修改dsp接口，添加身份校验

src/main/java/com/cloudcross/ssp/base/service/IDspGenericService.java

@@ -32,13 +32,13 @@ public interface IDspGenericService<T> {
 	boolean update(List<T> list);
 	
 	/**
-	 * 根据条件查询数据库中所有符合的实体<code>T</code>对应记录并以列表返回。
+	 * 根据条件查询数据库中所有符合的实体
 	 * 
 	 * @param map
 	 *            查询条件（dspId 或 advertiserId）
 	 * @return 返回查询到记录列表
 	 */
-	List<T> getAll(Map<String,Object> map);
+	List<Map<String,Object>> getAll(Map<String,Object> map);
 
 	/**
 	 * 根据条件查询对应的实体信息。
@@ -47,6 +47,6 @@ public interface IDspGenericService<T> {
 	 *            查询条件
 	 * @return 返回查询到记录
 	 */
-	List<T> get(Map<String,Object> map);
+	List<Map<String,Object>> get(Map<String,Object> map);
 	
 }

src/main/java/com/cloudcross/ssp/common/consts/FieldValidate.java

@@ -15,6 +15,8 @@ public enum FieldValidate {
 	 **/
 	CHECK_DSPID_NOT_EMPTY(100, "dspid不能为空"),
 	
+	CHECK_TOKEN_NOT_EMPTY(100, "token不能为空"),
+	
 	CHECK_ADVERTISERID_NOT_EMPTY(101, "广告主id不能为空"),
 	
 	CHECK_BANNERID_NOT_EMPTY(102, "创意id不能为空"),

src/main/java/com/cloudcross/ssp/model/mapper/dspAdvertiser.sql.xml

@@ -64,12 +64,12 @@
     	</foreach>
 	</update>
 	
-	<select id="getAll" parameterType="java.util.Map" resultType="com.cloudcross.ssp.model.DspAdvertiser">
+	<select id="getAll" parameterType="java.util.Map" resultType="java.util.Map">
 		select <include refid="base_column"/> from t_dsp_advertiser
 		where dsp_id = #{dspId}
 	</select>
 	
-	<select id="get" parameterType="java.util.Map" resultType="com.cloudcross.ssp.model.DspAdvertiser">
+	<select id="get" parameterType="java.util.Map" resultType="java.util.Map">
 		select 
 		<include refid="base_column"/>
 		from t_dsp_advertiser where advertiser_id in

src/main/java/com/cloudcross/ssp/model/mapper/dspAgent.sql.xml

@@ -73,4 +73,8 @@
 		<select id="findAllAgent" resultType="com.cloudcross.ssp.model.DspAgent">
 		select <include refid="base_column"/> from t_dsp_agent
 	</select>
+	
+	<select id="checkIdentity" parameterType="java.util.Map" resultType="java.lang.Long">
+		select count(id) from t_dsp_agent where token = #{token} and id = #{dspId}
+	</select>
 </mapper>

src/main/java/com/cloudcross/ssp/model/mapper/dspBanner.sql.xml

@@ -36,7 +36,7 @@
     	</foreach>
 	</update>
 	
-	<select id="getAll" parameterType="java.util.Map" resultType="com.cloudcross.ssp.model.DspBanner">
+	<select id="getAll" parameterType="java.util.Map" resultType="java.util.Map">
 		select <include refid="base_column"/>
 		from t_dsp_banner where advertiser_id in
 		<foreach item="advertiserId" collection="advertiserIdList" open="(" separator="," close=")">
@@ -45,7 +45,7 @@
 		and dsp_id = #{dspId}
 	</select>
 	
-	<select id="get" parameterType="java.util.Map" resultType="com.cloudcross.ssp.model.DspBanner">
+	<select id="get" parameterType="java.util.Map" resultType="java.util.Map">
 		select 
 		<include refid="base_column"/>
 		from t_dsp_banner where id in

src/main/java/com/cloudcross/ssp/service/IDspAgentService.java

@@ -67,5 +67,15 @@ public interface IDspAgentService{
 	public Long selectMaxId(Map<String,Object> paramMap);
 	
 	//查找所有的dsp
-		public List<DspAgent> findAllAgent();
+	public List<DspAgent> findAllAgent();
+	
+	/**
+	 * 校验身份
+	 * 
+	 * @param paramMap
+	 * 				dspId和token
+	 * @return 下一个id的值
+	 */
+	public Long checkIdentity(Map<String,Object> paramMap);
+	
 }

src/main/java/com/cloudcross/ssp/service/impl/DspAdvertiserService.java

@@ -60,7 +60,7 @@ public class DspAdvertiserService implements IDspAdvertiserService{
 	 * @return 符合条件的列表记录
 	 */
 	@Override
-	public List<DspAdvertiser> getAll(Map<String, Object> map) {
+	public List<Map<String,Object>> getAll(Map<String, Object> map) {
 		return myBatisDao.getList("dspAdvertiserSqlMapper.getAll", map);
 	}
 
@@ -72,7 +72,7 @@ public class DspAdvertiserService implements IDspAdvertiserService{
 	 * @return 符合条件的列表记录
 	 */
 	@Override
-	public List<DspAdvertiser> get(Map<String, Object> map) {
+	public List<Map<String,Object>> get(Map<String, Object> map) {
 		return myBatisDao.getList("dspAdvertiserSqlMapper.get", map);
 	}
 

src/main/java/com/cloudcross/ssp/service/impl/DspAgentService.java

@@ -102,4 +102,17 @@ public class DspAgentService implements IDspAgentService{
 		
 		return myBatisDao.getList("dspAgentSqlMapper.findAllAgent");
 	}
+
+	/**
+	 * 校验身份
+	 * 
+	 * @param paramMap
+	 * 				dspId和token
+	 * @return 下一个id的值
+	 */
+	@Override
+	public Long checkIdentity(Map<String, Object> paramMap) {
+		// TODO Auto-generated method stub
+		return myBatisDao.get("dspAgentSqlMapper.checkIdentity",paramMap);
+	}
 }

src/main/java/com/cloudcross/ssp/service/impl/DspBannerService.java

@@ -64,7 +64,7 @@ public class DspBannerService implements IDspBannerService{
 	 * @return 符合条件的列表记录
 	 */
 	@Override
-	public List<DspBanner> getAll(Map<String, Object> map) {
+	public List<Map<String,Object>> getAll(Map<String, Object> map) {
 		return myBatisDao.getList("dspBannerSqlMapper.getAll", map);
 	}
 
@@ -76,7 +76,7 @@ public class DspBannerService implements IDspBannerService{
 	 * @return 符合条件的列表记录
 	 */
 	@Override
-	public List<DspBanner> get(Map<String, Object> map) {
+	public List<Map<String,Object>> get(Map<String, Object> map) {
 		return myBatisDao.getList("dspBannerSqlMapper.get", map);
 	}
 	

src/main/java/com/cloudcross/ssp/web/dsp/DspAdvertiserController.java

@@ -24,9 +24,11 @@ import com.cloudcross.ssp.common.utils.FieldInfo;
 import com.cloudcross.ssp.model.DspAdvertiser;
 import com.cloudcross.ssp.model.Log;
 import com.cloudcross.ssp.service.IDspAdvertiserService;
+import com.cloudcross.ssp.service.IDspAgentService;
 import com.cloudcross.ssp.service.ILogService;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * 
@@ -47,6 +49,9 @@ public class DspAdvertiserController extends SimpleController{
 	@Autowired
 	private IDspAdvertiserService dspAdvertiserService;
 	
+	@Autowired
+	private IDspAgentService dspAgentService;
+	
 	@Autowired
 	private ILogService logService;
 	
@@ -57,22 +62,28 @@ public class DspAdvertiserController extends SimpleController{
 	 */
 	@SuppressWarnings("unchecked")
 	@RequestMapping("/add")
-	public @ResponseBody List<Map<String,Object>> add(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
+	public @ResponseBody List<Map<String,Object>> add(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
 		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
-		List<DspAdvertiser> list = new ArrayList<DspAdvertiser>();
-		String dspAdvertiserList = (String) paramMap.get("request");
-		Map<String, FieldInfo> fieldInfoMap = DspAdvertiser.getFieldInfoForDspAdvertiser();
-		if(dspAdvertiserList != null && !"".equals(dspAdvertiserList)){
-			Map<String,Object> mapObj = this.getDspAdvertiserList(dspAdvertiserList, result, list, fieldInfoMap,"add");
-			list = (List<DspAdvertiser>) mapObj.get("list");
-			result = (List<Map<String,Object>>) mapObj.get("result");
-			if(!list.isEmpty()){
-				dspAdvertiserService.add(list);
-				/*** 新增日志 ***/
-				this.addLog(request, list, "add");
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			List<DspAdvertiser> list = new ArrayList<DspAdvertiser>();
+			String dspAdvertiserList = (String) paramMap.get("request");
+			Map<String, FieldInfo> fieldInfoMap = DspAdvertiser.getFieldInfoForDspAdvertiser();
+			if(dspAdvertiserList != null && !"".equals(dspAdvertiserList)){
+				Map<String,Object> mapObj = this.getDspAdvertiserList(dspAdvertiserList, result, list, fieldInfoMap,"add",
+						Long.valueOf(paramMap.get("dspId").toString()));
+				list = (List<DspAdvertiser>) mapObj.get("list");
+				result = (List<Map<String,Object>>) mapObj.get("result");
+				if(!list.isEmpty()){
+					dspAdvertiserService.add(list);
+					/*** 新增日志 ***/
+					this.addLog(request, list, "add");
+				}
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 			}
-		}else{
-			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 		}
 		return result;		
 	}
@@ -84,22 +95,28 @@ public class DspAdvertiserController extends SimpleController{
 	 */
 	@SuppressWarnings("unchecked")
 	@RequestMapping("/update")
-	public @ResponseBody List<Map<String,Object>> update(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
+	public @ResponseBody List<Map<String,Object>> update(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
 		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
-		List<DspAdvertiser> list = new ArrayList<DspAdvertiser>();
-		String dspAdvertiserList = (String) paramMap.get("request");
-		Map<String, FieldInfo> fieldInfoMap = DspAdvertiser.getFieldInfoForDspAdvertiser();
-		if(dspAdvertiserList != null && !"".equals(dspAdvertiserList)){
-			Map<String,Object> mapObj = this.getDspAdvertiserList(dspAdvertiserList, result, list, fieldInfoMap,"edit");
-			list = (List<DspAdvertiser>) mapObj.get("list");
-			result = (List<Map<String,Object>>) mapObj.get("result");
-			if(!list.isEmpty()){
-				dspAdvertiserService.update(list);
-				/*** 新增日志 ***/
-				this.addLog(request, list, "add");
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			List<DspAdvertiser> list = new ArrayList<DspAdvertiser>();
+			String dspAdvertiserList = (String) paramMap.get("request");
+			Map<String, FieldInfo> fieldInfoMap = DspAdvertiser.getFieldInfoForDspAdvertiser();
+			if(dspAdvertiserList != null && !"".equals(dspAdvertiserList)){
+				Map<String,Object> mapObj = this.getDspAdvertiserList(dspAdvertiserList, result, list, fieldInfoMap,"edit",
+						Long.valueOf(paramMap.get("dspId").toString()));
+				list = (List<DspAdvertiser>) mapObj.get("list");
+				result = (List<Map<String,Object>>) mapObj.get("result");
+				if(!list.isEmpty()){
+					dspAdvertiserService.update(list);
+					/*** 新增日志 ***/
+					this.addLog(request, list, "add");
+				}
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 			}
-		}else{
-			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 		}
 		return result;
 	}
@@ -110,9 +127,12 @@ public class DspAdvertiserController extends SimpleController{
 	 * @return
 	 */
 	@RequestMapping("/getAll")
-	public @ResponseBody List<DspAdvertiser> getAll(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
-		List<DspAdvertiser> result = new ArrayList<DspAdvertiser>();
-		if(paramMap.get("dspId") != null && !"".equals(paramMap.get("dspId"))){
+	public @ResponseBody List<Map<String,Object>> getAll(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
+		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
 			result = dspAdvertiserService.getAll(paramMap);
 		}
 		return result;		
@@ -126,17 +146,24 @@ public class DspAdvertiserController extends SimpleController{
 	 * @return
 	 */
 	@RequestMapping("/get")
-	public @ResponseBody List<DspAdvertiser> get(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
-		List<DspAdvertiser> result = new ArrayList<DspAdvertiser>();
-		if(paramMap.get("dspId") != null && !"".equals(paramMap.get("dspId")) &&
-				paramMap.get("advertiserIds") != null && !"".equals(paramMap.get("advertiserIds"))){
-			List<Long> list = new ArrayList<Long>();
-			String[] ids = paramMap.get("advertiserIds").toString().split(",");
-			for (int i = 0, l = ids.length; i < l; i++) {
-				list.add(Long.valueOf(ids[i]));
+	public @ResponseBody List<Map<String,Object>> get(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
+		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			if(paramMap.containsKey("advertiserIds") && paramMap.get("advertiserIds") != null 
+					&& !"".equals(paramMap.get("advertiserIds"))){
+				List<Long> list = new ArrayList<Long>();
+				String[] ids = paramMap.get("advertiserIds").toString().split(",");
+				for (int i = 0, l = ids.length; i < l; i++) {
+					list.add(Long.valueOf(ids[i]));
+				}
+				paramMap.put("advertiserIdList", list);
+				result = dspAdvertiserService.get(paramMap);
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_ADVERTISERID_NOT_EMPTY,false,null,0,"error"));
 			}
-			paramMap.put("advertiserIdList", list);
-			result = dspAdvertiserService.get(paramMap);
 		}
 		return result;		
 	}
@@ -149,26 +176,33 @@ public class DspAdvertiserController extends SimpleController{
 	 * @return
 	 */
 	@RequestMapping("/queryState")
-	public @ResponseBody List<Map<String,Object>> queryState(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
+	public @ResponseBody List<Map<String,Object>> queryState(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
 		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
-		if(paramMap.get("dspId") != null && !"".equals(paramMap.get("dspId")) &&
-				paramMap.get("advertiserIds") != null && !"".equals(paramMap.get("advertiserIds"))){
-			List<Long> list = new ArrayList<Long>();
-			String[] ids = paramMap.get("advertiserIds").toString().split(",");
-			for (int i = 0, l = ids.length; i < l; i++) {
-				list.add(Long.valueOf(ids[i]));
-			}
-			paramMap.put("advertiserIdList", list);
-			result = dspAdvertiserService.queryState(paramMap);
-			for (int i = 0, l = result.size(); i < l; i++) {
-				Map<String,Object> map = result.get(i);
-				if(Integer.parseInt(map.get("state").toString()) == 0){
-					map.put("stateValue", "通过");
-				}else if(Integer.parseInt(map.get("state").toString()) == 1){
-					map.put("stateValue", "待检查");
-				}else if(Integer.parseInt(map.get("state").toString()) == 2){
-					map.put("stateValue", "检查未通过");
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			if(paramMap.containsKey("advertiserIds") && paramMap.get("advertiserIds") != null 
+					&& !"".equals(paramMap.get("advertiserIds"))){
+				List<Long> list = new ArrayList<Long>();
+				String[] ids = paramMap.get("advertiserIds").toString().split(",");
+				for (int i = 0, l = ids.length; i < l; i++) {
+					list.add(Long.valueOf(ids[i]));
+				}
+				paramMap.put("advertiserIdList", list);
+				result = dspAdvertiserService.queryState(paramMap);
+				for (int i = 0, l = result.size(); i < l; i++) {
+					Map<String,Object> map = result.get(i);
+					if(Integer.parseInt(map.get("state").toString()) == 0){
+						map.put("stateValue", "通过");
+					}else if(Integer.parseInt(map.get("state").toString()) == 1){
+						map.put("stateValue", "待检查");
+					}else if(Integer.parseInt(map.get("state").toString()) == 2){
+						map.put("stateValue", "检查未通过");
+					}
 				}
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_ADVERTISERID_NOT_EMPTY,false,null,0,"error"));
 			}
 		}
 		return result;		
@@ -183,7 +217,7 @@ public class DspAdvertiserController extends SimpleController{
 	 * @return tab 标识：添加或编辑
 	 */
 	private Map<String,Object> getDspAdvertiserList(String dspAdvertiserList, List<Map<String,Object>> result,
-			List<DspAdvertiser> list, Map<String, FieldInfo> fieldInfoMap, String tab){
+			List<DspAdvertiser> list, Map<String, FieldInfo> fieldInfoMap, String tab,Long dspId){
 		Map<String,Object> mapObj = new HashMap<String,Object>();
 		try {
 			//解析JSONArray
@@ -191,10 +225,6 @@ public class DspAdvertiserController extends SimpleController{
 			for (int i = 0, l = jsonArray.size(); i < l; i++) {
 				boolean flag = false;
 				JSONObject obj = jsonArray.getJSONObject(i);
-				if(!obj.containsKey("dspId")){//没有dspId这下面的代码不需要执行
-					result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_DSPID_NOT_EMPTY,false,null,(i+1),"error"));
-					continue;
-				}
 				if(!obj.containsKey("advertiserId")){//没有advertiserId这下面的代码不需要执行
 					result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_ADVERTISERID_NOT_EMPTY,false,null,(i+1),"error"));
 					continue;
@@ -211,9 +241,10 @@ public class DspAdvertiserController extends SimpleController{
 	                	result.add(map);
 	                }
 	            }
+				obj.put("dspId", dspId);
 				if(!flag){
 					if("add".equals(tab)){
-						Long count = this.getDataMaxId(Long.valueOf(obj.get("dspId").toString()), Long.valueOf(obj.get("advertiserId").toString()));
+						Long count = this.getDataMaxId(dspId, Long.valueOf(obj.get("advertiserId").toString()));
 						if(count > 0){
                 			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_ADD_REPEAT,false,null,(i+1),"error"));
 						}else{
@@ -268,9 +299,9 @@ public class DspAdvertiserController extends SimpleController{
 			}
 			//下面这几个字段目前后端数据没有得到。所以仅作测试用！
 			log.setActionTime("100");
-			log.setAccountId(new Long(getLoginUser().getId()));
+			log.setAccountId(Long.valueOf(obj.get("dspId").toString()));
 			log.setUserIp(Common.toIpAddr(request));
-			log.setAccountName(getLoginUser().getAccountName());
+			log.setAccountName("dsp对接方");
 			logService.add(log);
 		}
 	}
@@ -326,4 +357,27 @@ public class DspAdvertiserController extends SimpleController{
 		}
 	}
 	
+	/**
+	 * 解决跨域问题,校验身份
+	 */
+	private List<Map<String,Object>> checkIdentityAndCros(HttpServletResponse response,
+			List<Map<String,Object>> result,Map<String,Object> paramMap){
+		response.reset();
+		response.addHeader("ACCESS_CONTROL_ALLOW_ORIGIN", "*");
+		response.addHeader("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
+		if(!paramMap.containsKey("dspId") || paramMap.get("dspId") == null || "".equals(paramMap.get("dspId"))){//没有dspId这下面的代码不需要执行
+			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_DSPID_NOT_EMPTY,false,null,0,"error"));
+			return result;
+		}
+		if(!paramMap.containsKey("token") || paramMap.get("token") == null || "".equals(paramMap.get("token"))){//没有dspId这下面的代码不需要执行
+			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_TOKEN_NOT_EMPTY,false,null,0,"error"));
+			return result;
+		}
+		Long count = dspAgentService.checkIdentity(paramMap);
+		if(count > 0 ){
+			return result;
+		}
+		result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_TOKEN_NOT_CONFORM,false,null,0,"error"));
+		return result;
+	}
 }

src/main/java/com/cloudcross/ssp/web/dsp/DspBannerController.java

@@ -23,10 +23,12 @@ import com.cloudcross.ssp.common.utils.Common;
 import com.cloudcross.ssp.common.utils.FieldInfo;
 import com.cloudcross.ssp.model.DspBanner;
 import com.cloudcross.ssp.model.Log;
+import com.cloudcross.ssp.service.IDspAgentService;
 import com.cloudcross.ssp.service.IDspBannerService;
 import com.cloudcross.ssp.service.ILogService;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 /**
  * 
@@ -47,6 +49,9 @@ public class DspBannerController extends SimpleController{
 	@Autowired
 	private IDspBannerService dspBannerService;
 	
+	@Autowired
+	private IDspAgentService dspAgentService;
+	
 	@Autowired
 	private ILogService logService;
 	
@@ -57,22 +62,28 @@ public class DspBannerController extends SimpleController{
 	 */
 	@SuppressWarnings("unchecked")
 	@RequestMapping("/add")
-	public @ResponseBody List<Map<String,Object>> add(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
+	public @ResponseBody List<Map<String,Object>> add(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
 		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
-		List<DspBanner> list = new ArrayList<DspBanner>();
-		String dspBannerList = (String) paramMap.get("request");
-		Map<String, FieldInfo> fieldInfoMap = DspBanner.getFieldInfoForDspBanner();
-		if(dspBannerList != null && !"".equals(dspBannerList)){
-			Map<String,Object> mapObj = this.getDspBannerList(dspBannerList, result, list, fieldInfoMap,"add");
-			list = (List<DspBanner>) mapObj.get("list");
-			result = (List<Map<String,Object>>) mapObj.get("result");
-			if(!list.isEmpty()){
-				dspBannerService.add(list);
-				/*** 新增日志 ***/
-				this.addLog(request, list, "add");
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			List<DspBanner> list = new ArrayList<DspBanner>();
+			String dspBannerList = (String) paramMap.get("request");
+			Map<String, FieldInfo> fieldInfoMap = DspBanner.getFieldInfoForDspBanner();
+			if(dspBannerList != null && !"".equals(dspBannerList)){
+				Map<String,Object> mapObj = this.getDspBannerList(dspBannerList, result, list, fieldInfoMap,"add",
+						Long.valueOf(paramMap.get("dspId").toString()));
+				list = (List<DspBanner>) mapObj.get("list");
+				result = (List<Map<String,Object>>) mapObj.get("result");
+				if(!list.isEmpty()){
+					dspBannerService.add(list);
+					/*** 新增日志 ***/
+					this.addLog(request, list, "add");
+				}
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 			}
-		}else{
-			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 		}
 		return result;		
 	}
@@ -84,22 +95,28 @@ public class DspBannerController extends SimpleController{
 	 */
 	@SuppressWarnings("unchecked")
 	@RequestMapping("/update")
-	public @ResponseBody List<Map<String,Object>> update(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
+	public @ResponseBody List<Map<String,Object>> update(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
 		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
-		List<DspBanner> list = new ArrayList<DspBanner>();
-		String dspBannerList = (String) paramMap.get("request");
-		Map<String, FieldInfo> fieldInfoMap = DspBanner.getFieldInfoForDspBanner();
-		if(dspBannerList != null && !"".equals(dspBannerList)){
-			Map<String,Object> mapObj = this.getDspBannerList(dspBannerList, result, list, fieldInfoMap,"edit");
-			list = (List<DspBanner>) mapObj.get("list");
-			result = (List<Map<String,Object>>) mapObj.get("result");
-			if(!list.isEmpty()){
-				dspBannerService.update(list);
-				/*** 新增日志 ***/
-				this.addLog(request, list, "add");
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			List<DspBanner> list = new ArrayList<DspBanner>();
+			String dspBannerList = (String) paramMap.get("request");
+			Map<String, FieldInfo> fieldInfoMap = DspBanner.getFieldInfoForDspBanner();
+			if(dspBannerList != null && !"".equals(dspBannerList)){
+				Map<String,Object> mapObj = this.getDspBannerList(dspBannerList, result, list, fieldInfoMap,"edit",
+						Long.valueOf(paramMap.get("dspId").toString()));
+				list = (List<DspBanner>) mapObj.get("list");
+				result = (List<Map<String,Object>>) mapObj.get("result");
+				if(!list.isEmpty()){
+					dspBannerService.update(list);
+					/*** 新增日志 ***/
+					this.addLog(request, list, "add");
+				}
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 			}
-		}else{
-			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_EMPTY,false,null,0,"error"));
 		}
 		return result;
 	}
@@ -110,17 +127,24 @@ public class DspBannerController extends SimpleController{
 	 * @return
 	 */
 	@RequestMapping("/getAll")
-	public @ResponseBody List<DspBanner> getAll(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
-		List<DspBanner> result = new ArrayList<DspBanner>();
-		if(paramMap.get("dspId") != null && !"".equals(paramMap.get("dspId")) &&
-				paramMap.get("advertiserIds") != null && !"".equals(paramMap.get("advertiserIds"))){
-			List<Long> list = new ArrayList<Long>();
-			String[] ids = paramMap.get("advertiserIds").toString().split(",");
-			for (int i = 0, l = ids.length; i < l; i++) {
-				list.add(Long.valueOf(ids[i]));
+	public @ResponseBody List<Map<String,Object>> getAll(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
+		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			if(paramMap.containsKey("advertiserIds") && paramMap.get("advertiserIds") != null 
+					&& !"".equals(paramMap.get("advertiserIds"))){
+				List<Long> list = new ArrayList<Long>();
+				String[] ids = paramMap.get("advertiserIds").toString().split(",");
+				for (int i = 0, l = ids.length; i < l; i++) {
+					list.add(Long.valueOf(ids[i]));
+				}
+				paramMap.put("advertiserIdList", list);
+				result = dspBannerService.getAll(paramMap);
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_ADVERTISERID_NOT_EMPTY,false,null,0,"error"));
 			}
-			paramMap.put("advertiserIdList", list);
-			result = dspBannerService.getAll(paramMap);
 		}
 		return result;		
 	}
@@ -133,16 +157,24 @@ public class DspBannerController extends SimpleController{
 	 * @return
 	 */
 	@RequestMapping("/get")
-	public @ResponseBody List<DspBanner> get(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
-		List<DspBanner> result = new ArrayList<DspBanner>();
-		if(paramMap.get("bannerIds") != null && !"".equals(paramMap.get("bannerIds"))){
-			List<Long> list = new ArrayList<Long>();
-			String[] ids = paramMap.get("bannerIds").toString().split(",");
-			for (int i = 0, l = ids.length; i < l; i++) {
-				list.add(Long.valueOf(ids[i]));
+	public @ResponseBody List<Map<String,Object>> get(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
+		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			if(paramMap.containsKey("bannerIds") && paramMap.get("bannerIds") != null 
+					&& !"".equals(paramMap.get("bannerIds"))){
+				List<Long> list = new ArrayList<Long>();
+				String[] ids = paramMap.get("bannerIds").toString().split(",");
+				for (int i = 0, l = ids.length; i < l; i++) {
+					list.add(Long.valueOf(ids[i]));
+				}
+				paramMap.put("bannerIdList", list);
+				result = dspBannerService.get(paramMap);
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_BANNERID_NOT_EMPTY,false,null,0,"error"));
 			}
-			paramMap.put("bannerIdList", list);
-			result = dspBannerService.get(paramMap);
 		}
 		return result;		
 	}
@@ -155,25 +187,33 @@ public class DspBannerController extends SimpleController{
 	 * @return
 	 */
 	@RequestMapping("/queryState")
-	public @ResponseBody List<Map<String,Object>> queryState(HttpServletRequest request,@RequestParam Map<String,Object> paramMap){
+	public @ResponseBody List<Map<String,Object>> queryState(HttpServletRequest request,
+			HttpServletResponse response,@RequestParam Map<String,Object> paramMap){
 		List<Map<String,Object>> result = new ArrayList<Map<String,Object>>();
-		if(paramMap.get("bannerIds") != null && !"".equals(paramMap.get("bannerIds"))){
-			List<Long> list = new ArrayList<Long>();
-			String[] ids = paramMap.get("bannerIds").toString().split(",");
-			for (int i = 0, l = ids.length; i < l; i++) {
-				list.add(Long.valueOf(ids[i]));
-			}
-			paramMap.put("bannerIdList", list);
-			result = dspBannerService.queryState(paramMap);
-			for (int i = 0, l = result.size(); i < l; i++) {
-				Map<String,Object> map = result.get(i);
-				if(Integer.parseInt(map.get("state").toString()) == 0){
-					map.put("stateValue", "通过");
-				}else if(Integer.parseInt(map.get("state").toString()) == 1){
-					map.put("stateValue", "待检查");
-				}else if(Integer.parseInt(map.get("state").toString()) == 2){
-					map.put("stateValue", "检查未通过");
+		/** 跨域问题 ,校验身份 **/
+		result = this.checkIdentityAndCros(response, result, paramMap);
+		if(result.isEmpty()){
+			if(paramMap.containsKey("bannerIds") && paramMap.get("bannerIds") != null 
+					&& !"".equals(paramMap.get("bannerIds"))){
+				List<Long> list = new ArrayList<Long>();
+				String[] ids = paramMap.get("bannerIds").toString().split(",");
+				for (int i = 0, l = ids.length; i < l; i++) {
+					list.add(Long.valueOf(ids[i]));
+				}
+				paramMap.put("bannerIdList", list);
+				result = dspBannerService.queryState(paramMap);
+				for (int i = 0, l = result.size(); i < l; i++) {
+					Map<String,Object> map = result.get(i);
+					if(Integer.parseInt(map.get("state").toString()) == 0){
+						map.put("stateValue", "通过");
+					}else if(Integer.parseInt(map.get("state").toString()) == 1){
+						map.put("stateValue", "待检查");
+					}else if(Integer.parseInt(map.get("state").toString()) == 2){
+						map.put("stateValue", "检查未通过");
+					}
 				}
+			}else{
+				result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_BANNERID_NOT_EMPTY,false,null,0,"error"));
 			}
 		}
 		return result;		
@@ -188,7 +228,7 @@ public class DspBannerController extends SimpleController{
 	 * @return tab 标识：添加或编辑
 	 */
 	private Map<String,Object> getDspBannerList(String dspBannerList, List<Map<String,Object>> result,
-			List<DspBanner> list, Map<String, FieldInfo> fieldInfoMap, String tab){
+			List<DspBanner> list, Map<String, FieldInfo> fieldInfoMap, String tab, Long dspId){
 		Map<String,Object> mapObj = new HashMap<String,Object>();
 		try {
 			//解析JSONArray
@@ -200,10 +240,6 @@ public class DspBannerController extends SimpleController{
 					result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_BANNERID_NOT_EMPTY,false,null,(i+1),"error"));
 					continue;
 				}
-				if(!obj.containsKey("dspId")){//没有dspId这下面的代码不需要执行
-					result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_DSPID_NOT_EMPTY,false,null,(i+1),"error"));
-					continue;
-				}
 				if(!obj.containsKey("advertiserId")){//没有advertiserId这下面的代码不需要执行
 					result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_ADVERTISERID_NOT_EMPTY,false,null,(i+1),"error"));
 					continue;
@@ -220,12 +256,13 @@ public class DspBannerController extends SimpleController{
 	                	result.add(map);
 	                }
 	            }
+				obj.put("dspId", dspId);
 				if(!flag){
 					Long bannerId = null;
 					if("edit".equals(tab)){
 						bannerId = Long.valueOf(obj.get("id").toString());
 					}
-					Long id = this.getDataMaxId(Long.valueOf(obj.get("dspId").toString()), Long.valueOf(obj.get("advertiserId").toString()), bannerId);
+					Long id = this.getDataMaxId(dspId, Long.valueOf(obj.get("advertiserId").toString()), bannerId);
                 	if(id != null && id != 0){
                 		if("add".equals(tab)){
                 			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_PARAMDATA_ADD_REPEAT,false,null,(i+1),"error"));
@@ -285,9 +322,9 @@ public class DspBannerController extends SimpleController{
 			}
 			//下面这几个字段目前后端数据没有得到。所以仅作测试用！
 			log.setActionTime("100");
-			log.setAccountId(new Long(getLoginUser().getId()));
+			log.setAccountId(Long.valueOf(obj.get("dspId").toString()));
 			log.setUserIp(Common.toIpAddr(request));
-			log.setAccountName(getLoginUser().getAccountName());
+			log.setAccountName("dsp对接方");
 			logService.add(log);
 		}
 	}
@@ -329,4 +366,27 @@ public class DspBannerController extends SimpleController{
 		}
 	}
 	
+	/**
+	 * 解决跨域问题,校验身份
+	 */
+	private List<Map<String,Object>> checkIdentityAndCros(HttpServletResponse response,
+			List<Map<String,Object>> result,Map<String,Object> paramMap){
+		response.reset();
+		response.addHeader("ACCESS_CONTROL_ALLOW_ORIGIN", "*");
+		response.addHeader("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
+		if(!paramMap.containsKey("dspId") || paramMap.get("dspId") == null || "".equals(paramMap.get("dspId"))){//没有dspId这下面的代码不需要执行
+			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_DSPID_NOT_EMPTY,false,null,0,"error"));
+			return result;
+		}
+		if(!paramMap.containsKey("token") || paramMap.get("token") == null || "".equals(paramMap.get("token"))){//没有dspId这下面的代码不需要执行
+			result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_TOKEN_NOT_EMPTY,false,null,0,"error"));
+			return result;
+		}
+		Long count = dspAgentService.checkIdentity(paramMap);
+		if(count > 0 ){
+			return result;
+		}
+		result.add(FieldInfo.getErrorMessage(FieldValidate.CHECK_TOKEN_NOT_CONFORM,false,null,0,"error"));
+		return result;
+	}
 }