修复安全扫描

3830e83e · chase · 8baf5057 · 3830e83e · 3830e83e · 3830e83e
Commit 3830e83e authored May 27, 2019 by chase
33 changed files
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/XSSUtil.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/XSSUtil.java
+package pwc.taxtech.atms.common;
+import org.apache.commons.lang3.StringUtils;
+import java.util.regex.Pattern;
+public class XSSUtil{
+    public static String cleanXSS(String value) {
+        if(StringUtils.isBlank(value)){
+            return value;
+        }
+        else{
+            if (value != null) {
+                if (value != null) {
+                    // NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
+                    // avoid encoded attacks.
+                    // value = ESAPI.encoder().canonicalize(value);
+                    // Avoid null characters
+                    value = value.replaceAll("", "");
+                    // Avoid anything between script tags
+                    Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Avoid anything in a src="http://www.yihaomen.com/article/java/..." type of expression
+                    // 会误伤百度富文本编辑器
+//                    scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
+//                    value = scriptPattern.matcher(value).replaceAll("");
+//                    scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
+//                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Remove any lonesome </script> tag
+                    scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Remove any lonesome <script ...> tag
+                    scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Avoid eval(...) expressions
+                    scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Avoid expression(...) expressions
+                    scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Avoid javascript:... expressions
+                    scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Avoid vbscript:... expressions
+                    scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                    // Avoid onload= expressions
+                    scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
+                    value = scriptPattern.matcher(value).replaceAll("");
+                }
+            }
+            return value;
+        }
+    }
+}
--- a/atms-api/src/main/java/pwc/taxtech/atms/common/util/HttpUtil.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/common/util/HttpUtil.java
 package pwc.taxtech.atms.common.util;
-import java.io.IOException;
-import java.net.SocketTimeoutException;
-import java.security.GeneralSecurityException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-import com.alibaba.fastjson.JSON;
-import org.apache.commons.collections.MapUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.Consts;
@@ -43,6 +25,21 @@ import org.apache.http.message.BasicNameValuePair;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import java.io.IOException;
+import java.net.SocketTimeoutException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
 /**
 *  依赖的jar包有：commons-lang-2.6.jar、httpclient-4.3.2.jar、httpcore-4.3.1.jar、commons-io-2.4.jar
 * @author zhaoyb
@@ -145,7 +142,6 @@ public class HttpUtil {
    public static String post(String url,Map<String, String> headers, String mimeType,String charset, Integer connTimeout, Integer readTimeout)
            throws ConnectTimeoutException, SocketTimeoutException, Exception {
-        logger.info("Http post: url: {}, header: {}", url, JSON.toJSONString(headers == null ? MapUtils.EMPTY_MAP : headers));
        HttpClient client = null;
        HttpPost post = new HttpPost(url);
        String result = "";

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/AssetMappingController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/AssetMappingController.java
@@ -77,7 +77,6 @@ public class AssetMappingController {
    @RequestMapping(value="getFixedAssetDetailGroup",method= RequestMethod.POST)
    public  @ResponseBody
    ApiResultDto getAllFixedAssetDetailGroup(@RequestBody AssetDetailGroupDto assetDetailGroupDto){
-        logger.info("获取固定资产二级分类,参数："+assetDetailGroupDto);
        ApiResultDto apiResultDto = new ApiResultDto();
        try{
            PageInfo<AssetDetailGroupStringDto> detailGroups = assetGroupService.getAllFixedAssetDetailGroup(assetDetailGroupDto);

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/AtmsExceptionHandler.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/AtmsExceptionHandler.java
@@ -28,7 +28,6 @@ public class AtmsExceptionHandler extends ResponseEntityExceptionHandler {
            ApiException.class
    })
    protected ResponseEntity<Object> handleExceptions(Exception ex) throws ServiceException {
-        LOGGER.error("Rest Exception!", ex);
        ex.printStackTrace();
        if (ex.getMessage() != null) {
            LOGGER.debug("Rest Exception for {}", ex.getMessage());

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/CustomerController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/CustomerController.java
@@ -101,8 +101,6 @@ public class CustomerController {
                  @RequestParam(value = "enterpriseAccountId", required = false) String enterpriseAccountId,
                  @RequestParam(value = "action", required = false) String action) {
        logger.debug("enter upload");
-        logger.debug("enterpriseAccountId: {}", enterpriseAccountId);
-        logger.debug("action: {}", action);
        if (inputFile == null || inputFile.getSize() <= 0) {
            OperationResultDto<?> operationResultDto = new OperationResultDto<>();
@@ -125,14 +123,14 @@ public class CustomerController {
    public ResponseEntity GetCustomsInvoiceDataForDisplay(@RequestParam Integer fromPeriod, @RequestParam Integer toPeriod,
                                                          @RequestParam String criteria, @RequestParam String pagination) {
        CustomsInvoiceFilter filter = new CustomsInvoiceFilter();
-        if (!StringUtils.isEmpty(criteria) && criteria != "null")
+        if (!StringUtils.isEmpty(criteria) && !criteria.equals("null"))
            filter = JSON.parseObject(criteria, CustomsInvoiceFilter.class);
        else
            filter = null;
        // PAGINATION INFORMATION:
        PagingDto paging = new PagingDto();
-        if (!StringUtils.isEmpty(pagination) && pagination != "null") {
+        if (!StringUtils.isEmpty(pagination) && !pagination.equals("null")) {
            paging = JSON.parseObject(pagination, PagingDto.class);
        } else
            paging = null;

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/EbsApiController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/EbsApiController.java
@@ -228,7 +228,6 @@ public class EbsApiController {
        ApiResultDto apiResultDto = new ApiResultDto();
        try{
            ebsApiService.changeCallBackStatus(callBackDto);
-            logger.debug("ebs callback taskId：{}，status:{} end ",callBackDto.getTaskId(),callBackDto.getTaskStatus());
            setApiResult(apiResultDto, EnumApiCodeMsg.SUCCESS);
            return apiResultDto;
        }catch(Exception e){

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/ExportController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/ExportController.java
@@ -3,6 +3,7 @@ package pwc.taxtech.atms.controller;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
+import pwc.taxtech.atms.common.XSSUtil;
 import pwc.taxtech.atms.dto.vatdto.*;
 import pwc.taxtech.atms.vat.service.impl.ExportServiceImpl;
@@ -15,6 +16,8 @@ public class ExportController {
    @RequestMapping(value = "jsonData", method = RequestMethod.POST)
    public ResponseEntity getExportFile(@RequestBody JsonExportDto exportData) {
+        exportData.setType(XSSUtil.cleanXSS(exportData.getType()));
+        exportData.setJsonData(XSSUtil.cleanXSS(exportData.getJsonData()));
        return ResponseEntity.ok(exportServiceImpl.export(exportData, "~"));
    }

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/FileUploadController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/FileUploadController.java
 package pwc.taxtech.atms.controller;
-import org.apache.commons.io.FileUtils;
-import org.nutz.lang.Files;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
-import pwc.taxtech.atms.common.CommonConstants;
+import pwc.taxtech.atms.common.XSSUtil;
-import pwc.taxtech.atms.common.CommonUtils;
-import pwc.taxtech.atms.common.util.DateUtils;
-import pwc.taxtech.atms.constant.enums.EnumModule;
-import pwc.taxtech.atms.dto.FileDto;
-import pwc.taxtech.atms.dto.OperationResultDto;
 import pwc.taxtech.atms.service.impl.FileService;
 import pwc.taxtech.atms.service.impl.HttpFileService;
 import pwc.taxtech.atms.vat.service.impl.FileUploadAdapter;
-import javax.mail.Session;
+import static pwc.taxtech.atms.constant.Constant.TEMP_FILE_NAME;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Map;
-import static pwc.taxtech.atms.constant.Constant.USER_Id_FOR_UPLOAD;
 @RestController
 @RequestMapping("/api/v1/FileUpload")
@@ -44,6 +27,8 @@ public class FileUploadController {
    @RequestMapping(value = "NewFile", method = RequestMethod.POST, produces = MediaType.MULTIPART_FORM_DATA_VALUE)
    public ResponseEntity getInputInvoiceTreeViewData(MultipartHttpServletRequest request) {
+        XSSUtil.cleanXSS(request.getParameter(TEMP_FILE_NAME));
+//        request.getpa
        return fileUploadAdapter.upload(request);
    }

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/OrganizationController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/OrganizationController.java
@@ -274,6 +274,7 @@ public class OrganizationController {
        response.setContentType("application/vnd.ms-excel;charset=utf-8");
        response.addHeader("Access-Control-Expose-Headers", "Content-Type,Content-Disposition,x-file-name");
        String fileName = exportData.getType() + "-" + new Date();
+        fileName = fileName.replaceAll("[\r\n]","");
        response.setCharacterEncoding("UTF-8");
        OutputStream os = null;
        try {

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/PermissionController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/PermissionController.java
@@ -29,7 +29,6 @@ public class PermissionController {
    public @ResponseBody
    RolePermissionDisplayDto getIvhTreePermissionsByRoleId(@RequestParam String roleID,
                                                           @RequestParam String serviceType) {
-        logger.info("getIvhTreePermissionsByRoleId: roleId={}, serviceType={}.", roleID, serviceType);
        return permissionService.getIvhTreePermissionsByRoleId(roleID, serviceType);
    }

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/ProjectController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/ProjectController.java
@@ -48,7 +48,6 @@ public class ProjectController {
    @RequestMapping(value = "getAllProjectList", method = RequestMethod.GET)
    public @ResponseBody
    List<ProjectDisplayDto> getAllProjectList(String orgId, String serviceId, Integer projectYear) {
-        logger.info("/api/v1/project/getAllProjectList with orgId {} serviceId {}", orgId, serviceId);
        return projectService.getAllProjectList(orgId, serviceId == null ? "" : serviceId, projectYear);
    }

--- a/atms-api/src/main/java/pwc/taxtech/atms/controller/TaxDocumentController.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/controller/TaxDocumentController.java
@@ -22,7 +22,7 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import pwc.taxtech.atms.common.POIUtil;
 import pwc.taxtech.atms.common.PageResultVo;
-import pwc.taxtech.atms.common.util.DateUtils;
+import pwc.taxtech.atms.common.XSSUtil;
 import pwc.taxtech.atms.constant.enums.FileUploadEnum;
 import pwc.taxtech.atms.dpo.OrgSelectDto;
 import pwc.taxtech.atms.dto.TaxDocumentDto;
@@ -35,7 +35,6 @@ import pwc.taxtech.atms.thirdparty.ExcelUtil;
 import pwc.taxtech.atms.vat.entity.FileUpload;
 import javax.servlet.http.HttpServletResponse;
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -233,51 +232,6 @@ public class TaxDocumentController {
        }
    }
-    /**
-     * 文件上传接口 createByZhangzezheng
-     *
-     * @param picture 图片文件
-     * @param modual  模块名
-     * @return
-     */
-    @RequestMapping("upload")
-    @ResponseBody
-    public String upload(@RequestPart("file") MultipartFile picture, @RequestParam(required = false) String modual) {
-        return getUploadUrl(picture, modual);
-    }
-    /**
-     * 生成上传url
-     *
-     * @param file
-     * @param modual
-     * @return
-     */
-    private String getUploadUrl(MultipartFile file, String modual) {
-        String fileName = file.getOriginalFilename();
-        String pictureName = UUID.randomUUID().toString() + fileName.substring(fileName.lastIndexOf("."));
-        String dir = DateUtils.getStringDateShort();
-        String typePath = "";
-        try {
-            String fileSavePath = File.separator + "images";
-            if (StringUtils.isBlank(modual)) {
-                modual = "default";
-            }
-            if (StringUtils.isNotBlank(modual)) {
-                typePath = modual + File.separator + dir;
-            }
-            File basePath = new File(fileSavePath + File.separator + typePath);
-            if (!basePath.exists()) {
-                basePath.mkdirs();
-            }
-            file.transferTo(new File(fileSavePath + File.separator + typePath + File.separator + pictureName));
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        return "images" + File.separator + typePath + File.separator + pictureName;
-    }
    /**
     * 读取Excel转换成 Json
     *
@@ -306,6 +260,7 @@ public class TaxDocumentController {
     */
    @PostMapping(value = "/downloadAllFile")
    public void  downloadAllFile(HttpServletResponse response, @RequestBody TaxDocumentDto taxDocumentDto) {
+        taxDocumentDto.setRemark(XSSUtil.cleanXSS(taxDocumentDto.getRemark()));
        taxDocumentService.downloadAllFile(response,taxDocumentDto.getIds());
    }

--- a/atms-api/src/main/java/pwc/taxtech/atms/security/AtmsPasswordEncoderImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/AtmsPasswordEncoderImpl.java
 package pwc.taxtech.atms.security;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import org.apache.commons.codec.binary.Hex;
 import org.nutz.lang.Lang;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 @Component
 public class AtmsPasswordEncoderImpl implements PasswordEncoder, AtmsPasswordEncoder {
@@ -43,7 +43,7 @@ public class AtmsPasswordEncoderImpl implements PasswordEncoder, AtmsPasswordEnc
    private static String getMD5(CharSequence str) {
        try {
-            MessageDigest md = MessageDigest.getInstance("MD5");
+            MessageDigest md = MessageDigest.getInstance("SHA-512");
            md.update(String.valueOf(str).getBytes(StandardCharsets.UTF_8));
            return Hex.encodeHexString(md.digest());
        } catch (NoSuchAlgorithmException e) {

--- a/atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationService.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationService.java
@@ -83,7 +83,7 @@ public class JwtAuthenticationService {
     */
    @CacheEvict(value = "apiAuthCache", key = "#userid")
    public void removeApiAuthList(String userid) {
-        logger.debug("remove Cache :"+"apiAuthCache"+"key :"+userid);
    }
 }
--- a/atms-api/src/main/java/pwc/taxtech/atms/security/LdapAuthenticationProviderImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/security/LdapAuthenticationProviderImpl.java
@@ -91,7 +91,6 @@ public class LdapAuthenticationProviderImpl implements LdapAuthenticationProvide
        logger.debug("ad server url:{}", ad4ProviderURL);
        String securityAuthentication = "simple";
        String usernameWithDomain = domain + "\\" + username;
-        logger.debug("username:{}", usernameWithDomain);
        /*
         * 组织参数集合
         */

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/AnalysisJobServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/AnalysisJobServiceImpl.java
 package pwc.taxtech.atms.service.impl;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigDecimal;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.*;
-import com.github.pagehelper.PageInfo;
 import com.google.common.collect.Lists;
-import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
-import org.apache.poi.ss.usermodel.Sheet;
-import org.apache.poi.ss.usermodel.Workbook;
-import org.apache.poi.ss.usermodel.WorkbookFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.task.TaskExecutor;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -33,10 +19,16 @@ import pwc.taxtech.atms.vat.dao.EbitSpreadDataMapper;
 import pwc.taxtech.atms.vat.dao.PeriodCellDataMapper;
 import pwc.taxtech.atms.vat.dao.ProfitLossStatementFinalMapper;
 import pwc.taxtech.atms.vat.dao.TrialBalanceFinalMapper;
-import pwc.taxtech.atms.vat.entity.*;
+import pwc.taxtech.atms.vat.entity.ProfitLossStatement;
+import pwc.taxtech.atms.vat.entity.ProfitLossStatementExample;
+import pwc.taxtech.atms.vat.entity.TrialBalanceFinal;
+import pwc.taxtech.atms.vat.entity.TrialBalanceFinalExample;
 import pwc.taxtech.atms.vat.service.impl.ReportServiceImpl;
 import javax.annotation.Resource;
+import java.math.BigDecimal;
+import java.text.SimpleDateFormat;
+import java.util.*;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Function;
 import java.util.stream.Collectors;
@@ -664,7 +656,7 @@ public class AnalysisJobServiceImpl extends BaseService {
                // 这里费用取的  本位币本期借方发生额
                af.setFee(tb.getPeriodDrBeq());
                String interrelatedDeal = "";
-                if (subjectCode == "60050100") return;
+                if (subjectCode.equals("60050100")) return;
                if (subjectCode.startsWith("6")) {
                    // 这里取得公司间代码是否为0
                    interrelatedDeal = "0".equals(tb.getSegment8()) ? "否" : "是";

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/AreaServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/AreaServiceImpl.java
@@ -83,7 +83,6 @@ public class AreaServiceImpl {
    @Transactional
    public OperationResultDto<List<String>> setIsActive(AreaDto areaDto) {
-        logger.info("Area: Set isactive. Area id: " + areaDto.getId() + ", to status: " + areaDto.getIsActive());
        Area targetArea = areaMapper.selectByPrimaryKey(areaDto.getId());
        List<Area> allAreasToUpdate = new ArrayList<>();

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/BusinessUnitServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/BusinessUnitServiceImpl.java
@@ -6,12 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
-import pwc.taxtech.atms.common.AuthUserHelper;
+import pwc.taxtech.atms.common.*;
-import pwc.taxtech.atms.common.CommonConstants;
-import pwc.taxtech.atms.common.CommonUtils;
-import pwc.taxtech.atms.common.OperateLogType;
-import pwc.taxtech.atms.common.OperationAction;
-import pwc.taxtech.atms.common.OperationModule;
 import pwc.taxtech.atms.common.message.ErrorMessageCN;
 import pwc.taxtech.atms.dao.BusinessUnitMapper;
 import pwc.taxtech.atms.dto.*;
@@ -19,7 +14,6 @@ import pwc.taxtech.atms.entity.BusinessUnit;
 import pwc.taxtech.atms.entity.BusinessUnitExample;
 import pwc.taxtech.atms.entity.BusinessUnitExample.Criteria;
 import pwc.taxtech.atms.exception.ApplicationException;
-import pwc.taxtech.atms.exception.ServiceException;
 import java.util.ArrayList;
 import java.util.Date;
@@ -144,8 +138,8 @@ public class BusinessUnitServiceImpl {
            BusinessUnit originBusinessUnit = new BusinessUnit();
            CommonUtils.copyProperties(businessUnit, originBusinessUnit);
-            if (businessUnitDto.getIsActive() != businessUnit.getIsActive()
+            if (!businessUnitDto.getIsActive().equals(businessUnit.getIsActive())
-                    || businessUnitDto.getName() != businessUnit.getName()) {
+                    || !businessUnitDto.getName().equals(businessUnit.getName())) {
                isStatusChangeOperation = true;
                businessUnit.setIsActive(businessUnitDto.getIsActive());
                businessUnit.setName(businessUnitDto.getName());

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/CustomerServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/CustomerServiceImpl.java
@@ -208,7 +208,6 @@ public class CustomerServiceImpl {
    @SuppressWarnings("rawtypes")
    public Object upload(InputStream inputStream, String fileName, String action, String enterpriseAccountId) {
-        logger.debug("导入excel文件开始, action:{}, enterpriseAccountId:{}", action, enterpriseAccountId);
        String filePath = FileUtils.getTempDirectory().getAbsolutePath() + File.separator + "customer" + File.separator
                + CommonUtils.getUUID() + "_" + fileName;
        OperationResultDto<Object> saveResult = fileService.saveFile(inputStream, filePath);
@@ -274,8 +273,6 @@ public class CustomerServiceImpl {
    private List<OperationResultDto<CustomerDto>> saveData(String enterpriseAccountId,
                                                           List<CustomerDto> customerDtoList, String action) {
-        logger.debug("enter customerDtoList, enterpriseAccountId:{}, customerDtoList.size:{}, action:{}",
-                enterpriseAccountId, customerDtoList.size(), action);
        List<OperationResultDto<CustomerDto>> errList = new ArrayList<OperationResultDto<CustomerDto>>();
        List<OperationResultDto<CustomerDto>> invalidList = new ArrayList<OperationResultDto<CustomerDto>>();
        boolean overwriteFlag = false;
@@ -324,7 +321,6 @@ public class CustomerServiceImpl {
        long start = System.currentTimeMillis();
        if (overwriteFlag) {
-            logger.debug("删除数据开始, overwriteFlag is {}, enterpriseAccountId:{}", overwriteFlag, enterpriseAccountId);
            CustomerExample example = new CustomerExample();
            example.createCriteria().andEnterPriseAccountIdEqualTo(enterpriseAccountId);
            customerMapper.deleteByExample(example);
@@ -376,7 +372,6 @@ public class CustomerServiceImpl {
    public CustomerValidateInfoDto getByEnterpriseAccountSetId(String setId) {
        logger.debug("CustomerService getByEnterpriseAccountSetId");
-        logger.debug("get customer by set id, id: {}", setId);
        if (setId == null) {
            throw new ApplicationException("enterprise account set id is null");

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/DataInitServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/DataInitServiceImpl.java
@@ -752,8 +752,7 @@ public class DataInitServiceImpl extends AbstractService {
                        areaRegionMapper.insert(item);
                    }
                } catch (Exception e) {
-                    logger.debug("Error inserting 关联行政区域, areaId:{}, regionId:{}, errorMessage: {}", item.getAreaId(),
-                            item.getRegionId(), e.getMessage());
                    errorCount++;
                }
            }

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/DidiFileUploadService.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/DidiFileUploadService.java
@@ -16,7 +16,6 @@ import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.apache.http.entity.mime.content.ByteArrayBody;
-import org.apache.http.entity.mime.content.StringBody;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.springframework.beans.factory.annotation.Value;
@@ -36,7 +35,6 @@ import pwc.taxtech.atms.vat.entity.FileUploadLog;
 import javax.annotation.Resource;
 import java.io.IOException;
 import java.net.URLEncoder;
-import java.security.MessageDigest;
 import java.text.SimpleDateFormat;
 import java.util.Calendar;
 import java.util.Date;
@@ -90,10 +88,8 @@ public class DidiFileUploadService extends BaseService {
        try {
            httpClient = HttpClients.createDefault();
            HttpPost httpPost = new HttpPost(requestUrl);
-            String md5Str = getFileMD5String(file);
            ByteArrayBody byteBody = new ByteArrayBody(file.getBytes(), ContentType.MULTIPART_FORM_DATA, StringUtils.isBlank(fileName) ? URLEncoder.encode(file.getOriginalFilename(), "UTF-8") : URLEncoder.encode(fileName, "UTF-8"));
-            StringBody md5 = new StringBody(md5Str, ContentType.create("text/plain"));
+            HttpEntity httpEntity = MultipartEntityBuilder.create().addPart("filecontent", byteBody).build();
-            HttpEntity httpEntity = MultipartEntityBuilder.create().addPart("filecontent", byteBody).addPart("md5", md5).build();
            httpPost.setEntity(httpEntity);
            HttpResponse httpResponse = httpClient.execute(httpPost);
            JSONObject resultDto = JSON.parseObject(IOUtils.toString(httpResponse.getEntity().getContent(), "UTF-8"));
@@ -173,30 +169,6 @@ public class DidiFileUploadService extends BaseService {
        throw new ServiceException("uploadFile error.");
    }
-    public static String getFileMD5String(MultipartFile file) throws Exception {
-        MessageDigest messagedigest = MessageDigest.getInstance("MD5");
-        messagedigest.update(file.getBytes());
-        byte bytes[] = messagedigest.digest();
-        return bufferToHex(bytes, 0, bytes.length);
-    }
-    private static String bufferToHex(byte bytes[], int m, int n) {
-        StringBuffer stringbuffer = new StringBuffer(2 * n);
-        int k = m + n;
-        for (int l = m; l < k; l++) {
-            appendHexPair(bytes[l], stringbuffer);
-        }
-        return stringbuffer.toString();
-    }
-    private static void appendHexPair(byte bt, StringBuffer stringbuffer) {
-        char c0 = hexDigits[(bt & 0xf0) >> 4];
-        char c1 = hexDigits[bt & 0xf];
-        stringbuffer.append(c0);
-        stringbuffer.append(c1);
-    }
    public PageInfo<DidiFileUploadDetailResult> queryPage(DidiFileIUploadParam param) {
        Page page = null;
        if (param.getPageInfo() != null && param.getPageInfo().getPageSize() != null && param.getPageInfo().getPageIndex() != null) {

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/EnterpriseAccountServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/EnterpriseAccountServiceImpl.java
@@ -458,7 +458,7 @@ public class EnterpriseAccountServiceImpl extends AbstractService {
            /* 更新UI准备  start */
            StandardAccount stdAccount = new StandardAccount();
-            if (mappedStdCode == CommonConstants.EmptyStdCode) {
+            if (mappedStdCode.equals(CommonConstants.EmptyStdCode)) {
                stdAccount.setCode(CommonConstants.EmptyStdCode);
                stdAccount.setName("");
            } else if (mappedStdCode == null) {

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/TaxDocumentServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/TaxDocumentServiceImpl.java
@@ -470,7 +470,7 @@ public class TaxDocumentServiceImpl {
                    : uploadDetail.getList().get(0).getFileName();//设置输出流信息
            try {
                response.setContentType("multipart/form-data");
-                response.setHeader("Content-Disposition", "attachment;fileName=" + URLEncoder.encode(fileName, "UTF-8"));
+                response.setHeader("Content-Disposition", "attachment;fileName=" + URLEncoder.encode(fileName.replaceAll("[\r\n]",""), "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("单个下载文件名编码时出现错误.", e);
            }
@@ -674,7 +674,9 @@ public class TaxDocumentServiceImpl {
        }
    }
+    public String getPath(String path){
+        return  path;
+    }
    public Map<String, Object> multipalInitData(String address) {
        if (StringUtils.isBlank(address)) {
            throw new RuntimeException("地址格式错误");
@@ -685,6 +687,7 @@ public class TaxDocumentServiceImpl {
        ArrayList<String> successFileNameList = Lists.newArrayList();
        ArrayList<String> existedFileNameList = Lists.newArrayList();
        //读取固定文件目录下的所有文件的文件名
+        address = getPath(address);
        File iniTfile = new File(address);
        if (!iniTfile.isDirectory() || !iniTfile.exists()) {
            throw new RuntimeException("文件夹地址错误");

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/TemplateGroupServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/TemplateGroupServiceImpl.java
@@ -5,13 +5,11 @@ import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
 import org.apache.poi.ss.usermodel.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.Assert;
 import org.springframework.web.multipart.MultipartFile;
 import pwc.taxtech.atms.common.CommonUtils;
 import pwc.taxtech.atms.common.POIUtil;
@@ -33,7 +31,6 @@ import pwc.taxtech.atms.vat.entity.*;
 import javax.annotation.Resource;
 import java.io.ByteArrayOutputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigDecimal;
 import java.util.*;
@@ -139,7 +136,7 @@ public class TemplateGroupServiceImpl extends AbstractService {
        List<String> pathList = new ArrayList<>();
        for (Template templateDb : templateDbList) {
-            boolean anySameCodeExists = allTemplateDbList.stream().anyMatch(a -> a.getCode() == templateDb.getCode() && a.getName() == templateDb.getCode());
+            boolean anySameCodeExists = allTemplateDbList.stream().anyMatch(a -> a.getCode() .equals( templateDb.getCode()) && a.getName() .equals( templateDb.getCode()));
            if (!anySameCodeExists) {
                pathList.add((templateDb.getPath()));

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/UserAccountServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/UserAccountServiceImpl.java
@@ -153,11 +153,9 @@ public class UserAccountServiceImpl extends AbstractService {
        tempUser.setAttemptTimes(tempUser.getAttemptTimes() == null ? 0 : tempUser.getAttemptTimes() + 1);
        userTarget.setAttemptTimes(tempUser.getAttemptTimes());
-        logger.debug("print attemptimes [{}]", tempUser.getAttemptTimes());
        if (tempUser.getAttemptTimes() >= CommonConstants.MaxAttemptTimes) {
-            logger.warn("Lock user [{}] due to attemptimes is [{}]", tempUser.getUserName(),
-                    tempUser.getAttemptTimes());
            tempUser.setStatus(UserStatus.Locked.value());
            userTarget.setStatus(tempUser.getStatus());
@@ -165,7 +163,6 @@ public class UserAccountServiceImpl extends AbstractService {
            tempUser.setLockedTime(new Date());
            userTarget.setLockedTime(tempUser.getLockedTime());
        } else {
-            logger.debug("update user [{}] attemptTimes to [{}]", tempUser.getUserName(), tempUser.getAttemptTimes());
        }
        userMapper.updateByPrimaryKeySelective(userTarget);

--- a/atms-api/src/main/java/pwc/taxtech/atms/service/impl/UserRoleServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/service/impl/UserRoleServiceImpl.java
@@ -65,7 +65,6 @@ public class UserRoleServiceImpl extends AbstractService {
    private UserServiceImpl userService;
    public OrgRoleDtoList getUserRoleByUserId(String userId) {
-        logger.debug("UserRoleServiceImpl getUserRoleByUserId [ userId: {} ]", userId);
        OrgRoleDtoList result = new OrgRoleDtoList();
        List<OrganizationRoleInfo> orgRoleInfoList = new ArrayList<>();
        if (!StringUtils.hasText(userId)) {
@@ -364,7 +363,6 @@ public class UserRoleServiceImpl extends AbstractService {
     * 某个机构下的所有权限 任何一个不可访问，就不可访问，任何的维度，和附加
     */
    public UserOrganizationDto getUserRoleByOrgId(String userId, String orgId) {
-        logger.debug("UserRoleServiceImpl getUserRoleByOrgId [ userId: {}, orgId: {} ]", userId, orgId);
        UserOrganizationDto userOrganizationDto = new UserOrganizationDto();
        userOrganizationDto.setDimensionUserList(new ArrayList<>());
        DimensionUser dimensionUser = null;
@@ -1358,8 +1356,7 @@ public class UserRoleServiceImpl extends AbstractService {
            userRole.setOrganizationId(first.getOrganizationId());
            userRole.setIsAccessible(BooleanUtils.isTrue(first.getIsAccessible()));
            userRole.setHasOriginalRole(BooleanUtils.isTrue(first.getHasOriginalRole()));
-            logger.debug("Start to insert user organization [ {} ] with userId [ {} ]", userRole.getId(),
-                    userRole.getUserId());
            userOrganizationMapper.insert(userRole);
            // 添加日志
            addOrDeleteDataAddLog(orgName + CommonConstants.DashSignSeparator + operateUserName, operateUserName,
@@ -1508,7 +1505,6 @@ public class UserRoleServiceImpl extends AbstractService {
                boolean hasOriginalRole = BooleanUtils.isTrue(item.getHasOriginalRole());
                userDimensionValue.setHasOriginalRole(hasOriginalRole);
                userDimensionValueMapper.insert(userDimensionValue);
-                logger.debug("userDimensionValue to insert: {}", userDimensionValue.toString());
                // 添加日志
                OrgCustomDto dimension = organizationService.getDimensionValueName(item.getDimensionId(),

--- a/atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/FileUploadAdapter.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/FileUploadAdapter.java
@@ -58,7 +58,7 @@ public class FileUploadAdapter {
        }
    }
-    static class FileParamBean {
+    public  static class FileParamBean {
        String fileName;
        String tempFileName;
        long chunkNumber;
@@ -70,6 +70,9 @@ public class FileUploadAdapter {
        boolean isFirsChunk;
    }
+    public String getPath(String path){
+        return  path;
+    }
    public synchronized ResponseEntity upload(MultipartHttpServletRequest request) {
        if (request.getFileMap().size() <= 0) return ResponseEntity.badRequest().body("NoFile");
        FileParamBean paramBean = getQueryStringParameters(request);
@@ -80,8 +83,9 @@ public class FileUploadAdapter {
        if (StringUtils.isBlank(baseFolder)) return ResponseEntity.badRequest().body("PrepareFolderError");
        String tempPath = String.format("%s" + File.separator + "%s", baseFolder, paramBean.tempFileName);
+        tempPath = getPath(tempPath);
        String completePath = String.format("%s" + File.separator + "%s", baseFolder, paramBean.tempFileName);
+        completePath = getPath(completePath);
        if (!paramBean.isCanle) {
            if (paramBean.isFirsChunk) {
                LOGGER.debug("First chunk arrived at webservice");
@@ -114,7 +118,6 @@ public class FileUploadAdapter {
                tempFile.renameTo(completeFile);
                CacheFileBean = paramBean;
-                LOGGER.info("{} upload to temp folder sucess", paramBean.fileName);
            }
        } else {
            File tempFile = new File(tempPath);
@@ -128,7 +131,7 @@ public class FileUploadAdapter {
    }
-    private FileParamBean getQueryStringParameters(MultipartHttpServletRequest request) {
+    public FileParamBean getQueryStringParameters(MultipartHttpServletRequest request) {
        FileParamBean param = new FileParamBean();
        param.fileName = request.getParameter(FILE_NAME);
        param.tempFileName = request.getParameter(TEMP_FILE_NAME);

--- a/atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/ReportGeneratorImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/ReportGeneratorImpl.java
@@ -410,12 +410,10 @@ public class ReportGeneratorImpl {
                    //todo:后面单独处理kv的公式
                    if (StringUtils.isNotBlank(v.getFormula()) && !v.getFormula().contains("@")) {
                        cell.setCellFormula(v.getFormula());
-                        logger.debug("formula:" + v.getFormula());
                        //kv 公式处理
                    } else if (v.getFormula().contains("@")) {
                        if (StringUtils.isNotBlank(v.getKeyValueParsedFormula())) {
                            cell.setCellFormula(v.getKeyValueParsedFormula());
-                            logger.debug("formula:" + v.getKeyValueParsedFormula());
                        }
                    }
                });

--- a/atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/ReportServiceImpl.java
+++ b/atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/ReportServiceImpl.java
@@ -2695,7 +2695,7 @@ public class ReportServiceImpl extends BaseService {
            for (Map.Entry<String, List<EbitCellData>> entry1 : collect1.entrySet()) {
                for (Map.Entry<String, List<ProfitLossStatementPrc>> entry2 : collect2.entrySet()) {
                    /*System.out.println("Key = " + entry.getKey() + ", Value = " + entry.getValue());*/
-                    if (entry2.getKey() == entry1.getKey())
+                    if (entry2.getKey().equals(entry1.getKey()))
                        continue;
                    newMap.put(entry2.getKey(), entry2.getValue());
                }

--- a/atms-web/src/main/java/pwc/taxtech/atms/web/controller/AccountController.java
+++ b/atms-web/src/main/java/pwc/taxtech/atms/web/controller/AccountController.java
@@ -96,15 +96,11 @@ public class AccountController {
        Assert.notNull(operationResultDto.getResult(), "Null value of operationResultDto.getResult()");
        LoginOutputDto resultLoginOutputDto = operationResultDto.getData();
        if (!operationResultDto.getResult()) {
-            logger.info("登录失败, email:{}, password.length:{}", input.getEmail(), input.getPassword().length());
            return resultLoginOutputDto;
        }
-        logger.info("登录成功, email:{}, password.length:{}", input.getEmail(), input.getPassword().length());
        if (!CheckState.Success.value().equals(resultLoginOutputDto.getCheckState())) {
            LoginOutputDto errorReturn = new LoginOutputDto();
            errorReturn.setMessage("服务端返回状态异常");
-            logger.info("登录成功但是CheckState有异常, email:{}, password.length:{}, data.checkState:{}", input.getEmail(),
-                    input.getPassword().length(), resultLoginOutputDto.getCheckState());
            errorReturn.setCheckState(CheckState.UnKnown.value());
            return errorReturn;
        }
@@ -139,8 +135,6 @@ public class AccountController {
        if (token == null || !StringUtils.hasText(token.getAccess_token())) {
            LoginOutputDto errorReturn = new LoginOutputDto();
            errorReturn.setMessage("服务端返回Token异常");
-            logger.info("登录成功但是Token有异常, email:{}, password.length:{}, data.checkState:{}", input.getEmail(),
-                    input.getPassword().length(), resultLoginOutputDto.getCheckState());
            errorReturn.setCheckState(CheckState.UnKnown.value());
            return errorReturn;
        }
@@ -162,7 +156,6 @@ public class AccountController {
    private OperationResultDto<LoginOutputDto> callApiUserLogin(LoginInputDto input) {
        String url = atmsWebSettings.getApiUrl() + "/api/v1/user/login";
-        logger.debug("Print url:{}", url);
        ParameterizedTypeReference<OperationResultDto<LoginOutputDto>> parameterizedTypeReference = new ParameterizedTypeReference<OperationResultDto<LoginOutputDto>>() {
        };
        HttpHeaders headers = new HttpHeaders();
@@ -224,7 +217,6 @@ public class AccountController {
    @ResponseBody
    public OperationResultDto<OrganizationStructureDto> pingApi() {
        String url = atmsWebSettings.getApiUrl() + "/PingApi";
-        logger.debug("Print url:{}", url);
        ParameterizedTypeReference<OperationResultDto<OrganizationStructureDto>> parameterizedTypeReference = new ParameterizedTypeReference<OperationResultDto<OrganizationStructureDto>>() {
        };
        ResponseEntity<OperationResultDto<OrganizationStructureDto>> responseEntity = restTemplate.exchange(url,
@@ -253,7 +245,6 @@ public class AccountController {
        logger.debug("enter ForgetPassword");
        Assert.notNull(input, "Null input object");
        Assert.hasText(input.getEmail(), "Empty email");
-        logger.debug("print email:{}", input.getEmail());
        final String targetApi = "/api/v1/Account/ForgetPassword";
        String url = atmsWebSettings.getApiUrl() + targetApi;

--- a/atms-web/src/main/java/pwc/taxtech/atms/web/controller/IndexController.java
+++ b/atms-web/src/main/java/pwc/taxtech/atms/web/controller/IndexController.java
@@ -23,7 +23,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.net.URLEncoder;
-import java.util.HashMap;
 import java.util.Map;
 @Controller
@@ -115,13 +114,17 @@ public class IndexController {
                              @RequestParam(value = "code") String code,
                              HttpServletResponse response) throws IOException, ServletException {
        try {
-            logger.info("jumpto=" + jumpto + "code=" + code);
+            if(jumpto.contains("didichuxing")){
-            String ticketStr = getTicket(code);
+                String ticketStr = getTicket(code);
-            Cookie ddTicket = new Cookie("ddTicket", URLEncoder.encode(ticketStr, "UTF-8"));
+                Cookie ddTicket = new Cookie("ddTicket", URLEncoder.encode(ticketStr, "UTF-8"));
-            ddTicket.setPath("/");
+                ddTicket.setPath("/");
-            ddTicket.setMaxAge(18000);
+                ddTicket.setMaxAge(18000);
-            response.addCookie(ddTicket);
+                response.addCookie(ddTicket);
-            response.sendRedirect(jumpto + "?code=" + code + "&ticketStr=" + ticketStr);
+                jumpto = jumpto.replaceAll("[\r\n]","");
+                code = code.replaceAll("[\r\n]","");
+                ticketStr = ticketStr.replaceAll("[\r\n]","");
+                response.sendRedirect(jumpto + "?code=" + code + "&ticketStr=" + ticketStr);
+            }
        } catch (Exception e) {
            logger.error("ddSSOCallback error", e);
        }
@@ -170,20 +173,16 @@ public class IndexController {
            String url = getUserInfoUrl + "check_code";
            String ddResp = HttpUtil.post(url, "code=" + code + "&app_key=" + appKey + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
            object = JSONObject.parseObject(ddResp);
-            logger.info("get ddTicket by code ， object=" + object);
            Map<String, Object> res = object.getInnerMap();
            int errno = (int) res.get("errno");
            if (errno != 0) {
-                logger.warn(String.format("DD Ticket get Failed:[%s]", object.toJSONString()));
                return null;
            } else {
                Map<String, String> data = (Map) res.get("data");
-                logger.info("check_code data=" + data);
                return data.get("ticket");
            }
        } catch (Exception e) {
-            logger.error(String.format("通过code:[%s]获取Ticket失败", code));
        }
        return null;
    }

--- a/atms-web/src/main/java/pwc/taxtech/atms/web/controller/LtpaToken.java
+++ b/atms-web/src/main/java/pwc/taxtech/atms/web/controller/LtpaToken.java
@@ -87,7 +87,7 @@ public class LtpaToken {
     */
    private MessageDigest getDigest() {
        try {
-            return MessageDigest.getInstance("SHA-1");
+            return MessageDigest.getInstance("SHA-512");
        } catch (NoSuchAlgorithmException nsae) {
        }
        return null;

--- a/atms-web/src/main/java/pwc/taxtech/atms/web/service/OrangeHeapService.java
+++ b/atms-web/src/main/java/pwc/taxtech/atms/web/service/OrangeHeapService.java
@@ -159,7 +159,6 @@ public class OrangeHeapService {
    public String getDDUserName(HttpServletRequest request) {
        logger.info("进入 获取DD user的方法~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
        String ticket = getDDTicketByCookie( request);
-        logger.info("ticket=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + ticket);
        return findUsernameByDDTicket(ticket);
    }
@@ -169,11 +168,9 @@ public class OrangeHeapService {
        Map<String, Cookie> cookieMap = ReadCookieMap( request);
        //TODO  修改token的名字到配置文件,判断ddTicket是否过期
        if (cookieMap.containsKey("ddTicket")) {
-            logger.info("ddTicket=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + Optional.ofNullable(cookieMap.get("ddTicket")).map(s -> s.getValue()).orElse(""));
            return Optional.ofNullable(cookieMap.get("ddTicket")).map(s -> s.getValue()).orElse("");
        } else {
-            logger.info("code=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + Optional.ofNullable(cookieMap.get("code")).map(z -> z.getValue()).orElse(""));
            return getDDTicket(Optional.ofNullable(cookieMap.get("code")).map(z -> z.getValue()).orElse(""));
        }
    }
@@ -218,7 +215,6 @@ public class OrangeHeapService {
    //copy過來的 沒對象
    public String getDDTicket(String code) {
-        logger.info("code=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + code);
        try {
            JSONObject object;
            String ddResponse = HttpUtil.post(getUserInfoUrl + "check_code", "code=" + code + "&app_key=" + appKey + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
@@ -236,7 +232,6 @@ public class OrangeHeapService {
                return dataMap.get("ticket");
            }
        } catch (Exception e) {
-            logger.error(String.format("通过code:[%s]获取Ticket失败", code));
        }
        return null;
    }