注解是JDK1.5的新特性,而且注解的生命周期可以有处于源程序阶段、字节码阶段和运行时阶段。标识的位置可以处于包级别、类级别、方法级别、属性级别和参数级别。本文主要利用注解的这些特性,模拟权限的管理。
定义一个权限组的注解类,同时该注解类的生命周期处于运行时阶段和处于类级别上。
Group.java
package com.cloud.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.TYPE)
public @interface Group {
String group();
}
定义一个权限注解类,生命周期为运行时阶段和处于方法级别上。
Privilege.java
package com.cloud.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Privilege {
String privilege();
}
模拟两个action层中的类,同时将相应注解打在相应的位置上:
UserAction.java
package com.cloud.annotation;
@Group(group="user")
public class UserAction {
@Privilege(privilege="find")
public String find() {
return "Find user information.";
}
@Privilege(privilege="add")
public String add() {
return "Add user information.";
}
@Privilege(privilege="delete")
public String delete() {
return "Delete user information.";
}
@Privilege(privilege="update")
public String update() {
return "Update user information.";
}
}
DimensionAction.java
package com.cloud.annotation;
@Group(group="dimension")
public class DimensionAction {
@Privilege(privilege="find")
public String find() {
return "Find dimension information.";
}
@Privilege(privilege="add")
public String add() {
return "Add dimension information.";
}
@Privilege(privilege="delete")
public String delete() {
return "Delete dimension information.";
}
@Privilege(privilege="update")
public String update() {
return "Update dimension information.";
}
}
定义一个用户类:
Person.java
package com.cloud.annotation;
public class Person {
private String name;
private int age;
private String gender;
private String[] groups;
private String[] privileges;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
public String getGender() {
return gender;
}
public void setGender(String gender) {
this.gender = gender;
}
public String[] getGroups() {
return groups;
}
public void setGroups(String[] groups) {
this.groups = groups;
}
public String[] getPrivileges() {
return privileges;
}
public void setPrivileges(String[] privileges) {
this.privileges = privileges;
}
public Person() {}
public Person(String name, int age, String gender, String[] groups, String[] privileges) {
this.name = name;
this.age = age;
this.gender = gender;
this.groups = groups;
this.privileges = privileges;
}
}
定义一个测试类:
AnnotationTest.java
package com.cloud.annotation;
import java.lang.reflect.Method;
public class AnnotationTest {
public static void main(String[] args) throws Exception {
String[] groups = {"user"};
String[] privileges = {"find", "add", "update"};
//首先创建了一个Person对象,并且他具有对user这个表的查看、增加和更新权限
Person person = new Person("Chris", 22, "man", groups, privileges);
//分别测试了两种情况,其实就是用于模拟用户的操作
checkGroupAndPrivilege(person, "com.cloud.annotation.DimensionAction", "update");
checkGroupAndPrivilege(person, "com.cloud.annotation.UserAction", "find");
}
/**
* 该方法的作用就是用于模拟用于调查用方法的过程。
* @param person
* @param className
* @param methodName
* @throws Exception
*/
public static void checkGroupAndPrivilege(Person person, String className, String methodName) throws Exception {
//将要调用的类反射出来
Class<?> clazz = Class.forName(className);
//取得被调用类的权限组的注解对象
Group group = clazz.getAnnotation(Group.class);
//取得用户具有的权限组
String[] groups = person.getGroups();
//取得被调用类的权限组的名字
String classGroup = group.group();
//检查该用户是否在该权限组内
if (contain(groups, classGroup)) {
//反射出要调用的方法
Method method = clazz.getMethod(methodName);
//取得该被调用的方法的注解对象
Privilege privilege = method.getAnnotation(Privilege.class);
//取得用户具有的权限
String[] privileges = person.getPrivileges();
//取得调用该方法应具有的权限
String methodPrivilege = privilege.privilege();
//检查用户是否具有调用该方法的权限
if (contain(privileges, methodPrivilege)) {
System.out.println("Call method success!");
} else {
System.out.println("Soryy, you don't have privilege!");
}
} else {
System.out.println("Sorry, you are not in this group!");
}
}
public static boolean contain(String[] strs, String str) {
boolean b = false;
for (String val : strs) {
if (str.equals(val)) {
b = true;
break;
}
}
return b;
}
}
测试结果:
Sorry, you are not in this group!
Call method success!