header中Content-Disposition的作用 用于浏览器不打开图片直接下载

今天查看Struts2的文件上传部分 发现有个例子开头打印的信息中有Content-Disposition,一时好奇,所以了解了一下。顺便学习一下文件上传所需要的注意事项。

      Content-disposition 是 MIME 协议的扩展,MIME 协议指示 MIME 用户代理如何显示附加的文件。当 Internet Explorer 接收到头时,它会激活文件下载对话框,它的文件名框自动填充了头中指定的文件名。(请注意,这是设计导致的;无法使用此功能将文档保存到用户的计算机上,而不向用户询问保存位置。)   





content-disposition = “Content-Disposition” “:”

disposition-type *( “;” disposition-parm )

disposition-type = “attachment” | disp-extension-token

disposition-parm = filename-parm | disp-extension-parm

filename-parm = “filename” “=” quoted-string

disp-extension-token = token

disp-extension-parm = token “=” ( token | quoted-string )


Content-Disposition: attachment; filename=“filename.xls”

       当然filename参数可以包含路径信息,但User-Agnet会忽略掉这些信息,只会把路径信息的最后一部分做为文件名。当你在响应类型为application/octet- stream情况下使用了这个头信息的话,那就意味着你不想直接显示内容,而是弹出一个”文件下载”的对话框,接下来就是由你来决定“打开”还是“保存” 了。


1.当代码里面使用Content-Disposition来确保浏览器弹出下载对话框的时候。 response.addHeader("Content-Disposition","attachment");一定要确保没有做过关于禁止浏览器缓存的操作。如下:

response.setHeader("Pragma", "No-cache"); 
response.setHeader("Cache-Control", "No-cache"); 
response.setDateHeader("Expires", 0);


//struts   框架处理:

1 配置文件:




2 java 代码:

package com.mx.travel.my.action;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;
import org.apache.struts2.ServletActionContext;
import org.mx.travel.util.AppPath;
import org.mx.travel.util.BaseUtil;
import org.mx.travel.util.WSUtil;

import com.alibaba.fastjson.JSON;
import com.mx.travel.base.action.BaseAction;
import com.mx.travel.my.att.api.helper.AttachmentConfigHelper;
import com.mx.travel.my.att.api.helper.AttachmentHelper;
import com.mx.travel.my.att.api.helper.AttachmentUserHelper;
import com.mx.travel.my.att.pojo.Attachment;
import com.mx.travel.my.att.pojo.AttachmentConfig;
import com.mx.travel.my.system.api.helper.CodeHelper;
import com.mx.travel.my.util.JsonToObject;
import com.mx.travel.util.DESSecurity;
import com.mx.travel.util.FileUtil;
import com.mx.travel.util.ListUtil;
import com.mx.travel.util.Page;
import com.mx.travel.util.SystemConfig;
import com.mx.travel.util.Util;
import com.opensymphony.xwork2.ActionContext;

public class AttachmentAction extends BaseAction {

private static Logger logger = Logger.getLogger(AttachmentAction.class); 

private Integer attId;
private String attIdStr;
private String attIdDES;//加密过的附件id
private Integer acId;
private String attCode;
private String pkValue;
private String[] title;
private String attPath;
private String[] note;
private String empCode;
private String empName;
private String createTime;
private int isOpen;
private int isEnable;

private String acCode;
private String fileExt;
private Integer fileSize;
private Integer checkedAttConfigId;

private int isDelete;
private int isOne;
private int isBatch;

String schCode;
String schName;
String schIsEnable;

Integer schAcId;
String schAttCode;
String schPkValue;
String schTitle;
String schEmpCode;
String schEmpName;

private String msg;//下载文件提示信息

//private String pojoName = "Attachment";
//private String pojoDesc = "附件管理";

public static String attDrivePath = AppPath.fileHostUrl;
private InputStream targetFile;//指定下载文件的文件流
private String contentDisposition;//指定下载文件的下载方式及下载时的保存文件名,filename保存时的文件名必须有扩展名,扩展名指示了下载类型的图标

* 添加附件的附件列表
* @return
* @author  liuyandong
* @date 创建时间:2015-12-26 下午5:00:03 
* @version 1.0
public String loadAttList() {
String hql = " from Attachment a where a.attachmentConfig.acCode = '"+acCode+"' and a.pkValue = '"+pkValue+"' ";
List attList = searchAttachmentList(hql);
//附件路径修改(upload/my/user/photo/2015/12/a.jpg 改为 a.jpg)
if (attList != null &&  attList.size() > 0) {
for (Attachment attachment : attList) {
if (attachment.getIsOpen() == 1) {//公开后不用判断权限表
} else {//不公开则检测权限表
int attId = attachment.getAttId();
String resultJson = AttachmentUserHelper.isExistData(attId, getSysSession().getUser().getEmpCode());
if (WSUtil.isSuccess(resultJson)) {
String dataStr = WSUtil.getResultData(resultJson);
} else {//验证是否有权限失败,设置没有权限
//附件名称修改(某某某一寸照片 改为 某某某一寸照片.jpg)
String attPath = attachment.getAttPath();
String title = attachment.getTitle() + "." + Util.getFileExt(attPath);

setRequestAttribute("list", attList);
setRequestAttribute("schIsEnable", ListUtil.createSelectByIsEnable("schIsEnable", "schIsEnable", "账号状态", schIsEnable, null, null));
setRequestAttribute("pkValue", pkValue);
setRequestAttribute("acCode", acCode);
setRequestAttribute("msg", msg);
return SUCCESS;
* 查看附件的附件列表
* @return
* @author  liuyandong
* @date 创建时间:2015-12-26 下午5:01:02 
* @version 1.0
public String loadAttListSearch() {
String hql = " from Attachment a ";

String  whereStr = "";
if (!Util.isEqual(acCode)) {
whereStr += " and a.attachmentConfig.acCode = '"+acCode+"' ";
if (!Util.isEqual(pkValue)) {
whereStr += " and a.pkValue = '"+pkValue+"' ";
hql += " where 1=1 and a.isEnable=1 " + whereStr;
hql += " where 1=2 ";

List attList = searchAttachmentList(hql);
if (attList != null && attList.size() > 0) {
//StringBuffer attIdStr = new StringBuffer("");
for (Attachment attachment : attList) {
if (attachment.getIsOpen() == 1) {//公开后不用判断权限表
} else {//不公开则检测权限表
int attId = attachment.getAttId();
String resultJson = AttachmentUserHelper.isExistData(attId, getSysSession().getUser().getEmpCode());
if (WSUtil.isSuccess(resultJson)) {
String dataStr = WSUtil.getResultData(resultJson);
} else {//验证是否有权限失败,设置没有权限
//附件路径修改(upload/my/user/photo/2015/12/a.jpg 改为 a.jpg)
String attPath = attachment.getAttPath();
int beginIndex = attPath.lastIndexOf("/") + 1;
attPath = attPath.substring(beginIndex);

//附件名称修改(某某某一寸照片 改为 某某某一寸照片.jpg)
String title = attachment.getTitle() + "." + Util.getFileExt(attPath);
setRequestAttribute("list", attList);
setRequestAttribute("acCode", acCode);
setRequestAttribute("schPkValue", schPkValue);
setRequestAttribute("pkValue", pkValue);
return SUCCESS;
* 加载菜单下的【附件列表】
* @return
* @author  liuyandong
* @date 创建时间:2015-12-26 上午11:26:21 
* @version 1.0
public String loadModuleAttList() {
String hql = " from Attachment a where 1=1 ";
List attList = searchAttachmentList(hql);

String configJson = AttachmentConfigHelper.getAllList();
List attConfigList = JsonToObject.JsonToAttConfigList(configJson);
setRequestAttribute("attConfigList", ListUtil.createSelect(attConfigList, "schAcId", "schAcId", "请选择方案", schAcId==null?null:schAcId.toString(), new String[] { }, new String[] { }));
//setRequestAttribute("attConfigList", ListUtil.createSelect(attConfigList, "acCode", "acCode", "请选择方案", "acCode", "title", acId==null?null:acId.toString(), new String[] { }, new String[] { }));
setRequestAttribute("list", attList);
return SUCCESS;
* 查询附件列表
* @author  liuyandong
* @date 创建时间:2015-12-26 下午5:12:36 
* @version 1.0
private List searchAttachmentList(String hql) {
if (!Util.isEqual(schAcId)) {
hql += " and a.attachmentConfig.acId = '"+schAcId+"' ";
if (!Util.isEqual(schAttCode)) {
hql += " and a.attCode = '"+schAttCode+"' ";
if (!Util.isEqual(schPkValue)) {
hql += " and a.pkValue = '"+schPkValue+"' ";
if (!Util.isEqual(schTitle)) {
hql += " and a.title like '%"+schTitle+"%' ";
if (!Util.isEqual(schEmpCode)) {
hql += " and a.empCode = '"+schEmpCode+"' ";
if (!Util.isEqual(schEmpName)) {
hql += " and a.empName like '%"+schEmpName+"%' ";
Page page = new Page(getActionName(), getQueryString());
if (page.isFirstLoad()) {
page.setSearchKeys("schAcId", schAcId);
page.setSearchKeys("schAttCode", schAttCode);
page.setSearchKeys("schPkValue", schPkValue);
page.setSearchKeys("schTitle", schTitle);
page.setSearchKeys("schEmpCode", schEmpCode);
page.setSearchKeys("schEmpName", schEmpName);

page.setSearchKeys("acCode", acCode);
page.setSearchKeys("pkValue", pkValue);
String jsonAttListCount = AttachmentHelper.getDataCount(" select count(attId) "+hql);

if (WSUtil.isSuccess(jsonAttListCount)) { 
} else {
String jsonAttPageList = AttachmentHelper.getListByPage(hql , page.getStartNo(), page.getPageSize());
List list = null;
if (WSUtil.isSuccess(jsonAttPageList)) {
list = JsonToObject.JsonToAttachmentList(jsonAttPageList);
// setRequestAttribute("list", list);
setRequestAttribute(Page.PAGE_INFO, page.getPageInfo());
return list;

* 查询附件列表(公共没有查询条件)
* 查询出的都是启用状态的
* @author  tianwei
* @date 创建时间:2016-5-31
* @version 1.0
public String loadAttListPop() {
String hql = " from Attachment a where isEnable=1 and a.attachmentConfig.acCode = '"+acCode+"' and a.pkValue = '"+pkValue+"' ";
List attList = searchAttachmentList(hql);
//附件路径修改(upload/my/user/photo/2015/12/a.jpg 改为 a.jpg)
if (attList != null &&  attList.size() > 0) {
for (Attachment attachment : attList) {
if (attachment.getIsOpen() == 1) {//公开后不用判断权限表
} else {//不公开则检测权限表
int attId = attachment.getAttId();
String resultJson = AttachmentUserHelper.isExistData(attId, getSysSession().getUser().getEmpCode());
if (WSUtil.isSuccess(resultJson)) {
String dataStr = WSUtil.getResultData(resultJson);
} else {//验证是否有权限失败,设置没有权限
//附件名称修改(某某某一寸照片 改为 某某某一寸照片.jpg)
String attPath = attachment.getAttPath();
String title = attachment.getTitle() + "." + Util.getFileExt(attPath);
setRequestAttribute("list", attList);
setRequestAttribute("pkValue", pkValue);
setRequestAttribute("acCode", acCode);
//setRequestAttribute("msg", msg);
return SUCCESS;

// 加载添加
@SuppressWarnings({ "rawtypes", "unchecked" })
public String loadAddAtt() {
AttachmentConfig attConfig = null;
String resultJson = AttachmentConfigHelper.getByCode(acCode);
if (WSUtil.isSuccess(resultJson)) {
String data = WSUtil.getResultData(resultJson);
if (!Util.isEqual(data)) {
attConfig = JSON.parseObject(data,AttachmentConfig.class);
setRequestAttribute("category", attConfig.getCategory());
setRequestAttribute("dirName", attConfig.getDirName());
setRequestAttribute("fileExt", attConfig.getFileExt());
setRequestAttribute("fileSize", attConfig.getFileSize());
setRequestAttribute("showFileSize", attConfig.getFileSize()+"KB");
setRequestAttribute("title", attConfig.getTitle());
setRequestAttribute("acCode", acCode);
setRequestAttribute("pkValue", pkValue);
setRequestAttribute("isDelete", isDelete);
setRequestAttribute("isOne", isOne);
setRequestAttribute("isBatch", isBatch);
return SUCCESS;

public void addAttachment() {
String msg = "";
String checkMsg = "";
String result = "";
String successStr = "";//记录上传成功的附件编码,用于写系统日志
String failStr = "";//记录保存失败的附件标题
int sNum =0;//统计上传成功的附件个数,用于写系统日志
boolean check = true;

AttachmentConfig attachmentConfig = null;
String resultJson = AttachmentConfigHelper.getByCode(acCode);
if (WSUtil.isSuccess(resultJson)) {
String data = WSUtil.getResultData(resultJson);
if (!Util.isEqual(data)) {
attachmentConfig = JSON.parseObject(data,AttachmentConfig.class);
if(file != null && file.length>0){
for (int i = 0; i < file.length; i++) {
String fn = BaseUtil.getFileName(fileFileName[i]);
String fe = BaseUtil.getFileExt(fn);
// 是否允许上传该类型
String tmp = attachmentConfig.getFileExt();
Pattern p = Pattern.compile(fe);
Matcher m = p.matcher(tmp);
if (!m.find()) {//文件类型不合法
check = false;
long myFileSize = file[i].length();
int allowMaxSize = attachmentConfig.getFileSize() * 1024;
if (myFileSize > allowMaxSize) {//文件大小不合法
check = false;
if (title != null && title.length > 0 && title[i] != null) {
String myTitle = title[i];
if (myTitle.length() > 100) {//文件标题字数超限
check = false;
if (check) {
for (int i = 0; i < file.length; i++) {
try {
String newAttCode = CodeHelper.getCode("SYS_CODE_RULE_ATTACHMENT");
String[] uploadResult = uploadAttFile(SystemConfig.get("UPLOAD_PATH_ROOT"), attPath, i, newAttCode);
if (!Util.isEqual(uploadResult) && !Util.isEqual(uploadResult[0]) ) {
logger.error("上传第"+i+1+"个附件失败! 文件名:"+fileFileName[i]);
//System.out.println("上传第"+i+1+"个附件失败! 文件名:"+fileFileName[i]);
if(Util.isEqual(failStr)) {
failStr += fileFileName[i];
} else{ 
failStr += ","+fileFileName[i]; 
if (pkValue != null && pkValue.length() > 0) {
if (pkValue.contains(",")) {//多条数据批量上传附件
String[] pkValueArray = pkValue.split("\\,");
int num = 1;
for (String pk : pkValueArray) {
delAttDataAndFile(attachmentConfig.getAcCode(), pk);
String code = newAttCode + "_" + num;
Attachment att = new Attachment();
title[i] = code;
title[i] = FileUtil.replaceSpecificSymbol(title[i]);
int attId = JsonToObject.JsonToInt(AttachmentHelper.addData(JSON.toJSONString(att)));
if(Util.isEqual(successStr)) {
successStr += newAttCode;
} else{ 
successStr += ","+newAttCode; 
} else {
if(Util.isEqual(failStr)) {
failStr += fileFileName[i];
} else{ 
failStr += ","+fileFileName[i]; 
num = num + 1;
} else {
Attachment att = new Attachment();
title[i] = newAttCode;
title[i] = FileUtil.replaceSpecificSymbol(title[i]);
int attId = JsonToObject.JsonToInt(AttachmentHelper.addData(JSON.toJSONString(att)));
if(Util.isEqual(successStr)) {
successStr += newAttCode;
} else{ 
successStr += ","+newAttCode; 
} else {
if(Util.isEqual(failStr)) {
failStr += fileFileName[i];
} else{ 
failStr += ","+fileFileName[i]; 
logger.error("上传第"+i+1+"个附件失败! 文件名:"+fileFileName[i]);
//System.out.println("上传第"+i+1+"个附件失败! 文件名:"+fileFileName[i]);
if(Util.isEqual(failStr)) {
failStr += fileFileName[i];
} else{ 
failStr += ","+fileFileName[i]; 
} catch (Exception e) {
logger.error("上传第"+i+1+"个附件失败! 文件名:"+fileFileName[i]);
//System.out.println("上传第"+i+1+"个附件失败! 文件名:"+fileFileName[i]);
if(Util.isEqual(failStr)) {
failStr += fileFileName[i];
} else{ 
failStr += ","+fileFileName[i]; 
if (!Util.isEqual(failStr)) {
msg = "文件名为【" + failStr + "】的附件保存失败!";
} else {
msg = "验证不通过,请检查文件的类型、大小是否符合要求,文件标题是否字数超限";
} else {
msg = "没有需要上传的文件!";
//LogHelper.writeLog(1, successStr, 1, "操作员:" + getSysSession().getUser().getEmpName() + " 上传了["+attachmentConfig.getTitle()+"] , "+sNum+"个附件:" + successStr+" ,原数据表的主键:"+pkValue, 1, pojoName, pojoDesc, getSysSession().getUser()
// .getEmpCode(), getSysSession().getUser().getEmpName(), SystemConfig.currSysCode, SystemConfig.currSysName);
} else {
msg = "方案编码为【" + acCode + "】的方案不存在!";
} else {
msg = "方案编码为【" + acCode + "】的方案不存在!";
setRequestAttribute("pkValue", pkValue);
setRequestAttribute("acCode", acCode);
String returnMsg = "{\"code\":\"0\",\"message\":\"上传成功!\"}";
if (!Util.isEqual(msg)) {
returnMsg = "{\"code\":\"-1\",\"message\":\"" + msg + "\"}";
* 删除附件数据库数据和文件数据
* @param acCode 方案编码
* @param pkValue 主键值
private void delAttDataAndFile(String acCode, String pkValue) {
String attJson = AttachmentHelper.getListByAccodePkValue(acCode, pkValue);
List attList = null;
if (WSUtil.isSuccess(attJson)) {
attList = JsonToObject.JsonToAttachmentList(attJson);
// 如果,未被使用,该条数据删除,附件文件删除;如果,已被使用,该条数据删除,文件不删除
if (attList != null && attList.size() > 0) {
for (Attachment attachment : attList) {
String attPath = attachment.getAttPath();
String resultJson = AttachmentHelper.deleteDataById(attachment.getAttId(), attPath,getSysSession().getUser().getEmpCode(),getSysSession().getUser().getEmpName());
if (WSUtil.isSuccess(resultJson)) {
int data = Integer.parseInt(WSUtil.getResultData(resultJson));
if (data < 2) {
String path = attDrivePath+"/"+ attPath;

* 上传文件
* @param basePath
* @param uploadPath
* @param fileIndex
* @param fileName
* @return 返回数组,[0]:上传结果,0(上传失败);[1]:上传文件路径
* @author  chenlili
* @date 创建时间:2015-12-25 下午3:02:52 
* @version 1.0
public String[] uploadAttFile(String basePath,String uploadPath,Integer fileIndex,String fileName) {

String uploadMsg[] = new String[2];
uploadMsg[0] = "0";
try {
String uploadPathUrl = basePath + "/" + uploadPath + "/" + BaseUtil.getYearValue() + "/" + BaseUtil.getMonthValue();
String serverFilePath = attDrivePath + uploadPathUrl;

String fn = BaseUtil.getFileName(fileFileName[fileIndex]);;
String fe = BaseUtil.getFileExt(fn);
String fnNew = fileName + "." + fe;

File uploadFile = new File(serverFilePath); // 把命名好的文件上传到指定的路径
if (!uploadFile.exists()) {
uploadFile.mkdirs(); // 创建该目录
InputStream in = new FileInputStream(file[fileIndex]);
OutputStream out = new FileOutputStream(uploadFile + "\\" + fnNew); // 写入流

byte[] buffer = new byte[5 * 1024 * 1024];// 5M
int length;
while ((length = in.read(buffer)) > 0) {
out.write(buffer, 0, length);
uploadMsg[0] = "1";//成功上传标识
uploadMsg[1] = uploadPathUrl.replace("\\", "/") + "/" + fnNew;
logger.info("上传了文件:" + uploadMsg[1]);
//System.out.println("文件为:" + uploadMsg[1]);
} catch (FileNotFoundException e) {
uploadMsg[1] = e.getMessage();
} catch (IOException e) {
uploadMsg[1] = e.getMessage();
return uploadMsg;

* 启用
* @return
* @throws Exception String 
* @author chenlili
* 创建时间:2015-12-16 下午4:12:38
public void enableAtt() {
if (attIdStr.length() > 0 && attIdStr.contains(",")) {
String[] attIdArray = attIdStr.split("\\,");
for (String attId : attIdArray) {
} else {
private void enAtt(String attId) {
String resultJson = AttachmentHelper.getDataById(Integer.parseInt(attId));
Attachment att = JsonToObject.JsonToAttachment(resultJson);
String note ="启用了";
//String msgJson = 
/*if (WSUtil.isSuccess(msgJson)) {
LogHelper.writeLog(1, attId.toString(), 2, "操作员:" + getSysSession().getUser().getEmpName() + " 启用了附件:" + attId, 1, pojoName, pojoDesc, getSysSession().getUser().getEmpCode(),
getSysSession().getUser().getEmpName(), SystemConfig.currSysCode, SystemConfig.currSysName);

* 禁用
* @return
* @throws Exception String 
* @author chenlili
* 创建时间:2015-12-16 下午4:12:54
public void disableAtt() {
if (attIdStr.length() > 0 && attIdStr.contains(",")) {
String[] attIdArray = attIdStr.split("\\,");
for (String attId : attIdArray) {
} else {
private void disAtt(String attId) {
String resultJson = AttachmentHelper.getDataById(Integer.parseInt(attId));
Attachment att = JsonToObject.JsonToAttachment(resultJson);
String note ="禁用了";
//String msgJson = 
/*if (WSUtil.isSuccess(msgJson)) {
LogHelper.writeLog(1, attId.toString(), 2, "操作员:" + getSysSession().getUser().getEmpName() + " 禁用了附件:" + attId, 1, pojoName, pojoDesc, getSysSession().getUser().getEmpCode(),
getSysSession().getUser().getEmpName(), SystemConfig.currSysCode, SystemConfig.currSysName);
* 公开
* @author  liuyandong
* @date 创建时间:2016-1-12 上午10:15:44 
* @version 1.0
public void openAtt() {
if (attIdStr.length() > 0 && attIdStr.contains(",")) {
String[] attIdArray = attIdStr.split("\\,");
for (String attId : attIdArray) {
} else {
private void openAtt(String attId) {
String resultJson = AttachmentHelper.getDataById(Integer.parseInt(attId));
Attachment att = JsonToObject.JsonToAttachment(resultJson);
String note ="公开了";

* 关闭
* @author  liuyandong
* @date 创建时间:2016-1-12 上午10:15:44 
* @version 1.0
public void closeAtt() {
if (attIdStr.length() > 0 && attIdStr.contains(",")) {
String[] attIdArray = attIdStr.split("\\,");
for (String attId : attIdArray) {
} else {
private void closeAtt(String attId) {
String resultJson = AttachmentHelper.getDataById(Integer.parseInt(attId));
Attachment att = JsonToObject.JsonToAttachment(resultJson);
String note ="关闭了";

* 下载附件
* msg不同值代表的意思
* file_not_found:系统找不到指定的文件!!!
* error:下载文件失败!!!
* check_auth_not_pass:验证权限不通过
* check_auth_error:验证权限失败
* database_no_data:数据库没有该文件信息
* @author  liuyandong
* @date 创建时间:2015-12-28 下午4:18:33 
* @version 1.0
public String downloadAttachment() {
setRequestAttribute("acCode", acCode);
setRequestAttribute("pkValue", pkValue);
if (Util.isEqual(attIdDES)) {
setRequestAttribute("msg", "database_no_data");
return INPUT;
} else {
attIdDES = new DESSecurity().fileDownDecrypt(attIdDES);
if (Util.isEqual(attIdDES)) {
setRequestAttribute("msg", "error");
return INPUT;
} else {
attId = Integer.parseInt(attIdDES);
String json = AttachmentHelper.getDataById(attId);
Attachment attment = JsonToObject.JsonToAttachment(json);
if (!Util.isEqual(attment)) {
if (attment.getIsOpen() != 1) {//不公开
String resJson = AttachmentUserHelper.isExistData(attId, getSysSession().getUser().getEmpCode());
if (WSUtil.isSuccess(resJson)) {
String dataStr = WSUtil.getResultData(resJson);
if (!Boolean.valueOf(dataStr)) {//验证权限不通过
setRequestAttribute("msg", "check_auth_not_pass");
return INPUT;
} else {//验证权限失败
setRequestAttribute("msg", "check_auth_error");
return INPUT;
String attPath = attDrivePath+"/"+ attment.getAttPath();
String fileType = attPath.substring(attPath.lastIndexOf("."));//文件后缀名
String title = attment.getTitle();
title = FileUtil.replaceSpecificSymbol(title);//特殊字符替换
title += fileType;
HttpServletRequest request = ServletActionContext.getRequest();
String userAgent = request.getHeader("User-Agent");
byte[] titleBytes;
try {
titleBytes = userAgent.contains("MSIE")?title.getBytes():title.getBytes("utf-8");
title = new String(titleBytes, "ISO8859-1" );
} catch (UnsupportedEncodingException e1) {

contentDisposition = String.format("attachment;filename=\"%s\"", title);
try {
targetFile = new BufferedInputStream(new FileInputStream(attPath));
return SUCCESS;
} catch (Exception e) {
setRequestAttribute("msg", "file_not_found");
return INPUT;
} else {
setRequestAttribute("msg", "database_no_data");
return INPUT;

* 预览附件
* @return
* @author  liuyandong
* @date 创建时间:2016-9-2 下午4:45:14 
* @version 1.0
public String previewAttachment() {
if (Util.isEqual(attIdDES)) {
setRequestAttribute("msg", "database_no_data");
return SUCCESS;
} else {
attIdDES = new DESSecurity().fileDownDecrypt(attIdDES);
if (Util.isEqual(attIdDES)) {
setRequestAttribute("msg", "error");
return SUCCESS;
} else {
attId = Integer.parseInt(attIdDES);
String json = AttachmentHelper.getDataById(attId);
Attachment attment = JsonToObject.JsonToAttachment(json);
if (!Util.isEqual(attment)) {
String attPath = attDrivePath+"/"+ attment.getAttPath();
File fromFile = new File(attPath);
if (!fromFile.exists()) {// 判断文件是否存在  
setRequestAttribute("msg", "file_not_found");
return SUCCESS;

if (attment.getIsOpen() != 1) {//不公开
String resJson = AttachmentUserHelper.isExistData(attId, getSysSession().getUser().getEmpCode());
if (WSUtil.isSuccess(resJson)) {
String dataStr = WSUtil.getResultData(resJson);
if (!Boolean.valueOf(dataStr)) {//验证权限不通过
setRequestAttribute("msg", "check_auth_not_pass");
return SUCCESS;
} else {//验证权限失败
setRequestAttribute("msg", "check_auth_error");
return SUCCESS;
ActionContext ac = ActionContext.getContext();
       ServletContext sc = (ServletContext) ac.get(ServletActionContext.SERVLET_CONTEXT);
       String path = sc.getRealPath("/");

String filePath = path + "images_temp/" + attment.getAttPath();
File toFile = new File(filePath);

FileUtil.copyFile(toFile, fromFile);
setRequestAttribute("filePath", "images_temp/" + attment.getAttPath());
return SUCCESS;
} else {
setRequestAttribute("msg", "database_no_data");
return SUCCESS;

* 删除附件
* @author  liuyandong
* @date 创建时间:2015-12-29 下午6:00:56 
* @version 1.0
public void delAttachment() {
boolean result = true;
StringBuffer errorAttId = new StringBuffer("");
if (attIdStr.length() > 0) {
if (attIdStr.contains(",")) {
String[] attIdArray = attIdStr.split("\\,");
for (String attId : attIdArray) {
Attachment att = JsonToObject.JsonToAttachment(AttachmentHelper.getDataById(Integer.parseInt(attId)));
String attPath = attDrivePath+"/"+ att.getAttPath();
String resultJson = AttachmentHelper.deleteDataById(Integer.parseInt(attId), attPath,getSysSession().getUser().getEmpCode(),getSysSession().getUser().getEmpName());
if (WSUtil.isSuccess(resultJson)) {
int data = Integer.parseInt(WSUtil.getResultData(resultJson));
if (data < 2) {
if (WSUtil.isError(resultJson)) {
result = false;
if (errorAttId != null && errorAttId.length() > 0) {
} else {
Attachment att = JsonToObject.JsonToAttachment(AttachmentHelper.getDataById(Integer.parseInt(attIdStr)));
String attPath = attDrivePath+"/"+ att.getAttPath();
String resultJson = AttachmentHelper.deleteDataById(Integer.parseInt(attIdStr), attPath,getSysSession().getUser().getEmpCode(),getSysSession().getUser().getEmpName());
if (WSUtil.isSuccess(resultJson)) {
int data = Integer.parseInt(WSUtil.getResultData(resultJson));
if (data < 2) {
if (WSUtil.isError(resultJson)) {
result = false;
if (errorAttId != null && errorAttId.length() > 0) {


if (result) {
} else {
String msg = "附件Id为" + errorAttId.toString() + "的附件删除失败!";
printContent("{\"code\":\"-1\",\"message\":\"" + msg + "\"}");
* 首页的公司表格下载按钮,刚开始点击的不验证的action
* @return
* @author  tianwei
* @date 创建时间:2016-7-7 上午9:42:39 
* @version 1.0
public String loadAttListUnCheck(){
Integer userId = getSysSession().getUser().getUserId();
boolean result = SystemConfig.checkAction(userId, "loadStruFormList");
if (!result) {
return "findList";
} else {
return "adminList";

public String getAcCode() {
return acCode;

public void setAcCode(String acCode) {
this.acCode = acCode;

public Integer getAttId() {
return attId;

public void setAttId(Integer attId) {
this.attId = attId;

public String getAttIdStr() {
return attIdStr;
public void setAttIdStr(String attIdStr) {
this.attIdStr = attIdStr;
public Integer getAcId() {
return acId;

public String getAttIdDES() {
return attIdDES;
public void setAttIdDES(String attIdDES) {
this.attIdDES = attIdDES;
public void setAcId(Integer acId) {
this.acId = acId;

public String getAttCode() {
return attCode;

public void setAttCode(String attCode) {
this.attCode = attCode;

public String getPkValue() {
return pkValue;

public void setPkValue(String pkValue) {
this.pkValue = pkValue;

public String getAttPath() {
return attPath;

public void setAttPath(String attPath) {
this.attPath = attPath;

public String getEmpCode() {
return empCode;

public void setEmpCode(String empCode) {
this.empCode = empCode;

public String getEmpName() {
return empName;

public void setEmpName(String empName) {
this.empName = empName;

public String getCreateTime() {
return createTime;

public void setCreateTime(String createTime) {
this.createTime = createTime;

public int getIsOpen() {
return isOpen;

public void setIsOpen(int isOpen) {
this.isOpen = isOpen;

public int getIsEnable() {
return isEnable;

public void setIsEnable(int isEnable) {
this.isEnable = isEnable;

public String getSchCode() {
return schCode;

public void setSchCode(String schCode) {
this.schCode = schCode;

public String getSchName() {
return schName;

public void setSchName(String schName) {
this.schName = schName;

public String getSchIsEnable() {
return schIsEnable;

public void setSchIsEnable(String schIsEnable) {
this.schIsEnable = schIsEnable;

public Integer getCheckedAttConfigId() {
return checkedAttConfigId;

public void setCheckedAttConfigId(Integer checkedAttConfigId) {
this.checkedAttConfigId = checkedAttConfigId;

public String getFileExt() {
return fileExt;

public void setFileExt(String fileExt) {
this.fileExt = fileExt;

public Integer getFileSize() {
return fileSize;

public void setFileSize(Integer fileSize) {
this.fileSize = fileSize;

public String[] getTitle() {
return title;

public void setTitle(String[] title) {
this.title = title;

public String[] getNote() {
return note;

public void setNote(String[] note) {
this.note = note;
public Integer getSchAcId() {
return schAcId;
public void setSchAcId(Integer schAcId) {
this.schAcId = schAcId;
public String getSchAttCode() {
return schAttCode;
public void setSchAttCode(String schAttCode) {
this.schAttCode = schAttCode;
public String getSchPkValue() {
return schPkValue;
public void setSchPkValue(String schPkValue) {
this.schPkValue = schPkValue;
public String getSchTitle() {
return schTitle;
public void setSchTitle(String schTitle) {
this.schTitle = schTitle;
public String getSchEmpCode() {
return schEmpCode;
public void setSchEmpCode(String schEmpCode) {
this.schEmpCode = schEmpCode;
public String getSchEmpName() {
return schEmpName;
public void setSchEmpName(String schEmpName) {
this.schEmpName = schEmpName;
public String getMsg() {
return msg;
public void setMsg(String msg) {
this.msg = msg;
public InputStream getTargetFile() {
return targetFile;
public void setTargetFile(InputStream targetFile) {
this.targetFile = targetFile;
public String getContentDisposition() {
return contentDisposition;
public void setContentDisposition(String contentDisposition) {
this.contentDisposition = contentDisposition;
public void setIsDelete(int isDelete) {
this.isDelete = isDelete;
public void setIsOne(int isOne) {
this.isOne = isOne;
public void setIsBatch(int isBatch) {
this.isBatch = isBatch;

3 jsp 


