git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@224 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/erp/controller/PurchaseController.java

@@ -41,6 +41,7 @@ public class PurchaseController {
 	@RequestMapping(method = RequestMethod.POST)
 	@ResponseBody
 	public String savePurchases(@RequestBody String json) {
+		System.out.println(json);
 		List<Purchase> purchases = FlexJsonUtils.fromJsonArray(json, Purchase.class);
 		purchaseOrderService.save(purchaseService.convertPurchase(purchases));
 		return Constant.SUCCESS;

src/main/java/com/uas/platform/b2b/erp/model/PurchaseReply.java

@@ -18,6 +18,7 @@ public class PurchaseReply {
 	private String pr_pucode;
 	private int pr_pddetno;
 	private Date pr_date;
+	private String pr_recorder;
 
 	public PurchaseReply() {
 	}
@@ -70,6 +71,14 @@ public class PurchaseReply {
 		this.pr_date = pr_date;
 	}
 
+	public String getPr_recorder() {
+		return pr_recorder;
+	}
+
+	public void setPr_recorder(String pr_recorder) {
+		this.pr_recorder = pr_recorder;
+	}
+
 	/**
 	 * 从平台的回复记录转到ERP的回复记录
 	 * 

src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

@@ -1,6 +1,7 @@
 package com.uas.platform.b2b.filter;
 
 import java.io.IOException;
+import java.util.ArrayList;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -10,13 +11,26 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.access.intercept.InterceptorStatusToken;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.util.StringUtils;
 
 import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.service.UserService;
 import com.uas.platform.b2b.support.SystemSession;
 
 /**
@@ -29,6 +43,13 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;
 
+	@Autowired
+	@Qualifier("org.springframework.security.authenticationManager")
+	protected AuthenticationManager authenticationManager;
+
+	@Autowired
+	private UserService userService;
+
 	/**
 	 * @param request
 	 * @param response
@@ -36,8 +57,8 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 	 * @throws IOException
 	 * @throws ServletException
 	 */
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
-			ServletException {
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+		autoLogin((HttpServletRequest) request);
 		logSession((HttpServletRequest) request);
 		FilterInvocation fi = new FilterInvocation(request, response, chain);
 		invoke(fi);
@@ -95,4 +116,42 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 			SystemSession.setUser((User) user);
 	}
 
+	static final String TEL_REGEXP = "^((\\(\\d{3}\\))|(\\d{3}\\-))?(13|15|18)\\d{9}$";
+
+	static final String UU_REGEXP = "^\\d{4,}$";
+
+	static final String ROLE_USER = "ROLE_USER";
+
+	/**
+	 * 自动登录
+	 */
+	private void autoLogin(HttpServletRequest request) {
+		String username = request.getParameter("b_username");
+		String password = request.getParameter("b_password");
+		if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
+			User user = null;
+			if (username.contains("@")) { // 邮箱登录
+				user = userService.findUserByUserEmail(username);
+			} else if (username.matches(TEL_REGEXP)) {// 手机号登录
+				user = userService.findUserByUserTel(username);
+			} else if (username.matches(UU_REGEXP)) {
+				user = userService.findUserByUserUU(Long.parseLong(username));
+			}
+			if (user != null) {
+				ArrayList<GrantedAuthority> array = new ArrayList<GrantedAuthority>();
+				array.add(new SimpleGrantedAuthority(ROLE_USER));
+				UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUserUU(), password, array);
+				try {
+					Authentication authenticatedUser = authenticationManager.authenticate(token);
+					SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
+					request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+							SecurityContextHolder.getContext());
+				} catch (AuthenticationException e) {
+					throw new UsernameNotFoundException("密码错误");
+				}
+			} else
+				throw new UsernameNotFoundException(username + "账号不存在");
+		}
+	}
+
 }

src/main/java/com/uas/platform/b2b/model/PurchaseOrderReply.java

@@ -75,6 +75,12 @@ public class PurchaseOrderReply implements Serializable {
 	@Column(name = "pr_status")
 	private Short status;
 
+	/**
+	 * 回复人
+	 */
+	@Column(name = "pr_recorder")
+	private String recorder;
+
 	public Long getId() {
 		return id;
 	}
@@ -131,4 +137,12 @@ public class PurchaseOrderReply implements Serializable {
 		this.status = status;
 	}
 
+	public String getRecorder() {
+		return recorder;
+	}
+
+	public void setRecorder(String recorder) {
+		this.recorder = recorder;
+	}
+
 }

src/main/java/com/uas/platform/b2b/service/impl/PurchaseOrderServiceImpl.java

@@ -75,6 +75,7 @@ public class PurchaseOrderServiceImpl implements PurchaseOrderService {
 		reply.setDate(new Date());
 		// 作为B2B->ERP数据是否已传输的标志
 		reply.setStatus((short) Status.NOT_UPLOAD.value());
+		reply.setRecorder(SystemSession.getUser().getUserName());
 		PurchaseOrderItem item = purchaseOrderItemDao.findOne(reply.getOrderItem().getId());
 		Double replyQty = item.getReplyQty();
 		replyQty = replyQty == null ? 0 : replyQty;

src/main/java/com/uas/platform/b2b/support/CustomAuthenticationFailureHandler.java

@@ -14,7 +14,6 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
 	@Override
 	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 			AuthenticationException exception) throws IOException, ServletException {
-
 		response.setHeader("Content-Type", "application/text;charset=UTF-8");
 		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 		PrintWriter printWriter = response.getWriter();

src/main/resources/spring/security.xml

@@ -52,7 +52,7 @@
 	</b:bean>
 
 	<!-- 鉴定管理类配置信息 -->
-	<authentication-manager alias="authenticationManager">
+	<authentication-manager alias="authenticationManager" erase-credentials="false">
 		<!-- 鉴定管理类 -->
 		<authentication-provider ref="daoAuthenticationProvider" />
 	</authentication-manager>