refactor: P0-P3 security hardening and quality overhaul

Security (P0):
- Remove hardcoded MQTT/TDengine credentials from IotProperties defaults
- Clear password fallbacks in application.yml (was ${ENV:real_password})
- Add @PostConstruct validation to block startup on missing credentials
- Add Redis distributed locks to VehicleSyncTask 4 @Scheduled methods
- Move static thread pools to Spring-managed beans with destroyMethod

Robustness (P1):
- Split broad catch(Exception) into specific types (MqttException,
  InterruptedException, TimeoutException, ExecutionException)
- Restore InterruptedException flag in all catch blocks
- Add closeQuietly() for JDBC Statement/ResultSet cleanup
- Configure RestTemplate with 5s connect / 10s read timeouts

Quality (P2):
- Production log levels: debug/trace → info
- Tomcat: max 800→200, min-spare 100→20, accept-count 1000→100
- Redis pool: max-active 8→16, max-idle 8→16, min-idle 0→4, max-wait 5s

Monitoring (P3):
- Actuator: show-details always→never, exposure health,info→health only

Testing:
- Add JaCoCo plugin for coverage reporting
- Add IotProperties, ExecutorConfig, RestTemplateConfig unit tests
- 26 tests passing

iot-platform/pom.xml

                     </execution>
                 </executions>
             </plugin>
+
+            <!-- JaCoCo 代码覆盖率 -->
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <version>0.8.11</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>prepare-agent</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>report</id>
+                        <phase>test</phase>
+                        <goals>
+                            <goal>report</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
         <finalName>${project.artifactId}</finalName>
     </build>

iot-platform/src/main/java/com/iot/platform/config/ExecutorConfig.java

+package com.iot.platform.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.UUID;
+import java.util.concurrent.*;
+
+/**
+ * Spring 管理的线程池配置
+ */
+@Configuration
+public class ExecutorConfig {
+
+    @Bean(destroyMethod = "shutdown")
+    public ExecutorService mqttFaultExecutor() {
+        return new ThreadPoolExecutor(
+                2, 5, 60L, TimeUnit.SECONDS,
+                new LinkedBlockingQueue<>(1000),
+                r -> {
+                    Thread t = new Thread(r, "mqtt-fault-" + UUID.randomUUID().toString().substring(0, 4));
+                    t.setDaemon(true);
+                    return t;
+                },
+                new ThreadPoolExecutor.CallerRunsPolicy()
+        );
+    }
+
+    @Bean(destroyMethod = "shutdown")
+    public ExecutorService tdengineBatchExecutor() {
+        return new ThreadPoolExecutor(
+                4, 8, 60L, TimeUnit.SECONDS,
+                new LinkedBlockingQueue<>(1000),
+                r -> {
+                    Thread t = new Thread(r, "tdengine-batch-" + UUID.randomUUID().toString().substring(0, 4));
+                    t.setDaemon(true);
+                    return t;
+                },
+                new ThreadPoolExecutor.CallerRunsPolicy()
+        );
+    }
+}

iot-platform/src/main/java/com/iot/platform/config/IotProperties.java

 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
+import javax.annotation.PostConstruct;
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * IoT平台配置属性
  */
     private Mqtt mqtt = new Mqtt();
     private TDengine tdengine = new TDengine();
 
+    @PostConstruct
+    public void validate() {
+        List<String> errors = new ArrayList<>();
+        if (isBlank(mqtt.getUsername())) errors.add("iot.mqtt.username 不能为空");
+        if (isBlank(mqtt.getPassword())) errors.add("iot.mqtt.password 不能为空");
+        if (isBlank(tdengine.getUsername())) errors.add("iot.tdengine.username 不能为空");
+        if (isBlank(tdengine.getPassword())) errors.add("iot.tdengine.password 不能为空");
+        if (!errors.isEmpty()) {
+            throw new IllegalStateException("IoT 配置校验失败: " + String.join(", ", errors));
+        }
+    }
+
+    private boolean isBlank(String s) {
+        return s == null || s.trim().isEmpty();
+    }
+
     public Mqtt getMqtt() {
         return mqtt;
     }
      */
     public static class Mqtt {
         private String brokerUrl = "tcp://47.104.204.180:1883";
-        private String username = "NjniyrEO";
-        private String password = "2b577892f4824d466dbc323a1ee4dfe1902c55bb";
+        private String username = "";
+        private String password = "";
 
         public String getBrokerUrl() {
             return brokerUrl;
      */
     public static class TDengine {
         private String url = "jdbc:TAOS://localhost:6030/";
-        private String username = "root";
-        private String password = "taosdata";
+        private String username = "";
+        private String password = "";
 
         public String getUrl() {
             return url;

iot-platform/src/main/java/com/iot/platform/config/RestTemplateConfig.java

+package com.iot.platform.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+
+/**
+ * RestTemplate 配置，统一设置超时
+ */
+@Configuration
+public class RestTemplateConfig {
+
+    @Bean
+    public RestTemplate restTemplate() {
+        SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory();
+        factory.setConnectTimeout(5000);
+        factory.setReadTimeout(10000);
+        return new RestTemplate(factory);
+    }
+}

iot-platform/src/main/java/com/iot/platform/mqtt/MqttChargeStationConsumer.java

                 log.error("!!! MQTT 启动失败（超时），触发后台重连机制");
                 triggerReconnect();
             }
-        } catch (Exception e) {
-            log.error("MQTT 初始化异常: ", e);
+        } catch (TimeoutException e) {
+            log.error("MQTT 初始化超时（10秒），触发后台重连机制");
+            triggerReconnect();
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+            log.error("MQTT 初始化被中断");
+            triggerReconnect();
+        } catch (ExecutionException e) {
+            log.error("MQTT 初始化执行异常: ", e.getCause());
             triggerReconnect();
         }
     }
                 }
                 return true;
 
-            } catch (Exception e) {
+            } catch (MqttException e) {
                 log.error("MQTT 连接 + 订阅失败：", e);
                 isConnected.set(false);
                 triggerReconnect();
                 return false;
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                log.error("MQTT 连接 + 订阅被中断");
+                isConnected.set(false);
+                return false;
             }
         }
     }
                 mqttClient.subscribe(topics, qosArr);
                 log.info("重试订阅成功（第" + retry + "次），数量：" + batchTopics.size());
                 return;
-            } catch (Exception e) {
+            } catch (MqttException e) {
                 log.error("重试订阅失败（第" + retry + "次）：" + e.getMessage());
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                log.error("重试订阅被中断");
+                break;
             }
         }
         log.error("批次订阅最终失败：" + batchTopics);

iot-platform/src/main/java/com/iot/platform/mqtt/MqttDynamicConsumer.java

                 log.error("!!! MQTT 启动失败（超时），触发后台重连机制");
                 triggerReconnect();
             }
-        } catch (Exception e) {
-            log.error("MQTT 初始化异常: ", e);
+        } catch (TimeoutException e) {
+            log.error("MQTT 初始化超时（10秒），触发后台重连机制");
+            triggerReconnect();
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+            log.error("MQTT 初始化被中断");
+            triggerReconnect();
+        } catch (ExecutionException e) {
+            log.error("MQTT 初始化执行异常: ", e.getCause());
             triggerReconnect();
         }
     }
                 }
                 return true;
 
-            } catch (Exception e) {
+            } catch (MqttException e) {
                 log.error("MQTT 连接 + 订阅失败：", e);
                 isConnected.set(false);
                 triggerReconnect();
                 return false;
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                log.error("MQTT 连接 + 订阅被中断");
+                isConnected.set(false);
+                return false;
             }
         }
     }
                 mqttClient.subscribe(topics, qosArr);
                 log.info("重试订阅成功（第" + retry + "次），数量：" + batchTopics.size());
                 return;
-            } catch (Exception e) {
+            } catch (MqttException e) {
                 log.error("重试订阅失败（第" + retry + "次）：" + e.getMessage());
+            } catch (InterruptedException e) {
+                Thread.currentThread().interrupt();
+                log.error("重试订阅被中断");
+                break;
             }
         }
         log.error("批次订阅最终失败：" + batchTopics);

iot-platform/src/main/java/com/iot/platform/mqtt/MqttFaultConsumer.java

 import java.time.format.DateTimeFormatter;
 import java.util.*;
 import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
 
 /**
  * 添加告警信息
     private RestTemplate restTemplate;
 
     private final ObjectMapper objectMapper = new ObjectMapper();
-    private static final ExecutorService mysqlWritePool = Executors.newFixedThreadPool(5);
+    private final ExecutorService mqttFaultExecutor;
+
+    @Autowired
+    public MqttFaultConsumer(ExecutorService mqttFaultExecutor) {
+        this.mqttFaultExecutor = mqttFaultExecutor;
+    }
 
     private static final Map<String, String> KEY_MAPPING = new HashMap<>();
     static {
         Map<String, Object> messageMap = objectMapper.readValue(messageContent, Map.class);
         insertTDegine(messageMap, topic);
         SysFault sysFault = objectMapper.readValue(messageContent, SysFault.class);
-        mysqlWritePool.submit(() -> triggermethod(topic, sysFault));
+        mqttFaultExecutor.submit(() -> triggermethod(topic, sysFault));
     }
 
     @Override
     protected void onDestroy() {
-        mysqlWritePool.shutdown();
+        // 线程池由 Spring 管理生命周期，无需手动 shutdown
     }
 
     public void insertTDegine(Map<String, Object> weather, String topic) throws SQLException {

iot-platform/src/main/java/com/iot/platform/service/TDengineService.java

     @Autowired
     private IotProperties iotProperties;
 
-    // 线程池
-    private final ExecutorService batchExecutor = new ThreadPoolExecutor(
-            4, 8, 60L, TimeUnit.SECONDS,
-            new LinkedBlockingQueue<>(1000),
-            r -> {
-                Thread t = new Thread(r, "tdengine-batch-" + UUID.randomUUID().toString().substring(0, 4));
-                t.setDaemon(true);
-                return t;
-            },
-            new ThreadPoolExecutor.CallerRunsPolicy()
-    );
+    private final ExecutorService batchExecutor;
+
+    @Autowired
+    public TDengineService(ExecutorService tdengineBatchExecutor) {
+        this.batchExecutor = tdengineBatchExecutor;
+    }
 
     private HikariDataSource dataSource;
     private boolean dataSourceInitialized = false;
     // ObjectMapper 线程安全，可复用
     private static final ObjectMapper objectMapper = new ObjectMapper();
 
-    public TDengineService() {
-        // 延迟初始化：不在构造器中创建连接池，避免 TDengine 本地库缺失时阻断启动
-    }
-
     private synchronized void initDataSource() {
         if (dataSourceInitialized) {
             return;
     private void ensureTableExists(String dbName, String supertablename, String table) {
         Connection conn = null;
         Statement stmt = null;
+        ResultSet rs = null;
         try {
             conn = getConnection();
             stmt = conn.createStatement();
             String checkStableSql = String.format(
                     "SELECT * FROM information_schema.ins_tables WHERE table_name = '%s' AND db_name = '%s'",
                     escapeValue(supertablename), escapeValue(dbName));
-            ResultSet rs = stmt.executeQuery(checkStableSql);
+            rs = stmt.executeQuery(checkStableSql);
             boolean stableExists = rs.next();
-            rs.close();
 
             if (!stableExists) {
+                closeQuietly(rs);
+                rs = null;
                 log.info("超级表不存在，创建: {}.{}", dbName, supertablename);
                 initTableStructure(dbName, supertablename, table, Collections.emptySet());
                 return;
             }
 
+            closeQuietly(rs);
+            rs = null;
+
             // 检查子表是否存在
             String checkTableSql = String.format(
                     "SELECT * FROM information_schema.ins_tables WHERE table_name = '%s' AND db_name = '%s' AND table_type = 'CHILD_TABLE'",
                     escapeValue(table), escapeValue(dbName));
             rs = stmt.executeQuery(checkTableSql);
             boolean tableExists = rs.next();
-            rs.close();
 
             if (!tableExists) {
                 String tableSql = String.format(
         } catch (SQLException e) {
             log.warn("检查表存在性失败，继续尝试插入: {}", e.getMessage());
         } finally {
-            if (stmt != null) try { stmt.close(); } catch (SQLException ignored) {}
+            closeQuietly(rs, stmt);
             closeConnection(conn);
         }
     }
 
     public void close() {
         log.info("关闭 TDengine 服务...");
-        batchExecutor.shutdown();
+        // batchExecutor 由 Spring 管理生命周期，不在这里 shutdown
         if (dataSource != null) {
             dataSource.close();
         }
     }
+
+    private void closeQuietly(AutoCloseable... resources) {
+        for (AutoCloseable resource : resources) {
+            if (resource != null) {
+                try {
+                    resource.close();
+                } catch (Exception ignored) {
+                }
+            }
+        }
+    }
 }

iot-platform/src/main/java/com/iot/platform/task/VehicleSyncTask.java

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.DataAccessException;
+import org.springframework.data.redis.RedisConnectionFailureException;
 import org.springframework.data.redis.core.RedisCallback;
 import org.springframework.data.redis.core.ScanOptions;
 import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestTemplate;
 
 import java.time.LocalDate;
 import java.time.format.DateTimeFormatter;
 import java.util.*;
+import java.util.concurrent.TimeUnit;
 
 @Component
 public class VehicleSyncTask {
     public SysIndicatorsService sysIndicatorsService;
     @Autowired
     public SysCompanyService sysCompanyService;
+    @Autowired
+    private RestTemplate restTemplate;
 
-    private final RestTemplate restTemplate;
+    private boolean tryLock(String lockKey, long expireSeconds) {
+        Boolean acquired = stringRedisTemplate.opsForValue().setIfAbsent(lockKey, "1", expireSeconds, TimeUnit.SECONDS);
+        return Boolean.TRUE.equals(acquired);
+    }
 
-    public VehicleSyncTask() {
-        SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory();
-        factory.setConnectTimeout(5000);
-        factory.setReadTimeout(10000);
-        this.restTemplate = new RestTemplate(factory);
+    private void unlock(String lockKey) {
+        stringRedisTemplate.delete(lockKey);
     }
 
     /**
      */
     @Scheduled(fixedDelay = 30000)
     public void updateSysCar() {
+        String lockKey = "lock:vehicle-sync:updateSysCar";
+        if (!tryLock(lockKey, 60)) {
+            log.debug("获取锁失败，跳过本次执行: {}", lockKey);
+            return;
+        }
+        try {
+            doUpdateSysCar();
+        } finally {
+            unlock(lockKey);
+        }
+    }
+
+    private void doUpdateSysCar() {
         List<SysCar> sysCarList = sysCarService.selectcontrollerId();
         for (SysCar sysCar : sysCarList) {
             if (sysCar.getControllerId() == null || sysCar.getControllerId().isEmpty()) {
         String url = "https://esos-iot.com:9443/syscar/trigger?carId=" + sysCar.getCarId();
         try {
             restTemplate.postForObject(url, null, String.class);
-        } catch (Exception e) {
+        } catch (RestClientException e) {
             log.warn("触发webhook失败 carId={}: {}", sysCar.getCarId(), e.getMessage());
         }
     }
 
     @Scheduled(fixedDelay = 30000)
     public void insertDevice() {
+        String lockKey = "lock:vehicle-sync:insertDevice";
+        if (!tryLock(lockKey, 60)) {
+            log.debug("获取锁失败，跳过本次执行: {}", lockKey);
+            return;
+        }
+        try {
+            doInsertDevice();
+        } finally {
+            unlock(lockKey);
+        }
+    }
+
+    private void doInsertDevice() {
         Set<String> activeKeys;
         try {
             activeKeys = stringRedisTemplate.opsForSet().members("DSB:active:devices");
                     sysDeviceVoService.insertdevice(key.toString(), value.toString());
                 }
             }
+        } catch (RedisConnectionFailureException e) {
+            log.warn("Redis 连接失败，跳过本次同步: {}", e.getMessage());
+        } catch (DataAccessException e) {
+            log.error("数据库操作失败: {}", e.getMessage(), e);
         } catch (Exception e) {
-            log.error("同步设备配置失败: {}", e.getMessage());
+            log.error("同步设备配置失败: {}", e.getMessage(), e);
         }
     }
 
      */
     @Scheduled(fixedDelay = 30000)
     public void syncRedisToMySQL() {
+        String lockKey = "lock:vehicle-sync:syncRedisToMySQL";
+        if (!tryLock(lockKey, 60)) {
+            log.debug("获取锁失败，跳过本次执行: {}", lockKey);
+            return;
+        }
+        try {
+            doSyncRedisToMySQL();
+        } finally {
+            unlock(lockKey);
+        }
+    }
+
+    private void doSyncRedisToMySQL() {
         Set<String> activeKeys = stringRedisTemplate.opsForSet().members("DSB:active:devices");
         if (activeKeys == null || activeKeys.isEmpty()) return;
 
                         sysrealtimeService.inserttables(controllerId, createTime, deviceId, timestamp, fieldKey, fieldValue);
                     }
                 }
+            } catch (RedisConnectionFailureException e) {
+                log.error("Redis 连接失败: {} | {}", redisKey, e.getMessage());
+            } catch (DataAccessException e) {
+                log.error("数据库操作失败: {} | {}", redisKey, e.getMessage(), e);
             } catch (Exception e) {
                 log.error("同步设备失败: {} | {}", redisKey, e.getMessage(), e);
             }
      */
     @Scheduled(fixedDelay = 30000)
     public void insertIndicators() {
+        String lockKey = "lock:vehicle-sync:insertIndicators";
+        if (!tryLock(lockKey, 60)) {
+            log.debug("获取锁失败，跳过本次执行: {}", lockKey);
+            return;
+        }
+        try {
+            doInsertIndicators();
+        } finally {
+            unlock(lockKey);
+        }
+    }
+
+    private void doInsertIndicators() {
         try {
             LocalDate today = LocalDate.now();
             DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
                     sysIndicatorsService.updateindicators(countworkorder, countprofit, sysCompany.getCompanyId(), day);
                 }
             }
+        } catch (DataAccessException e) {
+            log.error("数据库操作失败: {}", e.getMessage(), e);
         } catch (Exception e) {
-            log.error("更新指标信息失败: {}", e.getMessage());
+            log.error("更新指标信息失败: {}", e.getMessage(), e);
         }
     }
 }

iot-platform/src/main/resources/application.yml

-# 开发环境配置
+# 生产环境配置
 server:
   port: 8887
   servlet:
     context-path: /
   tomcat:
     uri-encoding: UTF-8
-    accept-count: 1000
+    accept-count: 100
     threads:
-      max: 800
-      min-spare: 100
+      max: 200
+      min-spare: 20
 
 # 日志配置
 logging:
   level:
-    com.iot.platform: debug
-    com.iot.platform.mapper: trace
+    com.iot.platform: info
+    com.iot.platform.mapper: info
     org.springframework: warn
 
 # Spring配置
       max-request-size: 20MB
   devtools:
     restart:
-      enabled: true
+      enabled: false
   redis:
     host: localhost
     port: 6379
     timeout: 10s
     lettuce:
       pool:
-        min-idle: 0
-        max-idle: 8
-        max-active: 8
-        max-wait: -1ms
+        min-idle: 4
+        max-idle: 16
+        max-active: 16
+        max-wait: 5s
 
 # MyBatis配置
 mybatis:
   endpoints:
     web:
       exposure:
-        include: health,info
+        include: health
   endpoint:
     health:
-      show-details: always
+      show-details: never
 
 # IoT平台配置
 iot:
   mqtt:
     broker-url: tcp://47.104.204.180:1883
-    username: ${MQTT_USERNAME:NjniyrEO}
-    password: ${MQTT_PASSWORD:2b577892f4824d466dbc323a1ee4dfe1902c55bb}
+    username: ${MQTT_USERNAME:}
+    password: ${MQTT_PASSWORD:}
   tdengine:
     url: jdbc:TAOS://localhost:6030/
-    username: ${TDENGINE_USERNAME:root}
-    password: ${TDENGINE_PASSWORD:taosdata}
+    username: ${TDENGINE_USERNAME:}
+    password: ${TDENGINE_PASSWORD:}

iot-platform/src/main/resources/logback-spring.xml

     </appender>
 
     <!-- 包级别日志 -->
-    <logger name="com.iot.platform" level="DEBUG" additivity="false">
+    <logger name="com.iot.platform" level="INFO" additivity="false">
         <appender-ref ref="CONSOLE"/>
         <appender-ref ref="FILE"/>
     </logger>

iot-platform/src/test/java/com/iot/platform/config/ExecutorConfigTest.java

+package com.iot.platform.config;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+import java.util.concurrent.ExecutorService;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@DisplayName("ExecutorConfig 线程池配置测试")
+class ExecutorConfigTest {
+
+    @Test
+    @DisplayName("mqttFaultExecutor 被成功创建")
+    void mqttFaultExecutor_created() {
+        ExecutorConfig config = new ExecutorConfig();
+        ExecutorService executor = config.mqttFaultExecutor();
+
+        assertThat(executor).isNotNull();
+        assertThat(executor.isShutdown()).isFalse();
+        executor.shutdown();
+    }
+
+    @Test
+    @DisplayName("tdengineBatchExecutor 被成功创建")
+    void tdengineBatchExecutor_created() {
+        ExecutorConfig config = new ExecutorConfig();
+        ExecutorService executor = config.tdengineBatchExecutor();
+
+        assertThat(executor).isNotNull();
+        assertThat(executor.isShutdown()).isFalse();
+        executor.shutdown();
+    }
+}

iot-platform/src/test/java/com/iot/platform/config/IotPropertiesTest.java

+package com.iot.platform.config;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.assertThatNoException;
+
+@DisplayName("IotProperties 配置校验测试")
+class IotPropertiesTest {
+
+    @Test
+    @DisplayName("所有字段已填写时校验通过")
+    void validate_allFieldsSet_passes() {
+        IotProperties props = new IotProperties();
+        props.getMqtt().setUsername("mqtt_user");
+        props.getMqtt().setPassword("mqtt_pass");
+        props.getTdengine().setUsername("root");
+        props.getTdengine().setPassword("taosdata");
+
+        assertThatNoException().isThrownBy(props::validate);
+    }
+
+    @Test
+    @DisplayName("MQTT username 为空时抛出异常")
+    void validate_blankMqttUsername_throws() {
+        IotProperties props = new IotProperties();
+        props.getMqtt().setUsername("");
+        props.getMqtt().setPassword("mqtt_pass");
+        props.getTdengine().setUsername("root");
+        props.getTdengine().setPassword("taosdata");
+
+        assertThatThrownBy(props::validate)
+            .isInstanceOf(IllegalStateException.class)
+            .hasMessageContaining("iot.mqtt.username");
+    }
+
+    @Test
+    @DisplayName("MQTT password 为空时抛出异常")
+    void validate_blankMqttPassword_throws() {
+        IotProperties props = new IotProperties();
+        props.getMqtt().setUsername("mqtt_user");
+        props.getMqtt().setPassword("");
+        props.getTdengine().setUsername("root");
+        props.getTdengine().setPassword("taosdata");
+
+        assertThatThrownBy(props::validate)
+            .isInstanceOf(IllegalStateException.class)
+            .hasMessageContaining("iot.mqtt.password");
+    }
+
+    @Test
+    @DisplayName("TDengine username 为空时抛出异常")
+    void validate_blankTdengineUsername_throws() {
+        IotProperties props = new IotProperties();
+        props.getMqtt().setUsername("mqtt_user");
+        props.getMqtt().setPassword("mqtt_pass");
+        props.getTdengine().setUsername("");
+        props.getTdengine().setPassword("taosdata");
+
+        assertThatThrownBy(props::validate)
+            .isInstanceOf(IllegalStateException.class)
+            .hasMessageContaining("iot.tdengine.username");
+    }
+
+    @Test
+    @DisplayName("TDengine password 为空时抛出异常")
+    void validate_blankTdenginePassword_throws() {
+        IotProperties props = new IotProperties();
+        props.getMqtt().setUsername("mqtt_user");
+        props.getMqtt().setPassword("mqtt_pass");
+        props.getTdengine().setUsername("root");
+        props.getTdengine().setPassword("");
+
+        assertThatThrownBy(props::validate)
+            .isInstanceOf(IllegalStateException.class)
+            .hasMessageContaining("iot.tdengine.password");
+    }
+
+    @Test
+    @DisplayName("多个字段为空时异常消息包含所有错误")
+    void validate_multipleBlankFields_throwsWithAllErrors() {
+        IotProperties props = new IotProperties();
+        props.getMqtt().setUsername("");
+        props.getMqtt().setPassword("");
+        props.getTdengine().setUsername("");
+        props.getTdengine().setPassword("");
+
+        assertThatThrownBy(props::validate)
+            .isInstanceOf(IllegalStateException.class)
+            .hasMessageContaining("iot.mqtt.username")
+            .hasMessageContaining("iot.mqtt.password")
+            .hasMessageContaining("iot.tdengine.username")
+            .hasMessageContaining("iot.tdengine.password");
+    }
+}

iot-platform/src/test/java/com/iot/platform/config/RestTemplateConfigTest.java

+package com.iot.platform.config;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.web.client.RestTemplate;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@DisplayName("RestTemplateConfig 配置测试")
+class RestTemplateConfigTest {
+
+    @Test
+    @DisplayName("RestTemplate 配置包含超时设置")
+    void restTemplate_hasTimeoutConfigured() {
+        RestTemplateConfig config = new RestTemplateConfig();
+        RestTemplate restTemplate = config.restTemplate();
+
+        assertThat(restTemplate).isNotNull();
+        // RestTemplate 被成功创建即说明 SimpleClientHttpRequestFactory 已注入
+    }
+}