Internal API (xlyEntry)
The xlyEntry service hosts the SPA's runtime API. It is the largest of
the three tiers — its controllers compile into the same WAR as the
framework's metadata-driven runtime, and most calls hit one of a handful
of universal endpoints that read or write any module.
This API is not a stable contract for external callers. Endpoint shapes change as the framework changes. External integrations belong on the External API. This page exists for maintainers and SPA-extension authors.
For the request-lifecycle and code-level walkthrough, see the Maintainer runtime chapter. This page is the catalog of HTTP entry points.
The universal CRUD surface — /business/*
| Endpoint | Method | Purpose |
|---|---|---|
/business/getModelBysId/{moduleId} |
GET | Returns the form layout for a module — the five-key composite (formData, gdsformconst, gdsjurisdiction, billnosetting, report). |
/business/getBusinessDataByFormcustomId/{formId} |
POST | Returns rows of business data for a form, paginated. Branches to getBusinessDataByGroup when sGroupList is set. |
/business/getBusinessDataByIndex |
POST | First / last / next / previous-record navigation. |
/business/addBusinessData |
POST | Single insert. |
/business/addUpdateDelBusinessData |
POST | Bundled add+update+delete in one transactional call. The frontend names the target table directly via sTable. |
/business/getSelectDataBysControlId/{sId} |
POST | Dropdown population for a single control, by control sId. |
/business/getSelectLimit/{sId} |
POST | Paginated variant of the dropdown call. |
These endpoints are documented in detail by Slice 1
(getModelBysId + grid load + save) and
Slice 3 (the view-backed read variant). The
handler classes are in
xlyEntry/src/main/java/com/xly/web/businessweb/.
Metadata-management endpoints
For builder-side actions (creating modules, defining forms, declaring
virtual tables) there is a parallel surface in
xlyEntry/src/main/java/com/xly/web/systemweb/:
| Endpoint root | Controller | Purpose |
|---|---|---|
/gdsmodule/* |
GdsmoduleController |
Module-tree CRUD, including getModuleTreePro, addGdsmodule, updateGdsmodule. |
/gdsconfigform/* |
GdsconfigformController |
Form-master and form-slave metadata CRUD. |
/gdsconfigtb/* |
GdsconfigtbController |
Virtual-table master/slave metadata CRUD. |
Specialised runtime endpoints
| Endpoint root | Controller | Purpose |
|---|---|---|
/configform/* |
BusinessConfigformController |
Per-user / per-group display customization. |
/treegrid/* |
BusinessTreeGridController |
Tree-grid endpoints (the proc-backed path is implemented in this branch). |
/procedureCall/* |
GenericProcedureCallController |
Generic stored-procedure invocation by name + parameters — see generic procedure dispatch. |
/panel/* |
ConfigformPanelController |
Panel-layout persistence in gdsconfigformpanel. |
/checkflow/* |
CheckFlowController |
Activiti workflow surface (approve / reject / view) — only meaningful in deployments that run a flow. The class file is CheckFlowController.java (camelCase) but the @RequestMapping value is all-lowercase /checkflow. |
Reporting and printing
The print surface lives under xlyEntry/src/main/java/com/xly/web/report/:
-
PrintReportController— current jxls / iText print path. -
PrintReportControllerOld.java— file exists but its class body is fully commented out (and the commented-out class inside is namedPrintReportController, not*Old). It is dead source kept for reference, not an active controller.
The frontend's "打印" / "导出" buttons hit these controllers, which load a
template from sysreport, run the matching view-backed query, and stream
a binary file back. See Slice 3
for the flow.
Authentication
Every controller method that participates in business data is annotated
with @Authorization and receives a resolved UserInfo via
@CurrentUser. The session-to-UserInfo mapping is the framework's
own (cookie + Redis-backed session); see
the multi-tenancy concept page.
A request that reaches a controller without authentication does not
get past @Authorization; if it does (e.g., an unannotated method),
that method also bypasses the universal tenant injection in
RequestAddParamUtil — and is therefore a multi-tenant bug.
Coverage policy — what this catalog includes
xlyEntry hosts ~71 controllers in total. This page enumerates
the ~19 that are part of the framework's universal runtime:
/business/*, /configform/*, /treegrid/*, /procedureCall/*,
/panel/*, /checkflow/*, /gdsmodule/*, /gdsconfigform/*,
/gdsconfigtb/*, plus the print surface. Every form in the system
flows through these.
The remaining ~52 controllers are business-domain modules
(/sysworkorder, /salesorder, /productionPlan, /oee,
/eleMaterialsStock, etc.) — they implement specific industry-tier
flows on top of the framework primitives above. The wiki treats those
as illustrations of the framework at work, not as catalogued surface
of their own. Maintainers who need to find a specific business
controller should grep xlyEntry/src/main/java/com/xly/web/ for the
URL prefix; the framework primitives on this page are what's worth
reading first.
What this API is not
- Not stable — endpoint shapes change with the framework.
- Not authenticated for outside callers — there is no API-key flow here; cookies/sessions are not what an integrator wants.
- Not documented for self-service — the surface is too large and too generic to publish as an OpenAPI doc. External integrators get the curated External API instead.