From 0e69a0112094b9d1035564ae468b471eb4f7b3e3 Mon Sep 17 00:00:00 2001
From: wangjian963 <15215920+aprilry@user.noreply.gitee.com>
Date: Fri, 5 Jun 2026 11:30:31 +0800
Subject: [PATCH] =?UTF-8?q?=20fix(security):=20=E4=BF=AE=E5=A4=8D=E7=99=BB?=
 =?UTF-8?q?=E5=BD=95=E6=97=B6=20Collection.size()=20NPE=20=E2=80=94=20Spri?=
 =?UTF-8?q?ng=20Boot=204.0=20=E9=80=82=E9=85=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

  LoginUser.getAuthorities() 直接返回 null，Spring Security 6.x
  内部链路调用 c.size() 触发 NPE，导致 admin 用户无法登录。

  变更:
  - LoginUser.java: getAuthorities() 改为将 permissions 转为
    SimpleGrantedAuthority 集合，空时返回空集合而非 null
  - SysUserMapper.xml: collection 映射添加 notNullColumn="role_id"，
    防止 LEFT JOIN 无角色时产生 null 集合
---
 .../com/core/common/core/domain/model/LoginUser.java     | 9 ++++++++-
 .../src/main/resources/mapper/system/SysUserMapper.xml   | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/openhis-server-new/core-common/src/main/java/com/core/common/core/domain/model/LoginUser.java b/openhis-server-new/core-common/src/main/java/com/core/common/core/domain/model/LoginUser.java
index 8a81a2d6b..b729b1ec2 100755
--- a/openhis-server-new/core-common/src/main/java/com/core/common/core/domain/model/LoginUser.java
+++ b/openhis-server-new/core-common/src/main/java/com/core/common/core/domain/model/LoginUser.java
@@ -9,9 +9,13 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 /**
  * 登录用户身份权限
@@ -267,6 +271,9 @@ public class LoginUser implements UserDetails {
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
-        return null;
+        if (permissions == null || permissions.isEmpty()) {
+            return Collections.emptySet();
+        }
+        return permissions.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet());
     }
 }
diff --git a/openhis-server-new/core-system/src/main/resources/mapper/system/SysUserMapper.xml b/openhis-server-new/core-system/src/main/resources/mapper/system/SysUserMapper.xml
index c5f75dec9..2d8d6b974 100755
--- a/openhis-server-new/core-system/src/main/resources/mapper/system/SysUserMapper.xml
+++ b/openhis-server-new/core-system/src/main/resources/mapper/system/SysUserMapper.xml
@@ -24,7 +24,7 @@
         <result property="updateTime" column="update_time"/>
         <result property="remark" column="remark"/>
         <association property="dept" javaType="SysDept" resultMap="deptResult"/>
-        <collection property="roles" javaType="java.util.List" resultMap="RoleResult"/>
+        <collection property="roles" javaType="java.util.List" resultMap="RoleResult" notNullColumn="role_id"/>
     </resultMap>
 
     <resultMap id="deptResult" type="SysDept">