@WebMethod
 public ModelAndView modifyPwd(int uid, String oldPwd, String newPwd) {
   ModelAndView mv = new ModelAndView();
   User po = dao.get(User.class, uid);
   if (po != null) {
     if (!po.pwd.equals(SecurityHelper.Md5(oldPwd))) {
       throw new GException(PlatformExceptionType.BusinessException, "原密码不正确,请重新输入后重试");
     }
     po.pwd = SecurityHelper.Md5(newPwd);
     dao.saveOrUpdate(po);
   }
   return mv;
 }
 @WebMethod
 public ModelAndView save(User user, Integer groupId, String roleIds) {
   ModelAndView mv = new ModelAndView();
   if (StringUtils.isEmpty(user.account)) {
     throw new GException(PlatformExceptionType.BusinessException, "用户账号不能为空");
   }
   if (StringUtils.isEmpty(user.name)) {
     throw new GException(PlatformExceptionType.BusinessException, "用户姓名不能为空");
   }
   if (StringUtils.isEmpty(user.pwd)) {
     throw new GException(PlatformExceptionType.BusinessException, "请先设置密码");
   }
   user.isSuperAdmin = 0;
   user.addtime = new Date();
   user.pwd = SecurityHelper.Md5(user.pwd);
   // TODO
   dao.saveOrUpdate(user);
   if (groupId != null) {
     UserGroup ug = new UserGroup();
     ug.gid = groupId;
     ug.uid = user.id;
     dao.saveOrUpdate(ug);
   }
   if (roleIds != null && roleIds.length() != 0) {
     String[] Ids = roleIds.split(",");
     for (int i = 0; i < Ids.length; i++) {
       UserRole rg = new UserRole();
       rg.roleId = Integer.valueOf(Ids[i]);
       rg.uid = user.id;
       dao.saveOrUpdate(rg);
     }
   }
   return mv;
 }
 @WebMethod
 public ModelAndView update(User user, String roleIds) {
   ModelAndView mv = new ModelAndView();
   if (StringUtils.isEmpty(user.name)) {
     throw new GException(PlatformExceptionType.BusinessException, "用户名不能为空");
   }
   User po = dao.get(User.class, user.id);
   po.account = user.account;
   po.name = user.name;
   //		String pwd = user.pwd.replace("*", "");
   if (StringUtils.isNotEmpty(user.pwd)) {
     po.pwd = SecurityHelper.Md5(user.pwd);
   }
   po.tel = user.tel;
   dao.saveOrUpdate(po);
   ThreadSession.getHttpSession().setAttribute(MakesiteConstant.Session_Attr_User, po);
   if (roleIds != null && roleIds.length() != 0) {
     String[] Ids = roleIds.split(",");
     dao.execute("delete from UserRole where uid=?", user.id);
     for (int i = 0; i < Ids.length; i++) {
       if (StringUtils.isEmpty(Ids[i])) {
         continue;
       }
       UserRole rg = new UserRole();
       rg.roleId = Integer.valueOf(Ids[i]);
       rg.uid = user.id;
       dao.saveOrUpdate(rg);
     }
   } else {
   }
   return mv;
 }
 @WebMethod
 public ModelAndView login(User user, String _site) {
   ModelAndView mv = new ModelAndView();
   String pwd = SecurityHelper.Md5(user.pwd);
   User po =
       dao.getUniqueByParams(
           User.class,
           new String[] {"account", "pwd", "_site"},
           new Object[] {user.account, pwd, _site});
   if (po == null) {
     throw new GException(PlatformExceptionType.BusinessException, "用户名或密码不正确。");
   }
   po.lasttime = new Date();
   dao.saveOrUpdate(po);
   ThreadSession.getHttpSession().setAttribute(MakesiteConstant.Session_Attr_User, po);
   List<Map> result =
       dao.listAsMap(
           "select ra.authId as authId from UserRole ur ,RoleAuth ra where ur.roleId=ra.roleId and ur.uid=?",
           po.id);
   StringBuilder authList = new StringBuilder("");
   for (Map map : result) {
     authList.append(map.get("authId").toString());
   }
   ThreadSession.getHttpSession()
       .setAttribute(MakesiteConstant.Session_Auth_List, authList.toString());
   String serverName = DataHelper.getServerName(ThreadSession.HttpServletRequest.get());
   if (!onlineUserCountMap.containsKey(serverName)) {
     onlineUserCountMap.put(serverName, 1);
   } else {
     onlineUserCountMap.put(serverName, onlineUserCountMap.get(serverName) + 1);
   }
   String text;
   try {
     text =
         FileUtils.readFileToString(
             new File(
                 ThreadSession.HttpServletRequest.get().getServletContext().getRealPath("/")
                     + File.separator
                     + "auths.json"),
             "utf8");
     JSONArray jarr = JSONArray.fromObject(text);
     List<String> urlList = new ArrayList<String>();
     for (int i = 0; i < jarr.size(); i++) {
       JSONObject jobj = jarr.getJSONObject(i);
       if (authList.toString().contains(jobj.getString("id"))) {
         continue;
       }
       String urls = jobj.getString("urls");
       for (String url : urls.split(",")) {
         urlList.add(url);
       }
     }
     ThreadSession.getHttpSession().setAttribute(MakesiteConstant.Session_Auth_Urls, urlList);
   } catch (IOException e) {
     e.printStackTrace();
   }
   return mv;
 }