package openapi.base.restful; import baseclass.tools.MessageDigestCust; import net.sf.json.JSONObject; import openapi.base.data.Row; import openapi.base.data.Rows; import openapi.base.data.db.DBConnect; import openapi.base.data.db.DataPool; import openapi.base.data.db.SQLiteJDBC; import openapi.base.parameter.ErrCode; import openapi.base.parameter.ErrModel; import openapi.base.parameter.parameter; import openapi.restcontroller.wechatapp.system.docManage; import openapi.tools.kuaidi100; import org.glassfish.jersey.media.multipart.FormDataContentDisposition; import org.glassfish.jersey.media.multipart.FormDataParam; import p2.application.signature.P2User; import p2.p2server.P2Server; import p2.pao.PaoRemote; import p2.pao.PaoSetRemote; import p2.util.P2Exception; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletResponse; import javax.ws.rs.*; import javax.ws.rs.core.Context; import java.io.*; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.math.BigInteger; import java.net.URLEncoder; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.*; @Path("webclientrest") public class WebClientRest { @POST public String method(String RequestContent) { if (parameter.isdebug) { new SQLiteJDBC().InsertLogMsg("请求内容", RequestContent, "info", true); } /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = {"accesstoken", "classname", "method", "content"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } /** * 验证请求正文中的content是否为规范的SONObject格式 */ JSONObject content = new JSONObject(); try { content = JSONObject.fromObject(requestcontent.getJSONObject("content")); } catch (Exception e) { return ErrModel.request_ContentJsonFormat().toString(); } /** * 验证正文中的token是否有效 */ String accesstoken = requestcontent.getString("accesstoken"); if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) { return ErrModel.token_Validate().toString(); } String result; String className = requestcontent.getString("classname"); String methodName = requestcontent.getString("method"); if (content.isNullObject()) { content = new JSONObject(); } content.put("$classname", className); content.put("$method", methodName); content.put("$accesstoken", accesstoken); String key = className + "." + methodName; // try { boolean getdatafromdbanyway = content.containsKey("getdatafromdbanyway") && content.getBoolean("getdatafromdbanyway"); content.remove("getdatafromdbanyway"); Object data = null; if (!getdatafromdbanyway) { data = DataPool.get(content.toString()); } if (data != null) { result = data.toString(); saveCallMethodMsg(key, false, 0L); } else { Long starttimes = Calendar.getInstance().getTimeInMillis(); /** * 执行请求方法 */ Class clz = Class.forName("openapi.restcontroller." + className); Constructor cla = clz.getDeclaredConstructor(JSONObject.class); Object obj = cla.newInstance(content); Method method = obj.getClass().getDeclaredMethod(methodName); result = (String) method.invoke(obj); Long endtimes = Calendar.getInstance().getTimeInMillis(); saveCallMethodMsg(key, true, endtimes - starttimes); } } catch (ClassNotFoundException e) { e.printStackTrace(); result = ErrModel.request_GetClass("找不到指定的类" + className).toString(); } catch (InstantiationException e) { e.printStackTrace(); result = ErrModel.request_GetClass("类" + className + "实例化异常").toString(); } catch (IllegalAccessException e) { e.printStackTrace(); result = ErrModel.request_GetClass("类" + className + "安全权限异常,可能该类为非public类").toString(); } catch (NoSuchMethodException e) { e.printStackTrace(); result = ErrModel.request_GetClass("找不到指定的类" + className + "的" + methodName + "方法").toString(); } catch (IllegalArgumentException e) { e.printStackTrace(); result = ErrModel.request_GetClass("类" + className + "的" + methodName + "方法参数不合法").toString(); } catch (InvocationTargetException e) { e.printStackTrace(); Throwable targetException = e.getTargetException(); result = ErrModel.request_GetClass(targetException.getMessage()).toString(); } catch (Exception e) { e.printStackTrace(); result = ErrModel.request_GetClass("发生未知异常" + e.getMessage()).toString(); } return result; } /** * 记录请求数 * * @param key * @param fromdb * @param time */ private void saveCallMethodMsg(String key, boolean fromdb, Long time) { Long callmethodTimes = parameter.callmethodTimes.containsKey(key) ? parameter.callmethodTimes.get(key) : 0L; //更新请求总数 parameter.callmethodTimes.put(key, callmethodTimes + 1L); //最新请求时间 parameter.lastcallmethodtime.put(key, Calendar.getInstance().getTime()); //从缓存获取的次数 Long callmethod_fromcacheTimes = parameter.callmethod_fromcacheTimes.containsKey(key) ? parameter.callmethod_fromcacheTimes.get(key) : 0L; if (!fromdb) { /** * 方法请求从缓存获取次数 */ parameter.callmethod_fromcacheTimes.put(key, callmethod_fromcacheTimes + 1L); } else { /** * 方法请求查询最新耗时 */ parameter.callmethodLastTimeLong.put(key, time); Long totaltimes = callmethodTimes - callmethod_fromcacheTimes; /** * 方法请求查询平均时间 */ Long callmethodTimeLong = parameter.callmethodTimeLong.containsKey(key) ? parameter.callmethodTimeLong.get(key) : 0L; parameter.callmethodTimeLong.put(key, (callmethodTimeLong * totaltimes + time) / (totaltimes + 1)); } } @Path("getToken") @POST public String getToken(String RequestContent) { /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = {"from_account"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } String token = requestcontent.getString("from_account"); parameter.tokenlist.add(token); JSONObject jsonObject = new JSONObject(); jsonObject.put("token", token); return jsonObject.toString(); } @Path("login") @POST public String login(String RequestContent) { /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = {"username", "password", "from_account"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } String username = requestcontent.getString("username"); String password = requestcontent.getString("password"); // 请求来源 String from_account = requestcontent.getString("from_account"); boolean result = true; PaoSetRemote userSet = null; try { userSet = P2Server.getP2Server().getPaoSet("pp_users", P2Server.getP2Server().getSystemUserInfo()); userSet.setWhere("hrid='" + username + "'"); userSet.reset(); if (userSet.isEmpty()) { result = false; } else { byte[] bytes = userSet.getPao(0).getBytes("password"); result = password .equals(new MessageDigestCust().Digest(P2Server.getP2Server().getP2Cipher().decData(bytes))); } } catch (Exception e) { e.printStackTrace(); } finally { try { if (userSet != null) { userSet.clear(); userSet.close(); } } catch (Exception e) { e.printStackTrace(); } } String token = ""; if (result) { byte[] secretBytes = null; try { secretBytes = MessageDigest.getInstance("md5") .digest((username + password + Calendar.getInstance().getTimeInMillis()).getBytes()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("没有这个md5算法!"); } token = new BigInteger(1, secretBytes).toString(16); parameter.tokenlist.add(token); } else { return ErrModel.getToken().toString(); } DBConnect connect = new DBConnect(); // DBConnect connect = new DBConnect("DRP"); // Rows rows = connect.runSqlQuery( // "select t1.fusertype,t2.fagentnum,t1.defsite as siteid,t1.fcansubmitagentorder,t1.fcanmodifyorderprice from pp_users t1 left join tagents_users t2 on t1.hrid=t2.hrid where t1.hrid='" // + username + "' and t1.status='ACTIVE'"); Rows rows = connect.runSqlQuery( "select t1.fusertype,t2.fagentnum,t1.defsite as siteid,t1.fcansubmitagentorder,t1.fcanmodifyorderprice,isnull(t3.fisservice,0)as fisservice,isnull(t3.fisusestatementconfirm,0)as fisusestatementconfirm from pp_users t1 " + "left join tagents_users t2 on t1.hrid=t2.hrid " + "left join tagents t3 on t2.siteid=t3.siteid and t2.fagentnum=t3.fagentnum " + "where t1.hrid='" + username + "' and t1.status='ACTIVE'"); if (rows.isEmpty()) { JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "账号已失效"); return object.toString(); } String fusertype = rows.get(0).getString("fusertype"); String fisservice = rows.get(0).getString("fisservice"); String fagentnum = rows.get(0).getString("fagentnum"); String siteid = rows.get(0).getString("siteid"); String fcansubmitagentorder = rows.get(0).getString("fcansubmitagentorder"); String fcanmodifyorderprice = rows.get(0).getString("fcanmodifyorderprice"); String fisusestatementconfirm = rows.get(0).getString("fisusestatementconfirm"); parameter.siteidList.put(username.toUpperCase(), siteid.toUpperCase()); parameter.usertypeList.put(username.toUpperCase(), fusertype.toUpperCase()); Rows rows_moduleid = connect.runSqlQuery( "select distinct moduleid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='" + username + "' and systemid='" + from_account + "'"); JSONObject mobject = new JSONObject(); for (Row row : rows_moduleid) { String moduleid = row.getString("moduleid"); Rows rows_appid = connect.runSqlQuery( "select appid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='" + username + "' and systemid='" + from_account + "' and moduleid='" + moduleid + "' order by t1.sequence"); mobject.put(moduleid, rows_appid.toJsonArray("appid")); } JSONObject object = new JSONObject(); object.put("status", "ok"); object.put("token", token); JSONObject dataobject = new JSONObject(); dataobject.put("fusertype", fusertype); dataobject.put("fisservice", fisservice); dataobject.put("fagentnum", fagentnum); dataobject.put("siteid", siteid); dataobject.put("fcansubmitagentorder", fcansubmitagentorder); dataobject.put("fcanmodifyorderprice", fcanmodifyorderprice); dataobject.put("fisusestatementconfirm", fisusestatementconfirm); dataobject.put("hrid", username.toUpperCase()); dataobject.put("appids", mobject); object.put("data", dataobject); return object.toString(); } @Path("method") @SuppressWarnings({"rawtypes", "unchecked"}) @POST public String method2(String RequestContent) { if (parameter.isdebug) { new SQLiteJDBC().InsertLogMsg("请求内容", RequestContent, "info", true); } /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = { "classname", "method", "content"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } /** * 验证请求正文中的content是否为规范的SONObject格式 */ JSONObject content = new JSONObject(); try { content = JSONObject.fromObject(requestcontent.getJSONObject("content")); } catch (Exception e) { return ErrModel.request_ContentJsonFormat().toString(); } String result; String className = requestcontent.getString("classname"); String methodName = requestcontent.getString("method"); if (content.isNullObject()) { content = new JSONObject(); } content.put("$classname", className); content.put("$method", methodName); String key = className + "." + methodName; // try { boolean getdatafromdbanyway = content.containsKey("getdatafromdbanyway") && content.getBoolean("getdatafromdbanyway"); content.remove("getdatafromdbanyway"); Object data = null; if (!getdatafromdbanyway) { data = DataPool.get(content.toString()); } if (data != null) { result = data.toString(); saveCallMethodMsg(key, false, 0L); } else { Long starttimes = Calendar.getInstance().getTimeInMillis(); /** * 执行请求方法 */ Class clz = Class.forName("openapi.restcontroller." + className); Constructor cla = clz.getDeclaredConstructor(JSONObject.class); Object obj = cla.newInstance(content); Method method = obj.getClass().getDeclaredMethod(methodName); result = (String) method.invoke(obj); Long endtimes = Calendar.getInstance().getTimeInMillis(); saveCallMethodMsg(key, true, endtimes - starttimes); } } catch (ClassNotFoundException e) { e.printStackTrace(); result = ErrModel.request_GetClass("找不到指定的类" + className).toString(); } catch (InstantiationException e) { e.printStackTrace(); result = ErrModel.request_GetClass("类" + className + "实例化异常").toString(); } catch (IllegalAccessException e) { e.printStackTrace(); result = ErrModel.request_GetClass("类" + className + "安全权限异常,可能该类为非public类").toString(); } catch (NoSuchMethodException e) { e.printStackTrace(); result = ErrModel.request_GetClass("找不到指定的类" + className + "的" + methodName + "方法").toString(); } catch (IllegalArgumentException e) { e.printStackTrace(); result = ErrModel.request_GetClass("类" + className + "的" + methodName + "方法参数不合法").toString(); } catch (InvocationTargetException e) { e.printStackTrace(); Throwable targetException = e.getTargetException(); result = ErrModel.request_GetClass(targetException.getMessage()).toString(); } catch (Exception e) { e.printStackTrace(); result = ErrModel.request_GetClass("发生未知异常" + e.getMessage()).toString(); } return result; } @Path("logout") @POST public String logout(String RequestContent) { /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = {"accesstoken"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } /** * 验证正文中的token是否有效 */ String accesstoken = requestcontent.getString("accesstoken"); parameter.tokenlist.remove(accesstoken); JSONObject object = new JSONObject(); object.put("status", "ok"); return object.toString(); } @Path("login_jump") @POST public String login_jump(String RequestContent) { /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = {"from_account", "accesstoken", "username"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } /** * 验证正文中的token是否有效 */ String accesstoken = requestcontent.getString("accesstoken"); if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) { return ErrModel.token_Validate().toString(); } // 请求来源 String from_account = requestcontent.getString("from_account"); String username = requestcontent.getString("username"); DBConnect connect = new DBConnect(); Rows rows = connect.runSqlQuery( "select t1.fusertype,t2.fagentnum,t1.defsite as siteid from pp_users t1 left join tagents_users t2 on t1.hrid=t2.hrid where t1.hrid='" + username + "' and t1.status='ACTIVE'"); if (rows.isEmpty()) { JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "账号已失效"); return object.toString(); } String fusertype = rows.get(0).getString("fusertype"); String fagentnum = rows.get(0).getString("fagentnum"); String siteid = rows.get(0).getString("siteid"); parameter.siteidList.put(username.toUpperCase(), siteid.toUpperCase()); parameter.usertypeList.put(username.toUpperCase(), fusertype.toUpperCase()); Rows rows_moduleid = connect.runSqlQuery( "select distinct moduleid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='" + username + "' and systemid='" + from_account + "'"); JSONObject mobject = new JSONObject(); for (Row row : rows_moduleid) { String moduleid = row.getString("moduleid"); Rows rows_appid = connect.runSqlQuery( "select appid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='" + username + "' and systemid='" + from_account + "' and moduleid='" + moduleid + "' order by t1.sequence"); mobject.put(moduleid, rows_appid.toJsonArray("appid")); } String token = ""; byte[] secretBytes = null; try { secretBytes = MessageDigest.getInstance("md5") .digest((username + accesstoken + Calendar.getInstance().getTimeInMillis()).getBytes()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("没有这个md5算法!"); } token = new BigInteger(1, secretBytes).toString(16); parameter.tokenlist.add(token); JSONObject object = new JSONObject(); object.put("status", "ok"); object.put("token", token); JSONObject dataobject = new JSONObject(); dataobject.put("fusertype", fusertype); dataobject.put("fagentnum", fagentnum); dataobject.put("siteid", siteid); dataobject.put("hrid", username.toUpperCase()); dataobject.put("appids", mobject); object.put("data", dataobject); return object.toString(); } public static boolean FISUPLOADFOROBS=true; @Path("uploaddoc") @POST @Consumes({"multipart/form-data"}) @Produces({"application/json"}) public String upLoadDoc(@FormDataParam("uploadfile") InputStream uploadfileInputStream, @FormDataParam("uploadfile") FormDataContentDisposition uploadfile, @FormDataParam("ownertable") String ownertable, @FormDataParam("ownerid") String ownerid, @FormDataParam("hrid") String hrid, @FormDataParam("description") String description, @FormDataParam("accesstoken") String accesstoken, @FormDataParam("type") String type) { /** * 验证正文中的token是否有效 */ try{ /** * 验证正文中的token是否有效 */ if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) { return ErrModel.token_Validate().toString(); } docManage docManage = new docManage(); String result=null; Set set=new HashSet(); set.addAll(Arrays.asList("ordernode","hyordernode","hyworkorder","afterserviceorder")); if(set.contains(ownertable.toLowerCase())&&FISUPLOADFOROBS){ result = docManage.upLoadDocForOBS(uploadfileInputStream, uploadfile, ownertable, ownerid, hrid, description, "",type); }else{ result = docManage.upLoadDoc(uploadfileInputStream, uploadfile, ownertable, ownerid, hrid, description, ""); } return result; }catch (Exception e){ JSONObject returnObject=new JSONObject(); returnObject.put("msg", "失败"); returnObject.put("code", 0); returnObject.put("errcode", 0); returnObject.put("data", e.getMessage()); return returnObject.toString(); } } @Path("uploaddocurl") @POST @Consumes({"multipart/form-data"}) @Produces({"application/json"}) public String upLoadDocUrl(@FormDataParam("url") String urlstr, @FormDataParam("ownertable") String ownertable, @FormDataParam("ownerid") String ownerid, @FormDataParam("hrid") String hrid, @FormDataParam("description") String description, @FormDataParam("accesstoken") String accesstoken) { /** * 验证正文中的token是否有效 */ if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) { return ErrModel.token_Validate().toString(); } docManage docManage = new docManage(); String result = docManage.upLoadDocUrl(urlstr, ownertable, ownerid, hrid, description); return result; } @Path("uploaddocwechat") @POST @Consumes({"multipart/form-data"}) @Produces({"application/json"}) public String upLoadDocUrlWechat(@FormDataParam("uploadfile") InputStream uploadfileInputStream, @FormDataParam("uploadfile") FormDataContentDisposition uploadfile, @FormDataParam("ownertable") String ownertable, @FormDataParam("ownerid") String ownerid, @FormDataParam("hrid") String hrid, @FormDataParam("description") String description, @FormDataParam("accesstoken") String accesstoken) { /** * 验证正文中的token是否有效 */ if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) { return ErrModel.token_Validate().toString(); } docManage docManage = new docManage(); String result = docManage.upLoadDoc(uploadfileInputStream, uploadfile, ownertable, ownerid, hrid, description, "微信附件上传"); return result; } @Path("wlcx") @GET public String wlcx(@QueryParam("com") String com, @QueryParam("num") String num) { String wl = kuaidi100.queryKuaiDi100(com, num); return wl; } @Path("housekeeperlogin") @POST public String housekeeper_login(String RequestContent) { /** * 验证请求正文是否为规范的SONObject格式 */ JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } /** * 验证请求正文中是否包含必填的键值 */ String[] mustkeys = {"username", "password", "from_account"}; for (String mustkey : mustkeys) { if (!requestcontent.containsKey(mustkey)) { return ErrModel.request_ContainsMustKey(mustkey).toString(); } } String username = requestcontent.getString("username"); String password = requestcontent.getString("password"); // System.out.println("username:"+username+" password:"+password); // 请求来源 String from_account = requestcontent.getString("from_account"); //如果from_account为1 ,则是前端web登录 String usertype=null; if(from_account.equals("1")){ boolean result = true; PaoSetRemote userSet = null; try { userSet = P2Server.getP2Server().getPaoSet("pp_users", P2Server.getP2Server().getSystemUserInfo()); userSet.setWhere("hrid='" + username + "'"); userSet.reset(); if (userSet.isEmpty()) { JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "该帐号无登录权限!"); return object.toString(); } else { usertype=userSet.getPao(0).getString("FUSERTYPE"); byte[] bytes = userSet.getPao(0).getBytes("password"); result = password .equals(P2Server.getP2Server().getP2Cipher().decData(bytes)); } } catch (Exception e) { e.printStackTrace(); } finally { try { if (userSet != null) { userSet.clear(); userSet.close(); } } catch (Exception e) { e.printStackTrace(); } } String token = ""; if (result) { byte[] secretBytes = null; try { secretBytes = MessageDigest.getInstance("md5") .digest((username + password + Calendar.getInstance().getTimeInMillis()).getBytes()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("没有这个md5算法!"); } token = new BigInteger(1, secretBytes).toString(16); parameter.tokenlist.add(token); } else { return ErrModel.getToken().toString(); } DBConnect connect = new DBConnect(); // System.out.println("usertype:"+usertype); if(usertype.equals("经销商主账号")){//如果类型是经销商主账号 // DBConnect connect = new DBConnect("DRP"); Rows rows = connect.runSqlQuery( "select t1.fagentnum,t.defsite as siteid,t.hrid,t1.FAGENTSHORTNAME,t1.fisservice from pp_users t join TAGENTs t1 on t.hrid=t1.fagentnum " + "where t.hrid='"+username+"' and t.status='ACTIVE' and t1.fisservice=1"); if (rows.isEmpty()) { JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "该帐号无登录权限!"); return object.toString(); } String fagentnum=rows.get(0).getString("fagentnum"); String siteid=rows.get(0).getString("siteid"); String fagentshortname=rows.get(0).getString("FAGENTSHORTNAME"); boolean fisservice=rows.get(0).getBoolean("fisservice"); Rows staffauthority = connect.runSqlQuery("select authoritymodule,authorityname from staffauthority where siteid='"+siteid+"' order by frownum"); List list=new ArrayList(); for (Row row : staffauthority) { list.add(row.getString("authoritymodule")+"_edit"); } JSONObject object = new JSONObject(); object.put("status", "ok"); object.put("token", token); JSONObject dataobject = new JSONObject(); dataobject.put("fusertype", usertype); dataobject.put("fagentnum", fagentnum); dataobject.put("siteid", siteid); dataobject.put("name", fagentshortname); dataobject.put("hrid", username.toUpperCase()); dataobject.put("appids", list); dataobject.put("fisservice", fisservice); object.put("data", dataobject); return object.toString(); }else if(usertype.equals("经销商员工账号")){//如果类型是经销商员工账号 Rows rows = connect.runSqlQuery( "select t1.fagentnum,t.defsite as siteid,t.hrid,t1.staffid,t1.fname,'0' fisservice from pp_users t join staff t1 on t1.phone=t.hrid " + "where t.hrid='"+username+"' and t.status='ACTIVE'"); if (rows.isEmpty()) { JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "该帐号无登录权限!"); return object.toString(); } String fagentnum=rows.get(0).getString("fagentnum"); String siteid=rows.get(0).getString("siteid"); String fname=rows.get(0).getString("fname"); boolean fisservice=rows.get(0).getBoolean("fisservice"); int staffid=rows.get(0).getInteger("staffid"); Rows staffauthority = connect.runSqlQuery("select t.authoritymodule,t.authorityname,t.fisedit,t.fisquery from\n" + " staff_authority t\n" + " join staffauthority t1 on t.authoritymodule=t1.authoritymodule and t1.siteid='"+siteid+"'\n" + "where fparentid="+staffid+" order by t1.frownum"); List list=new ArrayList(); for (Row row : staffauthority) { if(row.getBoolean("fisedit")){ list.add(row.getString("authoritymodule")+"_edit"); } else if(row.getBoolean("fisquery")){ list.add(row.getString("authoritymodule")); } } JSONObject object = new JSONObject(); object.put("status", "ok"); object.put("token", token); JSONObject dataobject = new JSONObject(); dataobject.put("fusertype", usertype); dataobject.put("fagentnum", fagentnum); dataobject.put("siteid", siteid); dataobject.put("name", fname); dataobject.put("hrid", username.toUpperCase()); dataobject.put("appids", list); dataobject.put("fisservice", fisservice); object.put("data", dataobject); return object.toString(); }else{ JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "该帐号无登录权限!"); return object.toString(); } }else if(from_account.equals("2")){//小程序登录 DBConnect connect = new DBConnect(); Rows rows = connect.runSqlQuery("select t.fagentnum,t.workphone,t.siteid,t.role,t.password from worker t " + "where fisused=1 and workphone='" + username + "' and t.role='服务组长'"); if(!rows.isEmpty()){ String realpassword = rows.get(0).getString("password"); if(!realpassword.equals(password)){ JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "密码错误!"); return object.toString(); } byte[] secretBytes = null; try { secretBytes = MessageDigest.getInstance("md5") .digest((username + password + Calendar.getInstance().getTimeInMillis()).getBytes()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("没有这个md5算法!"); } String token = new BigInteger(1, secretBytes).toString(16); parameter.tokenlist.add(token); String fagentnum=rows.get(0).getString("fagentnum"); String siteid=rows.get(0).getString("siteid"); String role=rows.get(0).getString("role"); JSONObject object = new JSONObject(); object.put("status", "ok"); object.put("token", token); JSONObject dataobject = new JSONObject(); dataobject.put("fusertype", usertype); dataobject.put("fagentnum", fagentnum); dataobject.put("siteid", siteid); dataobject.put("role", role); dataobject.put("hrid", username.toUpperCase()); object.put("data", dataobject); return object.toString(); }else{ JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "该帐号无登录权限!"); return object.toString(); } }else{ JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "from参数无效"); return object.toString(); } } public static final String FILE_PATH=P2Server.getP2Server().getConfig().getProperty("p2.attachment.defaultpath"); public static final String FILE_URL="http://drp.idcgroup.com.cn:8082/samex/rest/webclientrest/download?docinfoid="; @Path("download") @GET public void download(@QueryParam("docinfoid") String docinfoid,@Context HttpServletResponse response){ int id=Integer.valueOf(docinfoid); response.reset(); File file=null; try { PaoSetRemote docinfos = P2Server.getP2Server().getPaoSet("docinfo", P2Server.getP2Server().getSystemUserInfo()); docinfos.setWhere("docinfoid="+Long.valueOf(id)); docinfos.reset(); if(!docinfos.isEmpty()){ PaoRemote docinfo = docinfos.getPao(0); String siteid = docinfo.getString("siteid"); String serialnumber = docinfo.getString("serialnumber"); String document = docinfo.getString("document"); String ownertables = docinfo.getString("ownertable"); String postfix = docinfo.getString("postfix"); if(postfix.equalsIgnoreCase("pdf")){ response.setContentType("application/pdf"); response.setHeader("Content-Disposition", "attachment;fileName="+ URLEncoder.encode(document,"UTF-8")); }else if(postfix.equalsIgnoreCase("jpg")|| postfix.equalsIgnoreCase("png")|| postfix.equalsIgnoreCase("jpeg") ){ response.setContentType("image/png"); }else if(postfix.equalsIgnoreCase("mp4")){ response.setContentType("video/mpeg4"); }else{ response.setContentType("multipart/form-data"); response.setHeader("Content-Disposition", "attachment;fileName="+ URLEncoder.encode(document,"UTF-8")); } file = new File( FILE_PATH +"\\"+siteid+"\\"+ownertables+"\\"+serialnumber); } } catch (P2Exception | UnsupportedEncodingException e) { e.printStackTrace(); } ServletOutputStream out; try { if(file!=null){ FileInputStream inputStream = new FileInputStream(file); //3.通过response获取ServletOutputStream对象(out) out = response.getOutputStream(); int b = 0; byte[] buffer = new byte[512]; while (b != -1){ b = inputStream.read(buffer); //4.写到输出流(out)中 out.write(buffer,0,b); } inputStream.close(); out.close(); out.flush(); }else{ out = response.getOutputStream(); out.write("null".getBytes()); out.close(); out.flush(); } } catch (IOException e) { e.printStackTrace(); } } @Path("find_staffauthority") @POST public String find_staffauthority(String RequestContent) { JSONObject requestcontent = null; try { requestcontent = JSONObject.fromObject(RequestContent); } catch (Exception e) { return ErrModel.request_BasicJsonFormat().toString(); } String username = requestcontent.getString("username"); DBConnect dbConnect=new DBConnect(); Rows rows = dbConnect.runSqlQuery("select fusertype,defsite from pp_users where hrid='" + username + "' and status='ACTIVE'"); if(!rows.isEmpty()){ Row row_detail = rows.get(0); String fusertype = row_detail.getString("fusertype"); String defsite = row_detail.getString("defsite"); if(fusertype.equals("经销商主账号")){ Rows staffauthority = dbConnect.runSqlQuery("select authoritymodule,authorityname from staffauthority where siteid='"+defsite+"' order by frownum"); List list=new ArrayList(); for (Row row : staffauthority) { list.add(row.getString("authoritymodule")+"_edit"); } JSONObject object = new JSONObject(); object.put("status", "ok"); JSONObject dataobject = new JSONObject(); dataobject.put("appids", list); object.put("data", dataobject); return object.toString(); }else if(fusertype.equals("经销商员工账号")){ Rows rows1 = dbConnect.runSqlQuery( "select t1.fagentnum,t.defsite as siteid,t.hrid,t1.staffid,t1.fname,'0' fisservice from pp_users t join staff t1 on t1.phone=t.hrid " + "where t.hrid='"+username+"' and t.status='ACTIVE'"); if (rows1.isEmpty()) { JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "账号已失效"); return object.toString(); } String fagentnum=rows1.get(0).getString("fagentnum"); String siteid=rows1.get(0).getString("siteid"); String fname=rows1.get(0).getString("fname"); boolean fisservice=rows1.get(0).getBoolean("fisservice"); int staffid=rows1.get(0).getInteger("staffid"); Rows staffauthority = dbConnect.runSqlQuery("select t.authoritymodule,t.authorityname,t.fisedit,t.fisquery from\n" + " staff_authority t\n" + " join staffauthority t1 on t.authoritymodule=t1.authoritymodule and t1.siteid='"+siteid+"'\n" + "where fparentid="+staffid+" order by t1.frownum"); List list=new ArrayList(); for (Row row : staffauthority) { if(row.getBoolean("fisedit")){ list.add(row.getString("authoritymodule")+"_edit"); } else if(row.getBoolean("fisquery")){ list.add(row.getString("authoritymodule")); } } JSONObject object = new JSONObject(); object.put("status", "ok"); JSONObject dataobject = new JSONObject(); dataobject.put("appids", list); object.put("data", dataobject); return object.toString(); } } JSONObject object = new JSONObject(); object.put("status", "error"); object.put("errcode", ErrCode.gettokenfail[0]); object.put("msg", "账户不存在"); return object.toString(); } }