这篇文章主要介绍自定义注解配合AOP的使用来完成一个简单的权限验证的功能。
一、移入依赖
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
二、自定义注解:
package com.wgq.annotation;
import java.lang.annotation.*;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Admin {
String value() default "";
}
三、AOP切面配置
package com.wgq.aspect;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
@Aspect
@Component
public class AdminAspect {
@Pointcut(value = "@annotation(com.wgq.annotation.Admin)")
public void annotationPointCut() {
}
@Around("annotationPointCut()")
public Object doAround(ProceedingJoinPoint joinPoint) {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
String methodName = signature.getMethod().getName();
System.out.println("方法名:" + methodName);
if(!validate()){
return "没有权限";
}
try {
return joinPoint.proceed();
} catch (Throwable throwable) {
return null;
}
}
private boolean validate(){
// TODO 实现自己的鉴权功能
return false;
}
}
四、controller测试
package com.wgq.controller;
import com.wgq.annotation.Admin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.websocket.server.PathParam;
@RestController
public class TestController {
@GetMapping("/login")
public String login(){
return "登录成功!";
}
@RequestMapping("/refund")
@Admin
public String refund() {
return "退款成功";
}
}
五、启动方法
package com.wgq;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class TestAopApplication {
public static void main(String[] args) {
SpringApplication.run(TestAopApplication.class, args);
}
}
结果:
访问:http://localhost:8080/login 可以直接访问成功。
访问:http://localhost:8080/refund 由于加了@Admin注解,需要验证权限