diff --git a/zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/util/security/CryptoSignatureUtils.java b/zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/util/security/CryptoSignatureUtils.java
index 6fb4808c..b0d9be83 100644
--- a/zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/util/security/CryptoSignatureUtils.java
+++ b/zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/util/security/CryptoSignatureUtils.java
@@ -1,6 +1,7 @@
package com.zt.plat.framework.common.util.security;
import cn.hutool.crypto.SecureUtil;
+import com.zt.plat.framework.common.util.json.JsonUtils;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
@@ -126,7 +127,11 @@ public final class CryptoSignatureUtils {
continue;
}
sb.append(key).append('=');
- sb.append(value);
+ if (value instanceof String || value instanceof Number || value instanceof Boolean) {
+ sb.append(value);
+ } else {
+ sb.append(JsonUtils.toJsonString(value));
+ }
sb.append('&');
}
if (sb.length() > 0) {
diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
index 6692f40d..48c2a627 100644
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -286,8 +286,7 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
try {
boolean valid = CryptoSignatureUtils.verifySignature(signaturePayload, signatureType);
if (!valid) {
- log.error("[API-PORTAL] 签名校验失败");
- return;
+ throw new SecurityValidationException(HttpStatus.UNAUTHORIZED, "签名校验失败");
}
} catch (IllegalArgumentException ex) {
throw new SecurityValidationException(HttpStatus.INTERNAL_SERVER_ERROR, "签名算法配置异常");
diff --git a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserDeptChangeProducer.java b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserDeptChangeProducer.java
index d5f75058..a1f5007a 100644
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserDeptChangeProducer.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserDeptChangeProducer.java
@@ -15,6 +15,9 @@ import org.springframework.stereotype.Component;
* 用户-部门关系变更消息 Producer
*
* 负责发送用户与部门的关联关系变更事件
+ *
+ * 注意:客户端系统(分公司)应该禁用此功能,避免形成消息循环
+ * 配置项:zt.databus.change.producer.enabled=false
*
* @author ZT
*/
@@ -25,6 +28,16 @@ public class DatabusUserDeptChangeProducer {
@Resource
private RocketMQTemplate rocketMQTemplate;
+ /**
+ * 是否启用变更消息发送
+ *
+ * 默认值:false(安全优先,避免未配置时导致消息循环)
+ * 集团侧(数据源):必须显式设置为 true,发送变更消息
+ * 分公司侧(客户端):保持 false 或不配置,禁用变更消息,避免循环
+ */
+ @Value("${zt.databus.change.producer.enabled:false}")
+ private boolean enabled;
+
@Value("${zt.databus.change.topic-prefix:databus-change}")
private String topicPrefix;
@@ -98,6 +111,12 @@ public class DatabusUserDeptChangeProducer {
* 发送消息到 MQ
*/
private void sendMessage(DatabusEventType eventType, DatabusUserDeptData data) {
+ if (!enabled) {
+ log.debug("[Databus] 变更消息发送已禁用, 跳过用户-部门关系变更消息, eventType={}, userId={}, deptId={}",
+ eventType, data.getUserId(), data.getDeptId());
+ return;
+ }
+
DatabusMessage message = new DatabusMessage<>();
message.setEventType(eventType);
message.setData(data);
diff --git a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserPostChangeProducer.java b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserPostChangeProducer.java
index b6201f5d..e275fe62 100644
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserPostChangeProducer.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/mq/producer/databus/DatabusUserPostChangeProducer.java
@@ -15,6 +15,9 @@ import org.springframework.stereotype.Component;
* 用户-岗位关系变更消息 Producer
*
* 负责发送用户与岗位的关联关系变更事件
+ *
+ * 注意:客户端系统(分公司)应该禁用此功能,避免形成消息循环
+ * 配置项:zt.databus.change.producer.enabled=false
*
* @author ZT
*/
@@ -25,6 +28,16 @@ public class DatabusUserPostChangeProducer {
@Resource
private RocketMQTemplate rocketMQTemplate;
+ /**
+ * 是否启用变更消息发送
+ *
+ * 默认值:false(安全优先,避免未配置时导致消息循环)
+ * 集团侧(数据源):必须显式设置为 true,发送变更消息
+ * 分公司侧(客户端):保持 false 或不配置,禁用变更消息,避免循环
+ */
+ @Value("${zt.databus.change.producer.enabled:false}")
+ private boolean enabled;
+
@Value("${zt.databus.change.topic-prefix:databus-change}")
private String topicPrefix;
@@ -96,6 +109,12 @@ public class DatabusUserPostChangeProducer {
* 发送消息到 MQ
*/
private void sendMessage(DatabusEventType eventType, DatabusUserPostData data) {
+ if (!enabled) {
+ log.debug("[Databus] 变更消息发送已禁用, 跳过用户-岗位关系变更消息, eventType={}, userId={}, postId={}",
+ eventType, data.getUserId(), data.getPostId());
+ return;
+ }
+
DatabusMessage message = new DatabusMessage<>();
message.setEventType(eventType);
message.setData(data);