操作日志记录排除敏感属性字段

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java

@@ -175,7 +175,6 @@ public class SysUserController extends BaseController
     }
 
     @RequiresPermissions("system:user:resetPwd")
-    @Log(title = "重置密码", businessType = BusinessType.UPDATE)
     @GetMapping("/resetPwd/{userId}")
     public String resetPwd(@PathVariable("userId") Long userId, ModelMap mmap)
     {

ruoyi-admin/src/main/resources/templates/system/user/profile/resetPwd.html

@@ -28,7 +28,7 @@
 			<div class="form-group">
 				<label class="col-sm-3 control-label">再次确认：</label>
 				<div class="col-sm-8">
-					<input class="form-control" type="password" name="confirm" id="confirm">
+					<input class="form-control" type="password" name="confirmPassword" id="confirmPassword">
 					<span class="help-block m-b-none"><i class="fa fa-info-circle"></i> 请再次输入您的密码</span>
 				</div>
 			</div>
@@ -57,7 +57,7 @@
 	                minlength: 5,
 	    			maxlength: 20
 	            },
-	            confirm: {
+	            confirmPassword: {
 	                required: true,
 	                equalTo: "#newPassword"
 	            }
@@ -72,7 +72,7 @@
 	                minlength: "密码不能小于6个字符",
 	                maxlength: "密码不能大于20个字符"
 	            },
-	            confirm: {
+	            confirmPassword: {
 	                required: "请再次输入新密码",
 	                equalTo: "两次密码输入不一致"
 	            }

ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java

@@ -12,6 +12,8 @@ import org.aspectj.lang.reflect.MethodSignature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.support.spring.PropertyPreFilters;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.enums.BusinessStatus;
 import com.ruoyi.common.json.JSON;
@@ -34,6 +36,9 @@ public class LogAspect
 {
     private static final Logger log = LoggerFactory.getLogger(LogAspect.class);
 
+    /** 排除敏感属性字段 */
+    public static final String[] EXCLUDE_PROPERTIES = { "password", "oldPassword", "newPassword", "confirmPassword" };
+
     // 配置织入点
     @Pointcut("@annotation(com.ruoyi.common.annotation.Log)")
     public void logPointCut()
@@ -154,8 +159,13 @@ public class LogAspect
     private void setRequestValue(SysOperLog operLog) throws Exception
     {
         Map<String, String[]> map = ServletUtils.getRequest().getParameterMap();
-        String params = JSON.marshal(map);
-        operLog.setOperParam(StringUtils.substring(params, 0, 2000));
+        if (StringUtils.isNotEmpty(map))
+        {
+            PropertyPreFilters.MySimplePropertyPreFilter excludefilter = new PropertyPreFilters().addFilter();
+            excludefilter.addExcludes(EXCLUDE_PROPERTIES);
+            String params = JSONObject.toJSONString(map, excludefilter);
+            operLog.setOperParam(StringUtils.substring(params, 0, 2000));
+        }
     }
 
     /**