优化ResponseMessage。以及异常处理

hsweb-web-bean/src/main/java/org/hsweb/web/bean/po/GenericPo.java

@@ -42,6 +42,7 @@ public class GenericPo<PK> implements Serializable {
 
     @Override
     public boolean equals(Object obj) {
+        if (obj == null) return false;
         return this.hashCode() == obj.hashCode();
     }
 

hsweb-web-controller/src/main/java/org/hsweb/web/controller/AopAccessLoggerResolverConfiguration.java

@@ -40,9 +40,12 @@ public class AopAccessLoggerResolverConfiguration extends AopAccessLoggerResolve
         try {
             result = pjp.proceed();
         } catch (Throwable e) {
-            result = new ResponseMessage(false, e);
-            if (!(e instanceof BusinessException))
+            if (!(e instanceof BusinessException)) {
+                result = ResponseMessage.error(e.getMessage());
                 loggerInfo.setException_info(StringUtils.throwable2String(e));
+            } else {
+                result = ResponseMessage.error(e.getMessage(), ((BusinessException) e).getStatus());
+            }
             throw e;
         } finally {
             long responseTime = System.currentTimeMillis();
@@ -53,7 +56,7 @@ public class AopAccessLoggerResolverConfiguration extends AopAccessLoggerResolve
             if (user != null)
                 loggerInfo.setUser_id(user.getU_id());
             if (result instanceof ResponseMessage)
-                loggerInfo.setResponse_code(((ResponseMessage) result).getCode());
+                loggerInfo.setResponse_code(String.valueOf(((ResponseMessage) result).getCode()));
             if (accessLoggerPersisting != null) {
                 accessLoggerPersisting.forEach(loggerPersisting -> loggerPersisting.save(loggerInfo));
             }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/GenericController.java

@@ -69,7 +69,7 @@ public abstract class GenericController<PO, PK> {
             data = getService().select(param);
         else
             data = getService().selectPager(param);
-        return new ResponseMessage(true, data)
+        return ResponseMessage.ok(data)
                 .include(getPOType(), param.getIncludes())
                 .exclude(getPOType(), param.getExcludes())
                 .onlyData();
@@ -88,7 +88,7 @@ public abstract class GenericController<PO, PK> {
         PO po = getService().selectByPk(id);
         if (po == null)
             throw new BusinessException("data is not found!", 404);
-        return new ResponseMessage(true, po);
+        return ResponseMessage.ok(po);
     }
 
 
@@ -103,7 +103,7 @@ public abstract class GenericController<PO, PK> {
     @Authorize(action = "R")
     public ResponseMessage total(QueryParam param) throws Exception {
         // 获取条件查询
-        return new ResponseMessage(true, getService().total(param));
+        return ResponseMessage.ok(getService().total(param));
     }
 
     /**
@@ -118,7 +118,7 @@ public abstract class GenericController<PO, PK> {
     @ResponseStatus(HttpStatus.CREATED)
     public ResponseMessage add(@RequestBody PO object) throws Exception {
         PK pk = getService().insert(object);
-        return new ResponseMessage(true, pk);
+        return ResponseMessage.created(pk);
     }
 
     /**
@@ -134,7 +134,7 @@ public abstract class GenericController<PO, PK> {
         PO old = getService().selectByPk(id);
         if (old == null) throw new BusinessException("data is not found!", 404);
         int number = getService().delete(id);
-        return new ResponseMessage(true, number);
+        return ResponseMessage.ok(number);
     }
 
     /**
@@ -153,7 +153,7 @@ public abstract class GenericController<PO, PK> {
             ((GenericPo) object).setU_id(id);
         }
         int number = getService().update(object);
-        return new ResponseMessage(true, number);
+        return ResponseMessage.ok(number);
     }
 
     /**
@@ -178,6 +178,6 @@ public abstract class GenericController<PO, PK> {
         } else {
             throw new BusinessException("请求数据格式错误!");
         }
-        return new ResponseMessage(true, number);
+        return ResponseMessage.ok(number);
     }
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/config/ConfigController.java

@@ -8,12 +8,14 @@ import org.hsweb.web.controller.GenericController;
 import org.hsweb.web.message.ResponseMessage;
 import org.hsweb.web.service.config.ConfigService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.cache.annotation.Cacheable;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 
 /**
  * 系统配置控制器，继承自GenericController,使用rest+json。
@@ -109,12 +111,8 @@ public class ConfigController extends GenericController<Config, String> {
      */
     @RequestMapping(value = "/info/{name:.+}", method = RequestMethod.GET)
     @AccessLogger("根据配置名获取配置")
-    public Object configInfo(@PathVariable("name") String name) {
-        try {
-            return configService.get(name);
-        } catch (Exception e) {
-            return "";
-        }
+    public Object configInfo(@PathVariable("name") String name) throws Exception {
+        return configService.get(name);
     }
 
 
@@ -127,29 +125,25 @@ public class ConfigController extends GenericController<Config, String> {
      */
     @RequestMapping(value = {"/info/{name:.+}/{key:.+}"}, method = RequestMethod.GET)
     @AccessLogger("根据配置名和键获取配置")
-    public Object configInfo(@PathVariable("name") String name, @PathVariable("key") String key) {
-        try {
-            return configService.get(name, key);
-        } catch (Exception e) {
-            return "";
-        }
+    public Object configInfo(@PathVariable("name") String name, @PathVariable("key") String key) throws Exception {
+        return configService.get(name, key);
     }
 
     @Override
     @RequestMapping(value = "/{id:.+}", method = RequestMethod.GET)
-    public ResponseMessage info(@PathVariable("id") String id)throws Exception {
+    public ResponseMessage info(@PathVariable("id") String id) throws Exception {
         return super.info(id);
     }
 
     @Override
     @Authorize(module = "config", action = "C")
-    public ResponseMessage add(@RequestBody Config object)throws Exception {
+    public ResponseMessage add(@RequestBody Config object) throws Exception {
         return super.add(object);
     }
 
     @Override
     @Authorize(module = "config", action = "U")
-    public ResponseMessage update(@PathVariable("id") String id, @RequestBody Config object)throws Exception {
+    public ResponseMessage update(@PathVariable("id") String id, @RequestBody Config object) throws Exception {
         return super.update(id, object);
     }
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/file/FileController.java

@@ -1,5 +1,6 @@
 package org.hsweb.web.controller.file;
 
+import org.hsweb.web.exception.NotFoundException;
 import org.hsweb.web.logger.annotation.AccessLogger;
 import org.hsweb.web.authorize.annotation.Authorize;
 import org.hsweb.web.bean.po.resource.Resources;
@@ -81,7 +82,7 @@ public class FileController {
     @AccessLogger("下载文件")
     public ResponseMessage restDownLoad(@PathVariable("id") String id,
                                         @PathVariable("name") String name,
-                                        HttpServletResponse response, HttpServletRequest request) {
+                                        HttpServletResponse response, HttpServletRequest request) throws Exception {
         return downLoad(id, name, response, request);
     }
 
@@ -96,67 +97,61 @@ public class FileController {
     @AccessLogger("下载文件")
     public ResponseMessage downLoad(@PathVariable("id") String id,
                                     @RequestParam(value = "name", required = false) String name,
-                                    HttpServletResponse response, HttpServletRequest request) {
-        try {
-            Resources resources = resourcesService.selectByPk(id);
-            if (resources == null || resources.getStatus() != 1) {
-                response.setStatus(404);
-                return new ResponseMessage(false, "资源不存在！", "404");
-            } else {
-                if (!"file".equals(resources.getType()))
-                    return new ResponseMessage(false, "该资源不是文件！", "400");
-                String fileBasePath = configService.get("upload", "basePath", "/upload/").trim();
-                File file = new File(fileBasePath.concat(resources.getPath().concat("/".concat(resources.getMd5()))));
-                if (!file.canRead()) {
-                    response.setStatus(404);
-                    return new ResponseMessage(false, "资源不存在！", "404");
-                }
-                //获取contentType，默认application/octet-stream
-                String contentType = mediaTypeMapper.get(resources.getSuffix().toLowerCase());
-                if (contentType == null)
-                    contentType = "application/octet-stream";
-                if (StringUtils.isNullOrEmpty(name))//未自定义文件名，则使用上传时的文件名
-                    name = resources.getName();
-                if (!name.contains("."))//如果未指定文件拓展名，则追加默认的文件拓展名
-                    name = name.concat(".").concat(resources.getSuffix());
-                //关键字剔除
-                name = fileNameKeyWordPattern.matcher(name).replaceAll("");
-                int skip = 0;
-                long fSize = file.length();
-                //尝试判断是否为断点下载
-                try {
-                    //获取要继续下载的位置
-                    String Range = request.getHeader("Range").replaceAll("bytes=", "").replaceAll("-", "");
-                    skip = StringUtils.toInt(Range);
-                } catch (Exception e) {
-                }
+                                    HttpServletResponse response, HttpServletRequest request) throws Exception {
+        Resources resources = resourcesService.selectByPk(id);
+        if (resources == null || resources.getStatus() != 1) {
+            throw new NotFoundException("文件不存在");
+        } else {
+            if (!"file".equals(resources.getType()))
+                throw new NotFoundException("文件不存在");
+            String fileBasePath = configService.get("upload", "basePath", "/upload/").trim();
+            File file = new File(fileBasePath.concat(resources.getPath().concat("/".concat(resources.getMd5()))));
+            if (!file.canRead()) {
+                throw new NotFoundException("文件不存在");
+            }
+            //获取contentType，默认application/octet-stream
+            String contentType = mediaTypeMapper.get(resources.getSuffix().toLowerCase());
+            if (contentType == null)
+                contentType = "application/octet-stream";
+            if (StringUtils.isNullOrEmpty(name))//未自定义文件名，则使用上传时的文件名
+                name = resources.getName();
+            if (!name.contains("."))//如果未指定文件拓展名，则追加默认的文件拓展名
+                name = name.concat(".").concat(resources.getSuffix());
+            //关键字剔除
+            name = fileNameKeyWordPattern.matcher(name).replaceAll("");
+            int skip = 0;
+            long fSize = file.length();
+            //尝试判断是否为断点下载
+            try {
+                //获取要继续下载的位置
+                String Range = request.getHeader("Range").replaceAll("bytes=", "").replaceAll("-", "");
+                skip = StringUtils.toInt(Range);
+            } catch (Exception e) {
+            }
 
-                response.setContentLength((int) fSize);//文件大小
-                response.setContentType(contentType);
-                response.setHeader("Content-disposition", "attachment;filename=" + URLEncoder.encode(name, "utf-8"));
-                //try with resource
-                try (BufferedInputStream inputStream = new BufferedInputStream(new FileInputStream(file));
-                     BufferedOutputStream stream = new BufferedOutputStream(response.getOutputStream())) {
-                    //断点下载
-                    if (skip > 0) {
-                        inputStream.skip(skip);
-                        response.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT);
-                        String contentRange = new StringBuffer("bytes ").append(skip).append("-").append(fSize - 1).append("/").append(fSize).toString();
-                        response.setHeader("Content-Range", contentRange);
-                    }
-                    byte b[] = new byte[2048 * 10];
-                    while ((inputStream.read(b)) != -1) {
-                        stream.write(b);
-                    }
-                    stream.flush();
-                } catch (Exception e) {
-                    logger.debug(String.format("download file error%s", e.getMessage()));
-                    throw e;
+            response.setContentLength((int) fSize);//文件大小
+            response.setContentType(contentType);
+            response.setHeader("Content-disposition", "attachment;filename=" + URLEncoder.encode(name, "utf-8"));
+            //try with resource
+            try (BufferedInputStream inputStream = new BufferedInputStream(new FileInputStream(file));
+                 BufferedOutputStream stream = new BufferedOutputStream(response.getOutputStream())) {
+                //断点下载
+                if (skip > 0) {
+                    inputStream.skip(skip);
+                    response.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT);
+                    String contentRange = new StringBuffer("bytes ").append(skip).append("-").append(fSize - 1).append("/").append(fSize).toString();
+                    response.setHeader("Content-Range", contentRange);
+                }
+                byte b[] = new byte[2048 * 10];
+                while ((inputStream.read(b)) != -1) {
+                    stream.write(b);
                 }
-                return null;
+                stream.flush();
+            } catch (Exception e) {
+                logger.debug(String.format("download file error%s", e.getMessage()));
+                throw e;
             }
-        } catch (Exception e) {
-            return new ResponseMessage(false, e);
+            return null;
         }
 
     }
@@ -169,7 +164,7 @@ public class FileController {
      */
     @RequestMapping(value = "/upload", method = RequestMethod.POST)
     @AccessLogger("上传文件")
-    public Object upload(@RequestParam("file") CommonsMultipartFile[] files) {
+    public Object upload(@RequestParam("file") CommonsMultipartFile[] files) throws Exception {
         if (logger.isInfoEnabled())
             logger.info(String.format("start upload , file number:%s", files.length));
         List<Resources> resourcesList = new LinkedList<>();
@@ -178,16 +173,12 @@ public class FileController {
             if (!file.isEmpty()) {
                 if (logger.isInfoEnabled())
                     logger.info(String.format("start write file:%s", file.getOriginalFilename()));
-                try {
-                    String fileName = files[i].getOriginalFilename();
-                    Resources resources = fileService.saveFile(files[i].getFileItem().getInputStream(), fileName);
-                    resourcesList.add(resources);
-                } catch (Exception e) {
-                    return new ResponseMessage(false, e);
-                }
+                String fileName = files[i].getOriginalFilename();
+                Resources resources = fileService.saveFile(files[i].getFileItem().getInputStream(), fileName);
+                resourcesList.add(resources);
             }
         }//响应上传成功的资源信息
-        return new ResponseMessage(true, resourcesList)
+        return ResponseMessage.ok(resourcesList)
                 .include(Resources.class, "u_id", "name", "md5");
     }
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/form/DynamicFormController.java

@@ -1,5 +1,6 @@
 package org.hsweb.web.controller.form;
 
+import org.hsweb.web.authorize.annotation.Authorize;
 import org.hsweb.web.bean.common.InsertMapParam;
 import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.common.UpdateMapParam;
@@ -24,71 +25,52 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}", method = RequestMethod.GET)
     @AccessLogger("查看列表")
+    @Authorize(expression = "#user.hasAccessModuleAction(#name,'R')")
     public ResponseMessage list(@PathVariable("name") String name,
-                                @RequestParam(required = false) QueryParam param) {
-        try {
-            // 获取条件查询
-            Object data;
-            if (!param.isPaging())//不分页
-                data = dynamicFormService.select(name, param);
-            else
-                data = dynamicFormService.selectPager(name, param);
-            return new ResponseMessage(true, data)
-                    .include(Map.class, param.getIncludes())
-                    .exclude(Map.class, param.getExcludes())
-                    .onlyData();
-        } catch (Exception e) {
-            return new ResponseMessage(false, e);
-        }
+                                @RequestParam(required = false) QueryParam param) throws Exception {
+        // 获取条件查询
+        Object data;
+        if (!param.isPaging())//不分页
+            data = dynamicFormService.select(name, param);
+        else
+            data = dynamicFormService.selectPager(name, param);
+        return ResponseMessage.ok(data)
+                .include(Map.class, param.getIncludes())
+                .exclude(Map.class, param.getExcludes())
+                .onlyData();
     }
 
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.GET)
     @AccessLogger("按主键查询")
     public ResponseMessage info(@PathVariable("name") String name,
-                                @PathVariable("primaryKey") String primaryKey) {
-        try {
-            Map<String, Object> data = dynamicFormService.selectByPk(name, primaryKey);
-            return new ResponseMessage(true, data);
-        } catch (Exception e) {
-            return new ResponseMessage(false, e);
-        }
+                                @PathVariable("primaryKey") String primaryKey) throws Exception {
+        Map<String, Object> data = dynamicFormService.selectByPk(name, primaryKey);
+        return ResponseMessage.ok(data);
     }
 
     @RequestMapping(value = "/{name}", method = RequestMethod.POST)
     @AccessLogger("新增数据")
     public ResponseMessage insert(@PathVariable("name") String name,
-                                  @RequestBody(required = true) Map<String, Object> data) {
-        try {
-            String pk = dynamicFormService.insert(name, new InsertMapParam(data));
-            return new ResponseMessage(true, pk);
-        } catch (Exception e) {
-            return new ResponseMessage(false, e);
-        }
+                                  @RequestBody(required = true) Map<String, Object> data) throws Exception {
+        String pk = dynamicFormService.insert(name, new InsertMapParam(data));
+        return ResponseMessage.ok(pk);
     }
 
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.PUT)
     @AccessLogger("更新数据")
     public ResponseMessage update(@PathVariable("name") String name,
                                   @PathVariable("primaryKey") String primaryKey,
-                                  @RequestBody(required = true) Map<String, Object> data) {
-        try {
-            int i = dynamicFormService.updateByPk(name, primaryKey, new UpdateMapParam(data));
-            return new ResponseMessage(true, i);
-        } catch (Exception e) {
-            return new ResponseMessage(false, e);
-        }
+                                  @RequestBody(required = true) Map<String, Object> data) throws Exception {
+        int i = dynamicFormService.updateByPk(name, primaryKey, new UpdateMapParam(data));
+        return ResponseMessage.ok(i);
     }
 
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.DELETE)
     @AccessLogger("删除数据")
     public ResponseMessage delete(@PathVariable("name") String name,
-                                  @PathVariable("primaryKey") String primaryKey) {
-        try {
-            boolean success = dynamicFormService.deleteByPk(name, primaryKey);
-            return new ResponseMessage(true, success);
-        } catch (Exception e) {
-            return new ResponseMessage(false, e);
-        }
+                                  @PathVariable("primaryKey") String primaryKey) throws Exception {
+        dynamicFormService.deleteByPk(name, primaryKey);
+        return ResponseMessage.ok();
     }
 
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/form/FormController.java

@@ -43,7 +43,7 @@ public class FormController extends GenericController<Form, String> {
     public ResponseMessage latestList(QueryParam param) throws Exception {
         ResponseMessage message;
         if (!param.isPaging()) {
-            message = new ResponseMessage(true, formService.selectLatestList(param));
+            message = ResponseMessage.ok(formService.selectLatestList(param));
         } else {
             param.setPaging(false);
             int total = formService.countLatestList(param);
@@ -51,7 +51,7 @@ public class FormController extends GenericController<Form, String> {
             List<Form> list = formService.selectLatestList(param);
             PagerResult<Form> result = new PagerResult<>();
             result.setData(list).setTotal(total);
-            message = new ResponseMessage(true, result);
+            message = ResponseMessage.ok(result);
         }
         message.include(Form.class, param.getIncludes())
                 .exclude(Form.class, param.getExcludes())
@@ -63,7 +63,7 @@ public class FormController extends GenericController<Form, String> {
     public ResponseMessage latest(@PathVariable(value = "name") String name) throws Exception {
         Form form = formService.selectLatest(name);
         if (form == null) throw new BusinessException("表单不存在", 404);
-        return new ResponseMessage(true, form);
+        return ResponseMessage.ok(form);
     }
 
     @RequestMapping(value = "/{name}/{version}", method = RequestMethod.GET)
@@ -71,26 +71,26 @@ public class FormController extends GenericController<Form, String> {
                                   @PathVariable(value = "version") Integer version) throws Exception {
         Form form = formService.selectByVersion(name, version);
         if (form == null) throw new BusinessException("表单不存在", 404);
-        return new ResponseMessage(true, form);
+        return ResponseMessage.ok(form);
     }
 
     @RequestMapping(value = "/{id}/deploy", method = RequestMethod.PUT)
     @Authorize(action = "deploy")
     public ResponseMessage deploy(@PathVariable("id") String id) throws Exception {
         formService.deploy(id);
-        return new ResponseMessage(true, "success");
+        return ResponseMessage.ok();
     }
 
     @RequestMapping(value = "/{id}/unDeploy", method = RequestMethod.PUT)
     @Authorize(action = "deploy")
     public ResponseMessage unDeploy(@PathVariable("id") String id) throws Exception {
         formService.unDeploy(id);
-        return new ResponseMessage(true, "success");
+        return ResponseMessage.ok();
     }
 
     @RequestMapping(value = "/{name}/html", method = RequestMethod.GET)
     public ResponseMessage html(@PathVariable("name") String name) throws Exception {
-        return new ResponseMessage(true, formService.createDeployHtml(name));
+        return ResponseMessage.ok(formService.createDeployHtml(name));
     }
 
     @RequestMapping(value = "/{name}/using", method = RequestMethod.GET)
@@ -99,11 +99,11 @@ public class FormController extends GenericController<Form, String> {
         if (form == null) {
             throw new BusinessException("表单不存在", 404);
         }
-        return new ResponseMessage(true, form).exclude(Form.class,"html");
+        return ResponseMessage.ok(form).exclude(Form.class, "html");
     }
 
     @RequestMapping(value = "/{id}/view", method = RequestMethod.GET)
     public ResponseMessage view(@PathVariable("id") String id) throws Exception {
-        return new ResponseMessage(true, formService.createViewHtml(id));
+        return ResponseMessage.ok(formService.createViewHtml(id));
     }
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/login/AuthorizeController.java

@@ -0,0 +1,91 @@
+package org.hsweb.web.controller.login;
+
+import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.exception.AuthorizeException;
+import org.hsweb.web.exception.NotFoundException;
+import org.hsweb.web.logger.annotation.AccessLogger;
+import org.hsweb.web.message.ResponseMessage;
+import org.hsweb.web.service.config.ConfigService;
+import org.hsweb.web.service.user.UserService;
+import org.hsweb.web.utils.WebUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.concurrent.ConcurrentMapCacheManager;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.webbuilder.utils.common.MD5;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Created by zhouhao on 16-4-29.
+ */
+@RestController
+@AccessLogger("授权")
+public class AuthorizeController {
+    @Autowired(required = false)
+    private CacheManager cacheManager;
+
+    @Resource
+    private UserService userService;
+
+    @Resource
+    private ConfigService configService;
+
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    @AccessLogger("登录")
+    public ResponseMessage login(@RequestParam String username, @RequestParam String password, HttpServletRequest request) throws Exception {
+        //判断用户是否多次输入密码错误
+        String userIp = WebUtil.getIpAddr(request);
+        int maxErrorNumber = configService.getInt("login", "error.max_number", 5);
+        int waitMinutes = configService.getInt("login", "error.wait_minutes", 10);
+        Cache cache = cacheManager.getCache("login.error");
+        String cachePrefix = username.concat("@").concat(userIp);
+        String timeCacheKey = cachePrefix.concat("-time");
+        String numberCacheKey = cachePrefix.concat("-number");
+        Integer error_number = cache.get(numberCacheKey, Integer.class);
+        Long error_time = cache.get(timeCacheKey, Long.class);
+        long now_time = System.currentTimeMillis();
+        if (error_number != null && error_time != null) {
+            if ((now_time - error_time) / 1000 / 60d > waitMinutes) {
+                cache.evict(timeCacheKey);
+                cache.evict(numberCacheKey);
+                error_number = 0;
+                error_time = 0l;
+            }
+            if (error_number >= maxErrorNumber)
+                throw new AuthorizeException("您的账户已被锁定登录,请" + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "分钟后再试!");
+        }
+        User user = userService.selectByUserName(username);
+        if (user == null || user.getStatus() != 1) throw new NotFoundException("用户不存在或已注销");
+        //密码错误
+        if (!user.getPassword().equals(MD5.encode(password))) {
+            if (error_number == null) error_number = 0;
+            cache.put(timeCacheKey, System.currentTimeMillis());
+            cache.put(numberCacheKey, ++error_number);
+            throw new AuthorizeException("密码错误,你还可以重试" + (maxErrorNumber - error_number) + "次");
+        }
+        cache.evict(timeCacheKey);
+        cache.evict(numberCacheKey);
+        user.setPassword("");//去除密码
+        if (user.getUsername().equals("admin"))
+            userService.initAdminUser(user);
+        else
+            user.initRoleInfo();
+        request.getSession().setAttribute("user", user);
+        return ResponseMessage.ok();
+    }
+
+    @PostConstruct
+    public void init() {
+        if (cacheManager == null) {
+            cacheManager = new ConcurrentMapCacheManager();
+        }
+    }
+
+}

hsweb-web-controller/src/main/java/org/hsweb/web/controller/resource/ResourcesController.java

@@ -1,5 +1,7 @@
 package org.hsweb.web.controller.resource;
 
+import org.hsweb.web.exception.BusinessException;
+import org.hsweb.web.exception.NotFoundException;
 import org.hsweb.web.logger.annotation.AccessLogger;
 import org.hsweb.web.authorize.annotation.Authorize;
 import org.hsweb.web.bean.po.resource.Resources;
@@ -43,7 +45,7 @@ public class ResourcesController extends GenericController<Resources, String> {
      */
     @Override
     @Authorize(role = Role.SYS_ROLE_ADMIN)
-    public ResponseMessage delete(@PathVariable("id") String id)throws Exception {
+    public ResponseMessage delete(@PathVariable("id") String id) throws Exception {
         return super.delete(id);
     }
 
@@ -66,11 +68,11 @@ public class ResourcesController extends GenericController<Resources, String> {
         } else
             resources = resourcesService.selectByPk(id);
         if (resources == null) {
-            return new ResponseMessage(false, "资源不存在！", "404");
+            throw new NotFoundException("资源不存在");
         } else {
             if (resources.getStatus() != 1)
-                return new ResponseMessage(false, "拒绝访问！", "502");
-            return new ResponseMessage(true, resources);
+                throw new NotFoundException("资源不存在,或不可用！");
+            return ResponseMessage.ok(resources);
         }
     }
 

hsweb-web-controller/src/main/java/org/hsweb/web/controller/script/DynamicScriptController.java

@@ -35,27 +35,14 @@ public class DynamicScriptController extends GenericController<DynamicScript, St
 
 
     @RequestMapping(value = "/compile", method = {RequestMethod.GET})
-    public ResponseMessage compileAll() {
-        ResponseMessage message;
-        try {
-            dynamicScriptService.compileAll();
-            message = new ResponseMessage(true, "success");
-        } catch (Exception e) {
-            message = new ResponseMessage(false, e);
-        }
-        return message;
+    public ResponseMessage compileAll() throws Exception {
+        dynamicScriptService.compileAll();
+        return ResponseMessage.ok("success");
     }
 
     @RequestMapping(value = "/compile/{id:.+}", method = {RequestMethod.GET})
-    public ResponseMessage compile(@PathVariable("id") String id) {
-        ResponseMessage message;
-        try {
-            dynamicScriptService.compile(id);
-
-            message = new ResponseMessage(true, "success");
-        } catch (Exception e) {
-            message = new ResponseMessage(false, e);
-        }
-        return message;
+    public ResponseMessage compile(@PathVariable("id") String id) throws Exception {
+        dynamicScriptService.compile(id);
+        return ResponseMessage.ok("success");
     }
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/user/UserController.java

@@ -4,6 +4,7 @@ import org.hsweb.web.authorize.annotation.Authorize;
 import org.hsweb.web.bean.common.QueryParam;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.controller.GenericController;
+import org.hsweb.web.exception.NotFoundException;
 import org.hsweb.web.logger.annotation.AccessLogger;
 import org.hsweb.web.message.ResponseMessage;
 import org.hsweb.web.service.user.UserService;
@@ -49,13 +50,13 @@ public class UserController extends GenericController<User, String> {
     }
 
     @Override
-    @AccessLogger("删除")
+    @AccessLogger("禁用")
     public ResponseMessage delete(@PathVariable("id") String id) throws Exception {
         User user = getService().selectByPk(id);
-        if (user == null) return new ResponseMessage(false, "该用户不存在!", "404");
+        if (user == null) throw new NotFoundException("用户不存在!");
         user.setStatus(-1);
         getService().update(user);
-        return new ResponseMessage(true, "删除成功");
+        return ResponseMessage.ok( "禁用成功");
     }
 
 

hsweb-web-core/src/main/java/org/hsweb/web/authorize/validator/SimpleAuthorizeValidator.java

@@ -20,9 +20,7 @@ import java.util.*;
  */
 public class SimpleAuthorizeValidator implements AuthorizeValidator {
 
-    @Autowired
-    private ApplicationContext context;
-
+    @Autowired(required = false)
     private Map<String, ExpressionScopeBean> expressionScopeBeanMap;
 
     @Override
@@ -72,7 +70,8 @@ public class SimpleAuthorizeValidator implements AuthorizeValidator {
 
     public Map<String, Object> getExpressionRoot(User user) {
         Map<String, Object> root = new HashMap<>();
-        root.putAll(expressionScopeBeanMap);
+        if (expressionScopeBeanMap != null)
+            root.putAll(expressionScopeBeanMap);
         root.put("user", user);
         return root;
     }
@@ -82,8 +81,4 @@ public class SimpleAuthorizeValidator implements AuthorizeValidator {
         return new SimpleAuthorizeValidatorConfig();
     }
 
-    @PostConstruct
-    public void init() {
-        expressionScopeBeanMap = context.getBeansOfType(ExpressionScopeBean.class);
-    }
 }

hsweb-web-core/src/main/java/org/hsweb/web/exception/ExceptionHandler.java

@@ -0,0 +1,10 @@
+package org.hsweb.web.exception;
+
+import org.hsweb.web.message.ResponseMessage;
+
+public interface ExceptionHandler {
+
+   <T extends Throwable> boolean support(Class<T> e);
+
+    ResponseMessage handle(Throwable e);
+}

hsweb-web-core/src/main/java/org/hsweb/web/exception/ExceptionHandlerConfiguration.java

@@ -3,17 +3,22 @@ package org.hsweb.web.exception;
 import org.hsweb.web.message.ResponseMessage;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.web.DefaultErrorAttributes;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.core.ResolvableType;
+import org.springframework.core.annotation.Order;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.servlet.ModelAndView;
+import org.webbuilder.utils.common.ClassUtils;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -23,34 +28,88 @@ import java.util.Map;
 public class ExceptionHandlerConfiguration {
     private Logger logger = LoggerFactory.getLogger(this.getClass());
 
+    @Autowired
+    private List<ExceptionHandler> exceptionHandlers;
+
+
     @Bean
     public DefaultErrorAttributes errorAttributes() {
         return new DefaultErrorAttributes() {
             @Override
             public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
                 super.resolveException(request, response, handler, ex);
-                if (ex instanceof BusinessException) {
-                    try {
-                        response.sendError(((BusinessException) ex).getStatus());
-                    } catch (IOException e) {
-                        logger.error("response.sendError", e);
+                ResponseMessage responseMessage = null;
+                //获取自定义的异常处理器
+                for (ExceptionHandler exceptionHandler : exceptionHandlers) {
+                    if (exceptionHandler.support(ex.getClass())) {
+                        responseMessage = exceptionHandler.handle(ex);
+                        break;
                     }
                 }
+                if (responseMessage == null) {
+                    responseMessage = ResponseMessage.error(ex.getMessage());
+                }
+                request.setAttribute("error.attributes", responseMessage.toMap());
+                try {
+                    response.sendError(responseMessage.getCode());
+                } catch (IOException e) {
+                    logger.error("", e);
+                }
                 return null;
             }
 
             @Override
             public Map<String, Object> getErrorAttributes(RequestAttributes requestAttributes,
                                                           boolean includeStackTrace) {
-                Integer status = getAttribute(requestAttributes,
-                        "javax.servlet.error.status_code");
-                ResponseMessage responseMessage = new ResponseMessage(false, getError(requestAttributes), status == null ? "" : status.toString());
-                return responseMessage.toMap();
+                Map<String, Object> attrs = ((Map) requestAttributes.getAttribute("error.attributes", RequestAttributes.SCOPE_REQUEST));
+                //错误属性为空，说明可能不是由controller抛出的一次信息
+                if (attrs == null) {
+                    Integer status = (Integer) this.getAttribute(requestAttributes, "javax.servlet.error.status_code");
+                    Object message = this.getAttribute(requestAttributes, "javax.servlet.error.message");
+                    if (message == null)
+                        message = "None";
+                    return ResponseMessage.error(String.valueOf(message), status).toMap();
+                }
+                return attrs;
+            }
+
+            public Object getAttribute(RequestAttributes requestAttributes, String name) {
+                return requestAttributes.getAttribute(name, 0);
             }
+        };
+    }
 
-            public <T> T getAttribute(RequestAttributes requestAttributes, String name) {
-                return (T) requestAttributes.getAttribute(name, RequestAttributes.SCOPE_REQUEST);
+    @Bean
+    @Order(1000)
+    public ExceptionHandler defaultExceptionHandler() {
+        ExceptionHandler handler = new ExceptionHandler() {
+            @Override
+            public <T extends Throwable> boolean support(Class<T> e) {
+                return true;
+            }
+
+            @Override
+            public ResponseMessage handle(Throwable e) {
+                return ResponseMessage.error(e.getMessage());
+            }
+        };
+        return handler;
+    }
+
+    @Bean
+    @Order(900)
+    public ExceptionHandler businessExceptionHandler() {
+        ExceptionHandler handler = new ExceptionHandler() {
+            @Override
+            public <T extends Throwable> boolean support(Class<T> e) {
+                return ClassUtils.instanceOf(e, BusinessException.class);
+            }
+
+            @Override
+            public ResponseMessage handle(Throwable e) {
+                return ResponseMessage.error(e.getMessage(), ((BusinessException) e).getStatus());
             }
         };
+        return handler;
     }
 }

hsweb-web-core/src/main/java/org/hsweb/web/exception/NotFoundException.java

@@ -0,0 +1,10 @@
+package org.hsweb.web.exception;
+
+/**
+ * Created by zhouhao on 16-4-29.
+ */
+public class NotFoundException extends BusinessException {
+    public NotFoundException(String message) {
+        super(message, 404);
+    }
+}

hsweb-web-core/src/main/java/org/hsweb/web/message/ResponseMessage.java

@@ -16,67 +16,6 @@ import java.util.*;
  */
 public class ResponseMessage implements Serializable {
     private static final long serialVersionUID = 8992436576262574064L;
-    private transient static final Logger LOGGER = LoggerFactory.getLogger(ResponseMessage.class);
-
-    /**
-     * message处理类，可以自定义message处理方案
-     */
-    private transient static final Map<Class, MessageHandler> handlers = new HashMap<>();
-
-    /**
-     * 注册一个消息处理器
-     *
-     * @param dataType 消息类型
-     * @param handler  处理器实例
-     * @return 已注册的消息处理器
-     */
-    public static final <T> MessageHandler<T> registerMessageHandler(Class<T> dataType, MessageHandler<T> handler) {
-        return handlers.put(dataType, handler);
-    }
-
-    /**
-     * 注销一个消息处理器
-     *
-     * @param dataType 消息类型
-     * @return 已注册的消息处理器
-     */
-    public static final <T> MessageHandler<T> cancelMessageHandler(Class<T> dataType) {
-        return handlers.remove(dataType);
-    }
-
-    /**
-     * 注册默认的消息处理
-     */
-    static {
-        registerMessageHandler(Object.class, (message, msg) -> msg);
-        //默认异常信息处理
-        registerMessageHandler(Throwable.class, (message, msg) -> {
-            LOGGER.error("", msg);
-            return msg.getMessage();
-        });
-        //默认业务异常信息处理
-        registerMessageHandler(BusinessException.class, (message, msg) -> {
-            LOGGER.error(msg.getMessage());
-            message.setCode(String.valueOf(msg.getStatus()));
-            return msg.getMessage();
-        });
-        //权限验证异常
-        registerMessageHandler(AuthorizeException.class, (message, msg) -> {
-            message.setCode("401");
-            return msg.getMessage();
-        });
-        //权限验证异常
-        registerMessageHandler(ValidationException.class, (message, msg) -> {
-            message.setCode("400");
-            return msg.getMessage();
-        });
-
-    }
-
-    private static final <T> MessageHandler<T> getMessageHandler(Class<T> type) {
-        return handlers.get(type);
-    }
-
     /**
      * 是否成功
      */
@@ -88,14 +27,15 @@ public class ResponseMessage implements Serializable {
     private Object data;
 
     /**
-     * 响应码
+     * 反馈信息
      */
-    private String code;
+    private String message;
 
     /**
-     * 进行响应的元数据,不会被序列化,只是提供aop和拦截器访问
+     * 响应码
      */
-    private transient Object sourceData;
+    private int code;
+
 
     /**
      * 过滤字段：指定需要序列化的字段
@@ -114,60 +54,52 @@ public class ResponseMessage implements Serializable {
     public Map<String, Object> toMap() {
         Map<String, Object> map = new HashMap<>();
         map.put("success", this.success);
-        map.put("data", this.getData());
+        if (data != null)
+            map.put("data", this.getData());
+        if (message != null)
+            map.put("message", this.getMessage());
         map.put("code", this.getCode());
         return map;
     }
 
-    public ResponseMessage(boolean success, Object data) {
-        this.code = success ? "200" : "500";
-        if (data == null)
-            data = "null";
-        sourceData = data;
-        //获取消息处理器
-        MessageHandler messageHandler = getMessageHandler(data.getClass());
-        if (messageHandler == null) {
-            if (data instanceof Throwable) {
-                //未获取到指定的异常信息处理器，使用通用异常处理器
-                messageHandler = getMessageHandler(Throwable.class);
-            } else {
-                messageHandler = getMessageHandler(Object.class);
-            }
-        }
-        this.success = success;
-        if (messageHandler == null)
-            this.data = data;
-        else
-            this.data = messageHandler.handle(this, data);
+    protected ResponseMessage(String message) {
+        this.code = 500;
+        this.message = message;
+        this.success = false;
+    }
 
+    protected ResponseMessage(boolean success, Object data) {
+        this.code = success ? 200 : 500;
+        this.data = data;
+        this.success = success;
     }
 
-    public ResponseMessage(boolean success, Object data, String code) {
+    protected ResponseMessage(boolean success, Object data, int code) {
         this(success, data);
         this.code = code;
     }
 
 
-    public ResponseMessage include(Class<?> type, String... fileds) {
-        return include(type, Arrays.asList(fileds));
+    public ResponseMessage include(Class<?> type, String... fields) {
+        return include(type, Arrays.asList(fields));
     }
 
-    public ResponseMessage include(Class<?> type, Collection<String> fileds) {
+    public ResponseMessage include(Class<?> type, Collection<String> fields) {
         if (includes == null)
             includes = new HashMap<>();
-        getStringListFormMap(includes, type).addAll(fileds);
+        getStringListFormMap(includes, type).addAll(fields);
         return this;
     }
 
-    public ResponseMessage exclude(Class type, Collection<String> fileds) {
+    public ResponseMessage exclude(Class type, Collection<String> fields) {
         if (excludes == null)
             excludes = new HashMap<>();
-        getStringListFormMap(excludes, type).addAll(fileds);
+        getStringListFormMap(excludes, type).addAll(fields);
         return this;
     }
 
-    public ResponseMessage exclude(Class type, String... fileds) {
-        return exclude(type, Arrays.asList(fileds));
+    public ResponseMessage exclude(Class type, String... fields) {
+        return exclude(type, Arrays.asList(fields));
     }
 
     protected Set<String> getStringListFormMap(Map<Class<?>, Set<String>> map, Class type) {
@@ -191,8 +123,9 @@ public class ResponseMessage implements Serializable {
         return data;
     }
 
-    public void setData(String data) {
+    public ResponseMessage setData(Object data) {
         this.data = data;
+        return this;
     }
 
     @Override
@@ -200,20 +133,13 @@ public class ResponseMessage implements Serializable {
         return JSON.toJSONStringWithDateFormat(this, DateTimeUtils.YEAR_MONTH_DAY_HOUR_MINUTE_SECOND);
     }
 
-    public String getCode() {
+    public int getCode() {
         return code;
     }
 
-    public void setCode(String code) {
+    public ResponseMessage setCode(int code) {
         this.code = code;
-    }
-
-    public interface MessageHandler<T> {
-        Object handle(ResponseMessage message, T msg);
-    }
-
-    public Object getSourceData() {
-        return sourceData;
+        return this;
     }
 
     public static ResponseMessage fromJson(String json) {
@@ -249,4 +175,32 @@ public class ResponseMessage implements Serializable {
     public String getCallback() {
         return callback;
     }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public static ResponseMessage ok() {
+        return ok(null);
+    }
+
+    public static ResponseMessage ok(Object data) {
+        return new ResponseMessage(true, data);
+    }
+
+    public static ResponseMessage created(Object data) {
+        return new ResponseMessage(true, data, 201);
+    }
+
+    public static ResponseMessage error(String message) {
+        return new ResponseMessage(message);
+    }
+
+    public static ResponseMessage error(String message, int code) {
+        return new ResponseMessage(message).setCode(code);
+    }
 }