All Downloads are FREE. Search and download functionalities are using the official Maven repository. Maven / Gradle / Ivy

 *                                                                           *
 *  This file is part of the frameworkset distribution.                      *
 *  Documentation and updates may be get from  biaoping.yin the author of    *
 *  this framework							     							 *
 *                                                                           *
 *  Sun Public License Notice:                                               *
 *                                                                           *
 *  The contents of this file are subject to the Sun Public License Version  *
 *  1.0 (the "License"); you may not use this file except in compliance with *
 *  the License. A copy of the License is available at    *
 *                                                                           *
 *  The Original Code is tag. The Initial Developer of the Original          *
 *  Code is biaoping.yin. Portions created by biaoping.yin are Copyright     *
 *  (C) 2004.  All Rights Reserved.                                          *
 *                                                                           *
 *  GNU Public License Notice:                                               *
 *                                                                           *
 *  Alternatively, the contents of this file may be used under the terms of  *
 *  the GNU Lesser General Public License (the "LGPL"), in which case the    *
 *  provisions of LGPL are applicable instead of those above. If you wish to *
 *  allow use of your version of this file only under the  terms of the LGPL *
 *  and not to allow others to use your version of this file under the SPL,  *
 *  indicate your decision by deleting the provisions above and replace      *
 *  them with the notice and other provisions required by the LGPL.  If you  *
 *  do not delete the provisions above, a recipient may use your version of  *
 *  this file under either the SPL or the LGPL.                              *
 *                                                                           *
 *  biaoping.yin ([email protected])                                            *
 *                                                                           *

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.JspWriter;
import javax.servlet.jsp.PageContext;

import org.frameworkset.spi.SPIException;
import org.frameworkset.web.token.TokenHelper;
import org.frameworkset.web.token.TokenStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.frameworkset.common.poolman.DBUtil;
import com.frameworkset.common.poolman.PreparedDBUtil;
import com.frameworkset.common.poolman.Record;
import com.frameworkset.common.poolman.SQLExecutor;
import com.frameworkset.common.poolman.handle.NullRowHandler;
import com.frameworkset.platform.config.ConfigManager;
import com.frameworkset.platform.config.model.Operation;
import com.frameworkset.platform.config.model.OperationQueue;
import com.frameworkset.platform.config.model.ResourceInfo;
import com.frameworkset.platform.esb.datareuse.common.entity.MenuItemU;
import com.frameworkset.platform.framework.Framework;
import com.frameworkset.platform.framework.FrameworkServlet;
import com.frameworkset.platform.framework.Item;
import com.frameworkset.platform.framework.MenuHelper;
import com.frameworkset.platform.framework.MenuItem;
import com.frameworkset.platform.framework.MenuQueue;
import com.frameworkset.platform.framework.Module;
import com.frameworkset.platform.framework.ModuleQueue;
import com.frameworkset.platform.framework.SubSystem;
import com.frameworkset.platform.resource.ResourceManager;
import com.frameworkset.platform.sysmgrcore.entity.Group;
import com.frameworkset.platform.sysmgrcore.entity.Log;
import com.frameworkset.platform.sysmgrcore.entity.Organization;
import com.frameworkset.platform.sysmgrcore.entity.Role;
import com.frameworkset.platform.sysmgrcore.entity.User;
import com.frameworkset.platform.sysmgrcore.exception.ManagerException;
import com.frameworkset.platform.sysmgrcore.manager.LogManager;
import com.frameworkset.platform.sysmgrcore.manager.OrgManager;
import com.frameworkset.platform.sysmgrcore.manager.SecurityDatabase;
import com.frameworkset.platform.sysmgrcore.manager.UserManager;
import com.frameworkset.platform.sysmgrcore.manager.db.GroupCacheManager;
import com.frameworkset.platform.sysmgrcore.manager.db.JobManagerImpl;
import com.frameworkset.platform.sysmgrcore.manager.db.OrgAdminCache;
import com.frameworkset.platform.sysmgrcore.manager.db.OrgCacheManager;
import com.frameworkset.platform.sysmgrcore.manager.db.RoleCacheManager;
import com.frameworkset.platform.sysmgrcore.manager.db.UserCacheManager;
import com.frameworkset.util.StringUtil;

 * @author biaoping.yin created on 2005-9-29 version 1.0
public class AccessControl implements AccessControlInf{
	private static final Logger log = LoggerFactory.getLogger(AccessControl.class);

	// public static final String LOGINCONTEXT_CACHE_KEY = "LOGIN_CONTEXT";
	public static final String accesscontrol_request_attribute_key = "";
	public static final String REMOTEADDR_CACHE_KEY = "REMOTEADDR_CACHE_KEY";
	public static final String MACADDR_CACHE_KEY = "MACADDR_CACHE_KEY";
	public static final String LOGINSTYLE_CACHE_KEY = "LOGINSTYLE_CACHE_KEY";
	public static final String SERVER_IP_KEY = "SERVER_IP_KEY";
	public static final String SERVER_PORT_KEY = "SERVER_PORT_KEY";

	public static final String PRINCIPAL_INDEXS = "PRINCIPAL_INDEXS";

	public static final String PRINCIPALS_COOKIE = "PRINCIPALS_COOKIE";

	public static final String CREDENTIAL_INDEXS = "CREDENTIAL_INDEXS";

	public static final String SUBSYSTEM_ID = "subsystem_id";

	public static final String SUBSYSTEM_COOKIE = "SUBSYSTEM_COOKIE_ID";

	public static final String HEAD_SPLIT = "^@^";

	public static final String PRINCIPAL_SPLIT = "^_^";

	public static final String IDENTITY_SPLIT = "#$#";

	public static final String PRINCIPAL_CREDENTIAL_SPLIT = "^|^";

	public static final String CREDENTIAL_SPLIT = "@|@";

	public static final String CREDENTIAL_ATTRIBUTE_SPLIT = "@^@";

	public static final String ATTRIBUTE_SPLIT = "@~@";

	public static final String VISIBLE_PERMISSION = "visible";

	public static final String UNVISIBLE_PERMISSION = "unvisible";

	 * 写权限
	public static final String WRITE_PERMISSION = "write";

	 * 读权限
	public static final String READ_PERMISSION = "read";

	 * 读写权限
	public static final String READ_WRITE_PERMISSION = "read_write";

	 * 批量角色授予
	public static final String BAT_ROLE_ADD_PERMISSION = "batroleadd";

	 * 批量岗位授予
	public static final String BAT_JOB_ADD_PERMISSION = "batjobadd";

	 * 批量加入机构
	public static final String BAT_ORG_ADD_PERMISSION = "batorgadd";

	 * 批量资源操作授予
	public static final String BAT_RES_ADD_PERMISSION = "batresadd";

	 * 用户排序
	public static final String SORT_USER_PERMISSION = "sortuser";

	 * 机构排序
	public static final String SORT_ORG_PERMISSION = "sortorg";

	 * 用户调入调出
	public static final String USER_MOVE_PERMISSION = "usermove";

	 * 新增权限
	public static final String ADD_PERMISSION = "create";

	 * 修改权限
	public static final String UPDATE_PERMISSION = "edit";

	 * 删除权限
	public static final String DELETE_PERMISSION = "delete";

	 * 送审权限
	public static final String DELIVER_PERMISSION = "deliver";

	 * 撤销送审权限
	public static final String WITHDRAW_DELIVER_PERMISSION = "withdrawdeliver";
	 * 提交发布权限
	public static final String SUBPUBLISH_PERMISSION = "subpublish";
	 * 文档发布
	public static final String DOCPUBLISH_PERMISSION = "docpublish";
	 * 归档权限
	public static final String ARCHIVE_PERMISSION = "archive";
	 * 转发权限
	public static final String TRANSMIT_PERMISSION = "transmit";
	 * 保存版本
	public static final String ADD_DOCVER_PERMISSION = "addDocVer";
	 * 版本管理
	public static final String MANAGE_DOCVER_PERMISSION = "manageDocVer";
	 * 评论管理
	public static final String MANAGE_DOCCOMMENT_PERMISSION = "manageDocComment";
	 * 设置置顶权限
	public static final String UPARRANGE_PERMISSION = "addArrangeDoc";
	 * 文档导入权限
	public static final String IMPORTDOC_PERMISSION = "importDoc";
	 * 文档导入权限
	public static final String EXPORTDOC_PERMISSION = "exportDoc";

	 * 执行权限
	public static final String EXECUTE_PERMISSION = "execute";

	 * 回收权限
	public static final String TRASH_PERMISSION = "trash";

	public static final String AUDIT_PERMISSION = "audit";

	public static final String PUBLISH_CHNLBYINC = "chnlbyinc";

	 * 站点操作组 /** 站点设置站点流程
	public static final String SITE_WORKFLOW_PERMISSION = "workflow";
	 * 站点预览
	public static final String SITE_VIEW = "siteview";

	 * 站点上发布右键
	public static final String SITEPUBLISH_PERMISSION = "sitepublish";

	 * 站点上完全发布右键
	public static final String SITEBYALL_PERMISSION = "sitebyall";

	 * 站点上增量发布右键
	public static final String SITEBYINC_PERMISSION = "sitebyinc";

	 * 站点上的站内文档查询
	public static final String SITE_DOCSEARCH_PERMISSION = "docsearch";

	 * 站点上的内容管理
	public static final String SITE_CONTENTMANAGEITEM_PERMISSION = "contentManageItem";

	 * 站点节点新建频道
	public static final String CHANNELROOT_ADDCHANNEL_PERMISSION = "create_channel";

	 * 站点模板操作组
	 * /** 站点上的模板管理
	public static final String SITE_TEMPMANAGER_PERMISSION = "templetmanager";
	 * 模板管理中的模板视图
	public static final String SITE_TEMPLATEVIEW_PERMISSION = "templateview";
	 * 模板视图中的导入按钮
	public static final String SITE_TEMPLATEVIEWIMP_PERMISSION = "templateviewimp";

	 * 模板视图中的新增按钮
	public static final String SITE_TEMPLATEVIEWADD_PERMISSION = "templateviewadd";

	 * 模板视图中的导出按钮
	public static final String SITE_TEMPLATEVIEWEXP_PERMISSION = "templateviewexp";

	 * 模板视图中的删除按钮
	public static final String SITE_TEMPLATEVIEWDEL_PERMISSION = "templateviewdel";

	 * 站点文件视图操作组
	 * /** 模板管理中的文件视图
	public static final String SITE_FILEVIEW_PERMISSION = "fileview";
	 * 文件视图新建文件权限
	public static final String SITE_TPLCREATORFILE_PERMISSION = "tplcreatorFile";

	 * 文件视图新建目录权限
	public static final String SITE_TPLCREATORDIRECTORY_PERMISSION = "tplcreatorDirectory";

	 * 文件视图删除文件权限
	public static final String SITE_TPLDELFILE_PERMISSION = "tpldelFile";

	 * 文件视图上传文件权限
	public static final String SITE_TPLSENDFILE_PERMISSION = "tplsendFile";

	 * 文件视图上传压缩包权限
	public static final String SITE_TPLSENDBAG_PERMISSION = "tplsendBag";

	 * 频道操作组 频道节点新建频道
	public static final String CHANNEL_ADDCHANNEL_PERMISSION = "createchannel";

	 * 改变频道流程
	public static final String CHANNEL_WORKFLOW_PERMISSION = "chnlworkflow";

	 * 频道概览图片设置
	public static final String CHANNEL_INDEXPIC_PERMISSION = "chnlindexpic";

	 * 频道新增文档
	public static final String CHANNEL_ADDDOC_PERMISSION = "adddoc";

	 * 频道修改文档
	public static final String CHANNEL_UPDATEDOC_PERMISSION = "updatedoc";

	 * 频道查看文档
	public static final String CHANNEL_VIEWDOC_PERMISSION = "viewdoc";

	 * 频道上频道预览右键
	public static final String CHNL_VIEW = "chnlview";

	 * 频道上发布右键
	public static final String CHNLPUBLISH_PERMISSION = "chnlpublish";

	 * 频道上完全发布右键
	public static final String CHNLBYALL_PERMISSION = "chnlbyall";

	 * 频道上增量发布右键
	public static final String CHNLBYINC_PERMISSION = "chnlbyinc";

	 * 频道上复制文档右键
	public static final String COPYDOC_PERMISSION = "copydoc";

	 * 频道上置顶管理右键
	public static final String ARRANGE_DOCM = "arrangedocm";

	 * 频道上引用文档管理右键
	public static final String CITEDOC_MANAGER = "citedocmanager";

	 * 频道上扩展字段右键
	public static final String EXT_FIELD = "extfield";

	 * 频道上撤消发布右键
	public static final String WITHDRAWPUBLISH_MANAGER = "withdrawPublish";
	 * 模板操作组*
	 * /** 模板列表导出右键
	public static final String TEMPLATE_TPLEXP_PERMISSION = "tplexp";

	 * 模板列表删除右键
	public static final String TEMPLATE_TPLDEL_PERMISSION = "tpldel";

	 * 模板列表编辑右键
	public static final String TEMPLATE_TPLEDIT_PERMISSION = "tpledit";

	 * 模板列表重新导入右键
	public static final String TEMPLATE_TPLREIMP_PERMISSION = "tplreimp";

	 * 完全控制权限
	public static final String FULL_PERMISSION = "full";

	public static final String COLUMN_RESOURCE = "column";

	public static final String ORGUNIT_RESOURCE = "orgunit";

	public static final String RES_RESOURCE = "resmanager";

	public static final String GROUP_RESOURCE = "group";

	public static final String ROLE_RESOURCE = "role";

	// 数据字典资源
	public static final String DICT_RESOURCE = "dict";

	public static final String JOB_RESOURCE = "job";

	public static final String USER_RESOURCE = "user";

	public static final String SITE_RESOURCE = "site";

	 * 2007-08-29 ge.tao 站点应用设置
	public static final String SITE_APP_SET = "siteappset";

	public static final String SITECHANNEL_RESOURCE = "";

	public static final String SITEDOC_RESOURCE = "site.doc";

	public static final String SITETPL_RESOURCE = "sitetpl";

	public static final String SITEFILE_RESOURCE = "sitefile";

	public static final String CHANNEL_RESOURCE = "channel";

	public static final String CHANNELDOC_RESOURCE = "channeldoc";

	public static final String TEMPLATE_RESOURCE = "template";

	public static final String ADMINISTRATOR_ROLE = "administrator";

	 * 2007-05-30 添加于郴州 biaoping.yin
	public static final String MEMBERCHANNEL_RESOURCE = "memberchannel";

	public static final String LOGOUT_REDIRECT = "sysmanager/logoutredirect.jsp";

	 * 2007-08-29 ge.tao 系统管理 机构管理 编辑机构
	public static final String EDIT_ORG = "editsuborg";
	 * 2007-08-29 ge.tao 系统管理 机构管理 删除机构
	public static final String DELETE_ORG = "deletesuborg";

	 * 2007-12-03 ge.tao 字典数据项资源 过滤 "可见"和"常用"两种权限
	public static final String DICTDATA_RESOURCE = "orgTaxcode";

	private Subject subject;

	private String moduleName;

	protected Credential credential;

	protected Principal principal;

	protected String roles[];

	private static final ThreadLocal current = new ThreadLocal();

	public static String loginPage = "";
	public static String pathloginPage = "";
	public static String redirectpathloginPage = "redirect:/";
	public static String authorfailedPage = "";

	HttpServletRequest request;

	// JspWriter out;

	HttpSession session;
	PageContext pageContext;
	 * 未知身份的用户对象
	private static  AccessControl guest ;
		try {
			loginPage = ConfigManager.getInstance().getDefaultLoginpage();
			if (loginPage == null || loginPage.trim().equals("")) {
				loginPage = "login.jsp";
			pathloginPage = loginPage.startsWith("/") ?loginPage:"/"+loginPage;
			redirectpathloginPage = "redirect:"+pathloginPage;
			authorfailedPage = ConfigManager.getInstance().getAuthorfailedDirect();
		} catch (Exception e1) {
			// TODO Auto-generated catch block
			guest = new AccessControl();
		catch(Exception e)
	public static AccessControl getGuest()
		return guest;

	 * CS和BS单点登录参数
	public static final String OUTER_USER_ACCOUNT_KEY = "OUT_USER_ACCOUNT_KEY";

	 * 请对密码采用MD5加密

//	static final OnLineUser onlineUser = new OnLineUser();


	HttpServletResponse response;

	protected AccessControl() {

			moduleName = ConfigManager.getInstance().getModuleName();
		catch(Exception e)
			log.error("", e);

	public static void init(AccessControl instance) {

	public static AccessControl getInstance() {
		return new AccessControl();
	public static final String current_indexpage = "current_indexpage";
	public static final String current_logoutredirect_cookie = "current.logoutredirect.cookie";
	public static void recordIndexPage(HttpServletRequest request,String page)
		HttpSession session = request.getSession();
		session.setAttribute(current_indexpage, page);
	public static void recordeSystemLoginPage(HttpServletRequest request,HttpServletResponse response)
		String subsystem_id = request.getParameter(SUBSYSTEM_ID);
		if(subsystem_id == null)
			return ;
		String logoutredirect = AccessControl.getSubSystemLogoutRedirect(request, subsystem_id,false);
		if(logoutredirect == null )
			logoutredirect = StringUtil.getRealPath(request.getContextPath(),loginPage,true);
		AccessControl.addCookieValue(request, response, current_logoutredirect_cookie, logoutredirect);
	public static String getIndexPage(HttpServletRequest request)
		HttpSession session = request.getSession();
		return (String)session.getAttribute(current_indexpage);

	// public static AccessControl getInstance(AccessControl instance) {
	// return new AccessControl(instance);
	// }

	 * 系统用户登录接口 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式:
	 * loginMudleName + #$% + userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效
	 * @param pageContext
	 * @param userName
	 * @param password
	 * @param decode
	 *            是否对密码加密
	 * @return
	public boolean login(HttpServletRequest request,
			HttpServletResponse response, String userName, String password)
			throws AccessException

		return login(request, response, userName, password, true);

	public String getCurrentSystemID() {
		if(this.session == null)
			return "";
		String id = (String) this.session.getAttribute(Framework.SUBSYSTEM);

		return id == null ? "" : id;
	 * 获取当前登录系统的注销跳转页面
	 * @return
	public String getSubSystemLogoutRedirect() {
		String systemid = this.getCurrentSystemID();
			return getSubSystemLogoutRedirect(request,systemid,false) ;
	public static String getCookieValue(HttpServletRequest request,String name,String defaultvalue)
//		Cookie[] cookies = request.getCookies();
//			String temp_ = null;
//			for (Cookie temp : cookies) {
//				if(name.equals(temp.getName()))
//				{
//					temp_ = temp.getValue();
//					break;
//				}
//			}
//			if(temp_==null){
//				temp_ = defaultvalue;
//			}
//		return temp_;
		return StringUtil.getCookieValue( request, name, defaultvalue);
	public static String getCookieValue(HttpServletRequest request,String name)
		return getCookieValue(request,name,null);
	public static void  addCookieValue(HttpServletRequest request,HttpServletResponse response ,String name,String value,int maxage)
//		Cookie[] cookies = request.getCookies();
//		Cookie loginPathCookie = null;
//		for(Cookie cookie:cookies)
//		{
//			if(name.equals(cookie.getName()))
//			{
//				loginPathCookie = cookie;
//				break;
//			}
//		}
//		if(loginPathCookie == null)
//		{
//			 loginPathCookie = new Cookie(name, value);			 
//			loginPathCookie.setMaxAge(maxage);
//			loginPathCookie.setPath(request.getContextPath());			
//			response.addCookie(loginPathCookie);
//		}
//		else
//		{
//			loginPathCookie.setMaxAge(maxage);
//			loginPathCookie.setValue(value);
//			loginPathCookie.setPath(request.getContextPath());	
//			response.addCookie(loginPathCookie);
////			loginPathCookie.setPath(request.getContextPath());
//		}
		StringUtil.addCookieValue(request, response, name, value,maxage);
	public static void  addCookieValue(HttpServletRequest request,HttpServletResponse response ,String name,String value)
		addCookieValue( request, response , name, value,3600 * 24);
	 * 获取指定系统的注销跳转页面
	 * @return
	public static String getSubSystemLogoutRedirect(HttpServletRequest request,String systemid,boolean appendToken) {
		String ret = null;
		if(systemid == null)
			String defaultvalue = StringUtil.getRealPath(request.getContextPath(),pathloginPage,true);
			ret = AccessControl.getCookieValue(request, current_logoutredirect_cookie);
				 if(ret.indexOf(TokenStore.temptoken_param_name_word) > 0)
					 ret = defaultvalue;				 
				ret = defaultvalue;	
			if(ret != null && appendToken)
					ret = TokenHelper.getTokenService().appendDTokenToURL(request,ret);
			SubSystem subsystem = Framework.getInstance().getSubsystem(systemid);
			if(subsystem != null)
				systemid = subsystem.getLogoutredirect();
				if(systemid != null )
					ret = StringUtil.getRealPath(request.getContextPath(), systemid,true);
				String defaultvalue = StringUtil.getRealPath(request.getContextPath(),pathloginPage,true);
				ret = AccessControl.getCookieValue(request, current_logoutredirect_cookie);
					 if(ret.indexOf(TokenStore.temptoken_param_name_word) > 0)
						 ret = defaultvalue;				 
					ret = defaultvalue;	
			if(ret != null && appendToken)
				if(TokenHelper.getTokenService() != null)//如果开启令牌机制就会存在memTokenManager对象,否则不存在
					ret = TokenHelper.getTokenService().appendDTokenToURL(request,ret);
		return ret;
	 * 获取指定系统的注销跳转页面
	 * @return
	public static String getSubSystemLogoutRedirect(HttpServletRequest request) {
		return getSubSystemLogoutRedirect(request,null,false);

	public String getCurrentSystemName() {
		String id = getCurrentSystemID();
		if (id == null)
			return "";
		try {
			return Framework.getInstance(id).getDescription(request);
		} catch (Exception e) {
			return "";

	 * 系统用户登录接口 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式:
	 * loginMudleName + #$% + userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param enablelog
	 * @return
	 * @throws AccessException

	public boolean login(HttpServletRequest request,
			HttpServletResponse response, String userName, String password,
			boolean enablelog) throws AccessException

		return login( request,
				 response,  userName,  password,

	 * 系统用户登录接口 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式:
	 * loginMudleName + #$% + userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param enablelog
	 * @return
	 * @throws AccessException

	public boolean login(HttpServletRequest request,
			HttpServletResponse response, String userName, String password,
			String userType) throws AccessException


		return login(request, response, userName, password,
				new String[] { userType });

	 * 系统用户登录接口 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式:
	 * loginMudleName + #$% + userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param enablelog
	 * @return
	 * @throws AccessException

	public boolean login(HttpServletRequest request,
			HttpServletResponse response, String userName, String password,
			String[] userTypes) throws AccessException


		return login( request,
				 response,  userName,  password, true,
	public static String kickmode = ConfigManager.getInstance().getConfigValue("kickmode", "refuse");
	public static boolean enablemutilogin = ConfigManager.getInstance().getConfigBooleanValue("enablemutilogin", true) ;
	public static boolean cluster_session_synchronize = ConfigManager.getInstance().getConfigBooleanValue("cluster.session.synchronize", false);
	public static void resetSession(HttpSession session)
		if(session == null )
//		session.removeAttribute(PRINCIPAL_INDEXS);
//		session.removeAttribute(Framework.SUBSYSTEM);
//		session.removeAttribute(CREDENTIAL_INDEXS);
//		session.removeAttribute(AccessControl.SESSIONID_FROMCLIENT_KEY);
//		session.removeAttribute(SERVER_IP_KEY);
//		session.removeAttribute(SERVER_PORT_KEY);
//		session.removeAttribute(REMOTEADDR_CACHE_KEY);
//		session.removeAttribute(MACADDR_CACHE_KEY);
//		session.removeAttribute(AccessControl.MACHINENAME_CACHE_KEY);
//		session.removeAttribute(SESSIONID_CACHE_KEY);
		try {
			Enumeration anames = session.getAttributeNames();
			if(anames != null )
					String name = String.valueOf(anames.nextElement());
		} catch (Throwable e) {
			// TODO Auto-generated catch block
	 * 系统用户登录接口 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式:
	 * loginMudleName + #$% + userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param enablelog
	 * @return
	 * @throws AccessException

	public boolean login(HttpServletRequest request,
			HttpServletResponse response, String userName, String password,boolean enablelog,
			String[] userTypes) throws AccessException


		 * 如果ie session相互干扰时需要给出提示,不允许用户登录
		session = request.getSession(false);
		Principal temp =  (session != null ?(Principal)session.getAttribute(PRINCIPAL_INDEXS):null);
		if(temp != null )
		        boolean sameuserenable = ConfigManager.getInstance().getConfigBooleanValue("session.sameuserenable",true);
		        this.unprotectedCheck(null, null);
		        String userAccount = this.getUserAccount();
//			Principal principal_ = (Principal) temp.get(moduleName);
		            String subsystem_id = request.getParameter(SUBSYSTEM_ID);
		            if (subsystem_id == null || subsystem_id.equals(""))
		                // 将用户登录的子系统模块名称添加到session中
		                String old = (String)session.getAttribute(Framework.SUBSYSTEM);
		                if(old != null && !old.equals(subsystem_id))
		                    session.setAttribute(Framework.SUBSYSTEM, subsystem_id);
		            return true;
		                throw new AccessException("用户[" + userAccount + "]正在使用系统,等待退出后再登录!");
//		if ((!enablemutilogin 
//				|| cluster_session_synchronize) 
//				&& onlineUser.existUser(userName))
//		{
//			if(kickmode.equalsIgnoreCase("refuse"))
//			{
//				if(!isAdmin(userName))
//					throw new AccessException("用户[" + userName + "]已登陆,登陆情况为:\\n"
//							+ onlineUser.getUserLoginInfo(userName)
//							+ ",不允许用户同时多次登陆系统。");
//			}
//		}
		UsernamePasswordCallbackHandler callbackHandler = new UsernamePasswordCallbackHandler(
				userName, password,userTypes,request,response);

		this.request = request;
		this.response = response;
		try {
			return true;
		} catch (LoginException ex) {
			throw new AccessException(ex.getMessage(),ex);
		catch (Exception ex) {
			throw new AccessException(ex.getMessage(),ex);
	public String getSessionID()
		if(session == null)
			return null;
		return this.session.getId();
	private void guestlogin()
		UsernamePasswordCallbackHandler callbackHandler = new UsernamePasswordCallbackHandler(
				BaseAuthorizationTable.guest, BaseAuthorizationTable.password,null,request,response);
		try {
			SimpleLoginContext loginContext = new SimpleLoginContext("base",
			subject = loginContext.getSubject();
				Credential credential = subject.getCredential();
//					CheckCallBack.AttributeQueue attributeQueue = credential
//							.getCheckCallBack().getAttributeQueue();				
				this.credential = credential;

				AuthPrincipal principal = (AuthPrincipal)subject.getPrincipal();
				this.principal = principal;
		} catch (LoginException e) {
	public String getMachineName()
		String machineName = null;
		if(this.credential != null)
			machineName = (String)this.credential.getCheckCallBack().getUserAttribute(AccessControl.MACHINENAME_CACHE_KEY);
		if(machineName == null)
			return "";
		return machineName;
	public static String getDefaultSUBSystemID()
		String default_module = ConfigManager.getInstance().getConfigValue("default_module", "module");
		return default_module;
	public static String getLoginStyle(HttpServletRequest request)
//		HttpSession session = request.getSession(false);
		AccessControl  control = AccessControl.getAccessControl();
		 * 1 other
		 * 2 other
		 * 3 ISany
		 * 4 WEBIsany
		 * 5 common
		String loginstyle = !control.isGuest() ?(String)control.getUserAttribute(AccessControl.LOGINSTYLE_CACHE_KEY):null;
		if(loginstyle == null)
			return ConfigManager.getInstance().getConfigValue("destop.defaultstyle", "3");
		return loginstyle;
	private void innerlogon(UsernamePasswordCallbackHandler callbackHandler,
			String userName,
			boolean enablelog,boolean recordonlineuser) throws LoginException
		SimpleLoginContext loginContext = new SimpleLoginContext("base",
//		/**
//		 * 通过验证以后,判断用户是否已经登录系统,如果已经登录了,按以下情况进行相应处理:
//		 * 1.不允许用户多次登录系统时,将先前登录的用户从系统中剔除
//		 * 2.应用存在多实例或者应用部署在集群环境中时,将先前登录的用户从系统中剔除
//		 */
//		if ((!enablemutilogin 
//				|| cluster_session_synchronize) 
//				&& recordonlineuser && onlineUser.existUser(userName) )
//		{
//			onlineUser.removeUser(userName);
////			throw new AccessException("用户[" + userName + "]已登陆,登陆情况为:\\n"
////					+ onlineUser.getUserLoginInfo(userName)
////					+ ",系统不允许用户在同时多次登陆。");
//		}
		subject = loginContext.getSubject();
		// 将loginContext缓冲到session中
		// session.setAttribute(LOGINCONTEXT_CACHE_KEY, loginContext);
		// 缓冲远程地址,以便session实效时清除未清除的用户信息
		String machineIP = request.getHeader("iv-remote-address");//获取webseal反向代理过来的ip地址
		if(machineIP == null || machineIP.equals(""))

			machineIP = request.getParameter("machineIp_");
			if(machineIP == null || machineIP.trim().equals(""))
				machineIP = StringUtil.getClientIP(request);
		if(session == null)
			session = request.getSession();
		String sessionTimeout = request.getParameter("sessionTimeout");
		if(sessionTimeout != null && !sessionTimeout.equals(""))
			int timeout = Integer.parseInt(sessionTimeout);
		StringBuffer ssoCookie = new StringBuffer();
		StringBuffer credentialCookie = new StringBuffer();
		boolean flag = false;
		boolean enablecookie = this.enablecookie();
			  credential = (Credential) subject.getCredential();
			  principal = (AuthPrincipal)subject.getPrincipal();
				 * 1 other
				 * 2 other
				 * 3 ISany
				 * 4 WEBIsany
				 * 5 common
				String loginPath = request.getParameter("loginPath");
					loginPath = "5";
//				session.setAttribute(LOGINSTYLE_CACHE_KEY,loginPath);
				credential.getCheckCallBack().setUserAttribute(LOGINSTYLE_CACHE_KEY, loginPath);
//				session.setAttribute(REMOTEADDR_CACHE_KEY, machineIP);
				credential.getCheckCallBack().setUserAttribute(REMOTEADDR_CACHE_KEY, machineIP);
				 * 获取客服端网卡的mac地址
				String macaddr = request.getParameter("macaddr_");
				String machineName = request.getParameter("machineName_");
//				session.setAttribute(MACADDR_CACHE_KEY, macaddr);
				credential.getCheckCallBack().setUserAttribute(MACADDR_CACHE_KEY, macaddr);
//				session.setAttribute(AccessControl.MACHINENAME_CACHE_KEY, machineName);
				credential.getCheckCallBack().setUserAttribute(MACHINENAME_CACHE_KEY, machineName);
				String subsystem_id = request.getParameter(SUBSYSTEM_ID);
				if (subsystem_id == null || subsystem_id.equals(""))
					subsystem_id = getDefaultSUBSystemID();
				// 将用户登录的子系统模块名称添加到session中
				session.setAttribute(Framework.SUBSYSTEM, subsystem_id);
				// 添加用户的所有身份索引到session中
						session.setAttribute(PRINCIPAL_INDEXS, this.principal);
						// 添加用户的所有属性到session中
						session.setAttribute(CREDENTIAL_INDEXS, this.credential);
//				CheckCallBack.AttributeQueue attributeQueue = credential
//						.getCheckCallBack().getAttributeQueue();
				Map callBacks = credential.getCheckCallBack().getCallBacks();
					if (callBacks.size() > 0) {
						if (!flag) {
							flag = true;
						} else {
						boolean _flag = false;
						Iterator>  it = callBacks.entrySet().iterator();
						while (it.hasNext()) {
							if (!_flag) {
								_flag = true;
							} else {
							Entry entry =;
							Object attr =entry.getValue();


		flag = false;
//			log("enablecookie:" + enablecookie);
			if (enablecookie) {
				if (!flag) {
					flag = true;
				} else {
		if (enablecookie) {
			if (ssoCookie.length() > 0) {
				ssoCookie.insert(0, "encrypt=false" + HEAD_SPLIT);
		if (enablecookie) {

				DESCipher dd = new DESCipher();
				String sss = dd.encrypt(ssoCookie.toString());
				// 添加用户登录信息到客服端cookie中,以便实现单点登录
				log.debug("生成sso Cookie[" + PRINCIPALS_COOKIE + ","
						+ sss + "]");
				Cookie newCookie = new Cookie(PRINCIPALS_COOKIE,
				// 记录cookie
			catch(Exception e)

		FrameworkServlet.setSubSystemToCookie(response, userName, subsystem_id);
//		Cookie subsystemCookie = new Cookie(SUBSYSTEM_COOKIE + "_"
//				+ userName, subsystem_id);
//		subsystemCookie.setMaxAge(86400);
//		response.addCookie(subsystemCookie);
		// 记录cookie

		String operSource = this.getMachinedID();
		log_info("User[" + this.getUserAccount() + ","+ getUserName() + "] login from [" +operSource +"].session id is " + session.getId(),request);
		//"User[" + this.getUserAccount() + "," + getUserName() + "] login from [" +operSource +"].");
//		String serverIp = request.getServerName();
//		String serverport = request.getServerPort() + "";
//		session.setAttribute(SERVER_IP_KEY,serverIp);
//		session.setAttribute(SERVER_PORT_KEY,serverport);
//		if(recordonlineuser)
//		{
//			onlineUser.valueBound(session.getId(), getUserAccount(), machineIP,
//	//				request.getRemoteAddr(),
//					macaddr,machineName,serverIp,serverport);
//		}
		session.setAttribute("userAccount", this.getUserAccount());
		session.setAttribute("worknumber", this.getUserAttribute("userWorknumber"));
		// ------------登陆时保存用户日志信息
		if(enablelog && recordonlineuser)
			try {
				LogManager logMgr = SecurityDatabase.getLogManager();
				String userrelName = getUserName();
				String operContent = userName + "(" +userrelName + ")" + " 登陆["
						+ getCurrentSystemName() + "]";
				String openModle = "认证管理";

				logMgr.log(userName, operContent,
						openModle, operSource);
			} catch (SPIException e1) {
			} catch (Exception e) {

	 * 系统用户从Dreamweaver客服端登录接口
	 * 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式: loginMudleName + #$% +
	 * userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效 不记录用户的在线信息
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param userType
	 *            用户类型 0-标识外部用户,1-标识内部用户
	 * @return
	 * @throws AccessException

	public boolean logindw(HttpServletRequest request,
			HttpServletResponse response, String userName, String password,
			String userType) throws AccessException


		if(userType != null && !userType.equals(""))
			return logindw(request, response, userName, password,
					new String[] { userType });
			return logindw(request, response, userName, password,
	public String getRemoteAddr()
		String ip = null;
		if(this.credential != null)
			ip = (String)this.credential.getCheckCallBack().getUserAttribute(REMOTEADDR_CACHE_KEY);
		if(ip == null)
			return "";
		return ip;
	public String getMachinedID()
			return "";
		String machineID = this.getRemoteAddr() + "||" + this.getMacAddr() + "||" + this.getMachineName()
		return machineID;

	 * 系统用户从Dreamweaver客服端登录接口
	 * 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式: loginMudleName + #$% +
	 * userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效 不记录用户的在线信息
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param userType
	 *            用户类型 0-标识外部用户,1-标识内部用户
	 * @return
	 * @throws AccessException

	public boolean logindw(HttpServletRequest request,
			HttpServletResponse response, String userName, String password)
			throws AccessException


		return logindw(request, response, userName, password,
				(String[] )null);

	 * 系统用户从Dreamweaver客服端登录接口
	 * 目前的ssoCookie未加密,将来需实现ssoCookie的加密处理,用户的信息cookie格式: loginMudleName + #$% +
	 * userName 不同身份信息之间以^_^分隔,例如
	 * loginMudleName#$%userName^_^loginMudleName1#$#userName1^|^loginModuleName@|@name1=value1@~@name=value
	 * 属性列表: ssoCookie在登录时创建,将作为令牌在门户中的各应用系统之间传递的,从而实现单点登录。
	 * 当用户关闭浏览器或者退出登录时,ssoCookie自动失效 不记录用户的在线信息
	 * @param request
	 * @param response
	 * @param userName
	 * @param password
	 * @param userType
	 *            用户类型 0-标识外部用户,1-标识内部用户
	 * @return
	 * @throws AccessException

	public boolean logindw(HttpServletRequest request,
			HttpServletResponse response, String userName, String password,
			String[] userTypes) throws AccessException


		UsernamePasswordCallbackHandler callbackHandler = new UsernamePasswordCallbackHandler(
				userName, password, userTypes,request,response);

		this.request = request;
		this.response = response;
		session = request.getSession(false);
		try {
			if(session != null)
				session.setAttribute(AccessControl.SESSIONID_FROMCLIENT_KEY, new Boolean(true));
			return true;
		} catch (LoginException ex) {
//			principalIndexs = null;
//			credentialIndexs = null;
			throw new AccessException(ex.getMessage());
		catch (Exception ex) {
//			principalIndexs = null;
//			credentialIndexs = null;
			throw new AccessException(ex.getMessage());

	 * 用户修改密码时,同步session中保存的用户密码
	 * @param newPassword
	 *            String
	public void refreshPassword(String newPassword) {
		if (this.getUserAttribute("password") != null) {

	 * 修改用户密码时同步用户邮箱帐号的密码
	 * @param userEmail
	 *            String 用户邮箱帐号
	 * @param newPassword
	 *            String 新密码
	public static void updateMailPassword(String userEmail, String newPassword) {
		/**String mailValidata = ConfigManager.getInstance().getConfigValue(
		if (mailValidata != null && mailValidata.equals("1")) {
			String url = "http://"
					+ ConfigManager.getInstance().getConfigValue("mailServer")
					+ "/creator_changepw.asp?username=" + userEmail + "&pw1="
					+ newPassword;
			com.frameworkset.platform.synchronize.httpclient.ApachePostMethodClient client = new com.frameworkset.platform.synchronize.httpclient.ApachePostMethodClient(
			try {
				String clientResponse = client.sendRequest();
			} catch (Exception ex) {

			} finally {
				client = null;

	 * 检查用户是否登录,如果没有登录,系统将跳转的登录页面 检查用户是否有权限,如果没有权限访问本页面将跳转的权限检测失败页面
	public boolean checkAccess(HttpServletRequest request,
			HttpServletResponse response) {
		AccessControl c = AccessControl.getAccessControl();
			return false;
			this.request = c.getRequest();
			this.response = c.getResponse();		
			this.session = c.getSession();			
			// 添加用户的所有属性到session中
			this.principal = c.principal;
			this.credential = c.credential;
			if(this.principal != null)
				this.subject = new Subject();
			return true;
//		boolean isLogin = checkAccess(request, response, null, true);
//		//modify by jianfeng 20090909
////		if (!isLogin){			
////			throw new SessionTimeoutExcetpion();
////		}
////		return true;
//		return isLogin;
	 * 检测当前登陆用户是否是管理员或者拥有超级管理员角色
	public boolean checkManagerAccess(HttpServletRequest request,
			HttpServletResponse response) {
		boolean success = checkAccess(request, response);
			return false;
		if(isAdmin() || isOrgManager(getUserAccount())){
			return true;
			return false;
	 * 检测当前登陆用户是否是管理员
	public boolean checkAdminAccess(HttpServletRequest request,
			HttpServletResponse response) {
		boolean success = checkAccess(request, response);
			return false;
			return true;
			return false;
	 * 检查用户是否登录,如果没有登录,系统将跳转的登录页面 检查用户是否有权限,如果没有权限访问本页面将跳转的权限检测失败页面
	public boolean checkAccess(String[] needUserTypes,HttpServletRequest request,
			HttpServletResponse response) {
		return checkAccess( needUserTypes,  request,
				 response, null,true,null);

	 * 检查用户是否登录,如果没有登录系统将跳转到redirectPath指定的页面,如果redirectPath为null或者为""
	 * 将缺省地跳转到配置文件config-manager.xml中指定的登录页面。 重定向规则如下:
	 * 重定项之前首先检查response的状态,如果状态为commited则不跳转,直接返回。
	 * 如果commited为false再对参数标识的页面地址进行处理,处理方法如下:
	 * 如果redirectPath的第一个字符为"/"或者"\\",并且路径中没有包含应用的contextPath时,
	 * 本方法通过处理将contextPath追加在redirectPath之前,然后跳转到处理过的页面地址。
	 * 否则不进行处理,直接跳转到redirectPath对应的页面。
	 * @param request
	 * @param response
	 * @param redirectPath
	 * @return
	public boolean checkAccess(HttpServletRequest request,
			HttpServletResponse response, String redirectPath) {
		return checkAccess(request, response, null, true, redirectPath);

	 * 检查用户是否登录
	public boolean checkAccess(HttpServletRequest request,
			HttpServletResponse response, boolean protect) {
		return checkAccess(request, response, null, protect);

	public boolean checkAccess(HttpServletRequest request,
			HttpServletResponse response, JspWriter out, boolean protect) {

		return checkAccess(request,
				response, out, protect,


	 * 判断当前登录的用户类型是否与要求的用户类型一致,一致返回true,否则返回false
	 * @param userType
	 * @return
	private boolean checkUserType(String[] userTypes) {
		if(userTypes == null || userTypes.length == 0)
			return true;
		Credential dd = this.credential;
		String _userType = (String) dd.getCheckCallBack().getUserAttribute(
		if (_userType != null && !_userType.equals("")) {
			StringBuffer b = new StringBuffer();
			for(int i = 0; i < userTypes.length; i ++)
				String userType = userTypes[i];
				if (userType != null && _userType.equals(userType)) {
					return true;
			log.debug("用户类型不一致,访问当前模块需要的类型为[needType=" + b.toString()
					+ "],但是用户的类型为[userType=" + _userType + "]");
			return false;

		return true;

	 * 检测当前访问系统的用户是否登录过系统,并且该用户的类型必须是给定的userType类型, 否则将不允许用户访问请求的资源,并跳转到登录页面
	 * @param userType
	 *            用户类型
	 * @param request
	 * @param response
	 * @param out
	 * @param protect
	 * @deprecated 请参考方法 checkAccess(String userType,HttpServletRequest request,
	 *             HttpServletResponse response)
	 * @return
	public boolean checkAccess(String userType, HttpServletRequest request,
			HttpServletResponse response, JspWriter out) {
		return checkAccess(new String[] {userType}, request,response, out,null);


	 * 检测当前访问系统的用户是否登录过系统,并且该用户的类型必须是给定的userType类型, 否则将不允许用户访问请求的资源,并跳转到登录页面
	 * @param userType
	 *            用户类型
	 * @param request
	 * @param response
	 * @param protect
	 * @return
	public boolean checkAccess(String userType, HttpServletRequest request,
			HttpServletResponse response) {

		return checkAccess(userType, request, response, (JspWriter) null);

	public boolean checkAccess(HttpServletRequest request,
			HttpServletResponse response, JspWriter out, boolean protect,
			boolean abc) {
		return this.checkAccess( request,response,out,  protect);

	public boolean checkAccess(HttpServletRequest request,
			HttpServletResponse response, JspWriter out, boolean protect,
			String redirectPath) {

		return checkAccess(null,  request,
				 response,  out, protect, redirectPath);


	 * 当前访问系统的用户是否登录过系统,并且该用户的类型必须是给定的userType类型,
	 * 否则将不允许用户访问请求的资源,并跳转到redirectPath对应的页面
	 * @param userType
	 * @param request
	 * @param response
	 * @param redirectPath
	 * @return
	public boolean checkAccess(String userType, HttpServletRequest request,
			HttpServletResponse response, String redirectPath) {
		return this.checkAccess(new String[] {userType}, request, response, null,redirectPath);

	public boolean checkAccess(String[] userType, HttpServletRequest request,
			HttpServletResponse response, JspWriter out,String redirectPath) {
		return checkAccess(userType,  request,
				 response,  out,true, redirectPath);
	private  boolean unprotectedCheck(String redirectPath,String[] userTypes)
			this.principal = (Principal) session.getAttribute(PRINCIPAL_INDEXS);
			// 添加用户的所有属性到session中
			this.credential = (Credential) session.getAttribute(CREDENTIAL_INDEXS);
			if (this.principal != null) {
//			String sessionid = (String)session.getAttribute(SESSIONID_CACHE_KEY);
//			Boolean fromclient =  (Boolean)session.getAttribute(SESSIONID_FROMCLIENT_KEY);
	//		if (principal != null
	//				&& (fromclient == null && !onlineUser.existUser(principal.getName(), sessionid))) {
	//			if(redirectPath == null || redirectPath.equals(""))
	//			{					
	//				this.logoutwithalt_(null, null,true, true,"kickout") ;
	//			}
	//			else
	//			{
	////				this.logout(redirectPath);
	//				this.logoutwithalt_(redirectPath, null,true, true,"kickout") ;
	//			}
	//			return false;
	//		}
	//		/**
	//		 * 检查当前用户的类型是否在被允许的范围内,不允许则跳转到相应的页面
	//		 */
	//		if (!checkUserType(userTypes))
	//		{
	//			if(redirectPath == null || redirectPath.equals(""))
	//			{
	//				this.redirect();
	//			}
	//			else
	//			{
	//				redirect(request, response, redirectPath);
	//			}
	//			return false;
	//		}
		catch(Exception e)
//			if(redirectPath == null || redirectPath.equals(""))
//			{
//				this.redirect();
//			}
//			else
//			{
//				redirect(request, response, redirectPath);
//			}
			return false;
		if(this.principal != null)
			return true;
			return false;
	private boolean innerRedirect(String redirectPath)
//		if (ConfigManager.getInstance().securityEnabled()) 
			if(redirectPath == null || redirectPath.equals(""))
				redirect(request, response, redirectPath);
		return false;
	private boolean innerLogout(String redirectPath,String kickmode)
		if(redirectPath == null || redirectPath.equals(""))
			this.logoutwithalt_(null, null,true, true,kickmode) ;
//			this.logout(redirectPath);
			this.logoutwithalt_(redirectPath, null,true, true,kickmode) ;

		return false;
	private static void log(String msg,HttpServletRequest request)
		Date date = new java.util.Date() ; 
		if(request != null)
			String remoteip = StringUtil.getClientIP(request);
//			System.err.println(date + "===============================================");
//			Exception e = new Exception("date["+ date +"] [remoteip=" + remoteip + "] " +msg);
//			e.printStackTrace();
			log.debug("date["+ date +"] [remoteip=" + remoteip + "] " +msg);
//			System.err.println(date +"================================================");
//			System.err.println(date + "===============================================");
			Exception e = new Exception("date["+ date +"] [remoteip=null] " +msg);
//			System.err.println("date["+ date +"] [remoteip=null] " +msg);
//			System.err.println(date +"================================================");
	private static void log_info(String msg,HttpServletRequest request)
		Date date = new java.util.Date() ; 
		if(request != null)
			String remoteip = StringUtil.getClientIP(request);
//			System.err.println(date + "===============================================");
//			Exception e = new Exception("date["+ date +"] [remoteip=" + remoteip + "] " +msg);
//			e.printStackTrace();
			log.debug("date["+ date +"] [remoteip=" + remoteip + "] " +msg);
//			System.err.println(date +"================================================");
//			System.err.println(date + "===============================================");
//			Exception e = new Exception("date["+ date +"] [remoteip=null] " +msg);
//			e.printStackTrace();
			log.debug("date["+ date +"] [remoteip=null] " +msg);
//			System.err.println(date +"================================================");
	 * 检测到用户未登陆时进行相应的处理
	 * 返回值说明ret:
	 * 0: 继续执行,无意义
	 * 1:返回false
	 * 2: 返回true,客服端登陆成功
	 * @return
	private int unlogincheck()
		String OUT_useraccount = request.getParameter(OUTER_USER_ACCOUNT_KEY);
		String OUT_userpassord = request.getParameter(OUTER_USER_PASSWORD_KEY);
		int ret = 0;
		 * 判断用户是否从外部系统访问bs系统,如果不是则从cookie中获取用户登录信息,
		 * 如果是则获取外部用户信息进行登录操作,如果用户登录成功则允许访问系统,否则不允许
		if (OUT_useraccount == null || OUT_useraccount.equals("")) {
			// 启用了系统安全性、或者启用了页面保护、或者启用了sso机制,则尝试从cookie中恢复用户信息
			boolean enablecookie = enablecookie();
//			log("enablecookie:" + enablecookie,request);
			if (enablecookie) {
				Cookie[] cookies = request.getCookies();
				int idx = 0;
				boolean flag = false;
				for (int i = 0; cookies != null && i < cookies.length; i++) {

					if (cookies[i].getName().equals(PRINCIPALS_COOKIE)) {

						flag = true;
						idx = i;
				if (!flag) {
//					return innerRedirect(redirectPath);
					ret = 1;
					return ret;

				String ssoCookie = cookies[idx]
					DESCipher dd = new DESCipher();
					ssoCookie = dd.decrypt(ssoCookie);
				catch(Exception e)
				CookieUtil cookieUtil = new CookieUtil();
				Object[] messages = cookieUtil.refactorPricipal(ssoCookie);

				if (messages != null) {
					this.principal = (Principal) messages[0];
					this.credential = (Credential) messages[1];
					subject = new Subject();
					// 添加用户的所有身份索引到session中
					session.setAttribute(PRINCIPAL_INDEXS, principal);
					// 添加用户的所有属性到session中
					session.setAttribute(CREDENTIAL_INDEXS, credential);
					ret = 3;
					return ret;

				} else {
//					return innerRedirect(redirectPath);
					ret = 1;
					return ret;
			} else {
//				return innerRedirect(redirectPath);
				ret = 1;
				return ret;
		else // 客服端登陆系统
			try {
				boolean su = this.logindw(request, response, OUT_useraccount,
				if (!su) {
//					return innerRedirect(redirectPath);
					ret = 4;
					return ret;
//				return su;
					ret = 2;
					return ret;

			} catch (AccessException e) {

//				return innerRedirect(redirectPath);
				ret = 1;
				return ret;
//	public static String serverid;
//	public static String getServerID(String filePath)
//	{
//		if(serverid == null)
//		{
//			String localpath = filePath;
//			try {
//				BufferedReader reader = new BufferedReader(new FileReader(localpath));
//				serverid = reader.readLine().trim();
//				return serverid;
//			} catch (FileNotFoundException e) {
//				// TODO Auto-generated catch block
//				e.printStackTrace();
//			}
//			//request.getRealPath("/ServerID.txt");
//			catch (IOException e) {
//						// TODO Auto-generated catch block
//						e.printStackTrace();
//					}
//		}
//		return serverid;
//	}
	public String getParameters(HttpServletRequest request)
		java.util.Enumeration enums =  request.getParameterNames();
		StringBuffer sb = new StringBuffer(100);
		boolean flag = false;
			String key = (String)enums.nextElement();
			String value = (String)request.getParameter(key);
				flag = true;
		return sb.toString();
	public boolean checkAccess(String[] userTypes, HttpServletRequest request,
			HttpServletResponse response, JspWriter out,boolean protect,String redirectPath) {		
		this.request = request;
		this.response = response;		
		// this.out = out;

//		System.out.println("session is " + session.isNew());
		this.session = this.request.getSession(false);
		String sessionid = null;
		if(session != null)
			sessionid = session.getId();
//		log("checkAccess ,puid["+ puid+"] sessionid["+ sessionid +"] ["+ request.getRequestURI() + this.getParameters(request) +"] ." ,request);
//		log("checkAccess puid["+ puid+"],Localid["+ LocalServerPort+"] " ,request);
		if(session == null)
//			String puid = request.getParameter("uid");
//			String LocalServerPort = request.getServerPort() + "";
				log("Session is null, Check page["+ request.getRequestURI() + this.getParameters(request) +"] will go to "+pathloginPage+"." ,request);
				return innerRedirect(redirectPath);
				return false;
//		if(this.session.isNew()){	
//			log("session is new, Check page["+ request.getRequestURI() +
//					"] session id is:"+this.session.getId(),request );
//		}
		// onlineUser =
		// (OnLineUser)session.getServletContext().getAttribute("onlineUser");
		if (!protect) {
			return unprotectedCheck(redirectPath,userTypes);
		principal = (Principal) session.getAttribute(PRINCIPAL_INDEXS);
		// 添加用户的所有属性到session中
		credential = (Credential) session.getAttribute(CREDENTIAL_INDEXS);
		if (principal == null ) // 如果没有当前用户的会话信息,则判断cookie中是否有当前用户的登录信息
			int ret = unlogincheck();
			if(ret == 1) //无cookie,或者客服端登陆失败
				boolean isNew = false;
					isNew = session.isNew();
					log(" Check page["+ request.getRequestURI() + this.getParameters(request) + "]:  No user logon  will go to "+pathloginPage+".session id is " + sessionid + " and new is " + isNew,request);
				catch(Exception e)
					log(" Check page["+ request.getRequestURI() + this.getParameters(request) +"]:  No user logon  will go to "+pathloginPage+".session id is " + sessionid + " and get session status failed: " + e.getMessage(),request);
				return innerRedirect(redirectPath);
			else if(ret == 4)
				log("Check page["+ request.getRequestURI() + this.getParameters(request) +"]: CS client user logon failed, will go to "+pathloginPage+".session id is " + sessionid,request);
				String redirecttarget = "_self";
				return false;
//				return innerRedirect(redirectPath);
			else if(ret == 2) //CS客服端登录成功
				return true;
			else if(ret == 3) //从cookie中读取用户会话信息成功
				log(" Check page["+ request.getRequestURI() + this.getParameters(request) +"]: \r\n\tUser not logon ,but Get user info from cookie successed continue login.session id is " + sessionid,request);
				log(" Check page["+ request.getRequestURI() + this.getParameters(request) +"]: \r\n\tUser not logon ,Will go to "+pathloginPage+".session id is " + session.getId()+ " and new is " + session.isNew(),request);
				return innerRedirect(redirectPath);
			this.subject = new Subject();
//		else // 如果有已经登陆会话信息,直接获取用户的会话信息
//			// mmmm
//			String sessionid_ = (String)session.getAttribute(SESSIONID_CACHE_KEY);
//			Boolean fromclient =  (Boolean)session.getAttribute(SESSIONID_FROMCLIENT_KEY);
			if (this.credential != null) {
				log("Check page["+ request.getRequestURI() +"]: \r\n\tUser[" + principal + "]'s credentialIndexs not exist,Will go to id is " + sessionid,request);
				return this.innerRedirect(redirectPath);
//			if (principal != null
//					&& (fromclient == null && !onlineUser.existUser(principal.getName(), sessionid_))) {
//				return innerLogout(redirectPath,"kickout");
//			}
//			if (this.principalIndexs != null) {
//			// mmmm
//			String sessionid = (String)session.getAttribute(SESSIONID_CACHE_KEY);
//			Boolean fromclient =  (Boolean)session.getAttribute(SESSIONID_FROMCLIENT_KEY);
//			if (principal != null
//					&& (fromclient == null && !onlineUser.existUser(principal.getName(), sessionid))){
//				return innerLogout(redirectPath,"kickout");
//			}
			 * 检查当前用户的类型是否在被允许的范围内,不允许则跳转到相应的页面
//			if (!checkUserType(userTypes))
//			{
//				return this.innerRedirect(redirectPath);
//			}
//			} else {
//				return this.innerRedirect(redirectPath);
//			}
			return true;



	 * 当前访问系统的用户是否登录过系统,并且该用户的类型必须是给定的userType类型,
	 * 否则将不允许用户访问请求的资源,并跳转到redirectPath对应的页面
	 * @param userType
	 * @param request
	 * @param response
	 * @param out
	 * @param redirectPath
	 * @deprecated 请参考方法 checkAccess(String userType,HttpServletRequest request,
	 *             HttpServletResponse response, String redirectPath)
	 * @return
	public boolean checkAccess(String userType, HttpServletRequest request,
			HttpServletResponse response, JspWriter out, String redirectPath) {
		return checkAccess(new String[] {userType}, request,
				response, out, redirectPath);


	 * 检查用户是否有访问系统的权限
	public boolean checkAccess(PageContext pageContext, boolean protect) {
		return checkAccess((HttpServletRequest) pageContext.getRequest(),
				(HttpServletResponse) pageContext.getResponse(), null, protect);

	 * 重定向到相关的页面 重定项之前首先检查response的状态,如果状态为commited则不跳转,直接返回。
	 * 如果commited为false再对参数标识的页面地址进行处理,处理方法如下:
	 * 如果redirectPath的第一个字符为"/"或者"\\",并且路径中没有包含应用的contextPath时,
	 * 本方法通过处理将contextPath追加在redirectPath之前,然后跳转到处理过的页面地址。
	 * 否则不进行处理,直接跳转到redirectPath对应的页面。
	 * @param request
	 * @param response
	 * @param redirectPath

	public static void redirect(HttpServletRequest request,
			HttpServletResponse response, String redirectPath) {
		if (redirectPath == null || redirectPath.trim().equals("")) {
			redirectPath = ConfigManager.getInstance().getLoginPage();
		if (redirectPath == null || redirectPath.trim().equals(""))
			redirectPath = "/";
		try {

			// 如果response已经提交过,则不执行重定向操作,否则执行
			if (!response.isCommitted()) {
				String t_redirectPath = StringUtil.getRealPath(request,

		} catch (IOException e) {

	 * 重定向到相关的页面 重定项之前首先检查response的状态,如果状态为commited则不跳转,直接返回。
	 * 如果commited为false再对参数标识的页面地址进行处理,处理方法如下:
	 * 如果redirectPath的第一个字符为"/"或者"\\",并且路径中没有包含应用的contextPath时,
	 * 本方法通过处理将contextPath追加在redirectPath之前,然后跳转到处理过的页面地址。
	 * 否则不进行处理,直接跳转到redirectPath对应的页面。
	 * @param request
	 * @param response
	 * @param redirectPath
	 * @param redirecttarget

	public static void redirect(HttpServletRequest request,
			HttpServletResponse response, String redirectPath,
			String redirecttarget) {
				 response,  redirectPath,

	public static void redirect(HttpServletRequest request,
			HttpServletResponse response, String redirectPath,
			String redirecttarget,boolean _alertMsg) {
		if (redirectPath == null || redirectPath.trim().equals("")) {
			redirectPath = ConfigManager.getInstance().getLoginPage();
		if (redirectPath == null || redirectPath.trim().equals(""))
			redirectPath = "/";

		if (redirecttarget == null || redirecttarget.trim().equals(""))
			redirecttarget = "top";

		try {
			// 如果response已经提交过,则不执行重定向操作,否则执行
			if (!response.isCommitted()) {
				StringBuffer url = new StringBuffer(request.getContextPath());
				url.append("/" )
				.append( LOGOUT_REDIRECT)
						.append("?_redirectPath=" )
						.append( StringUtil.encode(redirectPath))
						.append( "&_redirecttarget=" )
						.append( redirecttarget)						
					url.append( "&_alertMsg=true");

		} catch (IOException e) {


	private void redirect(boolean _alertMsg) {

		try {
			// 如果response已经提交过,则不执行重定向操作,否则执行
			if (response != null && !response.isCommitted()) {
				StringBuffer url = new StringBuffer(request.getContextPath());
				.append(StringUtil.encode(request.getContextPath() + "/"
						+ loginPage) );
					url.append( "&_alertMsg=true");
//				{
//					MemTokenManager memTokenManager = org.frameworkset.web.token.MemTokenManagerFactory.getMemTokenManagerNoexception();
//					if(memTokenManager != null)//如果开启令牌机制就会存在memTokenManager对象,否则不存在
//					{
//						url.append("&").append(MemTokenManager.temptoken_param_name).append("=").append(memTokenManager.buildDToken(request));
//					}
//				}


		} catch (IOException e) {

	private void redirect() {


	private void redirectManager(HttpServletRequest request,HttpServletResponse response,String redirectPath) {
		try {
			if (response != null && !response.isCommitted()) {
				StringBuffer url = new StringBuffer(request.getContextPath());

		} catch (IOException e) {
		} catch(Exception e){


	 * 检查用户是否有访问系统的权限
	public boolean checkAccess(HttpSession session) {
		this.session = session;
		// onlineUser =
		// (OnLineUser)session.getServletContext().getAttribute("onlineUser");
		principal  = (Principal) session.getAttribute(PRINCIPAL_INDEXS);
		// 添加用户的所有属性到session中
		credential  = (Credential) session.getAttribute(CREDENTIAL_INDEXS);

		return true;

	 * 检查用户是否有访问系统的权限
	public boolean checkAccess(PageContext pageContext) {
		return this.checkAccess((HttpServletRequest)pageContext.getRequest(), (HttpServletResponse)pageContext.getResponse());
//		return this.checkAccess(pageContext, true);

	 * 检查权限接口
	 * @param pageContext
	 *            PageContext
	 * @param resourceID
	 *            String
	 * @return boolean
	public boolean checkPermission(PageContext pageContext, String resourceID,
			String action) {
		// onlineUser = (OnLineUser)pageContext.getAttribute("onlineUser");
		if (!ConfigManager.getInstance().securityEnabled())
			return true;
		else {

			this.request = (HttpServletRequest) pageContext.getRequest();
			this.response = (HttpServletResponse) pageContext.getResponse();
			// this.out = pageContext.getOut();
			this.session = request.getSession(false);
			if(session == null)
				log("Check Permission failed: session is null.",request);
				return false;
			this.principal  = (Principal) session.getAttribute(PRINCIPAL_INDEXS);
			this.credential  = (Credential) session
			String resourceType = ConfigManager.getInstance().getResourceInfo()

			return checkPermission( resourceID, action,resourceType);

	 * 检查用户userAccount是否拥有资源resourceId的操作action的权限
	 * @param pageContext
	 *            PageContext
	 * @param resourceID
	 *            String
	 * @return boolean
	public static boolean checkPermission(Principal principal,
			String resourceID, String action) {
		return checkPermission(principal, resourceID, action, null);

	 * 检查用户userAccount是否拥有资源resourceId的操作action的权限
	 * @param pageContext
	 *            PageContext
	 * @param resourceID
	 *            String
	 * @return boolean
	public static boolean checkPermission(Principal principal,
			String resourceID, String action, String resourceType) {

		if (resourceType == null)
			resourceType = ConfigManager.getInstance().getResourceInfo()
		String userID = ((AuthPrincipal)principal).getUserID();
		if(userID == null)
			userID = AccessControl.getUserIDByUserAccount(principal.getName());
		if (ROLE_RESOURCE.equalsIgnoreCase(resourceType)) // 判断角色是否当前用户创建,如果是当前用户创建则拥有该角色的全部操作权限
			if (isAdmin(principal.getName()))
				return true;
			Role role = RoleCacheManager.getInstance().getRoleByID(resourceID);
			if (role != null) {
				if (userID.equals(role.getOwner_id() + ""))
					return true;


		else if (JOB_RESOURCE.equalsIgnoreCase(resourceType)) {// 判断岗位是否当前用户创建,如果是当前用户创建则拥有该岗位的全部操作权限
			if (isAdmin(principal.getName()))
				return true;
			try {
				boolean state = JobManagerImpl.isJobCreatorByUserId(userID, resourceID);
				if (state) {
					return true;
			} catch (ManagerException e) {

		else if (GROUP_RESOURCE.equalsIgnoreCase(resourceType)) // 判断用户组是否当前用户创建,如果是当前用户创建则拥有该用户组的全部操作权限
			if (isAdmin(principal.getName()))
				return true;
			Group group = GroupCacheManager.getInstance().getGroupByID(
			if (group != null) {
				if (userID.equals(group.getOwner_id() + ""))
					return true;

		boolean ret = AppSecurityCollaborator.getInstance().checkAccess(principal,
				resourceID, action, resourceType);
		return ret;

	public static String getUserIDByUserAccount(String userAccount) {
		try {
			UserManager um = SecurityDatabase.getUserManager();
			User user = um.getUserByName(userAccount);
			if (user == null)
				return "";
			return user.getUserId() + "";
		} catch (SPIException e) {
			// TODO Auto-generated catch block
		} catch (ManagerException e) {
			// TODO Auto-generated catch block
		return "";


	public static String getUserAccountByUserID(String usrID) {
		try {
			UserManager um = SecurityDatabase.getUserManager();
			User user = um.getUserById(usrID);
			if (user == null)
				return "";
			return user.getUserName() + "";
		} catch (SPIException e) {
			// TODO Auto-generated catch block
		} catch (ManagerException e) {
			// TODO Auto-generated catch block
		return "";

	public static String getUserAccounByWorknumberOrUsername(String worknumberOrUsername) {
		try {
//			UserManager um = SecurityDatabase.getUserManager();
//			User user = um.getUserByWorknumberOrUsername(worknumberOrUsername);
			CheckCallBack  user = UserCacheManager.getInstance().getUser(worknumberOrUsername);
			if(user == null)
				user = UserCacheManager.getInstance().getUserByWorkNo(worknumberOrUsername);
			if (user == null)
				return "";
			return (String)user.getUserAttribute("userAccount");
		} catch (Exception e) {
			// TODO Auto-generated catch block
		return "";


	 * 检查用户userAccount是否拥有资源resourceId的操作action的权限
	 * @param pageContext
	 *            PageContext
	 * @param resourceID
	 *            String
	 * @return boolean
	public static boolean checkPermission(String useraccount,
			String resourceID, String action, String resourceType) {
		Principal principal = new AuthPrincipal(useraccount, null, null);
		return checkPermission(principal,
				 resourceID,  action,  resourceType);

	 * 检查用户userAccount是否拥有资源resourceId的操作action的权限
	 * @param pageContext
	 *            PageContext
	 * @param resourceID
	 *            String
	 * @return boolean
	public static boolean checkPermissionByUserID(String userID,
			String resourceID, String action, String resourceType) {
		String useraccount = AccessControl.getUserAccountByUserID(userID);

		Principal principal = new AuthPrincipal(useraccount,  null,userID);
		return checkPermission(principal,
				 resourceID,  action,  resourceType);

	 * 检测当前系统用户是否拥有访问资源的权限
	 * @param resourceID
	 * @param action
	 * @param resourceType
	 * @return
	public boolean checkPermission(String resourceID, String action,
			String resourceType) {
		return checkPermission( resourceID,  action,
				 resourceType,  false,  null);

	 * 检测当前系统用户是否拥有访问资源的权限
	 * @param resourceID
	 * @param action
	 * @param resourceType
	 * @return
	public boolean checkURLPermission(String uri) {

		return AppSecurityCollaborator.getInstance().getPermissionTokenMap().checkUrlPermission(uri);

	 * 检测当前系统用户是否拥有访问资源的权限,如果没有则跳转到权限提示页面 否则允许用户访问当前资源
	 * 根据条件redirect决定是否跳转,true表示跳转,false表示不跳转
	 * @param resourceID
	 * @param action
	 * @param resourceType
	 * @param redirect
	 * @return
	public boolean checkPermission(String resourceID, String action,
			String resourceType, boolean redirect) {
		return checkPermission( resourceID,  action,
				 resourceType,  redirect,  null);

	 * 检测当前系统用户是否拥有访问资源的权限,如果没有则跳转到权限提示页面 否则允许用户访问当前资源
	 * 根据条件redirect决定是否跳转,true表示跳转,false表示不跳转
	 * @param resourceID
	 * @param action
	 * @param resourceType
	 * @param redirect
	 * @return
	public boolean checkPermission(String resourceID, String action,
			String resourceType, boolean redirect, String redirectPath) {
		//如果使用新版系统管理注释掉机构资源的判断    org_org
				return true;
				return true;
			else if(action.equals(READ_PERMISSION))//如果当前用户是resourceID对应的机构的下级机构的管理员,可以进行读操作
					return true;

		if (ROLE_RESOURCE.equalsIgnoreCase(resourceType)) // 判断角色是否当前用户创建,如果是当前用户创建则拥有该角色的全部操作权限
			if (this.isAdmin())
				return true;
			Role role = RoleCacheManager.getInstance().getRoleByID(resourceID);
			if (role != null) {
				if (this.getUserID().equals(role.getOwner_id() + ""))
					return true;


		else if (JOB_RESOURCE.equalsIgnoreCase(resourceType)) {// 判断岗位是否当前用户创建,如果是当前用户创建则拥有该岗位的全部操作权限
			if (this.isAdmin())
				return true;
			try {
				boolean state = JobManagerImpl.isJobCreatorByUserId(this
						.getUserID(), resourceID);
				if (state) {
					return true;
			} catch (ManagerException e) {

		else if (GROUP_RESOURCE.equalsIgnoreCase(resourceType)) // 判断用户组是否当前用户创建,如果是当前用户创建则拥有该用户组的全部操作权限
			if (this.isAdmin())
				return true;
			Group group = GroupCacheManager.getInstance().getGroupByID(
			if (group != null) {
				if (this.getUserID().equals(group.getOwner_id() + ""))
					return true;



		boolean ret =  AppSecurityCollaborator.getInstance().checkAccess(principal,
				resourceID, action, resourceType);
		if (!ret && redirect) {
			log("permission check failed,will go to " + redirectPath + "/" + authorfailedPage,request);
			// try {
			if (redirectPath == null || redirectPath.trim().equals(""))
				redirectPath = "/" + authorfailedPage;
			redirect(request, response, redirectPath);
		return ret;

	 * 登出系统,通过redirected参数控制是否跳转
	 * @param redirected
	public void logout(boolean redirected) {
		logout(redirected, true);

	 * 释放所有的session中的系统资源
	private static void releaseSession(HttpSession session) {
//		try
//		{
//			session.removeAttribute(AccessControl.PRINCIPAL_INDEXS);
//			session.removeAttribute(REMOTEADDR_CACHE_KEY);
//			session.removeAttribute(MACADDR_CACHE_KEY);
//			session.removeAttribute(SESSIONID_CACHE_KEY);
//			// 添加用户的所有属性到session中
//			session.removeAttribute(CREDENTIAL_INDEXS);
//			session.removeAttribute(SERVER_IP_KEY);
//			session.removeAttribute(SERVER_PORT_KEY);
//			session.removeAttribute(Framework.SUBSYSTEM);
//			session.removeAttribute(AccessControl.SESSIONID_FROMCLIENT_KEY);
//		}
//		catch(Exception e)
//		{
//			e.printStackTrace();
//		}

	public boolean enablecookie()
		return ConfigManager.getInstance().isSecuritycookieenabled()
		&& (ConfigManager.getInstance().securityEnabled() || ConfigManager

	 * 用户从dreamweaver客户端退出系统,不重定向系统

	public void logoutdw() {

		// LoginContext loginContext = (LoginContext) session
		// .getAttribute(LOGINCONTEXT_CACHE_KEY);

		try {
			if(session == null)
			Principal principals = (Principal) session.getAttribute(PRINCIPAL_INDEXS);

			if (principals == null) {


			log("Check page["+ request.getRequestURI() +"]: User[" + this.getUserAccount() + "] logout from cs client。session id is " + session.getId(),request);
			String userAccount = this.getUserAccount();
			// 清除cookie;
//			if (this.enablecookie()) {
////				String subsystemcookieid = SUBSYSTEM_COOKIE + "_" + userAccount;
//				Cookie[] cookies = request.getCookies();
//				for (int i = 0; cookies != null && i < cookies.length; i++) {
//					if (cookies[i].getName().equals(PRINCIPALS_COOKIE)) {
//						// 设置cookie一秒后失效
//						cookies[i].setMaxAge(1);
//						response.addCookie(cookies[i]);
//					} 
////					else if (cookies[i].getName()
////							.equals(subsystemcookieid)) {
////						cookies[i].setMaxAge(1);
////						response.addCookie(cookies[i]);
////					}
//				}
//			}
			// 使session失效
			// session.removeAttribute(LOGINCONTEXT_CACHE_KEY);
			String machineID = getMachinedID();
			// onlineUser.valueUnbound(session.getId(),getUserAccount(),
			// request.getRemoteAddr());
			String userName = this.getUserName();
			String userId = this.getUserID();
			// System.out.println("session:" + session);
			// ------------退出时保存用户日志信息
			try {
				LogManager logMgr = SecurityDatabase.getLogManager();
				String operContent = userName + "[" + userId + "]"
						+ " 从客户端退出系统";
				String operSource = machineID;
				String openModle = "认证管理";

				logMgr.log(userAccount, operContent,
						openModle, operSource);
			} catch (SPIException e1) {
			} catch (ManagerException e) {

			// // -------------------
			// // 跳转到登录页面
			// if (redirected)
			// redirect();
		 catch (Exception ex) {
			log.debug("Logout from dreamweaver client failed:" + ex.getMessage());

	 * 用户登录退出
	 * @param redirected
	 *            重定向控制开关
	 * @param enablelog
	 *            日志控制开关

	public void logout(boolean redirected, boolean enablelog) {

		logout(null, null,redirected, enablelog);


	 * 如果系统没有正常退出系统,强制用户退出,当session实效之前, 如果用户还没有退出,调用该方法强制当前用户退出系统
	 * @param pageContext
	 *            PageContext
	public static void logoutdirect(HttpSession session) {

//			log("Enter logoutdirect from session destroyed event.   session id is:"+session.getId(),null);
			Principal principal_ = (Principal) session.getAttribute(PRINCIPAL_INDEXS);
			if (principal_ == null) {	
				log("Unknowken user logoutdirect from session destroyed event.",null);
//			String address = (String) session
//			.getAttribute(AccessControl.REMOTEADDR_CACHE_KEY);
			log_info("User[" + principal_ + "] logoutdirect from session destroyed event.session id is "+session.getId(),null);
			try {
				String userName = principal_.getName();
//				LoginContext loginContext = new LoginContext(subject);
//				loginContext.logout();
				// session.removeAttribute(LOGINCONTEXT_CACHE_KEY);
				if (userName == null) {
//				onlineUser.valueUnbound(session.getId(), userName, address,(String)session
//						.getAttribute(AccessControl.MACADDR_CACHE_KEY));
//				releaseSession(session);
////				current.set(null);
			} catch (Exception ex) {
				log.debug("退出登录失败:" + ex.getMessage());
//			current.set(null);

	private String _alt;
	 * 用户登录退出
	 * @param pageContext
	 *            PageContext
	public void logout() {

		logout(true, true);

	 * 用户登录退出
	 * @param redirect
	 *            String 用户退出系统重定向页面
	public void logout(String redirect) {
		logout(redirect, true);

	 * 获取本地线程中的访问控制类
	 * @return
	public static Subject getLocalSubject() {
		return getAccessControl().subject;
	public static boolean fromWebseal(HttpServletRequest request)
		boolean isWebSealServer = ConfigManager.getInstance()
				.getConfigBooleanValue("isWebSealServer", false);
		String user_name = request.getHeader("iv-user");
		 if(isWebSealServer && user_name!= null && !user_name.equals(""))
			 return true;
		 return false;
	public static AccessControl getAccessControl() {
		AccessControl context = (AccessControl) current.get();
		if(context == null)
			context = AccessControl.guest;
		return context;
	public static AccessControl getAccessControl(HttpServletRequest request,HttpServletResponse response) {
		AccessControl context = (AccessControl) current.get();
		if(context == null)
			context = AccessControl.getAccessControl(request);
			if(context == null)
				context = AccessControl.getInstance();
				boolean success = context.checkAccess(request, response,false);
					return context;
					return AccessControl.guest;
		return context;

	 * 用户登录退出
	 * @param redirect
	 *            String 用户退出系统重定向页面
	public void logout(String redirect, boolean enablelog) {
		logout( redirect,  null, true,  enablelog);
//		Map principalsIndexs = (Map) session.getAttribute(PRINCIPAL_INDEXS);
//		if (principalsIndexs == null) {
//			redirect();
//			return;
//		}
//		try {
//			String userName = getUserName();
//			log.debug("用户[" + getUserName() + "]退出系统。");
//			LoginContext loginContext = new LoginContext(this.getSubject());
//			loginContext.logout();
//			// 清除cookie;
//			Cookie[] cookies = request.getCookies();
//			for (int i = 0; i < cookies.length; i++) {
//				if (cookies[i].getName().equals(PRINCIPALS_COOKIE)) {
//					// 设置cookie一秒后失效
//					cookies[i].setMaxAge(1);
//					response.addCookie(cookies[i]);
//				} else if (cookies[i].getName().equals(SUBSYSTEM_COOKIE)) {
//					// 设置cookie一秒后失效
//					cookies[i].setMaxAge(1);
//					response.addCookie(cookies[i]);
//				}
//			}
//			// 使session失效
//			String subsystem = getCurrentSystemName();
//			String userAccount = this.getUserAccount();
//			String userId = this.getUserID();
//			onlineUser.valueUnbound(session.getId(), userAccount, request
//					.getRemoteAddr());
//			releaseSession(session);
//			session.invalidate();
//			// ------------退出时保存用户日志信息
//			if(enablelog)
//			{
//				try {
//					LogManager logMgr = SecurityDatabase.getLogManager();
//					String operContent = userName + "[" + userId + "] 退出["
//							+ subsystem + "]";
//					String operSource = request.getRemoteAddr();
//					String openModle = "认证管理";
//					logMgr.log(userAccount + ":" + userName, operContent,
//							openModle, operSource);
//				} catch (SPIException e1) {
//					e1.printStackTrace();
//				} catch (ManagerException e) {
//					e.printStackTrace();
//				}
//			}
//			// 跳转到登录页面
//			redirect(request, response, redirect);
//		} catch (LoginException ex) {
//			log.debug("退出登录失败:" + ex.getMessage());
//		}

	 * 用户登录退出
	 * @param redirect
	 *            String 用户退出系统重定向地址
	 * @param redirecttarget
	 *            String 用户退出系统重定向窗口
	 * @param enablelog
	 *            用户退出系统是否记录日志
	public void logout(String redirect, String redirecttarget,boolean redirected, boolean enablelog) {

		logoutwithalt_( redirect,  redirecttarget, redirected,  enablelog,null);
	 * 用户登录退出
	 * @param redirect
	 *            String 用户退出系统重定向地址
	 * @param redirecttarget
	 *            String 用户退出系统重定向窗口
	 * @param enablelog
	 *            用户退出系统是否记录日志
	public void logoutwithalt_(String redirect, String redirecttarget,boolean redirected, boolean enablelog,String _alt) {


		try {
			if(session == null)
				if(redirected )
					log_info("Unknown user Logout to "+redirect+" from system on " + new java.util.Date() + ". session is null.",request);
					if(redirect == null && redirecttarget == null)
//			Principal principalsIndexs = (Principal) session.getAttribute(PRINCIPAL_INDEXS);

			if (this.principal == null) {
				if(redirected )
					log_info("Unknown user Logout from system on " + new java.util.Date() + ". session id is " + session.getId(),request);
					if(redirect == null && redirecttarget == null)
			log_info("Logout from page["+ request.getRequestURI() +"]: User["+ this.getUserAccount() + "," + getUserName() + "] logout.session id is " + session.getId(),request);
			//log.debug("Logout from page["+ request.getRequestURI() +"]: \r\n\tUser["+ this.getUserAccount() + "," + getUserName() + "] logout.");
			String userAccount = this.getUserAccount();
			if(subject == null)
				subject = new Subject();
			LogoutCallbackHandler callbackHandler = new LogoutCallbackHandler(
					userAccount,  request,response);
			SimpleLoginContext loginContext = new SimpleLoginContext("base",
			String subsystem = getCurrentSystemName();
//			String subsystemcookieid = SUBSYSTEM_COOKIE + "_" + userAccount;
			// 清除cookie;
//			if(this.enablecookie())
//			{
//				Cookie[] cookies = request.getCookies();
//				for (int i = 0; cookies != null && i < cookies.length; i++) {
//					if (cookies[i].getName().equals(PRINCIPALS_COOKIE)) {
//						// 设置cookie一秒后失效
//						cookies[i].setMaxAge(1);	
//						response.addCookie(cookies[i]);
//					} 
////					else if (cookies[i].getName().equals(subsystemcookieid)) {
////						// 设置cookie一秒后失效
////						cookies[i].setMaxAge(1);	
////						response.addCookie(cookies[i]);
////					} 
//				}
//			}
//			Cookie subsystemCookie = new Cookie(subsystemcookieid, subsystem);
//			subsystemCookie.setMaxAge(1);
//			response.addCookie(subsystemCookie);
//			else if (cookies[i].getName().equals(subsystemcookieid )) {
//				// 设置cookie一秒后失效
//				cookies[i].setMaxAge(1);
//				response.addCookie(cookies[i]);
//			}

			// 使session失效
			String userId = this.getUserID();

			String userName = this.getUserName();
			String machineIP = (String)this.credential.getCheckCallBack().getUserAttribute(REMOTEADDR_CACHE_KEY);
			String orgID = this.getChargeOrgId();
//			onlineUser.valueUnbound(session.getId(), userAccount, machineIP,(String)session.getAttribute(MACADDR_CACHE_KEY));

			String machineID = this.getMachinedID();
			// ------------退出时保存用户日志信息
				try {
					LogManager logMgr = SecurityDatabase.getLogManager();
//					String operContent = userName + "[" + userId + "] 退出["
//							+ subsystem + "]";
					// modified by hilary on 20101105,for fixing bug 13979,for logout's log  and login's log has same manner 
					String operContent = userAccount + "(" + userName + ") 退出[" + subsystem + "]";
					if(_alt != null)
						operContent = operContent + ",退出原因为:该用户在其他地方登录或者用户会话信息被管理员清除。";
					String operSource = machineID;
					String operModle = "认证管理";
					logMgr.log(userAccount,orgID,operModle,  operSource,
							operContent ,"", Log.INSERT_OPER_TYPE);		
				} catch (SPIException e1) {
				} catch (ManagerException e) {

			// -------------------

			if(redirected )
				if(redirect == null && redirecttarget == null)
					log_info("User["+ this.getUserAccount() + "," + getUserName() + "] logout." + new java.util.Date() + ". " + _alt,request);
					if(_alt == null)
					log_info("User["+ this.getUserAccount() + "," + getUserName() + "] logout." + new java.util.Date() + ". " + _alt + ".redirect=" + redirect + ",redirecttarget=" +redirecttarget,request);
					if(_alt == null)
		}  catch (Exception ex) {
			//log("Unknown user Logout failed from system on " + new java.util.Date() + ". ",request);
			log.debug("Logout failed:" + ex.getMessage());

	 * 返回用户id
	 * @return long
	public String getUserID() {
		if (credential == null)
			return "";
		Object userID = credential.getCheckCallBack()

		return userID == null ? "" : userID.toString();

	 * 返回用户帐号
	 * @return long
	public String getUserAccount() {
		if (principal != null) {
			String userAccount = this.principal.getName();
			return userAccount == null ? "" : userAccount;
		return "";

	 * 返回用户真实名称
	 * @return long
	public String getUserName() {
		if (credential == null)
			return "";
		Object userName = credential.getCheckCallBack().getUserAttribute(

		return userName == null ? "" : userName.toString();

	 * 返回用户所在主机构名称
	 * @return long
	public String getChargeOrgName() {
		if (credential == null)
			return "";
		Organization chargeOrg = (Organization) credential.getCheckCallBack()

		return chargeOrg == null ? "" : chargeOrg.getOrgName();

	 * 返回用户所在主机构id
	 * @return long
	public String getChargeOrgId() {
		if (credential == null)
			return "";
		Organization chargeOrg = (Organization) credential.getCheckCallBack()

		return chargeOrg == null ? "" : chargeOrg.getOrgId();

	 * 获取所在机构编码
	 * @return
	public String getChargeOrgCode() {
		if (credential == null)
			return "";
		Organization chargeOrg = (Organization) credential.getCheckCallBack()

		return chargeOrg == null ? "" : chargeOrg.getOrgnumber();

	 * 获取所在机构编码
	 * @return
	public String getChargeOrgLevel() {
		if (credential == null)
			return "";
		Organization chargeOrg = (Organization) credential.getCheckCallBack()

		return chargeOrg == null ? "" : chargeOrg.getOrg_level();

	 * 获取所在机构编码
	 * @return
	public Organization getChargeOrg() {
		if (credential == null)
			return null;
		Organization chargeOrg = (Organization) credential.getCheckCallBack()

		return chargeOrg;
     * 根据班组id获取工作中心信息
     * @return
    public Organization getWorkcenter(String orgid) {
//        Organization chargeOrg = (Organization) credential.getCheckCallBack()
//                .getUserAttribute("CHARGEORGID");
        Organization chargeOrg = OrgCacheManager.getInstance().getFatherOrganization(orgid);

        return chargeOrg;
    * 根据班组id获取部门信息
    * @return
   public Organization getDepartment(String orgid) {
       Organization chargeOrg = OrgCacheManager.getInstance().getFatherOrganization(orgid);
       if(chargeOrg == null)
           return null;
       return chargeOrg.getParentOrg();

	 * 返回用户所在全部机构列表(主机构除外)
	 * @return List
	public List getAllOrgListExcludeCharge() {
		if (credential == null)
			return new ArrayList();
		List secondOrgs = (List) credential.getCheckCallBack()

		return secondOrgs;

	 * 判断用户是否是系统管理员
	 * @return boolean

	// public boolean isAdmin()
	// {
	// if(roles == null)
	// {
	// String t_roles = credential.getCheckCallBack().getUserAttribute(
	// "userRoles");
	// if (t_roles != null)
	// this.roles = StringUtil.split("\\,");
	// }
	// for(int i = 0; i < roles.length;i ++)
	// {
	// if(roles[i].equals(ADMINISTRATOR_ROLE))
	// return true;
	// }
	// return false;
	// }
	public Principal getPrincipal() {
		return principal;

	public Credential getCredential() {
		return credential;

	 * 获取用户当前登录的子系统标识
	 * @return
	 * @deprecated 
	 * @see use getCurrentSystemID()
	public String getCurrentSystem() {
		return FrameworkServlet.getSubSystem(this.request, this.response, this

	 * 判断当前用户是否是系统管理员
	 * @return boolean
	public boolean isAdmin() {
		return AppSecurityCollaborator.getInstance().isAdmin(this.principal);

	public static boolean isAdmin(String userAccount) {
		if (userAccount == null)
			return false;
		AuthPrincipal principal = new AuthPrincipal(userAccount, null, null);
		return AppSecurityCollaborator.getInstance().isAdmin(principal);

	public static boolean isAdminByUserid(String userID) {
		if (userID == null)
			return false;

		AuthPrincipal principal = new AuthPrincipal(AccessControl
				.getUserAccountByUserID(userID), null, null);
		return AppSecurityCollaborator.getInstance().isAdmin(principal);

	 * 判断给定的角色是否是超级管理员角色
	 * @param role
	 * @return
	public static boolean isAdministratorRole(String role) {
		if (role == null)
			return false;
		String administratorRole = AppSecurityCollaborator.getInstance()

		return administratorRole.equals(role);

	 * 判断给定的角色是否是每个人都拥有的角色
	 * @param role
	 * @return
	public static boolean isRoleOfEveryOne(String role) {
		if (role == null)
			return false;
		String roleOfEveryOne = AppSecurityCollaborator.getInstance()

		return roleOfEveryOne.equals(role);

	 * 判断当前用户是否授予给定的角色
	 * @param roleName
	 *            String
	 * @return boolean
	public boolean isGrantedRole(AuthRole role) {
		return AppSecurityCollaborator.getInstance().isCallerInRole(
				new AppAccessContext(ConfigManager.getInstance().getAppName(),
						ConfigManager.getInstance().getModuleName()), role,

	 * 判断当前用户是否授予给定的角色
	 * @param roleName
	 *            String
	 * @return boolean
	public boolean isGrantedRole(String role) {
		AuthRole arole = new AuthRole();
		return isGrantedRole(arole);
	public boolean isOrgmanager()
		return this.isGrantedRole(AuthRole.ORGMANAGER);

	 * 获取超级管理员角色名称
	 * @return
	public static String getAdministratorRoleName() {
		return AppSecurityCollaborator.getInstance().getAdministratorRoleName();

	 * 获取每个人都有的角色名称
	 * @return
	public static String getEveryonegrantedRoleName() {
		return AppSecurityCollaborator.getInstance()

     * userName
     * @param userAttribute
     * @return
	public String getUserAttribute(String userAttribute) {
		try {
			Object value = credential.getCheckCallBack().getUserAttribute(
			return value == null ? "" : value.toString();
		} catch (Exception e) {
			return "";
	 * 重置指定的用户属性值
	 * @param userAttribute
	public void resetUserAttribute(String userAttribute) {
		try {
			LoginContext.resetUserAttribute(request,credential.getCheckCallBack(), userAttribute);
//			LoginModuleInfoQueue moduleQueue = ConfigManager.getInstance().getDefaultApplicationInfo().getLoginModuleInfos();
//			credential.getCheckCallBack().setUserAttribute(userAttribute, value);
			session.setAttribute(CREDENTIAL_INDEXS, credential);
		} catch (Exception e) {
	 * 重置指定的用户属性值
	 * @param userAttribute
	public void setUserAttribute(String userAttribute,Object value) {
		try {
			session.setAttribute(userAttribute, value);
		} catch (Exception e) {
	 * 重置用户属性值
	public void resetUserAttributes() {
		try {
//			LoginModuleInfoQueue moduleQueue = ConfigManager.getInstance().getDefaultApplicationInfo().getLoginModuleInfos();
//			credential.getCheckCallBack().setUserAttribute(userAttribute, value);
			session.setAttribute(CREDENTIAL_INDEXS, credential);
		} catch (Exception e) {

	public Object getUserObjectAttribute(String userAttribute) {
		try {
			Object value = credential.getCheckCallBack().getUserAttribute(
			return value;
		} catch (Exception e) {
			return null;

	 * 判断用户是否登录过
	 * @return
	public boolean isLogin(String userAccount) {
		if (userAccount == null)
			return false;
		if (this.principal == null)
			return false;
		else {
			String login_userAccount = principal.getName();
			return login_userAccount != null
					&& login_userAccount.equals(userAccount);

	public int getLoginUserCount() {
//		return onlineUser.getCount();
		return -1;

	public Collection getLoginUsers() {
//		return onlineUser.getOnLineUser();
		return new ArrayList();

	 * 判断给定类型的资源在没有授权的情况下是否允许用户访问
	 * @param resourceType
	 * @return
	public boolean allowIfNoRequiredRoles(String resourceType) {
		return AppSecurityCollaborator.getInstance().allowIfNoRequiredRoles(

	 * 判断资源操作是否是未受保护的资源操作
	 * @param resourceType
	 * @param resourceId
	 * @param operation
	 * @return
	public static boolean isUnprotected(String resourceId, String operation,
			String resourceType) {
		return AppSecurityCollaborator.getInstance().isUnprotected(resourceId,
				operation, resourceType);

	 * 判断资源是否是未受保护的资源 true-表示无需授权所有人都能访问该资源的所有操作
	 * false-就要根据方法isUnprotected(String resourceId,String operation,String
	 * resourceType)的返回值来 判断每个操作是否无需授权所有人都能访问该资源操作
	 * @param resourceType
	 * @param resourceId
	 * @return
	public static boolean isUnprotected(String resourceId, String resourceType) {
		return AppSecurityCollaborator.getInstance().isUnprotected(resourceId,

	 * 判断资源操作是否是系统管理员独占的资源操作
	 * @param resourceType
	 * @param resourceId
	 * @param operation
	 * @return
	public static boolean isExcluded(String resourceId, String operation,
			String resourceType) {
		return AppSecurityCollaborator.getInstance().isExcluded(resourceId,
				operation, resourceType);

	 * 判断资源所有操作是否只有超级管理员才能访问,返回: true-表示只有超级管理员才能访问,其他人不能访问
	 * false-就要根据方法isExcluded(String resourceId,String operation,String
	 * resourceType)的返回值来 判断每个操作是否是超级管理员独占的操作
	 * @param resourceType
	 * @param resourceId
	 * @param operation
	 * @return
	public static boolean isExcluded(String resourceId, String resourceType) {
		return AppSecurityCollaborator.getInstance().isExcluded(resourceId,

	public static AuthRole[] getAllRoleofUser(String userAccount) {
		return AppSecurityCollaborator.getInstance().getAllRoleofUser(

	 * 判断资源是否已经授过权限
	 * @param resource
	 * @param resourceType
	 * @return
	public static boolean hasGrantedAnyRole(String resource, String resourceType) {
		return AppSecurityCollaborator.getInstance().hasGrantedAnyRole(
				resource, resourceType);

	 * 判断资源是否已经授过权限
	 * @param resource
	 * @param resourceType
	 * @return
	public static boolean hasGrantedRole(String role, String roleType,
			String resource, String resourceType) {
		return AppSecurityCollaborator.getInstance().hasGrantedRole(role,
				roleType, resource, resourceType);

	 * 获取拥有特定资源许可操作的用户列表
	 * @param resourceid
	 * @param operation
	 * @param resourceType
	 * @return
	public static AuthUser[] getAllPermissionUsersOfResource(String resourceid,
			String operation, String resourceType) {
		return AppSecurityCollaborator.getInstance()
				.getAllPermissionUsersOfResource(resourceid, operation,

	 * 判断当前用户是否是该机构的管理员,考虑递归关系
	 * @return
	public boolean isOrganizationManager(String orgid) {
		boolean tag = false;
		try {
			Organization org = OrgCacheManager.getInstance().getOrganization(
			if (org != null) {
				String path = org.getUniqPath();
				String orgids[] = path.split("/");
				// List managerOrgs =
				// (List)this.getUserObjectAttribute("managerOrgs");

				if (orgids.length > 0) {
					for (int i = 0; i < orgids.length; i++) {
						OrgAdminCache orgAdminCache = OrgAdminCache.getOrgAdminCache();
						List adminList = orgAdminCache
						if (adminList.size() > 0) {
							for (int j = 0; j < adminList.size(); j++) {
								User user = new User();
								user = (User) adminList.get(j);
								if (user != null) {
									if (this.getUserID().equals(
											user.getUserId() + "")) {
										tag = true;
		} catch (ManagerException e) {
			// TODO Auto-generated catch block
		return tag;

	 * 判断用户是否是子机构的管理员
	 * @return
	public boolean isSubOrgManager(String parentOrgid) {
		boolean tag = false;
		List adminOrgs = new ArrayList();
		OrgAdminCache orgAdminCache = OrgAdminCache.getOrgAdminCache();
		adminOrgs = orgAdminCache.getManagerOrgsOfUserByID(this.getUserID());
		for (int i = 0; i < adminOrgs.size(); i++) {
			Organization org = (Organization) adminOrgs.get(i);
			if (org != null) {
				String path = org.getUniqPath();
				if (path != null) {
					String orgids[] = path.split("/");
					for (int j = 0; j < orgids.length; j++) {
						if (orgids[j].equals(parentOrgid)) {
							tag = true;
		return tag;

	 * 判断当前用户是否是该机构的管理员,考虑递归关系
	 * @return
	public static boolean isOrganizationManager(String userid, String orgid) {
		boolean tag = false;
		try {
			Organization org = OrgCacheManager.getInstance().getOrganization(
			if (org != null) {
				String path = org.getUniqPath();
				String orgids[] = path.split("/");
				// List managerOrgs =
				// (List)this.getUserObjectAttribute("managerOrgs");

				if (orgids.length > 0) {
					for (int i = 0; i < orgids.length; i++) {
						OrgAdminCache orgAdminCache = OrgAdminCache.getOrgAdminCache();
						List adminList = orgAdminCache
						if (adminList.size() > 0) {
							for (int j = 0; j < adminList.size(); j++) {
								User user = new User();
								user = (User) adminList.get(j);
								if (userid.equals(user.getUserId() + "")) {
									tag = true;
		} catch (ManagerException e) {
		return tag;

	 * 判断用户是否是子机构的管理员
	 * @return
	public static boolean isSubOrgManager(String userid, String parentOrgid) {
		boolean tag = false;
		List adminOrgs = new ArrayList();
		OrgAdminCache orgAdminCache = OrgAdminCache.getOrgAdminCache();
		adminOrgs = orgAdminCache.getManagerOrgsOfUserByID(userid);
		for (int i = 0; i < adminOrgs.size(); i++) {
			Organization org = (Organization) adminOrgs.get(i);
			String path = org.getUniqPath();
			String orgids[] = path.split("/");
			for (int j = 0; j < orgids.length; j++) {
				if (orgids[j].equals(parentOrgid)) {
					tag = true;
		return tag;

	 * 判断当前用户是否是站点管理员
	 * @return
	public boolean isSiteManager() {
		return false;

	 * 根据机构ID,判断该机构是否业务部门
	 * @param orgId
	 * @return boolean true=是业务部门;false=不是业务部门
	 * @author: ge.tao
	public static boolean isBussinessDepartment(String orgId) {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.isBussinessDepartment(orgId);
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return false;

	 * 根据用户ID,获取用户的县区局
	 * @param userId
	 * @return Organization 县区局机构对象
	 * @author: ge.tao
	public static Organization getUserBelongsCountyDepartment(String userId) {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsCountyDepartment(userId);
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return null;

	 * 根据用户ID,获取用户的市州局
	 * @param userId
	 * @return Organization 市州局机构对象
	 * @author: ge.tao
	public static Organization getUserBelongsCityDepartment(String userId) {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsCityDepartment(userId);
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return null;

	 * 根据用户ID,获取用户所属的业务部门列表
	 * @param userId
	 * @return List 业务部门机构对象列表
	 * @author: ge.tao
	public static List getUserBelongsBussinessDepartment(String userId) {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsBussinessDepartment(userId);
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return null;

	 * 判断当前用户所在的机构是否业务部门
	 * @param orgId
	 * @return boolean true=是业务部门;false=不是业务部门
	 * @author: ge.tao
	public boolean isBussinessDepartment() {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.isBussinessDepartment(this.getChargeOrgId());
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return false;

	 * 根据当前用户的县区局
	 * @param userId
	 * @return Organization 县区局机构对象
	 * @author: ge.tao
	public Organization getUserBelongsCountyDepartment() {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsCountyDepartment(this.getUserID());
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return null;

	 * 获取当前用户的市州局
	 * @param userId
	 * @return Organization 市州局机构对象
	 * @author: ge.tao
	public Organization getUserBelongsCityDepartment() {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsCityDepartment(this.getUserID());
		} catch (SPIException e) {

			return null;

	 * 获取当前用户的省局
	 * @return Organization 省局机构对象
	 * @author: ge.tao
	public Organization getUserBelongsProvinceDepartment() {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsCityDepartment(this.getUserID());
		} catch (SPIException e) {

			return null;

	 * 根据用户ID,获取用户所属的业务部门列表
	 * @return List 业务部门机构对象列表
	 * @author: ge.tao
	public List getUserBelongsBussinessDepartment() {
		OrgManager orgManager = null;
		try {
			orgManager = SecurityDatabase.getOrgManager();
			return orgManager.userBelongsBussinessDepartment(this.getUserID());
		} catch (SPIException e) {
			// TODO Auto-generated catch block
			return null;

	 * 用户资源授予时根据用户自身角色,岗位角色,自身资源确定用户资源的来源
	 * @param userCurOrgId
	 *            用户所在机构ID
	 * @param grantUserId
	 *            被授资源的用户ID
	 * @param grantOrgName
	 *            授予机构资源的机构名称
	 * @param restypeId
	 *            资源类型ID
	 * @param resId
	 *            资源ID
	 * @param opId
	 *            操作ID
	 * @return
	 * @throws ManagerException
	 * @author: gao.tang 2008.1.1
	public String getUserRes_jobRoleandRoleandSelf(String userCurOrgId,
			String grantUserId, String resName, String restypeId, String resId,
			String opId) throws ManagerException {
		// 批量操作返回空
		String[] userIds = grantUserId.split(",");
		if (userIds.length > 1)
			return "";
		String returnStr = "";
		DBUtil db_role = new DBUtil();

		// 用户岗位,角色拥有的资源
		StringBuffer sql_role = new StringBuffer()
						"select t.OP_ID, t.RES_ID, t.ROLE_ID, t.RESTYPE_ID, t.TYPES from td_sm_roleresop t ")
				.append("where t.role_id in (select ojr.role_id ")
				.append("from td_sm_orgjobrole ojr, td_sm_job j ")
						" where ojr.job_id in(select job_id from td_sm_userjoborg where user_id = '")
				.append("and org_id = '")
				.append("' and ojr.job_id = j.job_id ")
						"union select role_id from td_sm_userrole where user_id = '")
				.append(grantUserId).append("') ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ").append(
						"and op_id = '").append(opId).append(
						"' and types='role' ");
		// 用户自身拥有资源与岗位,角色拥有的资源
		StringBuffer sql_role_self = new StringBuffer()
				.append(" union ")
						"select t.OP_ID, t.RES_ID, t.ROLE_ID, t.RESTYPE_ID, t.TYPES from td_sm_roleresop t ")
				.append("where t.role_id in (").append(
						"select role_id from td_sm_roleresop where role_id='")
				.append(grantUserId).append("') ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ").append(
						"and op_id = '").append(opId).append(
						"' and types='user' ");

		try {
			if (db_role.size() > 0) {// 大于0,说明用户岗位角色和用户角色拥有该资源
				returnStr = "1";
				DBUtil db_role_self = new DBUtil();
				if (db_role_self.size() >= (db_role.size() + 1)) {// 大于等于(db_role.size()+1),说明用户自身也有该资源
					returnStr = "2";
			} else {// 用户自身,岗位角色,自身角色都没有该资源
				returnStr = "3";
		} catch (SQLException e) {
		return returnStr;

	 * 取用户对应的资源操作源自的角色列表
	 * @param userCurOrgId
	 * @param grantUserId
	 * @param resName
	 * @param restypeId
	 * @param resId
	 * @param opId
	 * @return map
	 * @throws ManagerException
	 * @author: gao.tang 2008.1.2
	public Map getSourceUserRes_Role(String userCurOrgId,
			String grantUserId, String resName, String restypeId, String resId) throws ManagerException {
		// 批量操作返回空
		String[] userIds = grantUserId.split(",");
		if (userIds.length > 1)
			return null;

//		String returnStr = "";
		// 用户自身角色拥有该资源
		String contat_1 = DBUtil.getDBAdapter().concat("'用户角色【'","a.role_name","'】拥有该资源'");
		StringBuffer sql_selfRole = new StringBuffer().append(
				"select t.op_id,").append(contat_1).append(" as jobname ").append(
				"from td_sm_roleresop t,td_sm_role a ").append(
				"where t.role_id in ").append(
				"(select role_id from td_sm_userrole where user_id = '")
				.append(grantUserId).append("') ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ").append(
						" and a.role_id = t.role_id and t.types = 'role' ");
		// 用户岗位角色拥有该资源
		String contat_2 = DBUtil.getDBAdapter().concat("'用户岗位'","infos.job_name","'下的角色【'","b.role_name","'】拥有该资源'");
		StringBuffer sql_jobRole = new StringBuffer()
				.append("select a.op_id,").append(contat_2).append(" as jobname ")
				.append("from (select aa.role_id, aa.job_id, job.job_name ")
				.append("from td_sm_orgjobrole aa, td_sm_userjoborg bb, td_sm_job job ")
				.append("where aa.org_id = bb.org_id and aa.job_id = bb.job_id ")
				.append("and job.job_id = bb.job_id and bb.user_id = '")
				.append("') infos, ")
				.append("td_sm_roleresop a,td_sm_role b  where a.role_id = infos.role_id and a.types = 'role' ")
				.append("and a.role_id = b.role_id ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ");
		String contat_3 = DBUtil.getDBAdapter().concat("'来自机构【'","b.org_name","'】'");
		String contat_4 = DBUtil.getDBAdapter().concat("'来自【'","o.remark5","'】机构的角色【'","b.role_name","'】'");
		StringBuffer sql_org = new StringBuffer()
//			.append("select a.op_id,'来自机构【' || nvl(b.remark5,b.org_name) ||'】;'  as jobname ")
//		.append("select a.op_id,'来自机构【' || b.org_name ||'】;'  as jobname ")
		.append("select a.op_id,").append(contat_3).append("  as jobname ")

//		StringBuffer sql_org = new StringBuffer()
//		.append("select a.op_id,b.remark5,b.org_name")
			.append(" from td_sm_roleresop a left join td_sm_organization b on a.role_id = b.org_id ")
			.append(" where a.types='organization' and a.role_id in (select  org_id from td_sm_userjoborg ")
			.append(" where user_id ='").append(grantUserId).append("') and a.restype_id = '")
			.append(restypeId).append("' and a.res_id = '").append(resId).append("' ")
			.append(" union")
//			.append(" select a.op_id,'来自【'|| o.remark5 ||'】机构的角色【' || b.role_name || '】;' as jobname ")
			.append(" select a.op_id,").append(contat_4).append(" as jobname ")
			.append(" from td_sm_orgrole c ,td_sm_organization o ,td_sm_roleresop a,td_sm_role b ")
			.append(" where c.org_id=o.org_id and a.role_id=c.role_id and a.types='role' and c.role_id=b.role_id and c.org_id in (")
			.append("select  org_id from td_sm_userjoborg where user_id ='")
			.append(grantUserId).append("') and a.restype_id = '")
			.append(restypeId).append("' and a.res_id = '").append(resId).append("' ");
		String contat_5 = DBUtil.getDBAdapter().concat("'来自用户组【'","g.group_name","'】对应角色【'"," b.role_name","'】'");
		StringBuffer sql_group = new StringBuffer()
//			.append(" select  a.op_id,'来自用户组【'||g.group_name||'】对应角色【' || b.role_name || '】;' as jobname")
		.append(" select  a.op_id,").append(contat_5).append(" as jobname")	
		.append(" from td_sm_grouprole d , td_sm_group g  ,td_sm_roleresop a,td_sm_role b " +
					"where d.group_id=g.group_id and a.role_id=d.role_id and d.role_id=b.role_id and a.types='role' and d.group_id in (")
			.append(" select  group_id from td_sm_usergroup  where user_id = '")
			.append("') and a.restype_id = '")
			.append(restypeId).append("' and a.res_id = '").append(resId).append("' ");

		StringBuffer sql = new StringBuffer().append(sql_selfRole.toString())
				.append(" union ").append(sql_jobRole.toString())
				.append(" union ").append(sql_org.toString())
				.append(" union ").append(sql_group.toString());
		final Map opMap = new HashMap();
		PreparedDBUtil pe = new PreparedDBUtil();
		try {
			pe.executePreparedWithRowHandler(new NullRowHandler(){

				public void handleRow(Record origine) throws Exception {
					// TODO Auto-generated method stub
					String key = origine.getString("op_id");
					String values;
						values = origine.getString("jobname");
					String exist = (String)opMap.get(key);
						opMap.put(key, values);
						exist +=  values;
						opMap.put(key, exist);
			return opMap;
		} catch (SQLException e1) {
			// TODO Auto-generated catch block
//		DBUtil db = new DBUtil();
//		try {
//			db.executeSelect(sql.toString());
//			Map opMap = new HashMap();
//				for (int i = 0; i < db.size(); i++) {
//					String key = db.getString(i, "op_id");
//					String values = db.getString(i, "jobname");
//					String exist = (String)opMap.get(key);
//					if(exist==null){
//						opMap.put(key, values);
//					}else{
//						exist +=  values;
//						opMap.put(key, exist);
//					}
//				}
//			return opMap;
//		} catch (SQLException e) {
//			e.printStackTrace();
//		}
		return null;
	static final Object token = new Object();
	 * 角色拥有特定资源类型给定资源操作权限索引
	 * @param roleId
	 * @param resTypeId
	 * @param roleTypeId
	 * @param opId
	 * @return Map
	public Map getRoleSelfResource(String roleId,String resTypeId,String roleTypeId,String opId){
		String sql1 = "select res_id from td_sm_roleresop where role_id='"
			+  roleId  + "' and restype_id='" + resTypeId + "' and types='" + roleTypeId + "' and op_id='"+opId+"'";
		Map checks = new HashMap();
		PreparedDBUtil db1 = new PreparedDBUtil();
		try {
			for(int i = 0; i < db1.size(); i ++)
				checks.put(db1.getString(i, "res_id"), token);
		} catch (SQLException e) {
		return checks;
	 * 获取角色特定拥有的资源类型资源操作权限索引,
	 * @param roleId
	 * @param resTypeId
	 * @param roleTypeId
	 * @param opId
	 * @return Map
	public Map getRoleSelfResource(String roleId,String resTypeId,String roleTypeId){
		String sql1 = "select res_id,op_id from td_sm_roleresop where role_id='"
			+  roleId  + "' and restype_id='" + resTypeId + "' and types='" + roleTypeId + "' ";
		Map checks = new HashMap();
		PreparedDBUtil db1 = new PreparedDBUtil();
		try {
			for(int i = 0; i < db1.size(); i ++)
				checks.put(db1.getString(i, "res_id") + "||"+ db1.getString(i, "op_id"), token);
		} catch (SQLException e) {
		return checks;
	 * 取用户对应的某类资源所有资源的特定操作源自的角色索引列表
	 * @param userCurOrgId
	 * @param grantUserId
	 * @param restypeId
	 * @param opId
	 * @return map
	 * @throws ManagerException
	 * @author: gao.tang 2008.1.2
	public Map getSourceUserRes_Role(String userCurOrgId,
			String grantUserId, String restypeId, String opId){
		// 批量操作返回空
		String[] userIds = grantUserId.split(",");
		if (userIds.length > 1)
			return null;

//		String returnStr = "";
		// 用户自身角色拥有该资源
		String concat_1 = DBUtil.getDBAdapter().concat("'用户角色【'","a.role_name","'】拥有该资源'");
		StringBuffer sql_selfRole = new StringBuffer().append(
//				"select t.res_id,'用户角色【'||a.role_name||'】拥有该资源;' as jobname ").append(
		        "select t.res_id,").append(concat_1).append(" as jobname ").append(
				"from td_sm_roleresop t,td_sm_role a ").append(
				"where t.role_id in ").append(
				"(select role_id from td_sm_userrole where user_id = '")
				.append(grantUserId).append("') ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and op_id = '").append(opId).append("' ").append(
						" and a.role_id = t.role_id and t.types = 'role' ");
		// 用户岗位角色拥有该资源
		String concat_2 = DBUtil.getDBAdapter().concat("'用户岗位'","infos.job_name","'下的角色【'","b.role_name","'】拥有该资源'");
		StringBuffer sql_jobRole = new StringBuffer()
//				.append("select a.res_id,'用户岗位'||infos.job_name || '下的角色【' || b.role_name||'】拥有该资源;' as jobname ")
		.append("select a.res_id,").append(concat_2).append(" as jobname ")
				.append("from (select aa.role_id, aa.job_id, job.job_name ")
				.append("from td_sm_orgjobrole aa, td_sm_userjoborg bb, td_sm_job job ")
				.append("where aa.org_id = bb.org_id and aa.job_id = bb.job_id ")
				.append("and job.job_id = bb.job_id and bb.user_id = '")
				.append("') infos, ")
				.append("td_sm_roleresop a,td_sm_role b  where a.role_id = infos.role_id and a.types = 'role' ")
				.append("and a.role_id = b.role_id ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and op_id = '").append(opId).append("' ");
		String concat_3 = DBUtil.getDBAdapter().concat("'来自机构【'","b.org_name","'】'");
		String concat_4 = DBUtil.getDBAdapter().concat("'来自【'","o.remark5","'】机构的角色【'","b.role_name","'】'");
		StringBuffer sql_org = new StringBuffer()
//			.append("select a.res_id,'来自机构【' || b.org_name ||'】;'  as jobname ")
		.append("select a.res_id,").append(concat_3).append("  as jobname ")
			.append(" from td_sm_roleresop a left join td_sm_organization b on a.role_id = b.org_id ")
			.append(" where a.types='organization' and a.role_id in (select  org_id from td_sm_userjoborg ")
			.append(" where user_id ='").append(grantUserId).append("') and a.restype_id = '")
			.append(restypeId).append("' and a.op_id = '").append(opId).append("' ")
			.append(" union")
//			.append(" select a.res_id,'来自【'|| o.remark5 ||'】机构的角色【' || b.role_name || '】;' as jobname ")
			.append(" select a.res_id,").append(concat_4).append(" as jobname ")
			.append(" from td_sm_orgrole c ,td_sm_organization o ,td_sm_roleresop a,td_sm_role b ")
			.append(" where c.org_id=o.org_id and a.role_id=c.role_id and a.types='role' and c.role_id=b.role_id and c.org_id in (")
			.append("select  org_id from td_sm_userjoborg where user_id ='")
			.append(grantUserId).append("') and a.restype_id = '")
			.append(restypeId).append("' and a.op_id = '").append(opId).append("' ");
		String concat_5 = DBUtil.getDBAdapter().concat("'来自用户组【'","g.group_name","'】对应角色【'","b.role_name","'】'");
		StringBuffer sql_group = new StringBuffer()
//			.append(" select  a.res_id,'来自用户组【'||g.group_name||'】对应角色【' || b.role_name || '】;' as jobname")
		.append(" select  a.res_id,").append(concat_5).append(" as jobname")
			.append(" from td_sm_grouprole d , td_sm_group g  ,td_sm_roleresop a,td_sm_role b " +
					"where d.group_id=g.group_id and a.role_id=d.role_id and d.role_id=b.role_id and a.types='role' and d.group_id in (")
			.append(" select  group_id from td_sm_usergroup  where user_id = '")
			.append("') and a.restype_id = '")
			.append(restypeId).append("' and a.op_id = '").append(opId).append("' ");

		StringBuffer sql = new StringBuffer().append(sql_selfRole.toString())
				.append(" union ").append(sql_jobRole.toString())
				.append(" union ").append(sql_org.toString())
				.append(" union ").append(sql_group.toString());
//		System.out.println(sql.toString());
		final Map opMap = new HashMap();
		PreparedDBUtil pe = new PreparedDBUtil();
		try {
			pe.executePreparedWithRowHandler(new NullRowHandler(){

				public void handleRow(Record origine) throws Exception {
					// TODO Auto-generated method stub
					String key = origine.getString("op_id");
					String values;
						values = origine.getString("jobname");
					String exist = (String)opMap.get(key);
						opMap.put(key, values);
						exist +=  values;
						opMap.put(key, exist);
			return opMap;
		} catch (SQLException e1) {
			// TODO Auto-generated catch block
//		DBUtil db = new DBUtil();
//		try {
//			db.executeSelect(sql.toString());
//			Map opMap = new HashMap();
//				for (int i = 0; i < db.size(); i++) {
//					String key = db.getString(i, "res_id");
//					String values = db.getString(i, "jobname");
//					String exist = (String)opMap.get(key);
//					if(exist==null){
//						opMap.put(key, values);
//					}else{
//						exist +=  values;
//						opMap.put(key, exist);
//					}
//				}
//			return opMap;
//		} catch (SQLException e) {
//			e.printStackTrace();
//		}
		return null;
	 * 查询出用户已经授予的资源来源
	 * @param userCurOrgId
	 * @param grantUserId
	 * @param resName
	 * @param restypeId
	 * @param resId
	 * @param opId
	 * @return
	 * @throws ManagerException
	 * @author: gao.tang 2008.1.2
	public String getSourceUserRes_jobRoleandRoleandSelf(String userCurOrgId,
			String grantUserId, String resName, String restypeId, String resId,
			String opId) throws ManagerException {
		// 批量操作返回空
		String[] userIds = grantUserId.split(",");
		if (userIds.length > 1)
			return "";

		String returnStr = "";
		// 用户自身拥有该资源
		StringBuffer sql_self = new StringBuffer().append(
				"select '用户自身拥有该资源' as jobname from td_sm_roleresop t ")
				.append("where t.role_id in (").append(
						"select role_id from td_sm_roleresop where role_id='")
				.append(grantUserId).append("') ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ").append(
						"and op_id = '").append(opId).append(
						"' and t.types = 'user' ");
		// 用户自身角色拥有该资源
		String concat_1 = DBUtil.getDBAdapter().concat("'用户角色【'","a.role_name","'】拥有该资源'");
		StringBuffer sql_selfRole = new StringBuffer().append(
//				"select '用户角色【'||a.role_name||'】拥有该资源;' as jobname ").append(
		"select ").append(concat_1).append(" as jobname ").append(
				"from td_sm_roleresop t,td_sm_role a ").append(
				"where t.role_id in ").append(
				"(select role_id from td_sm_userrole where user_id = '")
				.append(grantUserId).append("') ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ").append(
						"and op_id = '").append(opId).append("' ").append(
						" and a.role_id = t.role_id and t.types = 'role' ");
		// 用户岗位角色拥有该资源
		String concat_2 = DBUtil.getDBAdapter().concat("'用户岗位'","infos.job_name","'下的角色【'","b.role_name","'】拥有该资源'");
		StringBuffer sql_jobRole = new StringBuffer()
//				.append("select infos.job_name, b.role_name ")
//		         .append("select '用户岗位'||infos.job_name || '下的角色【' || b.role_name||'】拥有该资源;' as jobname ")
		.append("select ").append(concat_2).append(" as jobname ")
				.append("from (select aa.role_id, aa.job_id, job.job_name ")
						" from td_sm_orgjobrole aa, td_sm_userjoborg bb, td_sm_job job ")
						"where aa.org_id = bb.org_id and aa.job_id = bb.job_id ")
				.append("and job.job_id = bb.job_id and bb.user_id = '")
				.append("') infos, ")
						"td_sm_roleresop a,td_sm_role b  where a.role_id = infos.role_id and a.types = 'role' ")
				.append("and a.role_id = b.role_id ")
				// .append("and res_name = '").append(resName).append("' ")
				.append("and restype_id = '").append(restypeId).append("' ")
				.append("and res_id = '").append(resId).append("' ").append(
						"and op_id = '").append(opId).append("' ");

		StringBuffer sql = new StringBuffer().append(sql_selfRole.toString())
				.append(" union ").append(sql_jobRole.toString()).append(
						" union ").append(sql_self.toString());
		DBUtil db = new DBUtil();
		try {
			if (db.size() > 0) {
				for (int i = 0; i < db.size(); i++) {
					String jobname = db.getString(i, "jobname");
					returnStr += jobname;
		} catch (SQLException e) {
		return returnStr;

	 * 根据用户登陆名判断登陆用户是否为部门管理员
	 * @param userName
	 * @return
	public static boolean isOrgManager(String userName) {
		boolean state = false;
		DBUtil db = new DBUtil();
		String sql = "select count(b.org_id) from td_sm_user a,td_sm_orgmanager b  where a.user_id = b.user_id and a.user_name=?";
		try {
			int size = SQLExecutor.queryObject(int.class, sql, userName);
			if (size > 0) {
				state = true;
		} catch (SQLException e) {
		return state;

	public static boolean removeUser(String userName) {

//		return AccessControl.onlineUser.removeAllUser();
		return false;


	public static boolean removeAllUser() {

//		return AccessControl.onlineUser.removeAllUser();
		return false;


	public static boolean removeAllUserExcludeSelf(String userName,
			String sessionId, String ip,String macaddr,String DNSName,String serverIp,
	String serverport ) {

////		return AccessControl.onlineUser.removeAllUserExcludeSelf(userName,
//				sessionId, ip,macaddr,DNSName,serverIp,
//				serverport);
		return false;


	public static boolean removeUsers(String[] selectUserName,
			String curUserName) {
		// session.invalidate();
//		return AccessControl.onlineUser
//				.removeUsers(selectUserName, curUserName);
		return false;

	public String getMacAddr() {
		String macaddr =null;
		if(credential != null)
//			macaddr = (String)this.session.getAttribute(AccessControl.MACADDR_CACHE_KEY);
			macaddr = (String)this.credential.getCheckCallBack().getUserAttribute(AccessControl.MACADDR_CACHE_KEY);
		if(macaddr == null)
			return "";
		return macaddr;
	public static LineUser getLineUser(String userAccount)
//		return onlineUser.getLineUser(userAccount);
		return null;
	//转换异常信息中的 \\n,\\r 
	public static String formatErrorMsg(String errorMessage){
		if(errorMessage != null)
        	errorMessage = errorMessage.replaceAll("\\n","\\\\n");
        	errorMessage = errorMessage.replaceAll("\\r","\\\\r");
        	errorMessage = errorMessage.replaceAll("\"","\'");
		return errorMessage;
     * 清除角色和资源操作的缓冲关系
	public static void resetPermissionCache(){
     * 清除用户和角色的缓冲关系
	public static void resetAuthCache(){
	 * 得到应用端口
	 * @return
	public String getPort(){
		return String.valueOf(request.getLocalPort());
	 * 得到应用上下文
	 * @return
	public String getContextPath(){
		return request.getContextPath();
	public static AccessControl getAccessControl(HttpServletRequest request)
		return (AccessControl)request.getAttribute(AccessControl.accesscontrol_request_attribute_key);

	public PageContext getPageContext() {
		return pageContext;

	public void setPageContext(PageContext pageContext) {
		this.pageContext = pageContext;

	public HttpServletRequest getRequest() {
		return request;

	public HttpSession getSession() {
		return session;

	public void refreshCurrentSystemID(HttpServletRequest request) {
		String subsystem_id = request.getParameter(SUBSYSTEM_ID);
			if (subsystem_id == null || subsystem_id.equals(""))
                // 将用户登录的子系统模块名称添加到session中
                String old = (String)session.getAttribute(Framework.SUBSYSTEM);
                if(old != null && !old.equals(subsystem_id))
                    session.setAttribute(Framework.SUBSYSTEM, subsystem_id);
			FrameworkServlet.setSubSystemToCookie(response, getUserAccount(), subsystem_id);

	public boolean evalResource(   PermissionToken token) {
		return _evalResource( token,request);
	public int compareParams(List

paramConditions) { int nullcount = 0; boolean success = true; for(int i = 0; i < paramConditions.size(); i ++) { P p = paramConditions.get(i); String value = request.getParameter(p.getName()); if(value != null) { if(!value.equals(p.getValue())) { success = false; } } else { nullcount ++; } } if(nullcount > 0) return 2; return success?1:0; } /** * * @param token * @return 0:参数匹配不成功,1:参数匹配成功 2:request没有设置部分相关的参数 ,3:request完全没有设置对应的参数,4:没有配置参数 */ public int compareParams(PermissionToken token) { if(!token.hasParamCondition())//带参数的token排在最前面,都已经比较过了,没有匹配的值,没有参数时,自然返回true return 4; List

params = token.getParamConditions(); // int nullcount = 0; boolean success = true; for(int i = 0; i < params.size(); i ++) { P p = params.get(i); String value = request.getParameter(p.getName()); if(value != null) { if(!value.equals(p.getValue())) { success = false; break; } } else { success = false; break; } } // if(nullcount > 0) // return 2; // else if(nullcount == params.size() - 1) // { // return 3; // } return success?1:0; } public boolean _evalResource( PermissionToken token,HttpServletRequest request) { { String resourceParamName = token.getResouceAuthCodeParamName(); if(resourceParamName == null || resourceParamName.equals("")) { if(token.isResouceAuthCodeRequired()) { return false; } else return true; } else { if(request != null) { String rid = request.getParameter(resourceParamName); if(rid == null) { return false; } // return token.getResourcedID().equals(rid); return checkPermission(rid, token.getOperation(),token.getResourceType()); } else { } return false; } } // TODO Auto-generated method stub } @Override public boolean isGuest() { return this.getUserAccount() == null || this.getUserAccount().equals("") || this.getUserAccount().equals(BaseAuthorizationTable.guest); } public HttpServletResponse getResponse() { return response; } public static Map geMenus(HttpServletRequest request,AccessControl accesscontroler) { Map permissionMenus = new HashMap(); MenuHelper menuHelper = MenuHelper.getMenuHelper(request); ModuleQueue moduleQueue = menuHelper.getModules(); for (int i = 0; moduleQueue != null && i < moduleQueue.size(); i++) { Module module = moduleQueue.getModule(i); if (!module.isUsed()) { continue; } MenuItemU menuItemU = new MenuItemU(); menuItemU.setId(module.getId()); menuItemU.setName(module.getName(request)); menuItemU.setImageUrl(module.getMouseclickimg(request)); menuItemU.setType("module"); permissionMenus.put(module.getId(), menuItemU); geSubMenus( permissionMenus, module, request, accesscontroler); } return permissionMenus; } public static void geSubMenus(Map permissionMenus,Module module,HttpServletRequest request,AccessControl accesscontroler) { MenuQueue menus = module.getMenus(); String contextpath = request.getContextPath(); for(int i = 0 ; menus != null && i < menus.size() ; i ++) { MenuItem menu = menus.getMenuItem(i); if (!menu.isUsed()) { continue; } if(menu instanceof Module) { MenuItemU menuItemU = new MenuItemU(); menuItemU.setId(menu.getId()); menuItemU.setName(menu.getName(request)); menuItemU.setImageUrl(menu.getMouseclickimg(request)); menuItemU.setType("module"); permissionMenus.put(menu.getId(), menuItemU); } else { Item item = (Item)menu; String url = null; String area = item.getArea(); if(area != null && area.equals("main")) { url = MenuHelper.getMainUrl(contextpath, item, (java.util.Map) null); } else { url = MenuHelper.getRealUrl(contextpath, Framework.getWorkspaceContent(item,accesscontroler),MenuHelper.sanymenupath_menuid,item.getId()); } MenuItemU menuItemU = new MenuItemU(); menuItemU.setId(item.getId()); menuItemU.setName(item.getName(request)); menuItemU.setImageUrl(item.getMouseclickimg(request)); menuItemU.setPathU(url); menuItemU.setType("item"); menuItemU.setDesktop_height(item.getDesktop_height()); menuItemU.setDesktop_width(item.getDesktop_width()); permissionMenus.put(item.getId(), menuItemU); } } } public static Map> getResourcePermissions(AccessControl accesscontroler,String resourceType) throws Exception { Map> cmPermissions = new HashMap>(); List cmresources = SQLExecutor.queryList(String.class, "select title from td_sm_res where restype_id=?", resourceType); if(cmresources == null) { cmresources = new ArrayList(); } ResourceManager resourceManager = new ResourceManager(); ResourceInfo resourceInfo = resourceManager.getResourceInfoByType(resourceType); if(resourceInfo == null) return cmPermissions; OperationQueue operationQueue = resourceInfo.getOperationQueue(); for(int i = 0; operationQueue != null && operationQueue.size() > 0 && i < cmresources.size(); i ++) { String resid = cmresources.get(i); List ops = new ArrayList(); for(int j = 0; j < operationQueue.size(); j ++) { Operation op = operationQueue.getOperation(j); if(accesscontroler.checkPermission(resid, op.getId(), resourceType)) { ops.add(op.getId()); } } if(ops.size()> 0) cmPermissions.put(resid, ops); } String globalid = resourceInfo.getGlobalresourceid(); if(StringUtil.isNotEmpty(globalid)) { operationQueue = resourceInfo.getGlobalOperationQueue(); List ops = new ArrayList(); for(int j = 0; operationQueue != null && operationQueue.size() > 0 &&j < operationQueue.size(); j ++) { Operation op = operationQueue.getOperation(j); if(accesscontroler.checkPermission(globalid, op.getId(), resourceType)) { ops.add(op.getId()); } } if(ops.size()> 0) cmPermissions.put(globalid, ops); } return cmPermissions; } public static String getRequestParameter(String name) { return AccessControl.getAccessControl()._getRequestParameter(name); } private String _getRequestParameter(String name) { return request !=null?request.getParameter(name):null; } public static String[] getRequestParameters(String name) { return AccessControl.getAccessControl()._getRequestParameters(name); } private String[] _getRequestParameters(String name) { return request !=null?request.getParameterValues(name):null; } }

© 2015 - 2025 Weber Informatics LLC | Privacy Policy