完善注释，增加许可信息

hsweb-web-controller/src/main/java/org/hsweb/web/controller/classified/ClassifiedController.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.classified;
 
 import org.hsweb.web.bean.common.QueryParam;
@@ -12,12 +28,16 @@ import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
 
+/**
+ * 分类控制器,用于管理系统中各种分类
+ *
+ * @author zhouhao
+ */
 @RestController
 @RequestMapping(value = "/classified")
 @Authorize(module = "classified")
 public class ClassifiedController extends GenericController<Classified, String> {
 
-    //默认服务类
     @Resource
     private ClassifiedService classifiedService;
 
@@ -26,8 +46,15 @@ public class ClassifiedController extends GenericController<Classified, String>
         return this.classifiedService;
     }
 
+    /**
+     * 根据类型查询分类 {@link GenericController#list(QueryParam)}
+     *
+     * @param type  分类类型
+     * @param param 查询参数
+     * @return 查询结果
+     */
     @RequestMapping(value = "/byType/{type}")
-    public ResponseMessage listByType(@PathVariable("type") String type, QueryParam param) throws Exception {
+    public ResponseMessage listByType(@PathVariable("type") String type, QueryParam param) {
         param.where("type", type);
         return list(param);
     }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/config/ConfigController.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.config;
 
 import com.alibaba.fastjson.JSON;
@@ -16,9 +32,9 @@ import java.util.List;
 import java.util.Map;
 
 /**
- * 系统配置控制器，继承自GenericController,使用rest+json。
- * 此功能将传配置文件放到数据库和缓存中，可动态修改配置。
- * Created by generator 2015-8-17 11:16:45
+ * 系统配置控制器.配置管理
+ *
+ * @author zhouhao
  */
 @RestController
 @RequestMapping(value = "/config")
@@ -97,20 +113,28 @@ public class ConfigController extends GenericController<Config, String> {
     }
 
     /**
-     * 获取一个配置的完整内容
+     * 获取一个配置的完整内容,map模式
+     * 格式:{key:value,key2:value2}
      *
      * @param name 配置名称
      * @return 配置内容
      */
     @RequestMapping(value = "/{name:.+}.map", method = RequestMethod.GET)
     @AccessLogger("根据配置名获取配置（map格式）")
-    public Object configInfo(@PathVariable("name") String name)  {
+    public Object configInfo(@PathVariable("name") String name) {
         return configService.get(name);
     }
 
+    /**
+     * 获取配置内容,array模式.
+     * 格式:[{key:key,value:value}....]
+     *
+     * @param name
+     * @return 配置内容
+     */
     @RequestMapping(value = "/{name:.+}.array", method = RequestMethod.GET)
     @AccessLogger("根据配置名获取配置(list格式)")
-    public Object listInfo(@PathVariable("name") String name)  {
+    public Object listInfo(@PathVariable("name") String name) {
         String content = configService.getContent(name);
         if (content == null) content = "[]";
         return content;
@@ -125,33 +149,33 @@ public class ConfigController extends GenericController<Config, String> {
      */
     @RequestMapping(value = {"/{name:.+}/{key:.+}"}, method = RequestMethod.GET)
     @AccessLogger("根据配置名和键获取配置")
-    public Object configInfo(@PathVariable("name") String name, @PathVariable("key") String key)  {
+    public Object configInfo(@PathVariable("name") String name, @PathVariable("key") String key) {
         return configService.get(name, key, "");
     }
 
     @Override
     @RequestMapping(value = "/{id:.+}", method = RequestMethod.GET)
-    public ResponseMessage info(@PathVariable("id") String id)  {
+    public ResponseMessage info(@PathVariable("id") String id) {
         return super.info(id);
     }
 
     @Override
     @Authorize(module = "config", action = "C")
-    public ResponseMessage add(@RequestBody Config object)  {
+    public ResponseMessage add(@RequestBody Config object) {
         return super.add(object);
     }
 
     @Override
     @Authorize(module = "config", action = "D")
     @RequestMapping(value = "/{id:.+}", method = RequestMethod.DELETE)
-    public ResponseMessage delete(@PathVariable("id") String id)  {
+    public ResponseMessage delete(@PathVariable("id") String id) {
         return super.delete(id);
     }
 
     @Override
     @Authorize(module = "config", action = "U")
     @RequestMapping(value = "/{id:.+}", method = RequestMethod.PUT)
-    public ResponseMessage update(@PathVariable("id") String id, @RequestBody Config object)  {
+    public ResponseMessage update(@PathVariable("id") String id, @RequestBody Config object) {
         return super.update(id, object);
     }
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/draft/DraftController.java

@@ -1,8 +1,25 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web/
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.draft;
 
 import org.hsweb.web.bean.po.draft.Draft;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.hsweb.web.core.logger.annotation.AccessLogger;
 import org.hsweb.web.core.message.ResponseMessage;
 import org.hsweb.web.core.utils.WebUtil;
 import org.hsweb.web.service.draft.DraftService;
@@ -20,18 +37,26 @@ import java.util.HashMap;
 import java.util.Map;
 
 /**
- * 草稿箱，基于缓存
- * Created by zhouhao on 16-6-2.
+ * 草稿箱,可通过此控制器管理草稿
  */
 @RestController
 @RequestMapping("/draft")
 @Authorize
+@AccessLogger("草稿管理")
 public class DraftController {
 
     @Resource
     private DraftService draftService;
 
+    /**
+     * 创建草稿,创建成功后返回草稿ID
+     *
+     * @param key   草稿标识
+     * @param draft 草稿内容
+     * @return 创建结果
+     */
     @RequestMapping(value = "/{key}", method = RequestMethod.POST)
+    @AccessLogger("创建草稿")
     public ResponseMessage createDraft(@PathVariable("key") String key,
                                        @RequestBody Draft draft) {
         User user = WebUtil.getLoginUser();
@@ -41,25 +66,45 @@ public class DraftController {
         return ResponseMessage.ok(draftService.createDraft(key, draft));
     }
 
+    /**
+     * 获取指定标识的所有草稿信息,如果没有草稿.将返回一个空集合
+     *
+     * @param key 草稿标识
+     * @return 草稿信息
+     */
     @RequestMapping(value = "/{key}", method = RequestMethod.GET)
+    @AccessLogger("获取所有草稿")
     public ResponseMessage getAllDraftByKey(@PathVariable("key") String key) {
         User user = WebUtil.getLoginUser();
         return ResponseMessage.ok(draftService.getAllDraftByKey(key, user.getId()));
     }
 
+    /**
+     * 删除一个草稿,返回是否删除成功(true or false)
+     *
+     * @param key 草稿标识
+     * @param id  草稿ID
+     * @return 删除结果
+     */
     @RequestMapping(value = "/{key}/{id}", method = RequestMethod.DELETE)
+    @AccessLogger("删除草稿")
     public ResponseMessage removeDraft(@PathVariable("key") String key, @PathVariable("id") String id) {
         User user = WebUtil.getLoginUser();
-        draftService.removeDraft(key, id, user.getId());
-        return ResponseMessage.ok();
+        return ResponseMessage.ok(draftService.removeDraft(key, id, user.getId()));
     }
 
 
+    /**
+     * 删除指定标识的所有草稿,返回是否删除成功(true or false)
+     *
+     * @param key 草稿标识
+     * @return 删除结果
+     */
     @RequestMapping(value = "/{key}", method = RequestMethod.DELETE)
+    @AccessLogger("删除所有草稿")
     public ResponseMessage removeAllDraft(@PathVariable("key") String key) {
         User user = WebUtil.getLoginUser();
-        draftService.removeDraft(key, user.getId());
-        return ResponseMessage.ok();
+        return ResponseMessage.ok(draftService.removeDraft(key, user.getId()));
     }
 
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/form/DynamicFormController.java

@@ -19,6 +19,7 @@ package org.hsweb.web.controller.form;
 import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.common.UpdateMapParam;
 import org.hsweb.web.bean.po.form.Form;
+import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.authorize.annotation.Authorize;
 import org.hsweb.web.core.exception.BusinessException;
 import org.hsweb.web.core.exception.NotFoundException;
@@ -28,16 +29,20 @@ import org.hsweb.web.service.form.DynamicFormService;
 import org.hsweb.web.service.form.FormService;
 import org.hsweb.web.service.resource.FileService;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.multipart.MultipartFile;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 import java.io.InputStream;
 import java.net.URLEncoder;
+import java.sql.SQLException;
 import java.util.HashMap;
 import java.util.Map;
 
 /**
  * 动态表单管理控制器,用于操作动态表单以及对表单数据的增删改查和excel导入导出
+ * 将使用{@link org.hsweb.web.controller.DynamicFormAuthorizeValidator#validate(String, User, Map, String...)}进行权限验证
  *
  * @author zhouhao
  */
@@ -46,22 +51,46 @@ import java.util.Map;
 @AccessLogger("动态表单")
 public class DynamicFormController {
 
+    /**
+     * 动态表单服务类
+     */
     @Resource
     private DynamicFormService dynamicFormService;
 
+    /**
+     * 表单管理服务类
+     */
     @Resource
     private FormService formService;
 
+    /**
+     * 文件服务类
+     */
     @Resource
     private FileService fileService;
 
+    /**
+     * 根据表单名称,获取已发布此名称的表单信息
+     *
+     * @param name 表单名称
+     * @return 表单数据
+     * @throws NotFoundException 如果表达不存在或未部署将可能抛出此异常
+     */
     @RequestMapping(value = "/deployed/{name}", method = RequestMethod.GET)
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
-    @AccessLogger("发布表单")
+    @AccessLogger("查询发布表单")
     public ResponseMessage deployed(@PathVariable("name") String name) {
         return ResponseMessage.ok(formService.selectDeployed(name));
     }
 
+    /**
+     * 根据版本获取表单信息
+     *
+     * @param name    表单名称
+     * @param version 版本
+     * @return 表单信息
+     * @throws NotFoundException 表单不存在时 抛出此异常
+     */
     @RequestMapping(value = "/{name}/v/{version}", method = RequestMethod.GET)
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
     @AccessLogger("根据版本获取表单")
@@ -72,11 +101,20 @@ public class DynamicFormController {
         return ResponseMessage.ok(form);
     }
 
+    /**
+     * 根据表单名称和查询参数,查询表单的数据列表
+     *
+     * @param name  表单名称
+     * @param param 查询参数{@link QueryParam}
+     * @return 如果查询参数指定不分页, 将返回格式:[{},{}...].如果指定分页,将返回:{total:数据总数,data:[{},{},...]}
+     * @throws SQLException      执行查询sql错误
+     * @throws NotFoundException 表单不存在或在未发布
+     */
     @RequestMapping(value = "/{name}", method = RequestMethod.GET)
-    @AccessLogger("查看列表")
+    @AccessLogger("查看数据列表")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
     public ResponseMessage list(@PathVariable("name") String name,
-                                QueryParam param) throws Exception {
+                                QueryParam param) throws SQLException {
         // 获取条件查询
         Object data;
         if (!param.isPaging())//不分页
@@ -87,43 +125,93 @@ public class DynamicFormController {
                 .onlyData();
     }
 
+    /**
+     * 根据表单名和主键值查询数据
+     *
+     * @param name       表单名称
+     * @param primaryKey 主键值
+     * @return 查询结果
+     * @throws SQLException      执行查询sql错误
+     * @throws NotFoundException 表单不存在或在未发布
+     */
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.GET)
-    @AccessLogger("按主键查询")
+    @AccessLogger("按主键查询数据")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
     public ResponseMessage info(@PathVariable("name") String name,
-                                @PathVariable("primaryKey") String primaryKey) throws Exception {
+                                @PathVariable("primaryKey") String primaryKey) throws SQLException {
         Map<String, Object> data = dynamicFormService.selectByPk(name, primaryKey);
         return ResponseMessage.ok(data);
     }
 
+    /**
+     * 向指定名称的表单中新增一条数据
+     *
+     * @param name 表单名称
+     * @param data 数据
+     * @return 新增成功后返回被新增数据的主键值
+     * @throws SQLException                                  执行查询sql错误
+     * @throws NotFoundException                             表单不存在或在未发布
+     * @throws org.hsweb.ezorm.exception.ValidationException 数据格式验证失败时抛出此异常
+     */
     @RequestMapping(value = "/{name}", method = RequestMethod.POST)
     @AccessLogger("新增数据")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'C')")
     public ResponseMessage insert(@PathVariable("name") String name,
-                                  @RequestBody(required = true) Map<String, Object> data) throws Exception {
+                                  @RequestBody Map<String, Object> data) throws SQLException {
         String pk = dynamicFormService.insert(name, data);
         return ResponseMessage.ok(pk);
     }
 
+    /**
+     * 更新指定名称的表单中指定主键对应的数据
+     *
+     * @param name       表单名称
+     * @param primaryKey 数据主键值
+     * @param data       数据
+     * @return 更新记录数量
+     * @throws SQLException                                  执行查询sql错误
+     * @throws NotFoundException                             表单不存在或在未发布
+     * @throws org.hsweb.ezorm.exception.ValidationException 数据格式验证失败时抛出此异常
+     */
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.PUT)
     @AccessLogger("更新数据")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'U')")
     public ResponseMessage update(@PathVariable("name") String name,
                                   @PathVariable("primaryKey") String primaryKey,
-                                  @RequestBody(required = true) Map<String, Object> data) throws Exception {
+                                  @RequestBody(required = true) Map<String, Object> data) throws SQLException {
         int i = dynamicFormService.updateByPk(name, primaryKey, new UpdateMapParam(data));
         return ResponseMessage.ok(i);
     }
 
+    /**
+     * 从指定名称的表单中根据主键值删除数据
+     *
+     * @param name       表单名称
+     * @param primaryKey 主键值
+     * @return 删除成功通知
+     * @throws SQLException      执行查询sql错误
+     * @throws NotFoundException 表单不存在或在未发布
+     */
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.DELETE)
     @AccessLogger("删除数据")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'D')")
     public ResponseMessage delete(@PathVariable("name") String name,
-                                  @PathVariable("primaryKey") String primaryKey) throws Exception {
+                                  @PathVariable("primaryKey") String primaryKey) throws SQLException {
         dynamicFormService.deleteByPk(name, primaryKey);
         return ResponseMessage.ok();
     }
 
+    /**
+     * 从指定名称的表单中导出excel (.xlsx)
+     *
+     * @param name       表单名称
+     * @param fileName   导出后的文件名
+     * @param queryParam 导出数据查询参数{@link QueryParam}
+     * @param response   {@link HttpServletResponse}
+     * @throws Exception         excel导出异常
+     * @throws SQLException      执行查询sql错误
+     * @throws NotFoundException 表单不存在或在未发布
+     */
     @RequestMapping(value = "/{name}/export/{fileName:.+}", method = RequestMethod.GET)
     @AccessLogger("导出excel")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'export')")
@@ -136,16 +224,29 @@ public class DynamicFormController {
         dynamicFormService.exportExcel(name, queryParam, response.getOutputStream());
     }
 
+    /**
+     * 向指定名称的表单中导入excel数据.excel支持(xls,xlsx).
+     * 如果某条数据导入失败,将不会回滚,而是记录错误原因.
+     *
+     * @param name   表单名称
+     * @param fileId 文件id,通过{@link org.hsweb.web.controller.file.FileController#upload(MultipartFile[])} 上传后获得
+     *               使用,分割可实现同时导入多个文件
+     * @return 导入结果, 格式参照:{@link DynamicFormService#importExcel(String, InputStream)}
+     * @throws IOException       读取excel文件错误
+     * @throws BusinessException 解析excel文件错误
+     * @throws NotFoundException 表单不存在或在未发布
+     */
     @RequestMapping(value = "/{name}/import/{fileId:.+}", method = {RequestMethod.PATCH})
-    @AccessLogger("导入为excel")
+    @AccessLogger("导入excel")
     @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'import')")
     public ResponseMessage importExcel(@PathVariable("name") String name,
-                                       @PathVariable("fileId") String fileId) throws Exception {
+                                       @PathVariable("fileId") String fileId) throws IOException {
         String[] ids = fileId.split("[,]");
         Map<String, Object> result = new HashMap<>();
         for (int i = 0; i < ids.length; i++) {
-            InputStream inputStream = fileService.readResources(ids[i]);
-            result.put(ids[i], dynamicFormService.importExcel(name, inputStream));
+            try (InputStream inputStream = fileService.readResources(ids[i])) {
+                result.put(ids[i], dynamicFormService.importExcel(name, inputStream));
+            }
         }
         return ResponseMessage.ok(result);
     }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/form/FormController.java

@@ -1,34 +1,51 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.form;
 
-import org.hsweb.web.bean.po.history.History;
-import org.hsweb.web.core.authorize.annotation.Authorize;
 import org.hsweb.web.bean.common.PagerResult;
 import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.po.form.Form;
 import org.hsweb.web.controller.GenericController;
+import org.hsweb.web.core.authorize.annotation.Authorize;
 import org.hsweb.web.core.exception.BusinessException;
 import org.hsweb.web.core.exception.NotFoundException;
 import org.hsweb.web.core.logger.annotation.AccessLogger;
 import org.hsweb.web.core.message.ResponseMessage;
 import org.hsweb.web.service.form.FormService;
-import org.hsweb.web.service.history.HistoryService;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
+import java.sql.SQLException;
 import java.util.List;
 
 /**
- * 自定义表单控制器，继承自GenericController,使用rest+json
- * Created by generator(by 周浩) 2015-8-1 16:31:30
+ * 动态表单控制器,用于管理动态表单
+ *
+ * @author zhouhao
  */
 @RestController
 @RequestMapping(value = "/form")
 @AccessLogger("表单管理")
 @Authorize(module = "form")
 public class FormController extends GenericController<Form, String> {
-
-    //默认服务类
+    /**
+     * 表单服务类
+     */
     @Resource
     private FormService formService;
 
@@ -38,10 +55,14 @@ public class FormController extends GenericController<Form, String> {
     }
 
     /**
-     * 查询最新版本的表单列表
+     * 获取最新版本的表单列表
+     *
+     * @param param 查询参数
+     * @return {@link GenericController#list(QueryParam)}
      */
     @RequestMapping(value = "/~latest", method = RequestMethod.GET)
-    public ResponseMessage latestList(QueryParam param) throws Exception {
+    @AccessLogger("获取最新版列表")
+    public ResponseMessage latestList(QueryParam param) {
         ResponseMessage message;
         if (!param.isPaging()) {
             message = ResponseMessage.ok(formService.selectLatestList(param));
@@ -60,55 +81,110 @@ public class FormController extends GenericController<Form, String> {
         return message;
     }
 
+    /**
+     * 获取指定名称表单的最新版
+     *
+     * @param name 表单名称
+     * @return 表单信息
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{name}/latest", method = RequestMethod.GET)
-    public ResponseMessage latest(@PathVariable(value = "name") String name) throws Exception {
+    public ResponseMessage latest(@PathVariable(value = "name") String name) {
         Form form = formService.selectLatest(name);
-        if (form == null) throw new BusinessException("表单不存在", 404);
+        assertFound(form, "表单不存在");
         return ResponseMessage.ok(form);
     }
 
+    /**
+     * 获取指定名称和版本的表单
+     *
+     * @param name    表单名称
+     * @param version 版本
+     * @return 表单信息
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{name}/{version}", method = RequestMethod.GET)
-    public ResponseMessage latest(@PathVariable(value = "name") String name,
-                                  @PathVariable(value = "version") Integer version) throws Exception {
+    public ResponseMessage version(@PathVariable(value = "name") String name,
+                                   @PathVariable(value = "version") Integer version) {
         Form form = formService.selectByVersion(name, version);
-        if (form == null) throw new BusinessException("表单不存在", 404);
+        assertFound(form, "表单不存在");
         return ResponseMessage.ok(form);
     }
 
+    /**
+     * 发布指定id的表单
+     *
+     * @param id 表单id
+     * @return 发布结果
+     * @throws SQLException      部署执行sql错误
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{id}/deploy", method = RequestMethod.PUT)
     @Authorize(action = "deploy")
-    public ResponseMessage deploy(@PathVariable("id") String id) throws Exception {
+    public ResponseMessage deploy(@PathVariable("id") String id) throws SQLException {
         formService.deploy(id);
         return ResponseMessage.ok();
     }
 
+    /**
+     * 卸载发布指定id的表单
+     *
+     * @param id 表单id
+     * @return 卸载结果
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{id}/unDeploy", method = RequestMethod.PUT)
     @Authorize(action = "deploy")
-    public ResponseMessage unDeploy(@PathVariable("id") String id) throws Exception {
+    public ResponseMessage unDeploy(@PathVariable("id") String id) {
         formService.unDeploy(id);
         return ResponseMessage.ok();
     }
 
+    /**
+     * 获取已经发布表单的html
+     *
+     * @param name 表单名称
+     * @return html内容
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{name}/html", method = RequestMethod.GET)
-    public ResponseMessage html(@PathVariable("name") String name) throws Exception {
+    public ResponseMessage html(@PathVariable("name") String name) {
         return ResponseMessage.ok(formService.createDeployHtml(name));
     }
 
+    /**
+     * 创建一个指定表单ID的新版本
+     *
+     * @param id 表单ID
+     * @return 新版本表单的ID
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{id}/new-version", method = RequestMethod.POST)
     @ResponseStatus(HttpStatus.CREATED)
-    public ResponseMessage newVersion(@PathVariable("id") String id) throws Exception {
+    public ResponseMessage newVersion(@PathVariable("id") String id) {
         return ResponseMessage.created(formService.createNewVersion(id));
     }
 
+    /**
+     * 获取指定名称并且正在使用中的表单
+     *
+     * @param name 表单名称
+     * @throws NotFoundException 表单不存
+     */
     @RequestMapping(value = "/{name}/using", method = RequestMethod.GET)
-    public ResponseMessage using(@PathVariable("name") String name) throws Exception {
+    public ResponseMessage using(@PathVariable("name") String name) {
         Form form = formService.selectUsing(name);
-        if (form == null) {
-            throw new BusinessException("表单不存在", 404);
-        }
+        assertFound(form, "表单不存在");
         return ResponseMessage.ok(form).exclude(Form.class, "html");
     }
 
+    /**
+     * 获取指定id表单的html
+     *
+     * @param id 表单ID
+     * @return html
+     * @throws NotFoundException 表单不存在
+     */
     @RequestMapping(value = "/{id}/view", method = RequestMethod.GET)
     public ResponseMessage view(@PathVariable("id") String id) throws Exception {
         return ResponseMessage.ok(formService.createViewHtml(id));

hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java

@@ -1,6 +1,23 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.login;
 
 import org.apache.commons.beanutils.BeanUtils;
+import org.apache.commons.beanutils.BeanUtilsBean;
 import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.authorize.annotation.Authorize;
@@ -26,24 +43,44 @@ import org.hsweb.commons.MD5;
 import javax.annotation.PostConstruct;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import java.lang.reflect.InvocationTargetException;
+import java.math.BigInteger;
 
 /**
- * Created by zhouhao on 16-4-29.
+ * 授权控制器,用于登录系统
  */
 @RestController
 public class AuthorizeController {
+
+    /**
+     * 授权过程所需缓存
+     */
     @Autowired(required = false)
     private CacheManager cacheManager;
 
+    /**
+     * 用户服务类
+     */
     @Resource
     private UserService userService;
 
+    /**
+     * 配置服务类
+     */
     @Resource
     private ConfigService configService;
 
+    /**
+     * httpSession管理器
+     */
     @Autowired
     private HttpSessionManager httpSessionManager;
 
+    /**
+     * 获取当前在线人数
+     *
+     * @return 当前在线人数
+     */
     @RequestMapping(value = "/online/total", method = RequestMethod.GET)
     @AccessLogger("当前在线总人数")
     @Authorize
@@ -51,6 +88,11 @@ public class AuthorizeController {
         return ResponseMessage.ok(httpSessionManager.getUserTotal());
     }
 
+    /**
+     * 获取当前在线用户ID集合
+     *
+     * @return 在线用户ID集合
+     */
     @RequestMapping(value = "/online", method = RequestMethod.GET)
     @AccessLogger("当前在线用户ID")
     @Authorize
@@ -58,20 +100,28 @@ public class AuthorizeController {
         return ResponseMessage.ok(httpSessionManager.getUserIdList());
     }
 
+    /**
+     * 获取当前在线用户信息集合
+     *
+     * @return 在线用户信息集合
+     */
     @RequestMapping(value = "/online/list", method = RequestMethod.GET)
     @AccessLogger("当前在线用户")
     @Authorize
-    public ResponseMessage online(QueryParam param) {
-        param.includes("id", "username", "name", "phone", "email");
-        param.excludes("password");
+    public ResponseMessage onlineInfo() {
         return ResponseMessage.ok(httpSessionManager.tryGetAllUser())
-                .include(User.class, param.getIncludes())
-                .exclude(User.class, param.getExcludes());
+                .include(User.class, "id", "username", "name", "phone", "email")
+                .exclude(User.class, "password");
     }
 
+    /**
+     * 退出登录
+     *
+     * @return 退出成功
+     */
     @RequestMapping(value = "/exit", method = RequestMethod.POST)
     @AccessLogger("登出")
-    public ResponseMessage exit() throws Exception {
+    public ResponseMessage exit() {
         User user = WebUtil.getLoginUser();
         if (user != null) {
             httpSessionManager.removeUser(user.getId());
@@ -79,9 +129,31 @@ public class AuthorizeController {
         return ResponseMessage.ok();
     }
 
+    /**
+     * 用户登录,如果密码输出错误,将会限制登录.
+     * <ul>
+     * <li>
+     * 密码最大错误次数从配置中获取{@link ConfigService#getInt(String, String, int)}:login,error.max_number,5
+     * </li>
+     * <li>
+     * 禁止登录分钟数从配置中获取{@link ConfigService#getInt(String, String, int)}:login,error.wait_minutes,10
+     * <p>
+     * </li>
+     * </ul>
+     *
+     * @param username 用户名
+     * @param password 密码
+     * @param request  {@link HttpServletRequest}
+     * @return 登录情况
+     * @throws AuthorizeForbiddenException 用户被锁定或者密码错误
+     * @throws NotFoundException           用户不存在或已注销
+     * @throws Exception                   其他错误
+     */
     @RequestMapping(value = "/login", method = RequestMethod.POST)
     @AccessLogger("登录")
-    public ResponseMessage login(@RequestParam String username, @RequestParam String password, HttpServletRequest request) throws Exception {
+    public ResponseMessage login(@RequestParam String username,
+                                 @RequestParam String password,
+                                 HttpServletRequest request) throws Exception {
         //判断用户是否多次输入密码错误
         String userIp = WebUtil.getIpAddr(request);
         int maxErrorNumber = configService.getInt("login", "error.max_number", 5);
@@ -119,12 +191,16 @@ public class AuthorizeController {
             userService.initAdminUser(user);
         else
             user.initRoleInfo();
-        httpSessionManager.addUser((User) BeanUtils.cloneBean(user), request.getSession());
+        User newUser = new User();
+        BeanUtilsBean.getInstance().getPropertyUtils()
+                .copyProperties(newUser, user);
+        httpSessionManager.addUser(newUser, request.getSession());
         return ResponseMessage.ok();
     }
 
     @PostConstruct
     public void init() {
+        //如果系统没有配置cacheManager,则使用ConcurrentMapCacheManager
         if (cacheManager == null) {
             cacheManager = new ConcurrentMapCacheManager();
         }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/UserModuleController.java

@@ -1,15 +1,32 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.login;
 
-import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.hsweb.commons.StringUtils;
 import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.po.module.Module;
 import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.hsweb.web.core.logger.annotation.AccessLogger;
 import org.hsweb.web.core.message.ResponseMessage;
-import org.hsweb.web.service.module.ModuleService;
 import org.hsweb.web.core.utils.WebUtil;
+import org.hsweb.web.service.module.ModuleService;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import org.hsweb.commons.StringUtils;
 
 import javax.annotation.Resource;
 import java.util.LinkedList;
@@ -18,16 +35,17 @@ import java.util.Map;
 import java.util.stream.Collectors;
 
 /**
- * Created by zhouhao on 16-4-13.
+ * 用户模块控制器,用于获取当前登录用户持有的模块权限
  */
 @RestController
 @RequestMapping("/userModule")
-@Authorize
 public class UserModuleController {
     @Resource
     public ModuleService moduleService;
 
     @RequestMapping
+    @Authorize
+    @AccessLogger("用户模块信息")
     public ResponseMessage userModule() throws Exception {
         String[] includes = {
                 "name", "id", "parentId", "icon", "uri", "optional"

hsweb-web-controller/src/main/java/org/hsweb/web/controller/module/ModuleController.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.module;
 
 import org.hsweb.web.core.logger.annotation.AccessLogger;
@@ -11,8 +27,10 @@ import org.springframework.web.bind.annotation.RestController;
 import javax.annotation.Resource;
 
 /**
- * 系统模块控制器，继承自GenericController,使用rest+json
- * Created by generator 2015-8-26 11:22:11
+ * 系统模块(菜单)控制器,继承自{@link GenericController<Module, String>}
+ *
+ * @author zhouhao
+ * @since 1.0
  */
 @RestController
 @RequestMapping(value = "/module")
@@ -20,7 +38,6 @@ import javax.annotation.Resource;
 @Authorize(module = "module")
 public class ModuleController extends GenericController<Module, String> {
 
-    //默认服务类
     @Resource
     private ModuleService moduleService;
 

hsweb-web-controller/src/main/java/org/hsweb/web/controller/module/ModuleMetaController.java

@@ -1,3 +1,19 @@
+/*
+ * Copyright 2015-2016 https://github.com/hs-web
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.hsweb.web.controller.module;
 
 import org.hsweb.web.bean.po.module.ModuleMeta;
@@ -22,7 +38,10 @@ import java.util.stream.Collector;
 import java.util.stream.Collectors;
 
 /**
- * Created by zhouhao on 16-5-10.
+ * 模板配置定义控制器，继承自{@link GenericController<ModuleMeta, String>}
+ *
+ * @author zhouhao
+ * @since 1.0
  */
 @RestController
 @RequestMapping("/module-meta")
@@ -36,8 +55,14 @@ public class ModuleMetaController extends GenericController<ModuleMeta, String>
         return moduleMetaService;
     }
 
+    /**
+     * 查询当前用户持有制定key的所有模块配置定义信息
+     *
+     * @param key
+     * @return {@link ResponseMessage}
+     */
     @RequestMapping(value = "/{key}/own", method = RequestMethod.GET)
-    public ResponseMessage userModuleMeta(@PathVariable String key) throws Exception {
+    public ResponseMessage userModuleMeta(@PathVariable String key) {
         User user = WebUtil.getLoginUser();
         List<UserRole> roles = user.getUserRoles();
         String[] roleIdList = roles