Index: ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/impl/cssdsyy/TokenAuthenticationDaoImpl.java
===================================================================
diff -u
--- ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/impl/cssdsyy/TokenAuthenticationDaoImpl.java	(revision 0)
+++ ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/impl/cssdsyy/TokenAuthenticationDaoImpl.java	(revision 41134)
@@ -0,0 +1,65 @@
+package com.forgon.disinfectsystem.security.dao.impl.cssdsyy;
+
+import net.sf.json.JSONObject;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import com.forgon.disinfectsystem.common.CssdUtils;
+import com.forgon.disinfectsystem.security.dao.TokenAuthenticationDao;
+import com.forgon.tools.Constants;
+
+/**
+ * 单点登录token验证接口的dao
+ * CSSDSYY-27
+ */
+public class TokenAuthenticationDaoImpl implements TokenAuthenticationDao {
+	
+	private static final Logger logger = Logger.getLogger(TokenAuthenticationDaoImpl.class);
+	
+	/**
+	 * 统一门户提供的接口地址
+	 */
+	public static final String XSO_AUTH_SERVICE_ADDRESS = "http://172.18.3.208:8862/hygeia-ips/api/sso/verify";
+
+	@Override
+	public String authentication(String accessToken) throws Exception {
+		if(StringUtils.isBlank(accessToken)){
+			throw new RuntimeException("登录令牌不能为空！");
+		}
+		logger.debug("统一门户接口地址：" + XSO_AUTH_SERVICE_ADDRESS);
+		logger.debug("门户单点登录令牌：" + accessToken);
+		return getUserNameByToken(accessToken);
+	}
+	
+	/**
+	 * 根据token获取用户名
+	 * @param accessToken
+	 * @return
+	 */
+	private String getUserNameByToken(String accessToken) {
+		if(accessToken == null){
+			return null;
+		}
+		//调用令牌验证接口，并返回用户名
+		String userName = httpGetInvokeXSOAuthService(accessToken);
+		//String userName = accessToken;
+		return userName;
+	}
+
+	/**
+	 * 调用令牌验证接口，并返回用户名
+	 * @param accessToken 令牌
+	 * @return
+	 */
+	private String httpGetInvokeXSOAuthService(String accessToken) {
+		String param = "token=" + accessToken;
+		String result = CssdUtils.sendGetRequest(XSO_AUTH_SERVICE_ADDRESS, param, Constants.CHARSET_UTF8);
+		if(StringUtils.isBlank(result)){
+			return null;
+		}
+		JSONObject json = JSONObject.fromObject(result);
+		return json.optString("uact_id");
+	}
+
+}
Index: ssts-web/src/main/webapp/disinfectsystem/config/cssdsyy/spring/security/applicationContext-acegi-security.xml
===================================================================
diff -u
--- ssts-web/src/main/webapp/disinfectsystem/config/cssdsyy/spring/security/applicationContext-acegi-security.xml	(revision 0)
+++ ssts-web/src/main/webapp/disinfectsystem/config/cssdsyy/spring/security/applicationContext-acegi-security.xml	(revision 41134)
@@ -0,0 +1,235 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+	xmlns:beans="http://www.springframework.org/schema/beans" 
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans
+	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+	http://www.springframework.org/schema/security
+	http://www.springframework.org/schema/security/spring-security-3.2.xsd">
+	<!-- 标准配置文件 -->
+	<debug />
+    
+    <!-- 具有2个authentication provider，第一个验证不通过则使用第二个进行验证 -->
+    <authentication-manager alias="authenticationManager" >
+        <authentication-provider user-service-ref="daoUserDetail">
+        	<password-encoder hash="md5" />
+    	</authentication-provider>
+    	<!-- 单点登录验证token的provider -->
+    	<authentication-provider ref="tokenAuthenticationProvider" />
+    </authentication-manager>
+    
+    <!-- 单点登录验证token的provider -->
+    <beans:bean id="tokenAuthenticationProvider"
+		class="com.forgon.disinfectsystem.security.filter.TokenAuthenticationProvider">
+		<beans:property name="userDetailsService" ref="daoUserDetail" />
+		<beans:property name="tokenAuthenticationDao" ref="tokenAuthenticationDao" />
+	</beans:bean>
+	
+	<!-- 单点登录验证token的dao -->
+	<beans:bean id="tokenAuthenticationDao"
+		class="com.forgon.disinfectsystem.security.dao.impl.cssdsyy.TokenAuthenticationDaoImpl">
+	</beans:bean>
+    
+	<!-- enable use-expressions -->
+	<!--http auto-config="true" use-expressions="true">
+		<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" /-->
+
+		<!-- access denied page -->
+		<!--access-denied-handler error-page="/403" /-->
+		<!-- form-login 
+		    login-page="/logon22.jsp" 
+		    default-target-url="/openSystemMainPage.jsp"
+			authentication-failure-url="/logon.jsp?login_error=1" 
+			username-parameter="username"
+			password-parameter="password" /-->
+		<!--logout logout-success-url="/login?logout" /-->
+		<!--csrf /-->
+	<!--/http-->    
+    
+    <http auto-config="true"  use-expressions="true">
+			<intercept-url pattern="/login" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logout" access="permitAll"></intercept-url>
+			<intercept-url pattern="/accessdenied" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logon.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonForExpensiveGoods.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForGyey.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForDysyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForGzzyyfy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForCszxyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForSzszyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForSzszyy02.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForNfykdxnfyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForDgszyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForKsdqdyrmyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForFsszyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForGzsdbrmyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForZsyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForHbsxkyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForGdskqyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForFsfy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForSzsdsrmyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/logonSSOForSszxyy.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/debug/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/buttjoint/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/qualitymonitoringWithNoLogon/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/config/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/common/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/fileUploadServlet/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/mediaDownloadServlet/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/CodeImageServlet/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/fckeditor/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/UserUpLoadFiles/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/openSystemMainPage.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/favicon.ico" access="permitAll"></intercept-url>
+			<intercept-url pattern="/common/taglibs.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/js/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/jquery/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/ext/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/ext-4.2.3/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/dwr/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/images/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/styles/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/scripts/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/themes/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/services/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/HIP/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/mobileClient/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/sterilization/sterilizationRecordAction!uploadSterilizationRecordPic.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/printBarcodeAction!printBarcodeImage.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/showImageAction!getToussePic.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/verification/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/touchScreen/recycle/alertDiv/CJL.0.1.min.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/touchScreen/recycle/alertDiv/AlertBox.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/servlets/image" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/washAndDisinfect/washAndDisinfectRecordController/submitWashAndDisinfectRecord.mhtml" access="permitAll"></intercept-url>
+			<intercept-url pattern="/jasperreports/jasperreportsAction!getFirstSupplyRoomConfigOnlineUserDate.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/jasperreports/jasperreportsAction!getEquipmentData.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/jasperreports/jasperreportsAction!getRealTimeBulletinBoardWorkloadData.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/operationReservationAction!findTodayOperationReservatonAmount.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/specialInfectionAction!loadEnableSpecialInfectionList.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/basedatamanager/operationOrgAction!findOrgUnitOperationName.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/supplyRoomConfigAction!getAllOrgUnitName.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/operationRoomAction!getOperationRoomByOrgUnitCode.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/urgentLevelAction!getUrgentsForSelect.do" access="permitAll"></intercept-url>
+			<!-- SZSDSRMYY-140：改进 -->
+			<intercept-url pattern="/disinfectsystem/showTousseImage/showTousseIamge.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/useRecordAction!loadUseItemsByUseRecordId.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/useRecordAction!loadMaterialGoodsByUseRecordId.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/useRecordAction!loadUseRecord.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/tousseInstanceAction!checkTousseInstancesStatus.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/useRecordAction!saveUseRecord2.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/useRecordAction!doctorHavePermissionToUseTousse.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/system/serverTimeAction!getServerDateTime.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/operationRoomAction!getOperationRoomByCurrentOrgUnitCode.do" access="permitAll"></intercept-url>
+			<!-- SZSDSRMYY-212：改进快速回收 -->
+			<intercept-url pattern="/disinfectSystem/useRecordAction!quickRecycing.do" access="permitAll"></intercept-url>
+			<!-- DGSFYBJY-75： 嵌入网页式的器械包信息查询-->
+			<intercept-url pattern="/disinfectsystem/packing/tousesPackingTeachingImage.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/useRecord/tabs/tousseInstanceInfoTab.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/system/serverTimeAction!getServerDateTime.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/invoiceAction!getTousseInstanceById.do" access="permitAll"></intercept-url>
+			<!-- DGSFYBJY-75： 嵌入网页式的器械包信息查询（拍摄图片）-->
+			<intercept-url pattern="/disinfectsystem/test/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/touchScreen/recycle/layer-v3.0.3/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/uploadImageAndVideoAction!getImageAndVideoInfo.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/common/includeExtJs4_2.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/common/includeExtJsAndCss.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/showImageAction!getImageHW.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/baseData/showImageAction!getImage.do" access="permitAll"></intercept-url>
+			<!-- DGSFYBJY-75： 嵌入网页式的器械包信息查询（灭菌炉信息）-->
+			<intercept-url pattern="/disinfectsystem/sterilizationmanager/sterilizerRecord/sterilizerLineChart.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/echarts-4.2.1/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/touchScreen/recycle/js/jquery-min.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/print/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/sterilization/sterilizerRecordLineChartAction!createEChartData.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/sterilization/sterilizerRecordLineChartAction!getChartDataBySterilizationRecordId.do" access="permitAll"></intercept-url>
+			<!-- GZSZYY-84： 数据实时看板-->
+			<intercept-url pattern="/disinfectsystem/realTimeDashboards/**" access="permitAll"></intercept-url>
+			<intercept-url pattern="/jasperreports/jasperreportsAction!getDataByDataSources.do" access="permitAll"></intercept-url>
+			<!-- ZSRY-126： 培训管理-->
+			<intercept-url pattern="/attachfiles/**" access="permitAll"></intercept-url>
+			<!-- GZSZYY-121： 登录验证-->
+			<intercept-url pattern="/systemmanage/user/userAction!isModifiedPwdByUser.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/personalSetting/modifyPWDByExt/save.do" access="permitAll"></intercept-url>
+			<!-- ZSRY-60：设备巡检 begin-->
+			<intercept-url pattern="/disinfectsystem/equipmentInspection/forminstanceForm.jsp" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/equipmentInspection/forminstanceForm.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectsystem/equipmentInspection/forminstanceCommon.js" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/equipmentInspectionInstanceAction!saveEquipmentInspectionInstance.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/formDefinitionAction!loadFormDefinition.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/equipmentInspectionDefAction!loadEquipmentInspectionDefDeviceInfo.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/equipmentInspectionDefAction!loadEquipmentInspectionDefByEquipment.do" access="permitAll"></intercept-url>
+			<intercept-url pattern="/disinfectSystem/equipmentInspectionInstanceAction!loadEquipmentInspectionInstance.do" access="permitAll"></intercept-url>
+			<!-- ZSRY-60：设备巡检 end-->
+			<intercept-url pattern="/j_spring_security_token_check" access="permitAll"></intercept-url>
+			<!--  user is not an anonymous or a remember-me user -->
+			<intercept-url pattern="/**" access="isFullyAuthenticated()"></intercept-url>
+			<form-login login-page="/logon.jsp" always-use-default-target="true" default-target-url="/openSystemMainPage.jsp" authentication-failure-url="/logon.jsp?login_error=1"></form-login>
+			<access-denied-handler error-page="/logon.jsp"/>
+			<logout logout-success-url="/logon.jsp"></logout>
+			<session-management invalid-session-url="/logon.jsp">
+				<concurrency-control max-sessions="1000" error-if-maximum-exceeded="false"
+					session-registry-alias="sessionRegistry" />
+			</session-management>
+			<!-- 单点登录的过滤器 -->
+			<custom-filter position="LAST" ref="tokenAuthenticationFilter"></custom-filter>
+	</http>
+ 
+ 	<!-- 单点登录的过滤器 -->
+	<beans:bean id="tokenAuthenticationFilter"
+		class="com.forgon.disinfectsystem.security.filter.TokenAuthenticationFilter">
+		<beans:property name="authenticationManager" ref="authenticationManager" />
+		<beans:property name="authenticationSuccessHandler" ref="tokenAuthenticationSuccessHandler" />
+		<beans:property name="authenticationFailureHandler" ref="tokenAuthenticationFailureHandler" />
+		<!-- 自定义单点登录token参数名称 -->
+		<beans:property name="tokenParameter" value = 'token' />
+	</beans:bean>
+	
+	<!-- 单点登录失败的handler -->
+	<beans:bean id="tokenAuthenticationFailureHandler"
+		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
+		<beans:property name="defaultFailureUrl" value="/logon.jsp" />
+	</beans:bean>
+	
+	<!-- 单点登录成功的handler -->
+	<beans:bean id="tokenAuthenticationSuccessHandler"
+		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
+		<beans:property name="defaultTargetUrl" value="/openSystemMainPage.jsp" />
+	</beans:bean>
+	
+    <beans:bean id="loggerListener"
+        class="org.springframework.security.access.event.LoggerListener" />
+    
+<!--     <beans:bean id="daoUserDetail" -->
+<!--         class="com.forgon.disinfectsystem.security.userdetails.DaoUserDetailSSTSImpl" > -->
+<!--         <beans:property name="userManager" ref="userManager" /> -->
+<!--         <beans:property name="sysUserManager" ref="sysUserManager" /> -->
+<!--         <beans:property name="directoryHelper" ref="directoryHelper" /> -->
+<!--         <beans:property name="roleManager" ref="roleManager" /> -->
+<!--         <beans:property name ="supplyRoomConfigManager" ref="supplyRoomConfigManager" /> -->
+<!--         <beans:property name ="orgUnitManager" ref="orgUnitManager" /> -->
+<!--     </beans:bean> -->
+
+    <beans:bean id="logoutFilter"
+    	class="org.springframework.security.web.authentication.logout.LogoutFilter">
+    	<!-- 退出后指向的 URL -->
+    	<beans:constructor-arg value="/" />
+    	<beans:constructor-arg>
+    		<beans:list>
+    			<beans:bean
+    				class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
+    			<beans:ref bean="logoutHandler"/>
+    		</beans:list>
+    	</beans:constructor-arg>
+    </beans:bean>
+
+    <!-- 
+    <beans:bean id="jdbcUserDetailsManager"
+        class="org.springframework.security.userdetails.jdbc.JdbcUserDetailsManager">
+        <beans:property name="dataSource"
+            ref="dataSource" />
+    </beans:bean>
+     -->
+
+    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
+</beans:beans>
\ No newline at end of file
