openapi模块，开放第三方查询关联客户的数据

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@3406 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/controller/PublicQueryController.java

@@ -45,9 +45,9 @@ import com.uas.platform.core.util.encry.Md5Utils;
 import com.uas.platform.core.util.serializer.FlexJsonUtils;
 
 /**
- * 对外公开的资料查询接口
+ * 对可信任第三方公开的资料查询接口
  * <p>
- * 只提供有限资料
+ * 例如：客户的UAS系统、管理系统
  * </p>
  * 
  * @author yingp
@@ -371,7 +371,11 @@ public class PublicQueryController {
 	}
 
 	/**
-	 * 获取及验证token接口
+	 * 验证临时token的接口
+	 * 
+	 * <pre>
+	 * 临时token阅后即焚
+	 * </pre>
 	 * 
 	 * @author yingp
 	 *

src/main/java/com/uas/platform/b2b/dao/CommonDao.java

@@ -4,6 +4,7 @@ import java.util.List;
 import java.util.Map;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.jdbc.core.BeanPropertyRowMapper;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.stereotype.Repository;
@@ -46,6 +47,65 @@ public class CommonDao {
 		return this.jdbcTemplate.query(sql, new BeanPropertyRowMapper<T>(elementType), args);
 	}
 
+	/**
+	 * 查找自定义实体对象集合
+	 * 
+	 * @param sql
+	 * @param args
+	 * @param elementType
+	 * @return
+	 */
+	public <T> T queryBean(String sql, Object[] args, Class<T> elementType) {
+		try {
+			return this.jdbcTemplate.queryForObject(sql, args, new BeanPropertyRowMapper<T>(elementType));
+		} catch (EmptyResultDataAccessException e) {
+			return null;
+		}
+	}
+
+	/**
+	 * 查找自定义实体对象集合
+	 * 
+	 * @param sql
+	 * @param elementType
+	 * @return
+	 */
+	public <T> T queryBean(String sql, Class<T> elementType) {
+		try {
+			return this.jdbcTemplate.queryForObject(sql, new BeanPropertyRowMapper<T>(elementType));
+		} catch (EmptyResultDataAccessException e) {
+			return null;
+		}
+	}
+
+	/**
+	 * 查找自定义实体对象
+	 * 
+	 * @param sql
+	 * @param elementType
+	 * @param args
+	 * @return
+	 */
+	public <T> T queryBean(String sql, Class<T> elementType, Object... args) {
+		try {
+			return this.jdbcTemplate.queryForObject(sql, new BeanPropertyRowMapper<T>(elementType), args);
+		} catch (EmptyResultDataAccessException e) {
+			return null;
+		}
+	}
+
+	public <T> T queryForObject(String sql, Object[] args, Class<T> elementType) {
+		return this.jdbcTemplate.queryForObject(sql, args, elementType);
+	}
+
+	public <T> T queryForObject(String sql, Class<T> elementType) {
+		return this.jdbcTemplate.queryForObject(sql, elementType);
+	}
+
+	public <T> T queryForObject(String sql, Class<T> elementType, Object... args) {
+		return this.jdbcTemplate.queryForObject(sql, elementType, args);
+	}
+
 	/**
 	 * 取序列值<br>
 	 * 只针对oracle数据库
@@ -57,4 +117,8 @@ public class CommonDao {
 		return this.jdbcTemplate.queryForObject("select " + sequenceName + ".nextval from dual", Long.class);
 	}
 
+	public JdbcTemplate getJdbcTemplate() {
+		return jdbcTemplate;
+	}
+
 }

src/main/java/com/uas/platform/b2b/dao/VendorDao.java

@@ -55,4 +55,28 @@ public interface VendorDao extends JpaSpecificationExecutor<Vendor>, GenericRepo
 	public List<Vendor> findByMyEnUUAndVendPlatform(@Param("myEnUU") long myEnUU, @Param("enIsErp") short isErp,
 			@Param("enSaasStatus") short isSaas);
 
+	/**
+	 * 按类型查找客户
+	 * 
+	 * @param myEnUU
+	 * @param isErp
+	 * @param isSaas
+	 * @return
+	 */
+	@Query("from Vendor v where v.vendEnUU = :vendEnUU and (v.myEnterprise.enIsErp = :enIsErp or v.myEnterprise.enSaasStatus = :enSaasStatus)")
+	public List<Vendor> findCustByVendUUAndCustPlatform(@Param("vendEnUU") long vendEnUU, @Param("enIsErp") short isErp,
+			@Param("enSaasStatus") short isSaas);
+
+	/**
+	 * 按类型查找指定客户
+	 * 
+	 * @param myEnUU
+	 * @param isErp
+	 * @param isSaas
+	 * @return
+	 */
+	@Query("from Vendor v where v.myEnUU = :custEnUU and v.vendEnUU = :vendEnUU and (v.myEnterprise.enIsErp = :enIsErp or v.myEnterprise.enSaasStatus = :enSaasStatus)")
+	public List<Vendor> findByCustAndVendAndCustPlatform(@Param("custEnUU") long custEnUU, @Param("vendEnUU") long vendEnUU,
+			@Param("enIsErp") short isErp, @Param("enSaasStatus") short isSaas);
+
 }

src/main/java/com/uas/platform/b2b/data/support/DS.java

@@ -0,0 +1,71 @@
+package com.uas.platform.b2b.data.support;
+
+public class DS {
+
+	private static final String defaultDriver = "oracle.jdbc.driver.OracleDriver";
+
+	private String id;
+	private String driverClassName;
+	private String url;
+	private String host;
+	private Integer port;
+	private String username;
+	private String password;
+
+	public String getDriverClassName() {
+		return driverClassName == null ? defaultDriver : driverClassName;
+	}
+
+	public void setDriverClassName(String driverClassName) {
+		this.driverClassName = driverClassName;
+	}
+
+	public String getUrl() {
+		return url == null ? String.format("jdbc:oracle:thin:@//%s:%s/orcl", getHost(), getPort()) : url;
+	}
+
+	public void setUrl(String url) {
+		this.url = url;
+	}
+
+	public String getHost() {
+		return host;
+	}
+
+	public void setHost(String host) {
+		this.host = host;
+	}
+
+	public Integer getPort() {
+		return port;
+	}
+
+	public void setPort(Integer port) {
+		this.port = port;
+	}
+
+	public String getUsername() {
+		return username;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	public String getPassword() {
+		return password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	public String getId() {
+		return id;
+	}
+
+	public void setId(String id) {
+		this.id = id;
+	}
+
+}

src/main/java/com/uas/platform/b2b/data/support/DSUtils.java

@@ -0,0 +1,94 @@
+package com.uas.platform.b2b.data.support;
+
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.FutureTask;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.commons.dbcp.BasicDataSource;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.DefaultListableBeanFactory;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.jdbc.core.JdbcTemplate;
+
+import com.uas.platform.b2b.core.util.ContextUtils;
+
+public class DSUtils {
+
+	/**
+	 * 校验连接
+	 * 
+	 * <pre>
+	 * 如果连接不存在，会先创建
+	 * </pre>
+	 * 
+	 * @param jdbcTemplate
+	 * @return
+	 */
+	public static boolean isConnectable(JdbcTemplate jdbcTemplate, DS ds) {
+		if (!ContextUtils.getApplicationContext().containsBean(ds.getId())) {
+			createDataSource(ds);
+		}
+		return testConnection(jdbcTemplate, ds);
+	}
+
+	/**
+	 * 创建bean
+	 * 
+	 * @param beanName
+	 */
+	private static void createDataSource(DS ds) {
+		ConfigurableApplicationContext context = (ConfigurableApplicationContext) ContextUtils.getApplicationContext();
+		DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) context.getBeanFactory();
+		BeanDefinitionBuilder bdb = BeanDefinitionBuilder.rootBeanDefinition(BasicDataSource.class);
+		bdb.getBeanDefinition().setAttribute("id", ds.getId());
+		bdb.getBeanDefinition().setAttribute("destroy-method", "close");
+		bdb.addPropertyValue("driverClassName", ds.getDriverClassName());
+		bdb.addPropertyValue("url", ds.getUrl());
+		bdb.addPropertyValue("username", ds.getUsername());
+		bdb.addPropertyValue("password", ds.getPassword());
+		bdb.addPropertyValue("initialSize", 5);
+		bdb.addPropertyValue("maxActive", 100);
+		bdb.addPropertyValue("maxIdle", 50);
+		bdb.addPropertyValue("maxWait", 5000);
+		bdb.addPropertyValue("poolPreparedStatements", true);
+		bdb.addPropertyValue("defaultAutoCommit", true);
+		bdb.addPropertyValue("removeAbandoned", true);
+		bdb.addPropertyValue("testWhileIdle", true);
+		bdb.addPropertyValue("validationQuery", "select 1 from dual");
+		bdb.addPropertyValue("timeBetweenEvictionRunsMillis", 300000);
+		bdb.addPropertyValue("minEvictableIdleTimeMillis", 60000);
+		beanFactory.registerBeanDefinition(ds.getId(), bdb.getBeanDefinition());
+	}
+
+	/**
+	 * 测试连接，未防止数据库连接登录超时 <b> oracle不支持loginTimeOut </b>
+	 * 
+	 * @param jdbcTemplate
+	 * @return
+	 */
+	private static boolean testConnection(final JdbcTemplate jdbcTemplate, final DS ds) {
+		boolean isValid = false;
+		String currSrc = SpObserver.getSp();
+		ExecutorService executor = Executors.newSingleThreadExecutor();
+		FutureTask<Boolean> future = new FutureTask<Boolean>(new Callable<Boolean>() {
+			public Boolean call() {
+				SpObserver.putSp(ds.getId());
+				jdbcTemplate.execute("select 1 from dual");
+				return true;
+			}
+		});
+		executor.execute(future);
+		try {
+			isValid = future.get(6000, TimeUnit.MILLISECONDS);
+		} catch (Exception e) {
+			future.cancel(true);
+		} finally {
+			executor.shutdown();
+			SpObserver.putSp(currSrc);
+		}
+		return isValid;
+	}
+
+}

src/main/java/com/uas/platform/b2b/filter/AccessTokenInterceptor.java

@@ -0,0 +1,84 @@
+package com.uas.platform.b2b.filter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import com.uas.platform.b2b.model.AccessToken;
+import com.uas.platform.b2b.model.Enterprise;
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.openapi.support.ErrorUtils;
+import com.uas.platform.b2b.service.AccessTokenService;
+import com.uas.platform.b2b.service.EnterpriseService;
+import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.core.exception.SystemError;
+import com.uas.platform.core.util.AgentUtils;
+
+/**
+ * 验证access_token拦截器
+ * 
+ * <pre>
+ * 找到token信息并自动登录
+ * </pre>
+ * 
+ * @author yingp
+ *
+ */
+public class AccessTokenInterceptor extends HandlerInterceptorAdapter {
+
+	private static final String access_token_param = "access_token";
+
+	private static final Logger logger = Logger.getLogger(AccessSignatureInterceptor.class);
+
+	@Autowired
+	private EnterpriseService enterpriseService;
+
+	@Autowired
+	private UserService userService;
+
+	@Autowired
+	private AccessTokenService accessTokenService;
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+		HttpSession session = request.getSession();
+		if (session.getAttribute("user") != null) {
+			session.setAttribute("user", null);
+			SystemSession.clear();
+		}
+		String access_token = request.getParameter(access_token_param);
+		if (access_token != null) {
+			AccessToken token = accessTokenService.findOne(access_token);
+			if (token != null) {
+				Enterprise enterprise = enterpriseService.findByEnUU(token.getEnUU());
+				if (enterprise != null) {
+					// 将企业信息、企业管理员信息写入SystemSession
+					User user = userService.findUserByUserUU(enterprise.getEnAdminuu());
+					if (user != null) {
+						user.setEnterprise(enterprise);
+						user.setIp(AgentUtils.getIp(request));
+						SystemSession.setUser(user);
+						return true;
+					}
+				}
+				logger.error(String.format("没有找到企业:%s", token.getEnUU()));
+				throw new SystemError(ErrorUtils.EN_NOT_FOUND);
+			}
+			logger.error(String.format("没找到access_token:%s", access_token));
+			throw new SystemError(ErrorUtils.ACCESS_TOKEN_EXPIRES);
+		}
+		throw new SystemError(ErrorUtils.NO_ACCESS_TOKEN_FOUND);
+	}
+
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+		super.afterCompletion(request, response, handler, ex);
+		SystemSession.clear();
+	}
+
+}

src/main/java/com/uas/platform/b2b/model/AccessToken.java

@@ -42,21 +42,28 @@ public class AccessToken implements Serializable {
 
 	private Date time;
 
+	private int expires_in;
+
 	/**
-	 * 60秒过期
+	 * 默认60秒过期
 	 */
-	public final static int expires_in = 60;
+	public final static int default_expires_in = 60;
 
 	public AccessToken() {
 	}
 
 	public AccessToken(User user, Object bindObject) {
+		this(user, bindObject, default_expires_in);
+	}
+
+	public AccessToken(User user, Object bindObject, int expires_in) {
 		this.id = StringUtil.uuid();
 		this.user = user.getUserName();
 		this.enUU = user.getEnterprise().getUu();
 		this.userUU = user.getUserUU();
 		this.bind = String.valueOf(bindObject);
 		this.time = new Date();
+		this.expires_in = expires_in;
 	}
 
 	public String getId() {
@@ -107,6 +114,14 @@ public class AccessToken implements Serializable {
 		this.time = time;
 	}
 
+	public int getExpires_in() {
+		return expires_in;
+	}
+
+	public void setExpires_in(int expires_in) {
+		this.expires_in = expires_in;
+	}
+
 	/**
 	 * 是否过期
 	 * 

src/main/java/com/uas/platform/b2b/model/Enterprise.java

@@ -176,23 +176,29 @@ public class Enterprise implements Serializable {
 	 */
 	@Column(name = "en_iserp")
 	private Short enIsErp;
+
 	public Short getEnIsErp() {
 		return enIsErp;
 	}
-	
+
 	/**
 	 * en_management 经营模式
 	 */
 	@Column(name = "en_management")
 	private String enManagement;
-	
-	
+
+	/**
+	 * en_brands 主营品牌（多个用逗号分隔）
+	 */
+	@Column(name = "en_brands")
+	private String enBrands;
+
 	/**
 	 * en_products 主营产品
 	 */
 	@Column(name = "en_products")
 	private String enProducts;
-	
+
 	public String getEnManagement() {
 		return enManagement;
 	}
@@ -217,16 +223,12 @@ public class Enterprise implements Serializable {
 		this.enInfo = enInfo;
 	}
 
-	public static long getSerialversionuid() {
-		return serialVersionUID;
-	}
-
 	/**
 	 * en_info 公司简介
 	 */
 	@Column(name = "en_info")
 	private String enInfo;
-	
+
 	public void setEnIsErp(Short enIsErp) {
 		this.enIsErp = enIsErp;
 	}
@@ -369,6 +371,14 @@ public class Enterprise implements Serializable {
 		this.enBussinessCode = enBussinessCode;
 	}
 
+	public String getEnBrands() {
+		return enBrands;
+	}
+
+	public void setEnBrands(String enBrands) {
+		this.enBrands = enBrands;
+	}
+
 	public String getEnTaxcode() {
 		return enTaxcode;
 	}

src/main/java/com/uas/platform/b2b/openapi/controller/CustDataController.java

@@ -0,0 +1,115 @@
+package com.uas.platform.b2b.openapi.controller;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.CompletionService;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorCompletionService;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.CollectionUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.uas.platform.b2b.model.Vendor;
+import com.uas.platform.b2b.openapi.model.CustData;
+import com.uas.platform.b2b.openapi.model.Stock;
+import com.uas.platform.b2b.openapi.service.CustDataService;
+import com.uas.platform.b2b.openapi.support.ErrorUtils;
+import com.uas.platform.b2b.openapi.support.ICallable;
+import com.uas.platform.b2b.openapi.support.ICallableAdapter;
+import com.uas.platform.b2b.service.VendorService;
+import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.core.exception.SystemError;
+
+/**
+ * 获取我的客户的数据
+ * 
+ * @author yingp
+ *
+ */
+@RestController
+@RequestMapping("/openapi/custdata")
+public class CustDataController {
+
+	@Autowired
+	private CustDataService custDataService;
+
+	@Autowired
+	private VendorService vendorService;
+
+	/**
+	 * 取物料库存信息
+	 * 
+	 * @param custId
+	 *            指定客户企业ID
+	 */
+	@RequestMapping(params = "type=stock")
+	public List<CustData<Stock>> getProductStockInfo(Long custId) {
+		final String brands = SystemSession.getUser().getEnterprise().getEnBrands();
+		if (brands == null)
+			throw new SystemError(ErrorUtils.NO_BRAND_FOUND);
+		return iteratorCustTasks(custId, new ICallable<CustData<Stock>, Vendor>() {
+
+			@Override
+			public CustData<Stock> call(Vendor cust) throws Exception {
+				return new CustData<Stock>(cust, custDataService.findProductStockInfo(cust.getMyEnUU(), brands));
+			}
+
+		});
+	}
+
+	/**
+	 * 遍历客户资料，并异步执行取数据操作
+	 * 
+	 * @param custId
+	 * @param callable
+	 */
+	private <T> List<T> iteratorCustTasks(Long custId, ICallable<T, Vendor> callable) {
+		List<Vendor> custs = null;
+		if (custId != null) {
+			custs = vendorService.findMyCustomerUsingErp(custId);
+			// 指定的企业ID错误，或该企业并非您的客户
+			if (CollectionUtils.isEmpty(custs))
+				throw new SystemError(ErrorUtils.EN_IS_NOT_YOUR_CUST);
+		} else
+			custs = vendorService.findMyCustomersUsingErp();
+		List<T> datas = new ArrayList<T>();
+		if (!CollectionUtils.isEmpty(custs)) {
+			// 定义一个缓冲的线程池
+			ExecutorService threadPool = Executors.newCachedThreadPool();
+			CompletionService<T> cs = new ExecutorCompletionService<T>(threadPool);
+			for (final Vendor cust : custs) {
+				cs.submit(new ICallableAdapter<T, Vendor>(callable, cust));
+			}
+			threadPool.shutdown();
+			int count = 0, len = custs.size();
+			while (count < len) {
+				// 非阻塞方式
+				Future<T> future = cs.poll();
+				if (future != null) {
+					try {
+						datas.add(future.get());
+					} catch (InterruptedException e) {
+						e.printStackTrace();
+					} catch (ExecutionException e) {
+						e.printStackTrace();
+					}
+					count++;
+				}
+				if (count < len)
+					try {
+						// 等待50毫秒再进入下一次查找
+						TimeUnit.MILLISECONDS.sleep(50);
+					} catch (InterruptedException e) {
+					}
+			}
+		}
+		return datas;
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/controller/OpenAccessTokenController.java

@@ -0,0 +1,75 @@
+package com.uas.platform.b2b.openapi.controller;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.uas.platform.b2b.model.AccessToken;
+import com.uas.platform.b2b.model.Enterprise;
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.openapi.support.ErrorUtils;
+import com.uas.platform.b2b.service.AccessTokenService;
+import com.uas.platform.b2b.service.EnterpriseService;
+import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.core.exception.SystemError;
+import com.uas.platform.core.util.AgentUtils;
+
+/**
+ * 第三方通过调用该接口获取token，在调用其他接口的时候，通过传入该token进行验证
+ * 
+ * <pre>
+ * 由于设置了token的有效时间，第三方需要每隔2小时重新获取一次
+ * </pre>
+ * 
+ * @author yingp
+ *
+ */
+@RestController
+@RequestMapping("/openapi/access_token")
+public class OpenAccessTokenController {
+
+	@Autowired
+	private EnterpriseService enterpriseService;
+
+	@Autowired
+	private AccessTokenService accessTokenService;
+
+	@Autowired
+	private UserService userService;
+
+	@RequestMapping
+	public ModelMap getAccessToken(HttpServletRequest request, @RequestParam(value = "id", required = true) Long id,
+			@RequestParam(value = "secret", required = true) String secret) {
+		ModelMap map = new ModelMap();
+		Enterprise enterprise = enterpriseService.findById(id);
+		if (enterprise == null)
+			throw new SystemError(ErrorUtils.EN_ID_NOT_FOUND);
+		if (enterprise.getAccessSecret() == null)
+			throw new SystemError(ErrorUtils.EN_IS_NOT_ALLOWED);
+		if (!secret.equals(enterprise.getAccessSecret()))
+			throw new SystemError(ErrorUtils.SECRET_IS_ERROR);
+		try {
+			// 将企业信息、企业管理员信息写入SystemSession
+			User user = userService.findUserByUserUU(enterprise.getEnAdminuu());
+			if (user != null) {
+				user.setEnterprise(enterprise);
+				user.setIp(AgentUtils.getIp(request));
+				SystemSession.setUser(user);
+			} else
+				throw new SystemError(ErrorUtils.EN_NOT_FOUND);
+			AccessToken token = accessTokenService.createNew(null, 7200);
+			map.put("access_token", token.getId());
+			map.put("time", token.getTime());
+			map.put("expires_in", token.getExpires_in());
+		} finally {
+			SystemSession.clear();
+		}
+		return map;
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/controller/readme.md

@@ -0,0 +1,4 @@
+	#
+	/openapi	针对未知第三方
+	
+	#除/openapi/access_token请求外，其余均需拦截验证access_token参数

src/main/java/com/uas/platform/b2b/openapi/model/CustData.java

@@ -0,0 +1,49 @@
+package com.uas.platform.b2b.openapi.model;
+
+import java.util.List;
+
+import com.uas.platform.b2b.model.Vendor;
+
+public class CustData<T extends Data> {
+
+	/**
+	 * 企业ID
+	 */
+	private long id;
+	/**
+	 * 企业名称
+	 */
+	private String name;
+	private List<T> datas;
+
+	public long getId() {
+		return id;
+	}
+
+	public void setId(long id) {
+		this.id = id;
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public void setName(String name) {
+		this.name = name;
+	}
+
+	public List<T> getDatas() {
+		return datas;
+	}
+
+	public void setDatas(List<T> datas) {
+		this.datas = datas;
+	}
+
+	public CustData(Vendor cust, List<T> datas) {
+		this.id = cust.getMyEnUU();
+		this.name = cust.getMyEnterprise().getEnName();
+		this.datas = datas;
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/model/Data.java

@@ -0,0 +1,67 @@
+package com.uas.platform.b2b.openapi.model;
+
+public abstract class Data {
+
+	/**
+	 * （在客户系统里面定义的）品牌
+	 */
+	private String brand;
+	/**
+	 * （在客户系统里面定义的）原厂型号
+	 */
+	private String code;
+	/**
+	 * （在客户系统里面定义的）物料描述
+	 */
+	private String title;
+	/**
+	 * （在客户系统里面定义的）物料规格
+	 */
+	private String spec;
+
+	/**
+	 * （在客户系统里面定义的）单位
+	 */
+	private String unit;
+
+	public String getBrand() {
+		return brand;
+	}
+
+	public void setBrand(String brand) {
+		this.brand = brand;
+	}
+
+	public String getCode() {
+		return code;
+	}
+
+	public void setCode(String code) {
+		this.code = code;
+	}
+
+	public String getTitle() {
+		return title;
+	}
+
+	public void setTitle(String title) {
+		this.title = title;
+	}
+
+	public String getSpec() {
+		return spec;
+	}
+
+	public void setSpec(String spec) {
+		this.spec = spec;
+	}
+
+	public String getUnit() {
+		return unit;
+	}
+
+	public void setUnit(String unit) {
+		this.unit = unit;
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/model/Forecast.java

@@ -0,0 +1,31 @@
+package com.uas.platform.b2b.openapi.model;
+
+import java.io.Serializable;
+
+/**
+ * 销售预测
+ * 
+ * @author yingp
+ *
+ */
+public class Forecast extends Data implements Serializable {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	/**
+	 * （在客户系统里面统计的实时）预测数
+	 */
+	private Double forecast;
+
+	public Double getForecast() {
+		return forecast;
+	}
+
+	public void setForecast(Double forecast) {
+		this.forecast = forecast;
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/model/IOItem.java

@@ -0,0 +1,20 @@
+package com.uas.platform.b2b.openapi.model;
+
+import java.io.Serializable;
+
+/**
+ * 出入库记录
+ * 
+ * @author yingp
+ *
+ */
+public class IOItem extends Data implements Serializable {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	
+
+}

src/main/java/com/uas/platform/b2b/openapi/model/SaleItem.java

@@ -0,0 +1,18 @@
+package com.uas.platform.b2b.openapi.model;
+
+import java.io.Serializable;
+
+/**
+ * 销售记录
+ * 
+ * @author yingp
+ *
+ */
+public class SaleItem extends Data implements Serializable {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+}

src/main/java/com/uas/platform/b2b/openapi/model/Stock.java

@@ -0,0 +1,31 @@
+package com.uas.platform.b2b.openapi.model;
+
+import java.io.Serializable;
+
+/**
+ * 物料库存信息
+ * 
+ * @author yingp
+ *
+ */
+public class Stock extends Data implements Serializable {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
+	/**
+	 * （在客户系统里面统计的实时）库存数
+	 */
+	private Double stock;
+
+	public Double getStock() {
+		return stock;
+	}
+
+	public void setStock(Double stock) {
+		this.stock = stock;
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/service/CustDataService.java

@@ -0,0 +1,20 @@
+package com.uas.platform.b2b.openapi.service;
+
+import java.util.List;
+
+import com.uas.platform.b2b.openapi.model.Stock;
+
+public interface CustDataService {
+
+	/**
+	 * 查找物料库存信息
+	 * 
+	 * @param custId
+	 *            客户企业ID
+	 * @param brands
+	 *            客户代理的品牌
+	 * @return
+	 */
+	List<Stock> findProductStockInfo(long custId, String brands);
+
+}

src/main/java/com/uas/platform/b2b/openapi/service/impl/UASCustDataService.java

@@ -0,0 +1,72 @@
+package com.uas.platform.b2b.openapi.service.impl;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
+
+import com.uas.platform.b2b.dao.CommonDao;
+import com.uas.platform.b2b.data.support.DS;
+import com.uas.platform.b2b.data.support.DSUtils;
+import com.uas.platform.b2b.data.support.SpObserver;
+import com.uas.platform.b2b.openapi.model.Stock;
+import com.uas.platform.b2b.openapi.service.CustDataService;
+
+/**
+ * 使用UAS系统的客户的数据
+ * 
+ * @author yingp
+ *
+ */
+@Service
+public class UASCustDataService implements CustDataService {
+
+	@Autowired
+	private CommonDao commonDao;
+
+	private static final String manageDataSource = "manageDataSource";
+
+	/**
+	 * 按UU查找客户账套的连接参数
+	 * 
+	 * @param uu
+	 * @return
+	 */
+	private DS getDSFromManage(long uu) {
+		String currDs = SpObserver.getSp();
+		try {
+			SpObserver.putSp(manageDataSource);
+			return commonDao
+					.queryBean(
+							"select uu as id,case when platform = 'SAAS' then '10.10.100.200' else db_host end as host,case when platform = 'SAAS' then 1521 else db_port end as port,db_user as username,db_pwd as password from masters where (platform = 'SAAS' or (platform = 'ERP' and install_type = 'uas1.0' and db_host is not null and db_port is not null and db_user is not null and db_pwd is not null)) and uu=?",
+							DS.class, uu);
+		} finally {
+			SpObserver.putSp(currDs);
+		}
+	}
+
+	@Override
+	public List<Stock> findProductStockInfo(long custId, String brands) {
+		DS ds = getDSFromManage(custId);
+		// 先校验是否可以连接
+		if (ds != null && DSUtils.isConnectable(commonDao.getJdbcTemplate(), ds)) {
+			String currDs = SpObserver.getSp();
+			try {
+				// 切换到客户账套
+				SpObserver.putSp(ds.getId());
+				// A,B,C格式的数据改为'A','B','C'格式
+				final String brandsWithFix = StringUtils.collectionToDelimitedString(Arrays.asList(brands.split(",")), ",", "'", "'");
+				return commonDao
+						.query("select pr_brand as brand,pr_orispeccode as code,pr_detail as title,pr_spec as spec,po_onhand as stock,pr_unit unit from productonhand left join product on po_prodcode=pr_code where po_onhand > 0 and pr_brand in ("
+								+ brandsWithFix + ")", Stock.class);
+			} finally {
+				SpObserver.putSp(currDs);
+			}
+		}
+		return new ArrayList<Stock>();
+	}
+
+}

src/main/java/com/uas/platform/b2b/openapi/support/ErrorUtils.java

@@ -0,0 +1,23 @@
+package com.uas.platform.b2b.openapi.support;
+
+import com.uas.platform.core.exception.Error;
+
+public class ErrorUtils {
+	
+	public static final Error EN_NOT_FOUND = new Error(40002, "没有找到企业");
+
+	public static final Error EN_ID_NOT_FOUND = new Error(40003, "没有找到企业ID");
+
+	public static final Error EN_IS_NOT_ALLOWED = new Error(40004, "接口未授权");
+
+	public static final Error SECRET_IS_ERROR = new Error(40005, "密钥错误");
+
+	public static final Error EN_IS_NOT_YOUR_CUST = new Error(40006, "指定的企业ID错误，或该企业并非您的客户");
+
+	public static final Error NO_BRAND_FOUND = new Error(40007, "没有定义主营品牌");
+
+	public static final Error NO_ACCESS_TOKEN_FOUND = new Error(40008, "请提供access_token");
+
+	public static final Error ACCESS_TOKEN_EXPIRES = new Error(40009, "access_token错误，或access_token已过期");
+
+}

src/main/java/com/uas/platform/b2b/openapi/support/ICallable.java

@@ -0,0 +1,15 @@
+package com.uas.platform.b2b.openapi.support;
+
+/**
+ * 能传入参数执行的callable
+ * 
+ * @author yingp
+ *
+ * @param <V>
+ * @param <T>
+ */
+public abstract interface ICallable<V, T> {
+
+	public abstract V call(T param) throws Exception;
+
+}

src/main/java/com/uas/platform/b2b/openapi/support/ICallableAdapter.java

@@ -0,0 +1,32 @@
+package com.uas.platform.b2b.openapi.support;
+
+import java.util.concurrent.Callable;
+
+/**
+ * 代理callable来执行
+ * 
+ * <pre>
+ * 涉及到一个callable对象调用不同参数循环执行的问题，不能直接在ICallable对象里面设置参数，需要代理执行
+ * </pre>
+ * 
+ * @author yingp
+ *
+ * @param <V>
+ * @param <T>
+ */
+public final class ICallableAdapter<V, T> implements Callable<V> {
+
+	private final ICallable<V, T> task;
+	private final T param;
+
+	public ICallableAdapter(ICallable<V, T> task, T param) {
+		this.task = task;
+		this.param = param;
+	}
+
+	@Override
+	public V call() throws Exception {
+		return task.call(param);
+	}
+
+}

src/main/java/com/uas/platform/b2b/redis/dao/impl/AccessTokenDaoImpl.java

@@ -28,7 +28,7 @@ public class AccessTokenDaoImpl implements AccessTokenDao {
 				byte[] key = redisTemplate.getStringSerializer().serialize("AccessToken.id." + token.getId());
 				byte[] value = redisTemplate.getStringSerializer().serialize(FlexJsonUtils.toJson(token));
 				connection.set(key, value);
-				connection.expire(key, AccessToken.expires_in);
+				connection.expire(key, token.getExpires_in());
 				return null;
 			}
 		});

src/main/java/com/uas/platform/b2b/service/AccessTokenService.java

@@ -12,6 +12,16 @@ public interface AccessTokenService {
 	 */
 	public AccessToken createNew(Object bindObject);
 
+	/**
+	 * 绑定任意对象
+	 * 
+	 * @param bindObject
+	 * @param expires_in
+	 *            有效时间（秒）
+	 * @return
+	 */
+	public AccessToken createNew(Object bindObject, int expires_in);
+
 	public AccessToken findOne(String id);
 
 	public void delete(String id);

src/main/java/com/uas/platform/b2b/service/MonthProdioService.java

@@ -3,13 +3,13 @@ package com.uas.platform.b2b.service;
 import com.alibaba.fastjson.JSONObject;
 
 public interface MonthProdioService {
-	
+
 	/**
 	 * @param month
 	 * @param brand
 	 * @param vendor
 	 * @return
 	 */
-	JSONObject getMonthProdio(Long month, String brand, String vendor,String date);
+	JSONObject getMonthProdio(Long month, String brand, String vendor, String date);
 
 }

src/main/java/com/uas/platform/b2b/service/VendorService.java

@@ -38,4 +38,20 @@ public interface VendorService {
 	 * @return
 	 */
 	public List<Vendor> findMyVendorsUsingErp();
+
+	/**
+	 * 查找使用了ERP系统的客户
+	 * 
+	 * @return
+	 */
+	public List<Vendor> findMyCustomersUsingErp();
+
+	/**
+	 * 查找使用了ERP系统的客户
+	 * 
+	 * @param custUU
+	 *            指定客户ID
+	 * @return
+	 */
+	public List<Vendor> findMyCustomerUsingErp(long custUU);
 }

src/main/java/com/uas/platform/b2b/service/impl/AccessTokenServiceImpl.java

@@ -21,6 +21,13 @@ public class AccessTokenServiceImpl implements AccessTokenService {
 		return token;
 	}
 
+	@Override
+	public AccessToken createNew(Object bindObject, int expires_in) {
+		AccessToken token = new AccessToken(SystemSession.getUser(), bindObject, expires_in);
+		accessTokenDao.save(token);
+		return token;
+	}
+
 	@Override
 	public AccessToken findOne(String id) {
 		return accessTokenDao.findOne(id);

src/main/java/com/uas/platform/b2b/service/impl/ErpProdIODetailServiceImpl.java

@@ -2,99 +2,97 @@ package com.uas.platform.b2b.service.impl;
 
 import java.util.Date;
 import java.util.List;
+
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.jdbc.core.BeanPropertyRowMapper;
-import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 
+import com.uas.platform.b2b.dao.CommonDao;
 import com.uas.platform.b2b.model.ErpProdIODetail;
 import com.uas.platform.b2b.service.ErpProdIODetailService;
 import com.uas.platform.b2b.support.SystemSession;
 
-
 @Service
-public class ErpProdIODetailServiceImpl implements ErpProdIODetailService{
+public class ErpProdIODetailServiceImpl implements ErpProdIODetailService {
 
 	@Autowired
-	private JdbcTemplate jdbcTemplate;
-	
-	public List<ErpProdIODetail> findAllApChecks(List<Long> filter){
+	private CommonDao commonDao;
+
+	public List<ErpProdIODetail> findAllApChecks(List<Long> filter) {
 		Long enUu = SystemSession.getUser().getEnterprise().getUu();
 		String sql = "select p.pi_inoutno inOutNo,p.pd_detno detno ,p.pi_class piClass, p.pd_ordercode orderCode, p.pd_orderdetno  orderDetno,"
 				+ " p.pd_prodcode prodCode, p.pr_title prodTitle,p.pd_qty  qty, p.pi_date piDate, p.pd_orderprice  orderPrice, p.pi_currency currency, p.pd_taxrate taxrate, p.pd_ycheckqty yCheckQty,"
 				+ " p.pd_thischeckqty thisCheckQty, p.custuu custUu, p.custname custName, p.enuu enUu, p.sourceid sourceId, p.pi_sourcetable sourceTable, p.pi_rate rate, p.pi_receivecode receiveCode,"
 				+ " p.pi_receivename receiveName from erp$prodiodetail p where enuu = ?";
-		Object[] args = new Object[] {enUu};
+		Object[] args = new Object[] { enUu };
 		if (!CollectionUtils.isEmpty(filter)) {
 			String[] str = new String[filter.size()];
 			Long[] lon = new Long[filter.size() + 1];
 			String s = "";
-			for (int i=0;i<filter.size();i++) {
-				if (i != filter.size()-1) {
-					str[i] ="?,";
+			for (int i = 0; i < filter.size(); i++) {
+				if (i != filter.size() - 1) {
+					str[i] = "?,";
 				} else {
 					str[i] = "?";
 				}
-				lon[i+1] = filter.get(i);
+				lon[i + 1] = filter.get(i);
 				s = s + str[i];
 			}
 			sql = sql + " and custUu in (" + s + ")";
 			lon[0] = enUu;
 			args = lon;
 		}
-		sql = sql +" order by pi_date desc";
-		List<ErpProdIODetail> erpProdIODetails = jdbcTemplate.query(sql,args, new BeanPropertyRowMapper<ErpProdIODetail>(ErpProdIODetail.class));
+		sql = sql + " order by pi_date desc";
+		List<ErpProdIODetail> erpProdIODetails = commonDao.query(sql, args, ErpProdIODetail.class);
 		return erpProdIODetails;
 	}
 
 	@Override
-	public List<ErpProdIODetail> findXlsApChecks(List<Long> filter,String keyword, Long fromDate, Long endDate) {
+	public List<ErpProdIODetail> findXlsApChecks(List<Long> filter, String keyword, Long fromDate, Long endDate) {
 		Long enUu = SystemSession.getUser().getEnterprise().getUu();
 		String sql = "select p.pi_inoutno inOutNo,p.pd_detno detno ,p.pi_class piClass, p.pd_ordercode orderCode, p.pd_orderdetno  orderDetno,"
 				+ " p.pd_prodcode prodCode, p.pr_title prodTitle,p.pd_qty qty, p.pi_date piDate, p.pd_orderprice  orderPrice, p.pi_currency currency, p.pd_taxrate taxrate, p.pd_ycheckqty yCheckQty,"
 				+ " p.pd_thischeckqty thisCheckQty, p.custuu custUu, p.custname custName, p.enuu enUu, p.sourceid sourceId, p.pi_sourcetable sourceTable, p.pi_rate rate, p.pi_receivecode receiveCode,"
 				+ " p.pi_receivename receiveName from erp$prodiodetail p where enuu = ?";
-		if(keyword != "") {
+		if (keyword != "") {
 			String[] strs = keyword.split("-");
-			if(strs.length == 1 ) {
-				sql = sql + " and custname = '" +	strs[0] +"'";
+			if (strs.length == 1) {
+				sql = sql + " and custname = '" + strs[0] + "'";
 			}
-			if(strs.length == 2 ) {
-				if(strs[0].length() != 0) {
-					sql = sql + " and custname = '" +	strs[0] +"'";
+			if (strs.length == 2) {
+				if (strs[0].length() != 0) {
+					sql = sql + " and custname = '" + strs[0] + "'";
 				}
-				sql = sql + " and pi_receivename = '" +	strs[1] +"'";
+				sql = sql + " and pi_receivename = '" + strs[1] + "'";
 			}
 		}
-		if(fromDate != null) {
+		if (fromDate != null) {
 			sql = sql + " and pi_date>" + "to_date('" + new java.sql.Date(new Date(fromDate).getTime()) + "','yyyy-mm-dd')";
 		}
-		if(endDate != null) {
+		if (endDate != null) {
 			sql = sql + " and pi_date<" + "to_date('" + new java.sql.Date(new Date(endDate).getTime()) + "','yyyy-mm-dd')";
 		}
 
-		Object[] args = new Object[] {enUu};
+		Object[] args = new Object[] { enUu };
 		if (!CollectionUtils.isEmpty(filter)) {
 			String[] str = new String[filter.size()];
 			Long[] lon = new Long[filter.size() + 1];
 			String s = "";
-			for (int i=0;i<filter.size();i++) {
-				if (i != filter.size()-1) {
-					str[i] ="?,";
+			for (int i = 0; i < filter.size(); i++) {
+				if (i != filter.size() - 1) {
+					str[i] = "?,";
 				} else {
 					str[i] = "?";
 				}
-				lon[i+1] = filter.get(i);
+				lon[i + 1] = filter.get(i);
 				s = s + str[i];
 			}
 			sql = sql + " and custUu in (" + s + ")";
 			lon[0] = enUu;
 			args = lon;
 		}
-		sql = sql +" order by pi_date desc";
-		List<ErpProdIODetail> erpProdIODetails = jdbcTemplate.query(sql,args, new BeanPropertyRowMapper<ErpProdIODetail>(ErpProdIODetail.class));
+		sql = sql + " order by pi_date desc";
+		List<ErpProdIODetail> erpProdIODetails = commonDao.query(sql, args, ErpProdIODetail.class);
 		return erpProdIODetails;
 	}
 }
-

src/main/java/com/uas/platform/b2b/service/impl/VendorsServiceImpl.java

@@ -107,4 +107,16 @@ public class VendorsServiceImpl implements VendorService {
 		return vendorDao.findByMyEnUUAndVendPlatform(SystemSession.getUser().getEnterprise().getUu(), Constant.YES, Constant.YES);
 	}
 
+	@Override
+	public List<Vendor> findMyCustomersUsingErp() {
+		// UAS系统或SAAS系统
+		return vendorDao.findCustByVendUUAndCustPlatform(SystemSession.getUser().getEnterprise().getUu(), Constant.YES, Constant.YES);
+	}
+
+	@Override
+	public List<Vendor> findMyCustomerUsingErp(long custUU) {
+		return vendorDao.findByCustAndVendAndCustPlatform(custUU, SystemSession.getUser().getEnterprise().getUu(), Constant.YES,
+				Constant.YES);
+	}
+
 }

src/main/resources/spring/security.xml

@@ -21,6 +21,8 @@
 	<http pattern="/erp/**" security="none" />
 	<!-- 对管理平台的接口(在其他拦截器处理) -->
 	<http pattern="/manage/**" security="none" />
+	<!-- 对第三方的开放接口(在其他拦截器处理) -->
+	<http pattern="/openapi/**" security="none" />
 	<!-- 客服中心 -->
 	<http pattern="/serve/**" security="none" />
 	<!-- 申请更换管理员密码-->

src/main/webapp/WEB-INF/spring/webmvc.xml

@@ -62,10 +62,16 @@
 			<mvc:mapping path="/manage/user"></mvc:mapping>
 			<bean class="com.uas.platform.b2b.filter.SignatureInterceptor"></bean>
 		</mvc:interceptor>
-		<!-- 针对具体用户，采用独立私钥签名、认证 -->
+		<!-- 针对具体UAS用户，采用独立私钥签名、认证 -->
 		<mvc:interceptor>
 			<mvc:mapping path="/erp/**"></mvc:mapping>
 			<bean class="com.uas.platform.b2b.filter.AccessSignatureInterceptor"></bean>
 		</mvc:interceptor>
+		<!-- 针对开放接口第三方，采用access_token认证 -->
+		<mvc:interceptor>
+			<mvc:mapping path="/openapi/**"></mvc:mapping>
+			<mvc:exclude-mapping path="/openapi/access_token" />
+			<bean class="com.uas.platform.b2b.filter.AccessTokenInterceptor"></bean>
+		</mvc:interceptor>
 	</mvc:interceptors>
 </beans>

src/main/webapp/resources/js/index/app.js

@@ -3941,9 +3941,6 @@ app.controller('SaleSendCtrl', ['$scope', '$filter', 'SaleSend', 'ngTableParams'
 				$scope.condition.dateTo = ($scope.sdateTo || 0);
 			}
 			$scope.condition.venduuorname = $scope.vuuorname;
-			$scope.keywordXls = angular.copy(($scope.condition.uuorname == null ? "" :  $scope.condition.uuorname) + "-" + ($scope.condition.venduuorname == null ? "" : $scope.condition.venduuorname));//保存当前取值的关键词
-			$scope.fromDateXls = angular.copy($scope.condition.dateFrom ? $scope.condition.dateFrom.getTime() : null);//保存当前取值的起始日期
-			$scope.endDateXls = angular.copy($scope.condition.dateTo ? $scope.condition.dateTo.getTime() : null);//保存当前取值的截止日期
 		}
 		
 		/**

src/main/webapp/resources/tpl/index/fa/apCheckList.html

@@ -117,7 +117,7 @@
 					</div>
 					<div class="col-xs-2" style="margin-top:4px">
 						<div class="pull-right">
-							<a href="sale/apCheck/xls?keyword={{keywordXls}}&fromDate={{fromDateXls}}&endDate={{endDateXls}}" target="_self" title="导出Excel表格">
+							<a href="sale/apCheck/xls" target="_self" title="导出Excel表格">
 							<i class="fa fa-file-excel-o fa-fw"></i>导出Excel</a>
 						</div>
 					</div>