
commit 4b33b0695f
17 changed files with 204 additions and 125 deletions
--- a/XinAoDTS/fuintAdmin/.env.development
+++ b/XinAoDTS/fuintAdmin/.env.development
@ -11,4 +11,4 @@ VUE_APP_BASE_API = '/dev-api'
 VUE_APP_PUBLIC_PATH = '/'

 # 后端接口地址
-VUE_APP_SERVER_URL = 'http://localhost:8081/'
+VUE_APP_SERVER_URL = 'https://spring.ennenergy.cn'
--- a/XinAoDTS/fuintAdmin/.env.production
+++ b/XinAoDTS/fuintAdmin/.env.production
@ -11,5 +11,5 @@ VUE_APP_BASE_API = '/fuint-application/'
 VUE_APP_PUBLIC_PATH = '/'

 # 后端接口地址
-VUE_APP_SERVER_URL = 'http://localhost:8081/'
+VUE_APP_SERVER_URL = 'https://spring.ennenergy.cn'

--- a/XinAoDTS/fuintAdmin/src/components/FileUpload/index.vue
+++ b/XinAoDTS/fuintAdmin/src/components/FileUpload/index.vue
@ -69,11 +69,12 @@ export default {
    }
  },
  data() {
+    alert(process.env.VUE_APP_BASE_API)
    return {
      number: 0,
      uploadList: [],
      baseUrl: process.env.VUE_APP_BASE_API,
-      uploadFileUrl: process.env.VUE_APP_SERVER_URL + 'backendApi/file/upload', // 上传的图片服务器地址
+      uploadFileUrl: process.env.VUE_APP_SERVER_URL+process.env.VUE_APP_BASE_API + 'backendApi/file/upload', // 上传的图片服务器地址
      headers: {
        'Access-Token': getToken(),
      },
--- a/XinAoDTS/fuintAdmin/src/views/content/banner/list.vue
+++ b/XinAoDTS/fuintAdmin/src/views/content/banner/list.vue
@ -230,7 +230,7 @@ export default {
      // 店铺列表
      storeList: [],
      // 上传地址
-      uploadAction: process.env.VUE_APP_SERVER_URL + 'backendApi/file/upload',
+      uploadAction: process.env.VUE_APP_SERVER_URL+ process.env.VUE_APP_BASE_API + 'backendApi/file/upload',
      // 隐藏上传
      hideUpload: false,
      // 上传文件列表
--- a/XinAoDTS/fuintAdmin/vue.config.js
+++ b/XinAoDTS/fuintAdmin/vue.config.js
@ -42,7 +42,11 @@ module.exports = {
        pathRewrite: {
          ['^' + process.env.VUE_APP_BASE_API]: ''
        }
-      }
+      },
+        '/backendApi/file/upload': {
+          target: 'http://10.203.2.71:8081/backendApi/file/upload', //请求的地址
+          changeOrigin: true,
+        },
    },
    disableHostCheck: true
  },
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/config/SwaggerConfig.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/config/SwaggerConfig.java
@ -2,6 +2,7 @@ package com.fuint.common.config;

 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import springfox.documentation.builders.ApiInfoBuilder;
 import springfox.documentation.builders.RequestHandlerSelectors;
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/config/WebConfig.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/config/WebConfig.java
@ -37,6 +37,7 @@ public class WebConfig extends WebMvcConfigurationSupport {
                "classpath:/META-INF/resources/");
        registry.addResourceHandler("/webjars/**").addResourceLocations(
                "classpath:/META-INF/resources/webjars/");
+        registry.addResourceHandler("/static/uploadImages/"+ "/**").addResourceLocations("file:"+"/home/e_wanglx/java/static/uploadImages/");
        super.addResourceHandlers(registry);
    }

@ -67,7 +68,8 @@ public class WebConfig extends WebMvcConfigurationSupport {
                .excludePathPatterns("/clientApi/captcha/**")
                .excludePathPatterns("/backendApi/captcha/**")
                .excludePathPatterns("/backendApi/userCoupon/exportList")
-                .excludePathPatterns("/backendApi/login/**");
+                .excludePathPatterns("/backendApi/login/**")
+                .excludePathPatterns("/static/uploadImages/**");

        // 客户端拦截
        registry.addInterceptor(portalUserInterceptor())
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/filter/SpecialCharFilter.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/filter/SpecialCharFilter.java
@ -1,101 +1,118 @@
-package com.fuint.common.filter;
-
-
-import cn.hutool.core.util.ObjectUtil;
-import com.alibaba.fastjson2.JSONObject;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fuint.framework.exception.BusinessRuntimeException;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.web.multipart.support.StandardServletMultipartResolver;
-
-import javax.servlet.*;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.stream.Collectors;
-
-
-@WebFilter(filterName = "CharsetFilter",urlPatterns = "/*")
-public class SpecialCharFilter implements Filter {
-
-    private static final String SQL_REGX = "[\\\\^$*+?{}()=&;%+\\[\\].|]";
-
-    @Override
-    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException, IOException {
-        HttpServletRequest req = (HttpServletRequest) servletRequest;
-
-        // 防止流读取一次后就没有了, 所以需要将流继续写出去
-        MyRequestWrapper requestWrapper = new MyRequestWrapper(req);
-
-        // 获取请求参数
-        Map<String, Object> paramsMaps = new TreeMap<>();
-        if ("POST".equals(req.getMethod().toUpperCase())) {
-            String body = requestWrapper.getBody();
-            paramsMaps = JSONObject.parseObject(body, TreeMap.class);
-        } else {
-            Map<String, String[]> parameterMap = requestWrapper.getParameterMap();
-            Set<Map.Entry<String, String[]>> entries = parameterMap.entrySet();
-            for (Map.Entry<String, String[]> next : entries) {
-                paramsMaps.put(next.getKey(), next.getValue()[0]);
-            }
-        }
-
-        // 校验SQL注入
-         if (ObjectUtil.isNotEmpty(paramsMaps)) {
-             for (Object o : paramsMaps.entrySet()) {
-                 Map.Entry entry = (Map.Entry) o;
-                 Object value = entry.getValue();
-                 if (value != null) {
-                     boolean isValid = checkSqlInject(value.toString(), servletResponse);
-                     if (!isValid) {
-                         return;
-                     }
-                 }
-             }
-         }
-
-        chain.doFilter(requestWrapper, servletResponse);
-
-
-    }
-
-    //获取request请求body中参数
-    public static String getBodyString(BufferedReader br) {
-        String inputLine;
-        String str = "";
-        try {
-            while ((inputLine = br.readLine()) != null) {
-                str += inputLine;
-            }
-            br.close();
-        } catch (IOException e) {
-            System.out.println("IOException: " + e);
-        }
-        return str;
-    }
-
-    /**
-     * 检查SQL注入
-     *
-     * @param value           参数值
-     * @param servletResponse 相应实例
-     * @throws IOException      IO异常
-     */
-    private boolean checkSqlInject(String value, ServletResponse servletResponse) throws IOException {
-        if (null != value) {
-            String output = value.replaceAll(SQL_REGX, "");
-            if (output.length()<value.length()) {
-               return false;
-            }
-        }
-        return true;
-    }
-
-
-
-}
+//package com.fuint.common.filter;
+//
+//
+//import cn.hutool.core.util.ObjectUtil;
+//import com.alibaba.fastjson2.JSONObject;
+//import com.fasterxml.jackson.databind.ObjectMapper;
+//import com.fuint.framework.exception.BusinessRuntimeException;
+//import org.apache.commons.lang3.StringUtils;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.beans.factory.annotation.Qualifier;
+//import org.springframework.stereotype.Component;
+//import org.springframework.web.multipart.support.StandardServletMultipartResolver;
+//import org.springframework.web.servlet.HandlerExceptionResolver;
+//
+//import javax.servlet.*;
+//import javax.servlet.annotation.WebFilter;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//import java.io.BufferedReader;
+//import java.io.IOException;
+//import java.util.Map;
+//import java.util.Set;
+//import java.util.TreeMap;
+//import java.util.stream.Collectors;
+//
+//
+//@WebFilter(filterName = "CharsetFilter", urlPatterns = "/*")
+//@Component
+//public class SpecialCharFilter implements Filter {
+//
+//    private static final String SQL_REGX = "[=]";
+//    @Qualifier("handlerExceptionResolver")
+//    @Autowired
+//    private HandlerExceptionResolver resolver;
+//
+//    @Override
+//    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException, IOException {
+//        HttpServletRequest req = (HttpServletRequest) servletRequest;
+//        String servletPath = req.getServletPath();
+//        HttpServletResponse rep = (HttpServletResponse) servletResponse;
+//        MyRequestWrapper requestWrapper = new MyRequestWrapper(req);
+//           if (ObjectUtil.notEqual(servletPath,"/backendApi/login/doLogin")){
+//               // 防止流读取一次后就没有了, 所以需要将流继续写出去
+//
+//               // 获取请求参数
+//               Map<String, Object> paramsMaps = new TreeMap<>();
+//               if ("POST".equals(req.getMethod().toUpperCase())) {
+//                   String body = requestWrapper.getBody();
+//                   paramsMaps = JSONObject.parseObject(body, TreeMap.class);
+//               } else {
+//                   Map<String, String[]> parameterMap = requestWrapper.getParameterMap();
+//                   Set<Map.Entry<String, String[]>> entries = parameterMap.entrySet();
+//                   for (Map.Entry<String, String[]> next : entries) {
+//                       paramsMaps.put(next.getKey(), next.getValue()[0]);
+//                   }
+//               }
+//
+//               // 校验SQL注入
+//               if (ObjectUtil.isNotEmpty(paramsMaps)) {
+//                   for (Object o : paramsMaps.entrySet()) {
+//                       Map.Entry entry = (Map.Entry) o;
+//                       Object value = entry.getValue();
+//                       if (value != null) {
+//
+//                           boolean isValid = checkSqlInject(value.toString(), servletResponse);
+//                           if (!isValid) {
+//                               resolver.resolveException(req, rep,
+//                                       null, FileterException("客户端信息非法！！,存在特殊字符请重新输入"));
+//                               return;
+//                           }
+//                       }
+//                   }
+//               }
+//           }
+//
+//        chain.doFilter(requestWrapper, servletResponse);
+//
+//
+//    }
+//
+//    //获取request请求body中参数
+//    public static String getBodyString(BufferedReader br) {
+//        String inputLine;
+//        String str = "";
+//        try {
+//            while ((inputLine = br.readLine()) != null) {
+//                str += inputLine;
+//            }
+//            br.close();
+//        } catch (IOException e) {
+//            System.out.println("IOException: " + e);
+//        }
+//        return str;
+//    }
+//
+//    /**
+//     * 检查SQL注入
+//     *
+//     * @param value           参数值
+//     * @param servletResponse 相应实例
+//     * @throws IOException IO异常
+//     */
+//    private boolean checkSqlInject(String value, ServletResponse servletResponse) throws IOException {
+//        if (null != value) {
+//            String output = value.replaceAll(SQL_REGX, "");
+//            if (output.length() < value.length()) {
+//                return false;
+//            }
+//        }
+//        return true;
+//    }
+//
+//    public Exception FileterException(String cause) {
+//        return new Exception(cause);
+//    }
+//
+//
+//}
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/service/impl/AccountServiceImpl.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/service/impl/AccountServiceImpl.java
@ -1,6 +1,10 @@
 package com.fuint.common.service.impl;

+import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.asymmetric.RSA;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@ -350,6 +354,20 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
        byte[] hashPassword = Digests.sha1(password.getBytes(), salt1, 1024);
        return Encodes.encodeHex(hashPassword);
    }
+    public String getRsa(String password){
+            String privateKey="MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY\n" +
+                    "7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKN\n" +
+                    "PuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gA\n" +
+                    "kM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWow\n" +
+                    "cSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99Ecv\n" +
+                    "DQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthh\n" +
+                    "YhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3\n" +
+                    "UP8iWi1Qw0Y=";
+            RSA rsa = new RSA(privateKey, null);
+            byte[] decrypt = rsa.decrypt(password, KeyType.PrivateKey);
+            return StrUtil.str(decrypt, CharsetUtil.CHARSET_UTF_8);
+
+    }

    /**
     * 登录后台系统
@ -374,7 +392,8 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
        }
        Boolean captchaVerify = captchaService.checkCodeByUuid(captchaCode, uuid);
        if (!captchaVerify) {
-            throw new BusinessCheckException("图形验证码有误");
+            RedisUtil.remove(uuid);
+            throw new BusinessCheckException("图形验证码有误或已经失效");
        }

        if (StringUtil.isEmpty(accountName) || StringUtil.isEmpty(password) || StringUtil.isEmpty(captchaCode)) {
@ -387,8 +406,8 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im

            TAccount tAccount = getAccountInfoById(accountInfo.getId());
            String myPassword = tAccount.getPassword();
-            String inputPassword = getEntryptPassword(password, tAccount.getSalt());
-            if (!myPassword.equals(inputPassword) || !tAccount.getAccountStatus().toString().equals("1")) {
+            String entryptPassword = getEntryptPassword(getRsa(password), tAccount.getSalt());
+            if (!myPassword.equals(entryptPassword) || !tAccount.getAccountStatus().toString().equals("1")) {
                Object userAccountName = RedisUtil.get("user" + accountName);
                if (ObjectUtil.isEmpty(userAccountName)) {
                    RedisUtil.set("user" + accountName, 1);
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/util/TokenUtil.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/util/TokenUtil.java
@ -131,7 +131,7 @@ public class TokenUtil {
     * @return
     * */
    public static boolean removeToken(String token) {
-        RedisUtil.remove(token);
+        RedisUtil.remove(Constants.SESSION_ADMIN_USER +token);
        AuthUserUtil.clean();
        return true;
    }
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/fuintApplication.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/fuintApplication.java
@ -20,7 +20,6 @@ import org.tuckey.web.filters.urlrewrite.UrlRewriteFilter;
@SpringBootApplication
 //@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
@PropertySource("application-${env.profile}.properties")
-@ServletComponentScan
 public class fuintApplication {

    public static final String REWRITE_FILTER_NAME = "rewriteFilter";
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-dev.properties
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-dev.properties
@ -10,11 +10,11 @@ spring.session.redis.namespace=fuint
 # Redis\u6570\u636E\u5E93\u7D22\u5F15\uFF08\u9ED8\u8BA4\u4E3A0\uFF09
 spring.redis.database=0
 # Redis\u670D\u52A1\u5668\u5730\u5740(\u751F\u4EA7)
-spring.redis.host=120.46.159.203
+spring.redis.host=192.168.10.31
 # Redis\u670D\u52A1\u5668\u8FDE\u63A5\u7AEF\u53E3
-spring.redis.port=16379
+spring.redis.port=7679
 # Redis\u670D\u52A1\u5668\u8FDE\u63A5\u5BC6\u7801\uFF08\u9ED8\u8BA4\u4E3A\u7A7A\uFF09
-spring.redis.password=a8EYUSoT8wHbuRkX
+#spring.redis.password=
 # \u8FDE\u63A5\u6C60\u6700\u5927\u8FDE\u63A5\u6570\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
 spring.redis.pool.max-active=-1
 # \u8FDE\u63A5\u6C60\u6700\u5927\u963B\u585E\u7B49\u5F85\u65F6\u95F4\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
@ -33,13 +33,13 @@ system.name = fuint\u4F1A\u5458\u8425\u9500\u7BA1\u7406\u7CFB\u7EDF
 website.url=https://www.huamar.com/h5/

 # \u4E0A\u4F20\u56FE\u7247\u672C\u5730\u5730\u5740
-images.root=/target/classes
-#images.root=D:/download
+#images.root=/target/classes
+images.root=D:/download
 #images.path=/profile/
 images.path=/static/uploadImages/

 # \u4E0A\u4F20\u56FE\u7247\u670D\u52A1\u5668\u57DF\u540D
-images.upload.url=http://192.168.10.70:8999
+images.upload.url=http://192.168.10.70:8081

 # \u4E0A\u4F20\u56FE\u7247\u5141\u8BB8\u7684\u5927\u5C0F\uFF08\u5355\u4F4D\uFF1AMB\uFF09
 images.upload.maxSize=100
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-prod.properties
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-prod.properties
@ -33,11 +33,11 @@ system.name = fuint\u4F1A\u5458\u8425\u9500\u7BA1\u7406\u7CFB\u7EDF
 website.url=https://www.huamar.com/h5/

 # \u4E0A\u4F20\u56FE\u7247\u672C\u5730\u5730\u5740
-images.root=/home/
+images.root=/home/e_wanglx/java/
 images.path=/static/uploadImages/

 # \u4E0A\u4F20\u56FE\u7247\u670D\u52A1\u5668\u57DF\u540D
-images.upload.url=http://localhost:8081
+images.upload.url=https://boot.ennenergy.cn

 # \u4E0A\u4F20\u56FE\u7247\u5141\u8BB8\u7684\u5927\u5C0F\uFF08\u5355\u4F4D\uFF1AMB\uFF09
 images.upload.maxSize=5
@ -90,7 +90,7 @@ wxpay.appSecret = 2cc8299450b5cccf3afa571498afb1de
 wxpay.mchId=1663547246
 wxpay.apiV2=Xinaoranqi2018Xinaoranqi20182024
 wxpay.certPath=/usr/local/fuint/cert/apiclient_cert.p12
-wxpay.domain=https://www.huamar.com/fuint-application
+wxpay.domain=http://spring.ennenergy.cn/fuint-application/clientApi/pay/aliPayCallback

 ################## \u652F\u4ED8\u5B9D\u652F\u4ED8\u76F8\u5173\u914D\u7F6E ######################
 alipay.appId = \u5E94\u7528\u7F16\u53F7
@ -106,4 +106,4 @@ weixin.subMessage.couponExpire=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'
 weixin.subMessage.couponArrival=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'},{'key':'amount', 'name':'\u91D1\u989D'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
 weixin.subMessage.balanceChange=[{'key':'amount', 'name':'\u53D8\u52A8\u91D1\u989D'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
 weixin.subMessage.couponConfirm=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'},{'key':'time', 'name':'\u6838\u9500\u65F6\u95F4'}]
-weixin.subMessage.pointChange=[{'key':'amount', 'name':'\u53D8\u52A8\u6570\u91CF'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'remark', 'name':'\u5907\u6CE8\u4FE1\u606F'}]
+weixin.subMessage.pointChange=[{'key':'amount', 'name':'\u53D8\u52A8\u6570\u91CF'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'remark',
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application.properties
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application.properties
@ -1,7 +1,8 @@
 # \u57FA\u672C\u914D\u7F6E
 server.port=8081

-env.profile=dev
+env.profile=prod
+


 # \u6570\u636E\u5E93\u914D\u7F6E
--- a/XinAoDTS/fuintBackend/fuint-framework/src/main/java/com/fuint/framework/exception/BusinessCheckException.java
+++ b/XinAoDTS/fuintBackend/fuint-framework/src/main/java/com/fuint/framework/exception/BusinessCheckException.java
@ -1,12 +1,15 @@
 package com.fuint.framework.exception;

-/**
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus; /**
 * 业务检查异常
 *
 * Created by FSQ
 * CopyRight https://www.huamar.com
 */
-public class BusinessCheckException extends Exception {
+
+
+public class BusinessCheckException extends RuntimeException {
    private static final long serialVersionUID = 1L;

    private Throwable rootCause;
--- a/XinAoDTS/fuintBackend/fuint-framework/src/main/java/com/fuint/framework/exception/FileterException.java
+++ b/XinAoDTS/fuintBackend/fuint-framework/src/main/java/com/fuint/framework/exception/FileterException.java
@ -0,0 +1,23 @@
+package com.fuint.framework.exception;
+
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+@ResponseStatus(HttpStatus.CREATED)
+public class FileterException extends RuntimeException   {
+
+    private static final long serialVersionUID = 1L;
+
+    private String reason;
+
+    public FileterException(String cause) {
+        super(cause);
+        this.reason = cause;
+    }
+}
+
--- a/XinAoDTS/fuintBackend/fuint-framework/src/main/java/com/fuint/framework/exception/GlobalExceptionHandler.java
+++ b/XinAoDTS/fuintBackend/fuint-framework/src/main/java/com/fuint/framework/exception/GlobalExceptionHandler.java
@ -3,6 +3,7 @@ package com.fuint.framework.exception;
 import com.fuint.framework.web.ResponseObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.core.annotation.Order;
 import org.springframework.validation.BindException;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
@ -18,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
 * Created by FSQ
 * CopyRight https://www.huamar.com
 */
+@Order(1)
@RestControllerAdvice
 public class GlobalExceptionHandler {

@ -103,4 +105,11 @@ public class GlobalExceptionHandler {
        String message = e.getBindingResult().getFieldError().getDefaultMessage();
        return new ResponseObject(201,message, null);
    }
+
+    @ExceptionHandler(FileterException.class)
+    public Object FileterException(FileterException e) {
+        System.out.println("!1111111111111111111111111111111111111111");
+        log.error(e.getMessage(), e);
+        return new ResponseObject(201,e.getMessage(), null);
+    }
 }