From dfa7d88255fe76bde49b465f8b5d3a7994b1323e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?=
 <15040126243@163.com>
Date: Tue, 9 Dec 2025 16:14:56 +0800
Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E6=97=A5?=
 =?UTF-8?q?=E5=BF=97=E8=84=B1=E6=95=8F=E6=94=B9=E7=94=A8JsonNode=E5=A4=84?=
 =?UTF-8?q?=E7=90=86=E6=8F=90=E9=AB=98=E6=95=88=E7=8E=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../PlusWebInvokeTimeInterceptor.java         | 57 ++++++++++++-------
 1 file changed, 36 insertions(+), 21 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/interceptor/PlusWebInvokeTimeInterceptor.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/interceptor/PlusWebInvokeTimeInterceptor.java
index 0a99660cd..b56cec1f5 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/interceptor/PlusWebInvokeTimeInterceptor.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/interceptor/PlusWebInvokeTimeInterceptor.java
@@ -1,9 +1,13 @@
 package org.dromara.common.web.interceptor;
 
 import cn.hutool.core.io.IoUtil;
-import cn.hutool.core.lang.Dict;
 import cn.hutool.core.map.MapUtil;
+import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.ObjectUtil;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
@@ -16,11 +20,10 @@ import org.springframework.http.MediaType;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
-import java.io.BufferedReader;
-import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * web的调用时间统计拦截器
@@ -36,28 +39,16 @@ public class PlusWebInvokeTimeInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         String url = request.getMethod() + " " + request.getRequestURI();
-
         // 打印请求参数
         if (isJsonRequest(request)) {
             String jsonParam = "";
             if (request instanceof RepeatedlyRequestWrapper) {
-                BufferedReader reader = request.getReader();
-                jsonParam = IoUtil.read(reader);
+                jsonParam = IoUtil.read(request.getReader());
                 if (StringUtils.isNotBlank(jsonParam)) {
-                    List<Dict> list = new ArrayList<>();
-                    if (JsonUtils.isJsonArray(jsonParam)) {
-                        List<String> list1 = JsonUtils.parseArray(jsonParam, String.class);
-                        for (String str : list1) {
-                            Dict map = JsonUtils.parseMap(str);
-                            MapUtil.removeAny(map, SystemConstants.EXCLUDE_PROPERTIES);
-                            list.add(map);
-                        }
-                        jsonParam = JsonUtils.toJsonString(list);
-                    } else {
-                        Dict map = JsonUtils.parseMap(jsonParam);
-                        MapUtil.removeAny(map, SystemConstants.EXCLUDE_PROPERTIES);
-                        jsonParam = JsonUtils.toJsonString(map);
-                    }
+                    ObjectMapper objectMapper = JsonUtils.getObjectMapper();
+                    JsonNode rootNode = objectMapper.readTree(jsonParam);
+                    removeSensitiveFields(rootNode, SystemConstants.EXCLUDE_PROPERTIES);
+                    jsonParam = rootNode.toString();
                 }
             }
             log.info("[PLUS]开始请求 => URL[{}],参数类型[json],参数:[{}]", url, jsonParam);
@@ -80,6 +71,30 @@ public class PlusWebInvokeTimeInterceptor implements HandlerInterceptor {
         return true;
     }
 
+    private void removeSensitiveFields(JsonNode node, String[] excludeProperties) {
+        if (node == null) {
+            return;
+        }
+        if (node.isObject()) {
+            ObjectNode objectNode = (ObjectNode) node;
+            // 收集要删除的字段名（避免 ConcurrentModification）
+            Set<String> fieldsToRemove = new HashSet<>();
+            objectNode.fieldNames().forEachRemaining(fieldName -> {
+                if (ArrayUtil.contains(excludeProperties, fieldName)) {
+                    fieldsToRemove.add(fieldName);
+                }
+            });
+            fieldsToRemove.forEach(objectNode::remove);
+            // 递归处理子节点
+            objectNode.elements().forEachRemaining(child -> removeSensitiveFields(child, excludeProperties));
+        } else if (node.isArray()) {
+            ArrayNode arrayNode = (ArrayNode) node;
+            for (JsonNode child : arrayNode) {
+                removeSensitiveFields(child, excludeProperties);
+            }
+        }
+    }
+
     @Override
     public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {