Skip to content

T
traffic-front
Commit 3830e83e authored by chase's avatar chase
Browse files
Options

修复安全扫描

parent 8baf5057
Hide whitespace changes
Inline Side-by-side
Showing with 131 additions and 214 deletions
atms-api/src/main/java/pwc/taxtech/atms/common/XSSUtil.java 0 → 100644
View file @ 3830e83e
package pwc.taxtech.atms.common;
import org.apache.commons.lang3.StringUtils;
import java.util.regex.Pattern;
public class XSSUtil{
public static String cleanXSS(String value) {
if(StringUtils.isBlank(value)){
return value;
}
else{
if (value != null) {
if (value != null) {
// NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
// avoid encoded attacks.
// value = ESAPI.encoder().canonicalize(value);
// Avoid null characters
value = value.replaceAll("", "");
// Avoid anything between script tags
Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
// Avoid anything in a src="http://www.yihaomen.com/article/java/..." type of e­xpression
// 会误伤百度富文本编辑器
// scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
// value = scriptPattern.matcher(value).replaceAll("");
// scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
// value = scriptPattern.matcher(value).replaceAll("");
// Remove any lonesome </script> tag
scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
// Remove any lonesome <script ...> tag
scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
// Avoid eval(...) e­xpressions
scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
// Avoid e­xpression(...) e­xpressions
scriptPattern = Pattern.compile("e­xpression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
// Avoid javascript:... e­xpressions
scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
// Avoid vbscript:... e­xpressions
scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE);
value = scriptPattern.matcher(value).replaceAll("");
// Avoid onload= e­xpressions
scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
value = scriptPattern.matcher(value).replaceAll("");
}
}
return value;
}
}
}
atms-api/src/main/java/pwc/taxtech/atms/common/util/HttpUtil.java
View file @ 3830e83e
package pwc.taxtech.atms.common.util;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import com.alibaba.fastjson.JSON;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Consts;
......@@ -43,6 +25,21 @@ import org.apache.http.message.BasicNameValuePair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
/**
* 依赖的jar包有:commons-lang-2.6.jar、httpclient-4.3.2.jar、httpcore-4.3.1.jar、commons-io-2.4.jar
* @author zhaoyb
......@@ -145,7 +142,6 @@ public class HttpUtil {
public static String post(String url,Map<String, String> headers, String mimeType,String charset, Integer connTimeout, Integer readTimeout)
throws ConnectTimeoutException, SocketTimeoutException, Exception {
logger.info("Http post: url: {}, header: {}", url, JSON.toJSONString(headers == null ? MapUtils.EMPTY_MAP : headers));
HttpClient client = null;
HttpPost post = new HttpPost(url);
String result = "";
......
atms-api/src/main/java/pwc/taxtech/atms/controller/AssetMappingController.java
View file @ 3830e83e
......@@ -77,7 +77,6 @@ public class AssetMappingController {
@RequestMapping(value="getFixedAssetDetailGroup",method= RequestMethod.POST)
public @ResponseBody
ApiResultDto getAllFixedAssetDetailGroup(@RequestBody AssetDetailGroupDto assetDetailGroupDto){
logger.info("获取固定资产二级分类,参数:"+assetDetailGroupDto);
ApiResultDto apiResultDto = new ApiResultDto();
try{
PageInfo<AssetDetailGroupStringDto> detailGroups = assetGroupService.getAllFixedAssetDetailGroup(assetDetailGroupDto);
......
atms-api/src/main/java/pwc/taxtech/atms/controller/AtmsExceptionHandler.java
View file @ 3830e83e
......@@ -28,7 +28,6 @@ public class AtmsExceptionHandler extends ResponseEntityExceptionHandler {
ApiException.class
})
protected ResponseEntity<Object> handleExceptions(Exception ex) throws ServiceException {
LOGGER.error("Rest Exception!", ex);
ex.printStackTrace();
if (ex.getMessage() != null) {
LOGGER.debug("Rest Exception for {}", ex.getMessage());
......
atms-api/src/main/java/pwc/taxtech/atms/controller/CustomerController.java
View file @ 3830e83e
......@@ -101,8 +101,6 @@ public class CustomerController {
@RequestParam(value = "enterpriseAccountId", required = false) String enterpriseAccountId,
@RequestParam(value = "action", required = false) String action) {
logger.debug("enter upload");
logger.debug("enterpriseAccountId: {}", enterpriseAccountId);
logger.debug("action: {}", action);
if (inputFile == null || inputFile.getSize() <= 0) {
OperationResultDto<?> operationResultDto = new OperationResultDto<>();
......@@ -125,14 +123,14 @@ public class CustomerController {
public ResponseEntity GetCustomsInvoiceDataForDisplay(@RequestParam Integer fromPeriod, @RequestParam Integer toPeriod,
@RequestParam String criteria, @RequestParam String pagination) {
CustomsInvoiceFilter filter = new CustomsInvoiceFilter();
if (!StringUtils.isEmpty(criteria) && criteria != "null")
if (!StringUtils.isEmpty(criteria) && !criteria.equals("null"))
filter = JSON.parseObject(criteria, CustomsInvoiceFilter.class);
else
filter = null;
// PAGINATION INFORMATION:
PagingDto paging = new PagingDto();
if (!StringUtils.isEmpty(pagination) && pagination != "null") {
if (!StringUtils.isEmpty(pagination) && !pagination.equals("null")) {
paging = JSON.parseObject(pagination, PagingDto.class);
} else
paging = null;
......
atms-api/src/main/java/pwc/taxtech/atms/controller/EbsApiController.java
View file @ 3830e83e
......@@ -228,7 +228,6 @@ public class EbsApiController {
ApiResultDto apiResultDto = new ApiResultDto();
try{
ebsApiService.changeCallBackStatus(callBackDto);
logger.debug("ebs callback taskId:{},status:{} end ",callBackDto.getTaskId(),callBackDto.getTaskStatus());
setApiResult(apiResultDto, EnumApiCodeMsg.SUCCESS);
return apiResultDto;
}catch(Exception e){
......
atms-api/src/main/java/pwc/taxtech/atms/controller/ExportController.java
View file @ 3830e83e
......@@ -3,6 +3,7 @@ package pwc.taxtech.atms.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import pwc.taxtech.atms.common.XSSUtil;
import pwc.taxtech.atms.dto.vatdto.*;
import pwc.taxtech.atms.vat.service.impl.ExportServiceImpl;
......@@ -15,6 +16,8 @@ public class ExportController {
@RequestMapping(value = "jsonData", method = RequestMethod.POST)
public ResponseEntity getExportFile(@RequestBody JsonExportDto exportData) {
exportData.setType(XSSUtil.cleanXSS(exportData.getType()));
exportData.setJsonData(XSSUtil.cleanXSS(exportData.getJsonData()));
return ResponseEntity.ok(exportServiceImpl.export(exportData, "~"));
}
......
atms-api/src/main/java/pwc/taxtech/atms/controller/FileUploadController.java
View file @ 3830e83e
package pwc.taxtech.atms.controller;
import org.apache.commons.io.FileUtils;
import org.nutz.lang.Files;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import pwc.taxtech.atms.common.CommonConstants;
import pwc.taxtech.atms.common.CommonUtils;
import pwc.taxtech.atms.common.util.DateUtils;
import pwc.taxtech.atms.constant.enums.EnumModule;
import pwc.taxtech.atms.dto.FileDto;
import pwc.taxtech.atms.dto.OperationResultDto;
import pwc.taxtech.atms.common.XSSUtil;
import pwc.taxtech.atms.service.impl.FileService;
import pwc.taxtech.atms.service.impl.HttpFileService;
import pwc.taxtech.atms.vat.service.impl.FileUploadAdapter;
import javax.mail.Session;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import static pwc.taxtech.atms.constant.Constant.USER_Id_FOR_UPLOAD;
import static pwc.taxtech.atms.constant.Constant.TEMP_FILE_NAME;
@RestController
@RequestMapping("/api/v1/FileUpload")
......@@ -44,6 +27,8 @@ public class FileUploadController {
@RequestMapping(value = "NewFile", method = RequestMethod.POST, produces = MediaType.MULTIPART_FORM_DATA_VALUE)
public ResponseEntity getInputInvoiceTreeViewData(MultipartHttpServletRequest request) {
XSSUtil.cleanXSS(request.getParameter(TEMP_FILE_NAME));
// request.getpa
return fileUploadAdapter.upload(request);
}
......
atms-api/src/main/java/pwc/taxtech/atms/controller/OrganizationController.java
View file @ 3830e83e
......@@ -274,6 +274,7 @@ public class OrganizationController {
response.setContentType("application/vnd.ms-excel;charset=utf-8");
response.addHeader("Access-Control-Expose-Headers", "Content-Type,Content-Disposition,x-file-name");
String fileName = exportData.getType() + "-" + new Date();
fileName = fileName.replaceAll("[\r\n]","");
response.setCharacterEncoding("UTF-8");
OutputStream os = null;
try {
......
atms-api/src/main/java/pwc/taxtech/atms/controller/PermissionController.java
View file @ 3830e83e
......@@ -29,7 +29,6 @@ public class PermissionController {
public @ResponseBody
RolePermissionDisplayDto getIvhTreePermissionsByRoleId(@RequestParam String roleID,
@RequestParam String serviceType) {
logger.info("getIvhTreePermissionsByRoleId: roleId={}, serviceType={}.", roleID, serviceType);
return permissionService.getIvhTreePermissionsByRoleId(roleID, serviceType);
}
......
atms-api/src/main/java/pwc/taxtech/atms/controller/ProjectController.java
View file @ 3830e83e
......@@ -48,7 +48,6 @@ public class ProjectController {
@RequestMapping(value = "getAllProjectList", method = RequestMethod.GET)
public @ResponseBody
List<ProjectDisplayDto> getAllProjectList(String orgId, String serviceId, Integer projectYear) {
logger.info("/api/v1/project/getAllProjectList with orgId {} serviceId {}", orgId, serviceId);
return projectService.getAllProjectList(orgId, serviceId == null ? "" : serviceId, projectYear);
}
......
atms-api/src/main/java/pwc/taxtech/atms/controller/TaxDocumentController.java
View file @ 3830e83e
......@@ -22,7 +22,7 @@ import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import pwc.taxtech.atms.common.POIUtil;
import pwc.taxtech.atms.common.PageResultVo;
import pwc.taxtech.atms.common.util.DateUtils;
import pwc.taxtech.atms.common.XSSUtil;
import pwc.taxtech.atms.constant.enums.FileUploadEnum;
import pwc.taxtech.atms.dpo.OrgSelectDto;
import pwc.taxtech.atms.dto.TaxDocumentDto;
......@@ -35,7 +35,6 @@ import pwc.taxtech.atms.thirdparty.ExcelUtil;
import pwc.taxtech.atms.vat.entity.FileUpload;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
......@@ -233,51 +232,6 @@ public class TaxDocumentController {
}
}
/**
* 文件上传接口 createByZhangzezheng
*
* @param picture 图片文件
* @param modual 模块名
* @return
*/
@RequestMapping("upload")
@ResponseBody
public String upload(@RequestPart("file") MultipartFile picture, @RequestParam(required = false) String modual) {
return getUploadUrl(picture, modual);
}
/**
* 生成上传url
*
* @param file
* @param modual
* @return
*/
private String getUploadUrl(MultipartFile file, String modual) {
String fileName = file.getOriginalFilename();
String pictureName = UUID.randomUUID().toString() + fileName.substring(fileName.lastIndexOf("."));
String dir = DateUtils.getStringDateShort();
String typePath = "";
try {
String fileSavePath = File.separator + "images";
if (StringUtils.isBlank(modual)) {
modual = "default";
}
if (StringUtils.isNotBlank(modual)) {
typePath = modual + File.separator + dir;
}
File basePath = new File(fileSavePath + File.separator + typePath);
if (!basePath.exists()) {
basePath.mkdirs();
}
file.transferTo(new File(fileSavePath + File.separator + typePath + File.separator + pictureName));
} catch (Exception e) {
e.printStackTrace();
}
return "images" + File.separator + typePath + File.separator + pictureName;
}
/**
* 读取Excel转换成 Json
*
......@@ -306,6 +260,7 @@ public class TaxDocumentController {
*/
@PostMapping(value = "/downloadAllFile")
public void downloadAllFile(HttpServletResponse response, @RequestBody TaxDocumentDto taxDocumentDto) {
taxDocumentDto.setRemark(XSSUtil.cleanXSS(taxDocumentDto.getRemark()));
taxDocumentService.downloadAllFile(response,taxDocumentDto.getIds());
}
......
atms-api/src/main/java/pwc/taxtech/atms/security/AtmsPasswordEncoderImpl.java
View file @ 3830e83e
package pwc.taxtech.atms.security;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Hex;
import org.nutz.lang.Lang;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@Component
public class AtmsPasswordEncoderImpl implements PasswordEncoder, AtmsPasswordEncoder {
......@@ -43,7 +43,7 @@ public class AtmsPasswordEncoderImpl implements PasswordEncoder, AtmsPasswordEnc
private static String getMD5(CharSequence str) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
MessageDigest md = MessageDigest.getInstance("SHA-512");
md.update(String.valueOf(str).getBytes(StandardCharsets.UTF_8));
return Hex.encodeHexString(md.digest());
} catch (NoSuchAlgorithmException e) {
......
atms-api/src/main/java/pwc/taxtech/atms/security/JwtAuthenticationService.java
View file @ 3830e83e
......@@ -83,7 +83,7 @@ public class JwtAuthenticationService {
*/
@CacheEvict(value = "apiAuthCache", key = "#userid")
public void removeApiAuthList(String userid) {
logger.debug("remove Cache :"+"apiAuthCache"+"key :"+userid);
}
}
atms-api/src/main/java/pwc/taxtech/atms/security/LdapAuthenticationProviderImpl.java
View file @ 3830e83e
......@@ -91,7 +91,6 @@ public class LdapAuthenticationProviderImpl implements LdapAuthenticationProvide
logger.debug("ad server url:{}", ad4ProviderURL);
String securityAuthentication = "simple";
String usernameWithDomain = domain + "\\" + username;
logger.debug("username:{}", usernameWithDomain);
/*
* 组织参数集合
*/
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/AnalysisJobServiceImpl.java
View file @ 3830e83e
package pwc.taxtech.atms.service.impl;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigDecimal;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.*;
import com.github.pagehelper.PageInfo;
import com.google.common.collect.Lists;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook;
import org.apache.poi.ss.usermodel.WorkbookFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.task.TaskExecutor;
import org.springframework.jdbc.core.JdbcTemplate;
......@@ -33,10 +19,16 @@ import pwc.taxtech.atms.vat.dao.EbitSpreadDataMapper;
import pwc.taxtech.atms.vat.dao.PeriodCellDataMapper;
import pwc.taxtech.atms.vat.dao.ProfitLossStatementFinalMapper;
import pwc.taxtech.atms.vat.dao.TrialBalanceFinalMapper;
import pwc.taxtech.atms.vat.entity.*;
import pwc.taxtech.atms.vat.entity.ProfitLossStatement;
import pwc.taxtech.atms.vat.entity.ProfitLossStatementExample;
import pwc.taxtech.atms.vat.entity.TrialBalanceFinal;
import pwc.taxtech.atms.vat.entity.TrialBalanceFinalExample;
import pwc.taxtech.atms.vat.service.impl.ReportServiceImpl;
import javax.annotation.Resource;
import java.math.BigDecimal;
import java.text.SimpleDateFormat;
import java.util.*;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.stream.Collectors;
......@@ -664,7 +656,7 @@ public class AnalysisJobServiceImpl extends BaseService {
// 这里费用取的 本位币本期借方发生额
af.setFee(tb.getPeriodDrBeq());
String interrelatedDeal = "";
if (subjectCode == "60050100") return;
if (subjectCode.equals("60050100")) return;
if (subjectCode.startsWith("6")) {
// 这里取得公司间代码是否为0
interrelatedDeal = "0".equals(tb.getSegment8()) ? "否" : "是";
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/AreaServiceImpl.java
View file @ 3830e83e
......@@ -83,7 +83,6 @@ public class AreaServiceImpl {
@Transactional
public OperationResultDto<List<String>> setIsActive(AreaDto areaDto) {
logger.info("Area: Set isactive. Area id: " + areaDto.getId() + ", to status: " + areaDto.getIsActive());
Area targetArea = areaMapper.selectByPrimaryKey(areaDto.getId());
List<Area> allAreasToUpdate = new ArrayList<>();
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/BusinessUnitServiceImpl.java
View file @ 3830e83e
......@@ -6,12 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
import pwc.taxtech.atms.common.AuthUserHelper;
import pwc.taxtech.atms.common.CommonConstants;
import pwc.taxtech.atms.common.CommonUtils;
import pwc.taxtech.atms.common.OperateLogType;
import pwc.taxtech.atms.common.OperationAction;
import pwc.taxtech.atms.common.OperationModule;
import pwc.taxtech.atms.common.*;
import pwc.taxtech.atms.common.message.ErrorMessageCN;
import pwc.taxtech.atms.dao.BusinessUnitMapper;
import pwc.taxtech.atms.dto.*;
......@@ -19,7 +14,6 @@ import pwc.taxtech.atms.entity.BusinessUnit;
import pwc.taxtech.atms.entity.BusinessUnitExample;
import pwc.taxtech.atms.entity.BusinessUnitExample.Criteria;
import pwc.taxtech.atms.exception.ApplicationException;
import pwc.taxtech.atms.exception.ServiceException;
import java.util.ArrayList;
import java.util.Date;
......@@ -144,8 +138,8 @@ public class BusinessUnitServiceImpl {
BusinessUnit originBusinessUnit = new BusinessUnit();
CommonUtils.copyProperties(businessUnit, originBusinessUnit);
if (businessUnitDto.getIsActive() != businessUnit.getIsActive()
|| businessUnitDto.getName() != businessUnit.getName()) {
if (!businessUnitDto.getIsActive().equals(businessUnit.getIsActive())
|| !businessUnitDto.getName().equals(businessUnit.getName())) {
isStatusChangeOperation = true;
businessUnit.setIsActive(businessUnitDto.getIsActive());
businessUnit.setName(businessUnitDto.getName());
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/CustomerServiceImpl.java
View file @ 3830e83e
......@@ -208,7 +208,6 @@ public class CustomerServiceImpl {
@SuppressWarnings("rawtypes")
public Object upload(InputStream inputStream, String fileName, String action, String enterpriseAccountId) {
logger.debug("导入excel文件开始, action:{}, enterpriseAccountId:{}", action, enterpriseAccountId);
String filePath = FileUtils.getTempDirectory().getAbsolutePath() + File.separator + "customer" + File.separator
+ CommonUtils.getUUID() + "_" + fileName;
OperationResultDto<Object> saveResult = fileService.saveFile(inputStream, filePath);
......@@ -274,8 +273,6 @@ public class CustomerServiceImpl {
private List<OperationResultDto<CustomerDto>> saveData(String enterpriseAccountId,
List<CustomerDto> customerDtoList, String action) {
logger.debug("enter customerDtoList, enterpriseAccountId:{}, customerDtoList.size:{}, action:{}",
enterpriseAccountId, customerDtoList.size(), action);
List<OperationResultDto<CustomerDto>> errList = new ArrayList<OperationResultDto<CustomerDto>>();
List<OperationResultDto<CustomerDto>> invalidList = new ArrayList<OperationResultDto<CustomerDto>>();
boolean overwriteFlag = false;
......@@ -324,7 +321,6 @@ public class CustomerServiceImpl {
long start = System.currentTimeMillis();
if (overwriteFlag) {
logger.debug("删除数据开始, overwriteFlag is {}, enterpriseAccountId:{}", overwriteFlag, enterpriseAccountId);
CustomerExample example = new CustomerExample();
example.createCriteria().andEnterPriseAccountIdEqualTo(enterpriseAccountId);
customerMapper.deleteByExample(example);
......@@ -376,7 +372,6 @@ public class CustomerServiceImpl {
public CustomerValidateInfoDto getByEnterpriseAccountSetId(String setId) {
logger.debug("CustomerService getByEnterpriseAccountSetId");
logger.debug("get customer by set id, id: {}", setId);
if (setId == null) {
throw new ApplicationException("enterprise account set id is null");
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/DataInitServiceImpl.java
View file @ 3830e83e
......@@ -752,8 +752,7 @@ public class DataInitServiceImpl extends AbstractService {
areaRegionMapper.insert(item);
}
} catch (Exception e) {
logger.debug("Error inserting 关联行政区域, areaId:{}, regionId:{}, errorMessage: {}", item.getAreaId(),
item.getRegionId(), e.getMessage());
errorCount++;
}
}
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/DidiFileUploadService.java
View file @ 3830e83e
......@@ -16,7 +16,6 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.entity.mime.content.ByteArrayBody;
import org.apache.http.entity.mime.content.StringBody;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.springframework.beans.factory.annotation.Value;
......@@ -36,7 +35,6 @@ import pwc.taxtech.atms.vat.entity.FileUploadLog;
import javax.annotation.Resource;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
......@@ -90,10 +88,8 @@ public class DidiFileUploadService extends BaseService {
try {
httpClient = HttpClients.createDefault();
HttpPost httpPost = new HttpPost(requestUrl);
String md5Str = getFileMD5String(file);
ByteArrayBody byteBody = new ByteArrayBody(file.getBytes(), ContentType.MULTIPART_FORM_DATA, StringUtils.isBlank(fileName) ? URLEncoder.encode(file.getOriginalFilename(), "UTF-8") : URLEncoder.encode(fileName, "UTF-8"));
StringBody md5 = new StringBody(md5Str, ContentType.create("text/plain"));
HttpEntity httpEntity = MultipartEntityBuilder.create().addPart("filecontent", byteBody).addPart("md5", md5).build();
HttpEntity httpEntity = MultipartEntityBuilder.create().addPart("filecontent", byteBody).build();
httpPost.setEntity(httpEntity);
HttpResponse httpResponse = httpClient.execute(httpPost);
JSONObject resultDto = JSON.parseObject(IOUtils.toString(httpResponse.getEntity().getContent(), "UTF-8"));
......@@ -173,30 +169,6 @@ public class DidiFileUploadService extends BaseService {
throw new ServiceException("uploadFile error.");
}
public static String getFileMD5String(MultipartFile file) throws Exception {
MessageDigest messagedigest = MessageDigest.getInstance("MD5");
messagedigest.update(file.getBytes());
byte bytes[] = messagedigest.digest();
return bufferToHex(bytes, 0, bytes.length);
}
private static String bufferToHex(byte bytes[], int m, int n) {
StringBuffer stringbuffer = new StringBuffer(2 * n);
int k = m + n;
for (int l = m; l < k; l++) {
appendHexPair(bytes[l], stringbuffer);
}
return stringbuffer.toString();
}
private static void appendHexPair(byte bt, StringBuffer stringbuffer) {
char c0 = hexDigits[(bt & 0xf0) >> 4];
char c1 = hexDigits[bt & 0xf];
stringbuffer.append(c0);
stringbuffer.append(c1);
}
public PageInfo<DidiFileUploadDetailResult> queryPage(DidiFileIUploadParam param) {
Page page = null;
if (param.getPageInfo() != null && param.getPageInfo().getPageSize() != null && param.getPageInfo().getPageIndex() != null) {
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/EnterpriseAccountServiceImpl.java
View file @ 3830e83e
......@@ -458,7 +458,7 @@ public class EnterpriseAccountServiceImpl extends AbstractService {
/* 更新UI准备 start */
StandardAccount stdAccount = new StandardAccount();
if (mappedStdCode == CommonConstants.EmptyStdCode) {
if (mappedStdCode.equals(CommonConstants.EmptyStdCode)) {
stdAccount.setCode(CommonConstants.EmptyStdCode);
stdAccount.setName("");
} else if (mappedStdCode == null) {
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/TaxDocumentServiceImpl.java
View file @ 3830e83e
......@@ -470,7 +470,7 @@ public class TaxDocumentServiceImpl {
: uploadDetail.getList().get(0).getFileName();//设置输出流信息
try {
response.setContentType("multipart/form-data");
response.setHeader("Content-Disposition", "attachment;fileName=" + URLEncoder.encode(fileName, "UTF-8"));
response.setHeader("Content-Disposition", "attachment;fileName=" + URLEncoder.encode(fileName.replaceAll("[\r\n]",""), "UTF-8"));
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("单个下载文件名编码时出现错误.", e);
}
......@@ -674,7 +674,9 @@ public class TaxDocumentServiceImpl {
}
}
public String getPath(String path){
return path;
}
public Map<String, Object> multipalInitData(String address) {
if (StringUtils.isBlank(address)) {
throw new RuntimeException("地址格式错误");
......@@ -685,6 +687,7 @@ public class TaxDocumentServiceImpl {
ArrayList<String> successFileNameList = Lists.newArrayList();
ArrayList<String> existedFileNameList = Lists.newArrayList();
//读取固定文件目录下的所有文件的文件名
address = getPath(address);
File iniTfile = new File(address);
if (!iniTfile.isDirectory() || !iniTfile.exists()) {
throw new RuntimeException("文件夹地址错误");
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/TemplateGroupServiceImpl.java
View file @ 3830e83e
......@@ -5,13 +5,11 @@ import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.ss.usermodel.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.web.multipart.MultipartFile;
import pwc.taxtech.atms.common.CommonUtils;
import pwc.taxtech.atms.common.POIUtil;
......@@ -33,7 +31,6 @@ import pwc.taxtech.atms.vat.entity.*;
import javax.annotation.Resource;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigDecimal;
import java.util.*;
......@@ -139,7 +136,7 @@ public class TemplateGroupServiceImpl extends AbstractService {
List<String> pathList = new ArrayList<>();
for (Template templateDb : templateDbList) {
boolean anySameCodeExists = allTemplateDbList.stream().anyMatch(a -> a.getCode() == templateDb.getCode() && a.getName() == templateDb.getCode());
boolean anySameCodeExists = allTemplateDbList.stream().anyMatch(a -> a.getCode() .equals( templateDb.getCode()) && a.getName() .equals( templateDb.getCode()));
if (!anySameCodeExists) {
pathList.add((templateDb.getPath()));
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/UserAccountServiceImpl.java
View file @ 3830e83e
......@@ -153,11 +153,9 @@ public class UserAccountServiceImpl extends AbstractService {
tempUser.setAttemptTimes(tempUser.getAttemptTimes() == null ? 0 : tempUser.getAttemptTimes() + 1);
userTarget.setAttemptTimes(tempUser.getAttemptTimes());
logger.debug("print attemptimes [{}]", tempUser.getAttemptTimes());
if (tempUser.getAttemptTimes() >= CommonConstants.MaxAttemptTimes) {
logger.warn("Lock user [{}] due to attemptimes is [{}]", tempUser.getUserName(),
tempUser.getAttemptTimes());
tempUser.setStatus(UserStatus.Locked.value());
userTarget.setStatus(tempUser.getStatus());
......@@ -165,7 +163,6 @@ public class UserAccountServiceImpl extends AbstractService {
tempUser.setLockedTime(new Date());
userTarget.setLockedTime(tempUser.getLockedTime());
} else {
logger.debug("update user [{}] attemptTimes to [{}]", tempUser.getUserName(), tempUser.getAttemptTimes());
}
userMapper.updateByPrimaryKeySelective(userTarget);
......
atms-api/src/main/java/pwc/taxtech/atms/service/impl/UserRoleServiceImpl.java
View file @ 3830e83e
......@@ -65,7 +65,6 @@ public class UserRoleServiceImpl extends AbstractService {
private UserServiceImpl userService;
public OrgRoleDtoList getUserRoleByUserId(String userId) {
logger.debug("UserRoleServiceImpl getUserRoleByUserId [ userId: {} ]", userId);
OrgRoleDtoList result = new OrgRoleDtoList();
List<OrganizationRoleInfo> orgRoleInfoList = new ArrayList<>();
if (!StringUtils.hasText(userId)) {
......@@ -364,7 +363,6 @@ public class UserRoleServiceImpl extends AbstractService {
* 某个机构下的所有权限 任何一个不可访问,就不可访问,任何的维度,和附加
*/
public UserOrganizationDto getUserRoleByOrgId(String userId, String orgId) {
logger.debug("UserRoleServiceImpl getUserRoleByOrgId [ userId: {}, orgId: {} ]", userId, orgId);
UserOrganizationDto userOrganizationDto = new UserOrganizationDto();
userOrganizationDto.setDimensionUserList(new ArrayList<>());
DimensionUser dimensionUser = null;
......@@ -1358,8 +1356,7 @@ public class UserRoleServiceImpl extends AbstractService {
userRole.setOrganizationId(first.getOrganizationId());
userRole.setIsAccessible(BooleanUtils.isTrue(first.getIsAccessible()));
userRole.setHasOriginalRole(BooleanUtils.isTrue(first.getHasOriginalRole()));
logger.debug("Start to insert user organization [ {} ] with userId [ {} ]", userRole.getId(),
userRole.getUserId());
userOrganizationMapper.insert(userRole);
// 添加日志
addOrDeleteDataAddLog(orgName + CommonConstants.DashSignSeparator + operateUserName, operateUserName,
......@@ -1508,7 +1505,6 @@ public class UserRoleServiceImpl extends AbstractService {
boolean hasOriginalRole = BooleanUtils.isTrue(item.getHasOriginalRole());
userDimensionValue.setHasOriginalRole(hasOriginalRole);
userDimensionValueMapper.insert(userDimensionValue);
logger.debug("userDimensionValue to insert: {}", userDimensionValue.toString());
// 添加日志
OrgCustomDto dimension = organizationService.getDimensionValueName(item.getDimensionId(),
......
atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/FileUploadAdapter.java
View file @ 3830e83e
......@@ -58,7 +58,7 @@ public class FileUploadAdapter {
}
}
static class FileParamBean {
public static class FileParamBean {
String fileName;
String tempFileName;
long chunkNumber;
......@@ -70,6 +70,9 @@ public class FileUploadAdapter {
boolean isFirsChunk;
}
public String getPath(String path){
return path;
}
public synchronized ResponseEntity upload(MultipartHttpServletRequest request) {
if (request.getFileMap().size() <= 0) return ResponseEntity.badRequest().body("NoFile");
FileParamBean paramBean = getQueryStringParameters(request);
......@@ -80,8 +83,9 @@ public class FileUploadAdapter {
if (StringUtils.isBlank(baseFolder)) return ResponseEntity.badRequest().body("PrepareFolderError");
String tempPath = String.format("%s" + File.separator + "%s", baseFolder, paramBean.tempFileName);
tempPath = getPath(tempPath);
String completePath = String.format("%s" + File.separator + "%s", baseFolder, paramBean.tempFileName);
completePath = getPath(completePath);
if (!paramBean.isCanle) {
if (paramBean.isFirsChunk) {
LOGGER.debug("First chunk arrived at webservice");
......@@ -114,7 +118,6 @@ public class FileUploadAdapter {
tempFile.renameTo(completeFile);
CacheFileBean = paramBean;
LOGGER.info("{} upload to temp folder sucess", paramBean.fileName);
}
} else {
File tempFile = new File(tempPath);
......@@ -128,7 +131,7 @@ public class FileUploadAdapter {
}
private FileParamBean getQueryStringParameters(MultipartHttpServletRequest request) {
public FileParamBean getQueryStringParameters(MultipartHttpServletRequest request) {
FileParamBean param = new FileParamBean();
param.fileName = request.getParameter(FILE_NAME);
param.tempFileName = request.getParameter(TEMP_FILE_NAME);
......
atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/ReportGeneratorImpl.java
View file @ 3830e83e
......@@ -410,12 +410,10 @@ public class ReportGeneratorImpl {
//todo:后面单独处理kv的公式
if (StringUtils.isNotBlank(v.getFormula()) && !v.getFormula().contains("@")) {
cell.setCellFormula(v.getFormula());
logger.debug("formula:" + v.getFormula());
//kv 公式处理
} else if (v.getFormula().contains("@")) {
if (StringUtils.isNotBlank(v.getKeyValueParsedFormula())) {
cell.setCellFormula(v.getKeyValueParsedFormula());
logger.debug("formula:" + v.getKeyValueParsedFormula());
}
}
});
......
atms-api/src/main/java/pwc/taxtech/atms/vat/service/impl/ReportServiceImpl.java
View file @ 3830e83e
......@@ -2695,7 +2695,7 @@ public class ReportServiceImpl extends BaseService {
for (Map.Entry<String, List<EbitCellData>> entry1 : collect1.entrySet()) {
for (Map.Entry<String, List<ProfitLossStatementPrc>> entry2 : collect2.entrySet()) {
/*System.out.println("Key = " + entry.getKey() + ", Value = " + entry.getValue());*/
if (entry2.getKey() == entry1.getKey())
if (entry2.getKey().equals(entry1.getKey()))
continue;
newMap.put(entry2.getKey(), entry2.getValue());
}
......
atms-web/src/main/java/pwc/taxtech/atms/web/controller/AccountController.java
View file @ 3830e83e
......@@ -96,15 +96,11 @@ public class AccountController {
Assert.notNull(operationResultDto.getResult(), "Null value of operationResultDto.getResult()");
LoginOutputDto resultLoginOutputDto = operationResultDto.getData();
if (!operationResultDto.getResult()) {
logger.info("登录失败, email:{}, password.length:{}", input.getEmail(), input.getPassword().length());
return resultLoginOutputDto;
}
logger.info("登录成功, email:{}, password.length:{}", input.getEmail(), input.getPassword().length());
if (!CheckState.Success.value().equals(resultLoginOutputDto.getCheckState())) {
LoginOutputDto errorReturn = new LoginOutputDto();
errorReturn.setMessage("服务端返回状态异常");
logger.info("登录成功但是CheckState有异常, email:{}, password.length:{}, data.checkState:{}", input.getEmail(),
input.getPassword().length(), resultLoginOutputDto.getCheckState());
errorReturn.setCheckState(CheckState.UnKnown.value());
return errorReturn;
}
......@@ -139,8 +135,6 @@ public class AccountController {
if (token == null || !StringUtils.hasText(token.getAccess_token())) {
LoginOutputDto errorReturn = new LoginOutputDto();
errorReturn.setMessage("服务端返回Token异常");
logger.info("登录成功但是Token有异常, email:{}, password.length:{}, data.checkState:{}", input.getEmail(),
input.getPassword().length(), resultLoginOutputDto.getCheckState());
errorReturn.setCheckState(CheckState.UnKnown.value());
return errorReturn;
}
......@@ -162,7 +156,6 @@ public class AccountController {
private OperationResultDto<LoginOutputDto> callApiUserLogin(LoginInputDto input) {
String url = atmsWebSettings.getApiUrl() + "/api/v1/user/login";
logger.debug("Print url:{}", url);
ParameterizedTypeReference<OperationResultDto<LoginOutputDto>> parameterizedTypeReference = new ParameterizedTypeReference<OperationResultDto<LoginOutputDto>>() {
};
HttpHeaders headers = new HttpHeaders();
......@@ -224,7 +217,6 @@ public class AccountController {
@ResponseBody
public OperationResultDto<OrganizationStructureDto> pingApi() {
String url = atmsWebSettings.getApiUrl() + "/PingApi";
logger.debug("Print url:{}", url);
ParameterizedTypeReference<OperationResultDto<OrganizationStructureDto>> parameterizedTypeReference = new ParameterizedTypeReference<OperationResultDto<OrganizationStructureDto>>() {
};
ResponseEntity<OperationResultDto<OrganizationStructureDto>> responseEntity = restTemplate.exchange(url,
......@@ -253,7 +245,6 @@ public class AccountController {
logger.debug("enter ForgetPassword");
Assert.notNull(input, "Null input object");
Assert.hasText(input.getEmail(), "Empty email");
logger.debug("print email:{}", input.getEmail());
final String targetApi = "/api/v1/Account/ForgetPassword";
String url = atmsWebSettings.getApiUrl() + targetApi;
......
atms-web/src/main/java/pwc/taxtech/atms/web/controller/IndexController.java
View file @ 3830e83e
......@@ -23,7 +23,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
@Controller
......@@ -115,13 +114,17 @@ public class IndexController {
@RequestParam(value = "code") String code,
HttpServletResponse response) throws IOException, ServletException {
try {
logger.info("jumpto=" + jumpto + "code=" + code);
String ticketStr = getTicket(code);
Cookie ddTicket = new Cookie("ddTicket", URLEncoder.encode(ticketStr, "UTF-8"));
ddTicket.setPath("/");
ddTicket.setMaxAge(18000);
response.addCookie(ddTicket);
response.sendRedirect(jumpto + "?code=" + code + "&ticketStr=" + ticketStr);
if(jumpto.contains("didichuxing")){
String ticketStr = getTicket(code);
Cookie ddTicket = new Cookie("ddTicket", URLEncoder.encode(ticketStr, "UTF-8"));
ddTicket.setPath("/");
ddTicket.setMaxAge(18000);
response.addCookie(ddTicket);
jumpto = jumpto.replaceAll("[\r\n]","");
code = code.replaceAll("[\r\n]","");
ticketStr = ticketStr.replaceAll("[\r\n]","");
response.sendRedirect(jumpto + "?code=" + code + "&ticketStr=" + ticketStr);
}
} catch (Exception e) {
logger.error("ddSSOCallback error", e);
}
......@@ -170,20 +173,16 @@ public class IndexController {
String url = getUserInfoUrl + "check_code";
String ddResp = HttpUtil.post(url, "code=" + code + "&app_key=" + appKey + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
object = JSONObject.parseObject(ddResp);
logger.info("get ddTicket by code , object=" + object);
Map<String, Object> res = object.getInnerMap();
int errno = (int) res.get("errno");
if (errno != 0) {
logger.warn(String.format("DD Ticket get Failed:[%s]", object.toJSONString()));
return null;
} else {
Map<String, String> data = (Map) res.get("data");
logger.info("check_code data=" + data);
return data.get("ticket");
}
} catch (Exception e) {
logger.error(String.format("通过code:[%s]获取Ticket失败", code));
}
return null;
}
......
atms-web/src/main/java/pwc/taxtech/atms/web/controller/LtpaToken.java
View file @ 3830e83e
......@@ -87,7 +87,7 @@ public class LtpaToken {
*/
private MessageDigest getDigest() {
try {
return MessageDigest.getInstance("SHA-1");
return MessageDigest.getInstance("SHA-512");
} catch (NoSuchAlgorithmException nsae) {
}
return null;
......
atms-web/src/main/java/pwc/taxtech/atms/web/service/OrangeHeapService.java
View file @ 3830e83e
......@@ -159,7 +159,6 @@ public class OrangeHeapService {
public String getDDUserName(HttpServletRequest request) {
logger.info("进入 获取DD user的方法~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
String ticket = getDDTicketByCookie( request);
logger.info("ticket=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + ticket);
return findUsernameByDDTicket(ticket);
}
......@@ -169,11 +168,9 @@ public class OrangeHeapService {
Map<String, Cookie> cookieMap = ReadCookieMap( request);
//TODO 修改token的名字到配置文件,判断ddTicket是否过期
if (cookieMap.containsKey("ddTicket")) {
logger.info("ddTicket=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + Optional.ofNullable(cookieMap.get("ddTicket")).map(s -> s.getValue()).orElse(""));
return Optional.ofNullable(cookieMap.get("ddTicket")).map(s -> s.getValue()).orElse("");
} else {
logger.info("code=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + Optional.ofNullable(cookieMap.get("code")).map(z -> z.getValue()).orElse(""));
return getDDTicket(Optional.ofNullable(cookieMap.get("code")).map(z -> z.getValue()).orElse(""));
}
}
......@@ -218,7 +215,6 @@ public class OrangeHeapService {
//copy過來的 沒對象
public String getDDTicket(String code) {
logger.info("code=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + code);
try {
JSONObject object;
String ddResponse = HttpUtil.post(getUserInfoUrl + "check_code", "code=" + code + "&app_key=" + appKey + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
......@@ -236,7 +232,6 @@ public class OrangeHeapService {
return dataMap.get("ticket");
}
} catch (Exception e) {
logger.error(String.format("通过code:[%s]获取Ticket失败", code));
}
return null;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment