基于Spring.net、Nhibernate、Attribute的面向切面的权限管理实现

基本思路：采用Spring.net 的AOP框架，.net的Attribute特性来实现业务逻辑与权限安全验证的分离。废话少说，下面是代码示例：

 

 第一步：Spring.net AOP 的配置文件

<?xml version="1.0" encoding="utf-8" ?> <objects xmlns="http://www.springframework.net"> <!-- Advice--> <object id="beforeAdvice" type="UserPrivilege.AOP.SecurityBeforeAdvice, UserPrivilege" /> <object id="securityAspect" type="Spring.Aop.Support.AttributeMatchMethodPointcutAdvisor, Spring.Aop"> <property name="Advice" ref="beforeAdvice"/> <property name="attribute" value="UserPrivilege.AOP.SecurityAttribute, UserPrivilege" /> </object> <object id="autoSecurityProxyCreator" type="Spring.Aop.Framework.AutoProxy.ObjectNameAutoProxyCreator, Spring.Aop"> <property name="ObjectNames"> <list> <value>*BLL</value> </list> </property> <property name="InterceptorNames"> <list> <value>securityAspect</value> </list> </property> </object> </objects>

 

配置文件中需要配置

1. 权限安全的advice"UserPrivilege.AOP.SecurityBeforeAdvice" 来对权限的验证。

2. 安全验证的PointCut “UserPrivilege.AOP.SecurityAttribute”

3. 由Spring.Aop.Framework.AutoProxy.ObjectNameAutoProxyCreator来实现安全验证与业务逻辑层的绑定

 

第二步：编写安全权限特性类来实现权限的设定

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method | AttributeTargets.Property, Inherited = true)] public class SecurityAttribute:Attribute { public SecurityAttribute(FunctionEnum functionEnum) { this.functionEnum = functionEnum; } private FunctionEnum functionEnum; public FunctionEnum FunctionEnum { get { return functionEnum; } } }

 

第三步：编程Spring.net AOP的BeforeAdvice实现权限的验证

public class SecurityBeforeAdvice : IMethodBeforeAdvice { public void Before(System.Reflection.MethodInfo method, object[] args, object target) { Type business = target.GetType(); Object[] attributes = business.GetMethod(method.Name).GetCustomAttributes(true); SecurityAttribute attribute = null; foreach (object obj in attributes) { if (obj is SecurityAttribute) { attribute = obj as SecurityAttribute; break; } } if (attribute != null) { User user = HttpContext.Current.Session["user"] as User; int functionId = (int)attribute.FunctionEnum; bool validate = false; foreach (Privilege privilege in user.ALLPrivileges) { if (privilege.Module.ModuleURL.ToLower() == user.CurrentModuleUrl) { if (privilege.Function.Id == functionId) { validate = true; break; } } } if (!validate) { HttpContext.Current.Server.Transfer("/Error.aspx"); } } } }

 

第四步：在加载页面的时候，实现IHttpModule接口的AcquireRequestState事件，进行权限验证。

public class SecurityModule : IHttpModule,IRequiresSessionState { #region IHttpModule 成员 void IHttpModule.Dispose() { } void IHttpModule.Init(HttpApplication context) { context.AcquireRequestState += new EventHandler(ValidateRequest); } private void ValidateRequest(object sender, EventArgs e) { HttpApplication app = (HttpApplication)sender; HttpContext context = (HttpContext)app.Context; string absoluteUrl = context.Request.Url.AbsolutePath.ToLower(); if (absoluteUrl.EndsWith(".aspx") && absoluteUrl != "/login.aspx") { if (context.Session["user"] != null) { User user = context.Session["user"] as User; bool hasPrivilege = false; foreach (Privilege privilege in user.ALLPrivileges) { if (privilege.Module.ModuleURL.ToLower() == absoluteUrl && privilege.Function.FunctionEnum == FunctionEnum.ViewFunction) { hasPrivilege = true; break; } } if (hasPrivilege) user.CurrentModuleUrl = absoluteUrl; else context.Server.Transfer("/Error.aspx"); } else { context.Server.Transfer("/login.aspx"); } } } #endregion }

 

第五步： 在业务逻辑代码中采用Attribute实现权限的设定

//此处对广告业务的添加广告信息逻辑进行权限的特性设置 [Security(FunctionEnum.AddFunction)] public bool Save(Advertisement.Model.AdvertisementInfo info) { return dao.Save(info); }

 

添加一个功能权限的枚举

public enum FunctionEnum { AddFunction, UpdateFunction, DeleteFunction, SearchFunction, ViewFunction }

 

本示例其中采用session来保存user的信息，大家可以根据项目实际需求进行调整。