new

saicLogistics/src/main/java/com/fuzamei/interceptor/TokenInterceptor.java

@@ -46,7 +46,7 @@ public class TokenInterceptor extends HandlerInterceptorAdapter{
 			if(tokenAndUserId==null||"".equals(tokenAndUserId.trim())){//请求头不能为null
 				throw new RuntimeException("Authorization为空");
 			}
-			String token =ValidationUtil.checkBlankAndAssignString(tokenAndUserId.split("&")[0].replace("Bearer ", ""));//token校验
+			String token =ValidationUtil.checkBlankAndAssignString(tokenAndUserId.split("&")[0].replace("Bearer", ""));//token校验
 			int userId = ValidationUtil.checkAndAssignInt(tokenAndUserId.split("&")[1]);//账户id校验
 			boolean flag = userAuthoricationService.verificationToken(userId, token);//校验userId和token值是否符合
 			if(!flag){//token校验未通过

saicLogistics/src/main/java/com/fuzamei/web/CargoConsignAction.java

@@ -3,6 +3,8 @@ package com.fuzamei.web;
 import java.util.List;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -37,9 +39,12 @@ public class CargoConsignAction {
 	@Autowired
 	private OrderService orderService;
 	
+	@Autowired
+	private HttpServletRequest req;
+	
 	private static final Integer ROWNUM=Integer.parseInt(ReadConfUtil.getProperty("rowNum"));
 	
-	public static final String CARNO_PATTERN =RegexConstant.CAR_NO;
+	private static final String CARNO_PATTERN =RegexConstant.CAR_NO;
 	/**
 	 * 
 	* @Title: queryOrdersBySupplier
@@ -62,7 +67,7 @@ public class CargoConsignAction {
 	@RequestMapping(value="/queryOrdersBySupplier",method=RequestMethod.POST)
 	public Map<String, Object> queryOrdersBySupplier(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.SUPPLIER);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);
@@ -101,7 +106,7 @@ public class CargoConsignAction {
 	@RequestMapping(value="/queryOrdersByCarrier",method=RequestMethod.POST)
 	public Map<String, Object> queryOrdersByCarrier(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.CARRIER);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);
@@ -136,7 +141,7 @@ public class CargoConsignAction {
 	@RequestMapping(value="/doCarry",method=RequestMethod.POST)
 	public Map<String, Object> doCarry(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.CARRIER);
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
 			ValidationUtil.checkBlankAndAssignString(params.getCarNo());//车牌号校验
@@ -167,7 +172,7 @@ public class CargoConsignAction {
 	@RequestMapping(value="/showAllCarriersUnderSupplier",method=RequestMethod.POST)
 	public Map<String, Object> showAllCarriersUnderSupplier(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserDetail(ValidationUtil.checkAndAssignInt(userId), Role.SUPPLIER);
 			params.setRoleName(Role.CARRIER);
 			List<UserDetail> carrierList = userAuthoricationService.showAllCarriersUnderSupplier(params);
@@ -195,7 +200,7 @@ public class CargoConsignAction {
 	@RequestMapping(value="/orderTracking",method=RequestMethod.POST)
 	public Map<String, Object> orderTracking(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			UserDetail userDetail = userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId),Role.CARRIER,Role.SUPPLIER);//检测当前操作用户权限
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
 			if(Role.SUPPLIER.equals(userDetail.getRoleName())){

saicLogistics/src/main/java/com/fuzamei/web/CargoDeliverAction.java

@@ -2,6 +2,8 @@ package com.fuzamei.web;
 
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -30,6 +32,9 @@ public class CargoDeliverAction {
 	@Autowired
 	private UserAuthoricationService userAuthoricationService;
 	
+	@Autowired
+	private HttpServletRequest req;
+	
 	@Autowired
 	private OrderService orderService;
 	
@@ -57,7 +62,7 @@ public class CargoDeliverAction {
 	@RequestMapping(value="/queryOrdersByCarrier",method=RequestMethod.POST)
 	public Map<String, Object> queryOrdersByCarrier(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.CARRIER);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);
@@ -91,7 +96,7 @@ public class CargoDeliverAction {
 	@RequestMapping(value="/orderTracking",method=RequestMethod.POST)
 	public Map<String, Object> orderTracking(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId),Role.CARRIER);//检测当前操作用户权限
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
 			if(!params.getUserId().equals(order.getCarrierId())) throw new RuntimeException("无权查看");

saicLogistics/src/main/java/com/fuzamei/web/CargoTallyAction.java

@@ -2,6 +2,8 @@ package com.fuzamei.web;
 
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -32,6 +34,9 @@ public class CargoTallyAction {
 	@Autowired
 	private UserAuthoricationService userAuthoricationService;
 	
+	@Autowired
+	private HttpServletRequest req;
+	
 	@Autowired
 	private OrderService orderService;
 	
@@ -58,7 +63,7 @@ public class CargoTallyAction {
 	@RequestMapping(value="/queryOrdersByReceiver",method=RequestMethod.POST)
 	public Map<String, Object> queryOrdersByReceiver(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.STOCKER);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);
@@ -92,7 +97,7 @@ public class CargoTallyAction {
 	@RequestMapping(value="/searchNewOrderByOrderId",method=RequestMethod.POST)
 	public Map<String, Object> searchNewOrderByOrderId(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.STOCKER);
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
 			if(order==null) throw new RuntimeException("订单不存在");
@@ -123,7 +128,7 @@ public class CargoTallyAction {
 	@RequestMapping(value="/confirmOrReject",method=RequestMethod.POST)
 	public Map<String, Object> confirmOrReject(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.STOCKER);
 			ValidationUtil.checkRangeAndAssignInt(params.getConfirmId(), 0, 1);//确认id只能是0和1
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
@@ -153,7 +158,7 @@ public class CargoTallyAction {
 	@RequestMapping(value="/orderTracking",method=RequestMethod.POST)
 	public Map<String, Object> orderTracking(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId),Role.STOCKER);//检测当前操作用户权限
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
 			if(!params.getUserId().equals(order.getReceiverId())) throw new RuntimeException("无权查看");

saicLogistics/src/main/java/com/fuzamei/web/OperationHistoryAction.java

@@ -2,6 +2,8 @@ package com.fuzamei.web;
 
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -31,6 +33,8 @@ public class OperationHistoryAction {
 	
 	private static final Integer ROWNUM=Integer.parseInt(ReadConfUtil.getProperty("rowNum"));
 	
+	@Autowired
+	private HttpServletRequest req;
 	/**
 	 * 
 	* @Title: queryOperationHistory
@@ -50,7 +54,7 @@ public class OperationHistoryAction {
 	@RequestMapping(value="/queryOperationHistory",method=RequestMethod.POST)
 	public Map<String, Object> queryOperationHistory(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.ADMIN);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);

saicLogistics/src/main/java/com/fuzamei/web/OrdersIssueAction.java

@@ -3,6 +3,8 @@ package com.fuzamei.web;
 import java.util.List;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -50,8 +52,10 @@ public class OrdersIssueAction {
 	
 	private static final Integer ROWNUM=Integer.parseInt(ReadConfUtil.getProperty("rowNum"));
 	
-	public static final String ORDER_ID_PATTERN=RegexConstant.ORDER_ID;
-
+	private static final String ORDER_ID_PATTERN=RegexConstant.ORDER_ID;
+	
+	@Autowired
+	private HttpServletRequest req;
 
 	/**
 	 * 
@@ -73,7 +77,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/queryOrdersByPlanner",method=RequestMethod.POST)
 	public Map<String, Object> queryOrdersByPlanner(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.PLANNER);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);
@@ -112,7 +116,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/queryOrdersBySupplier",method=RequestMethod.POST)
 	public Map<String, Object> queryOrdersBySupplier(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.SUPPLIER);
 			int page = ValidationUtil.checkMinAndAssignInt(params.getPage(), 1);
 			Long startTime=ValidationUtil.checkAndAssignDefaultLong(params.getStartTime(), 0L);
@@ -147,7 +151,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/consignment",method=RequestMethod.POST)
 	public Map<String, Object> consignment(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.SUPPLIER);
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(params.getCarrierId()), Role.CARRIER);
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
@@ -182,7 +186,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/addOrder",method=RequestMethod.POST)
 	public Map<String, Object> addOrder(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			orderService.checkIfHasTheSameId(ValidationUtil.checkAndAssignInt(params.getOrderId(),ORDER_ID_PATTERN));
 			UserDetail userDetail = userAuthoricationService.queryUserDetail(ValidationUtil.checkAndAssignInt(userId), Role.PLANNER);//检测当前操作用户权限
 			ValidationUtil.checkBlankString(params.getPartNo());
@@ -220,7 +224,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/showSuppliersUnderPlanner",method=RequestMethod.POST)
 	public Map<String, Object> showSuppliersUnderPlanner(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			UserDetail userDetail = userAuthoricationService.queryUserDetail(ValidationUtil.checkAndAssignInt(userId), Role.PLANNER);//检测当前操作用户权限
 			return JSONUtil.getJsonMap(200, true, HintMSG.QUERY_SUCCESS, userDetail.getUsers());
 		} catch (Exception e) {
@@ -270,7 +274,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/showAllPartNo",method=RequestMethod.POST)
 	public Map<String, Object> showAllPartNo(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId), Role.PLANNER);//检测当前操作用户权限
 			List<Part> partList = partService.queryAllPartInformation();
 			return JSONUtil.getJsonMap(200, true, HintMSG.QUERY_SUCCESS, partList);
@@ -296,7 +300,7 @@ public class OrdersIssueAction {
 	@RequestMapping(value="/orderTracking",method=RequestMethod.POST)
 	public Map<String, Object> orderTracking(@RequestBody Params params){
 		try {
-			String userId = params.getTokenId().split("&")[1];
+			String userId = req.getHeader("Authorization").split("&")[1];
 			UserDetail userDetail = userAuthoricationService.queryUserAuthority(ValidationUtil.checkAndAssignInt(userId),Role.PLANNER,Role.SUPPLIER);//检测当前操作用户权限
 			Orders order = orderService.queryFullOrderByOrderId(ValidationUtil.checkAndAssignInt(params.getOrderId()));
 			if(Role.PLANNER.equals(userDetail.getRoleName())){