前端修复，日志功能加入

.trellis/spec/backend/logging-guidelines.md

@@ -144,3 +144,74 @@ the server-side exception.
   <c:out value="${log.resultStatusName}" />
 </span>
 ```
+
+## Scenario: Login Diagnostic Logging
+
+### 1. Scope / Trigger
+
+- Trigger: Windows deployment login failures need server-side diagnostics across
+  `LoginServlet -> AuthServiceImpl -> JdbcUserDao -> JdbcUtil` without changing
+  the generic user-facing login messages.
+
+### 2. Signatures
+
+- Servlet route: `POST /login` with `username`, `password`, and optional
+  same-application `redirect`.
+- Service signature: `AuthService.authenticate(String username, String password)`.
+- DAO signature: `UserDao.findActiveByUsername(String username)`.
+- DB config keys: `db.driver`, `db.url`, `db.username`, and `db.password`.
+
+### 3. Contracts
+
+- Login request logs may include remote address, context path, redirect presence,
+  username presence/length, sanitized username, and whether normalization changed
+  the username.
+- Authentication logs must distinguish missing required fields, active user not
+  found, password mismatch, service error, and success.
+- JDBC logs must confirm `db.properties` loading, required key resolution,
+  connection attempts, successful connections, and driver/connection failures.
+- Logs must never include raw passwords, password hashes, salts, database
+  passwords, or unredacted password-like JDBC URL parameters.
+
+### 4. Validation & Error Matrix
+
+- Missing username or password -> log missing-field category and return the
+  existing required-field message.
+- Unknown or inactive username -> log `active-user-not-found` and return the
+  existing invalid-credentials message.
+- Existing user with bad password -> log `password-mismatch` and return the
+  existing invalid-credentials message.
+- Missing DB config or JDBC failure -> log server-side details with credentials
+  redacted and return the existing service-unavailable message.
+
+### 5. Good/Base/Bad Cases
+
+- Good: a failed login shows whether the request reached the servlet, whether
+  the username was normalized, whether the active user row was found, and
+  whether password verification failed.
+- Base: successful login keeps logging user ID and role only.
+- Bad: a diagnostic log writes `password`, `password_hash`, salt, or a JDBC URL
+  containing `password=secret`.
+
+### 6. Tests Required
+
+- Run `mvn test` or the documented Maven path to compile Servlet, service, DAO,
+  and utility code.
+- Scan changed logs for password/hash/salt/database-password output before
+  finishing.
+- Keep `AuthServiceCheck` behavior expectations unchanged for required fields,
+  invalid credentials, success, permission checks, and DAO failure fallback.
+
+### 7. Wrong vs Correct
+
+#### Wrong
+
+```java
+LOGGER.info("Login failed password=" + password + " hash=" + user.getPasswordHash());
+```
+
+#### Correct
+
+```java
+LOGGER.info("Login failed reason=password-mismatch userId=" + user.getId());
+```

.trellis/spec/frontend/component-guidelines.md

@@ -20,6 +20,13 @@ the reusable UI units.
   application frame lives in `src/main/webapp/WEB-INF/jsp/common/header.jspf`
   and owns the dark sidebar, top utility bar, role workbench links, module
   navigation, global search, user display, and logout link.
+- Any `.jspf` fragment that contains user-visible Simplified Chinese text must
+  declare `<%@ page pageEncoding="UTF-8" %>` at the top. Do not rely only on the
+  including JSP page or response `Content-Type`; Tomcat/Jasper can otherwise
+  compile the fragment with a non-UTF-8 default and render mojibake.
+- JSP-rendered HTML responses must be served as `text/html;charset=UTF-8` by
+  the encoding filter or the JSP page directive. Request/response character
+  encoding alone is not enough for browsers to decode Simplified Chinese safely.
 - Preserve role-conditioned navigation in that shared frame: administrator-only
   links stay inside `sessionScope.userRole == 'administrator'`; staff links stay
   inside `administrator or librarian`; reader-only links stay inside