关闭

Spring Aop +自定义注解实现用户权限控制

标签: springaop
27人阅读 评论(0) 收藏 举报
分类:

项目结构:
这里写图片描述

pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com</groupId>
  <artifactId>SpringAop</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>jar</packaging>

  <name>SpringAop</name>
  <url>http://maven.apache.org</url>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  </properties>

  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.10</version>
      <scope>test</scope>
    </dependency>

     <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-context</artifactId>
      <version>4.0.2.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-test</artifactId>
      <version>4.0.2.RELEASE</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework/spring-aop -->
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aop</artifactId>
    <version>4.0.2.RELEASE</version>
</dependency>

    <dependency> 
    <groupId>org.aspectj</groupId> 
    <artifactId>aspectjweaver</artifactId> 
    <version>1.6.12</version> 
</dependency> 

<dependency>
    <groupId>cglib</groupId>
    <artifactId>cglib</artifactId>
    <version>2.2.2</version>
</dependency>
  </dependencies>

  <build>
   <plugins>
          <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-compiler-plugin</artifactId>
           <version>3.1</version>
           <configuration>
              <target>1.8</target>
           <source>1.8</source>
           </configuration>
          </plugin>
          </plugins>
          </build>
</project>

自定义注解:

package com.Quanxian;
import java.lang.annotation.*;

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface PrivilegeInfo {


    String value() default "";

}

注解解析器:

package com.Quanxian;

import java.lang.reflect.Method;
/**
 * 注解处理器
 * @author P1311529
 * 这个解析器的主要功能,是解析目标方法上如果有PrivilegeInfo注解,那么解析出这个注解中的value值(权限的值)
 *
 */
public class PrivilegeAnnotationParse {
     public static String parse(Class c1 ,String c1methodName)throws Exception{
         String methodAccess ="";

         Method method =c1.getMethod(c1methodName);
         if(method.isAnnotationPresent(PrivilegeInfo.class)){
             PrivilegeInfo privilegeInfo=method.getAnnotation(PrivilegeInfo.class);
             methodAccess =privilegeInfo.value();
            // System.err.println(methodAccess);
         }
         return methodAccess;
     }
}

获取用户权限名:

package com.Quanxian;

public class FirmPrivilege {

     /**
     * 用户权限的名称
     */
    private String value;

    public String getValue() {
        return value;
    }

    public void setValue(String value) {
        this.value = value;
    }

    public FirmPrivilege(String value) {
        this.value = value;
    }

    public FirmPrivilege() {
    }
}

service 以及实现类:

package com.Quanxian.service;

public interface FirmService {


        /**
         * 在需要权限的目标方法上,使用PrivilegeInfo注解,配置权限为save
         */
        public void save();
        /**
         * 在需要权限的目标方法上,使用PrivilegeInfo注解,配置权限为update
         */
        public void update();
        /**
         * 不需要权限的目标方法上,则不添加PrivilegeInfo注解
         * 在切面中,默认用户拥有权限
         */
        public void get();

}
package com.Quanxian.serviceImpl;

import com.Quanxian.PrivilegeInfo;
import com.Quanxian.service.FirmService;

public class FirmServiceImpl implements FirmService{
     /**
     * 在需要权限的目标方法上,使用PrivilegeInfo注解,配置权限
     */
    @Override
    @PrivilegeInfo("save")
    public void save() {
        System.out.println("FirmServiceImpl.save()");

    }

    /**
     * 在需要权限的目标方法上,使用PrivilegeInfo注解,配置权限
     */
    @Override
    @PrivilegeInfo("update")
    public void update() {
        System.out.println("FirmServiceImpl.update()");

    }

    /**
     * 不需要权限的目标方法上,则不添加PrivilegeInfo注解
     * 在切面中,默认用户拥有权限
     */
    @Override
    public void get() {
        System.out.println("FirmServiceImpl.get()");

    }
}

切面类:

package com.Quanxian;

import java.util.List;

import org.aspectj.lang.ProceedingJoinPoint;

public class PrivilegeAspect {
  private List<FirmPrivilege> privileges;

public List<FirmPrivilege> getPrivileges() {
    return privileges;
}

public void setPrivileges(List<FirmPrivilege> privileges) {
    this.privileges = privileges;
}

/**
 * aop中的环绕通知
 * 在这个方法中检查用户的权限和目标方法的需要的权限是否匹配
 * 如果匹配则调用目标方法,不匹配则不调用
 * @param joinPoint 连接点
 * @throws Throwable
 */
  public void isAccessMethod(ProceedingJoinPoint joinPoint)throws Throwable{

      /**
       * 1.获取访问目标方法应该具备的权限
       *  为解析目标方法的PrivilegeInfo注解,根据我们定义的解析器,需要得到:目标类的class形式 方法的名称
       */
      Class targetClass =joinPoint.getTarget().getClass();
      String methodName=joinPoint.getSignature().getName();
      System.out.println(targetClass+ "  " +methodName);
    //得到该方法的访问权限
      String methodAccess =PrivilegeAnnotationParse.parse(targetClass, methodName);
      boolean isAccessed =false;
      /*
       * 2.遍历用户的权限,看是否拥有目标方法对应的权限
       */
        System.out.println("privileges :"+privileges);
      for(FirmPrivilege firmPrivilege :privileges){

          /*
           * 如果目标方法没有使用PrivilegeInfo注解,则解析出来的权限字符串就为空字符串
           * 则默认用户拥有这个权限
           */
          if("".equals(methodAccess)){
              isAccessed =true;
              break;
          }
          /*
           * 用户原有权限列表中有的权限与目标方法上PrivilegeInfo注解配置的权限进行匹配
           */
          if(firmPrivilege.getValue() !=null && 
                  firmPrivilege.getValue().equalsIgnoreCase(methodAccess)){
             // System.out.println("not null ------------");
              isAccessed =true;
              break;
          }
          /*
             * 3.如果用户拥有权限,则调用目标方法 ,如果没有,则不调用目标方法,只给出提示
             */
      }
          if(isAccessed){
              joinPoint.proceed();//调用目标方法
            //  System.out.println("调用目标方法");
          }else{
              System.out.println("你没有权限");
          }

  }

}

xml文件配置切面:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx"
    xmlns:jee="http://www.springframework.org/schema/jee"
    xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xmlns:jpa="http://www.springframework.org/schema/data/jpa"
    xmlns:batch="http://www.springframework.org/schema/batch"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.0.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/batch http://www.springframework.org/schema/batch/spring-batch.xsd
        http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.1.7.xsd">

           <aop:aspect id="QuanxianAspect" ref="privilegeAspect">
              <aop:pointcut id="perform" expression="execution(* com.Quanxian.serviceImpl.FirmServiceImpl.*(..))"/>
               <aop:around method="isAccessMethod" pointcut-ref="perform"/>
           </aop:aspect>
        </aop:config>
        <bean id="firmService" class="com.Quanxian.serviceImpl.FirmServiceImpl"/>
        <bean id="privilegeAspect" class="com.Quanxian.PrivilegeAspect"/>

        </beans>

Tets:

package com.Quanxain;

import java.util.ArrayList;
import java.util.List;

import org.junit.Before;
import org.junit.Test;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;

import com.Quanxian.FirmPrivilege;
import com.Quanxian.PrivilegeAspect;
import com.Quanxian.service.FirmService;

public class TestQuanxian {

    private FirmService firmService;
    @Before
    public void beFore1(){
        ApplicationContext ac=new ClassPathXmlApplicationContext("springaop.xml");
         firmService = (FirmService)ac.getBean("firmService");
        PrivilegeAspect privilegeAspect=(PrivilegeAspect) ac.getBean("privilegeAspect");

        List<FirmPrivilege> privileges=new ArrayList<FirmPrivilege>();
        privileges.add(new FirmPrivilege("update"));
        privilegeAspect.setPrivileges(privileges);
    }

    @Test
    public void Test1(){
        firmService.save();
        firmService.update();
        firmService.get();
    }


}

result:

Oct 10, 2017 9:28:58 AM org.springframework.context.support.ClassPathXmlApplicationContext prepareRefresh
INFO: Refreshing org.springframework.context.support.ClassPathXmlApplicationContext@6996db8: startup date [Tue Oct 10 09:28:58 CST 2017]; root of context hierarchy
Oct 10, 2017 9:28:58 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource [springaop.xml]
class com.Quanxian.serviceImpl.FirmServiceImpl  save
privileges :[com.Quanxian.FirmPrivilege@4b5a5ed1]
你没有权限
class com.Quanxian.serviceImpl.FirmServiceImpl  update
privileges :[com.Quanxian.FirmPrivilege@4b5a5ed1]
FirmServiceImpl.update()
class com.Quanxian.serviceImpl.FirmServiceImpl  get
privileges :[com.Quanxian.FirmPrivilege@4b5a5ed1]
FirmServiceImpl.get()

privileges :[com.Quanxian.FirmPrivilege@4b5a5ed1] 其实就是你给用户加的update权限 为什么要用List 因为可能需要给用户加多个权限

参考博客:http://blog.csdn.net/minhellic/article/details/51919690

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:12599次
    • 积分:926
    • 等级:
    • 排名:千里之外
    • 原创:67篇
    • 转载:26篇
    • 译文:13篇
    • 评论:0条
    最新评论