From e6c23d854ff073a3989a75fb30310b1ffb406ec2 Mon Sep 17 00:00:00 2001
From: wuKong <crossdream@sina.cn>
Date: Fri, 3 Apr 2026 18:49:38 +0800
Subject: [PATCH] =?UTF-8?q?feat(pay):=20=E6=B7=BB=E5=8A=A0=E5=BE=AE?=
 =?UTF-8?q?=E4=BF=A1=E6=94=AF=E4=BB=98XStream=E5=AE=89=E5=85=A8=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E8=A7=A3=E5=86=B3=E5=9B=9E=E8=B0=83=E8=A7=A3=E6=9E=90?=
 =?UTF-8?q?=E5=BC=82=E5=B8=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 初始化XStream安全配置允许微信支付相关类的反序列化
- 添加微信支付通知结果、请求、订单等包路径到白名单
- 配置通配符模式支持微信支付SDK的动态类加载
- 添加初始化日志和异常处理确保配置稳定生效
---
 .../pay/config/PayXStreamConfig.java          | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java

diff --git a/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java b/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java
new file mode 100644
index 000000000..65dbe6bc0
--- /dev/null
+++ b/yudao-module-pay/yudao-module-pay-server/src/main/java/cn/iocoder/yudao/module/pay/framework/pay/config/PayXStreamConfig.java
@@ -0,0 +1,38 @@
+package cn.iocoder.yudao.module.pay.framework.pay.config;
+
+import com.thoughtworks.xstream.XStream;
+import jakarta.annotation.PostConstruct;
+import lombok.extern.slf4j.Slf4j;
+import me.chanjar.weixin.common.util.xml.XStreamInitializer;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * XStream 安全配置，解决微信支付回调V2解析异常
+ *
+ * @author wuKong
+ */
+@Slf4j
+@Configuration
+public class PayXStreamConfig {
+
+    @PostConstruct
+    public void init() {
+        log.info("初始化 XStream 安全配置，允许微信支付类的反序列化");
+
+        try {
+            XStream xstream = XStreamInitializer.getInstance();
+
+            // 添加白名单
+            // Caused by: com.thoughtworks.xstream.mapper.CannotResolveClassException:
+            //  com.github.binarywang.wxpay.bean.notify.WxPayOrderNotifyResult
+            xstream.allowTypesByWildcard(new String[] {
+                "com.github.binarywang.wxpay.bean.notify.**",
+                "com.github.binarywang.wxpay.bean.result.**",
+                "com.github.binarywang.wxpay.bean.request.**",
+                "com.github.binarywang.wxpay.bean.order.**"});
+            log.info("XStream 安全配置初始化成功");
+        } catch (Exception e) {
+            log.error("XStream 安全配置初始化失败", e);
+        }
+    }
+}
\ No newline at end of file