l Pom加入依赖
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
</dependency>
l 自定义invocation
/**
* 自定义注解
*
*/
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
RoleType level() default RoleType.TWO_LEVEL;
}
l 角色枚举类:
public enum RoleType {
SUPER_ADMIN(0, "超级管理员", 0),
ONE_LEVEL(1,"一级",1),
TWO_LEVEL(2,"二级",2),
THREE_LEVEL(3,"三级",3),
INVALID(-1, "无效账号身份", 100);
// 角色id
private final int value;
// 角色名
private final String roleName;
// 角色等级
private final int roleLevel;
private RoleType(int id, String name, int level) {
this.value = id;
this.roleName = name;
this.roleLevel = level;
}
public static int getMaxRoleId( ) {
return TWO_LEVEL.getValue();
}
public static RoleType valueOf(final int value) {
switch (value) {
case 0:
return SUPER_ADMIN;
case 1:
return ONE_LEVEL;
case 2:
return TWO_LEVEL;
default:
return INVALID;
}
}
public int getValue() {
return value;
}
public String getRoleName() {
return roleName;
}
public int getRoleLevel() {
return roleLevel;
}
}
l 定义方法拦截器:
public class PermissionInterceptor implements MethodInterceptor {
public Object invoke(MethodInvocation invocation) throws Throwable {
if(invocation == null){
return "没有invocation";
}
//类上的注解
RoleType roleInClass = RoleType.INVALID;
//方法上的注解
RoleType roleInMethod = RoleType.INVALID;
Class<?> clazz = invocation.getThis().getClass();
System.out.println("类名:"+clazz.getName());
Method method = invocation.getMethod();
if(!clazz.isAnnotationPresent(Permission.class)&&!method.isAnnotationPresent(Permission.class)){
return invocation.proceed();
}
if(clazz.isAnnotationPresent(Permission.class)) {
System.out.println("类"+clazz.getName()+"添加了 Permission 注解");
Permission annotation = (Permission)clazz.getAnnotation(Permission.class);
roleInClass = annotation.level();
}
if (method.isAnnotationPresent(Permission.class)) {
System.out.println("方法 "+invocation.getMethod().getName()+"添加了 Permission 注解");
Permission annotation = method.getAnnotation(Permission.class);
roleInMethod = annotation.level();
}
// 去权限最小的
RoleType resultRole = (roleInClass.getRoleLevel() < roleInMethod.getRoleLevel())? roleInClass:roleInMethod;
// 获取 Cookie 中的 role
HttpServletRequest request = getRequestInMethod(invocation);
Preconditions.checkNotNull(request, "参数中没有 request 参数");
// 获取 Cookie 中的 role 值,该值是登陆账号的角色 role,假设为1
RoleType roleInCookie = RoleType.TWO_LEVEL;
if(resultRole == RoleType.INVALID) {
return invocation.proceed();
} else if(roleInCookie.getRoleLevel() > resultRole.getRoleLevel()){
StringBuilder stringBuilder = new StringBuilder("执行权限错误:"); stringBuilder.append(roleInCookie.getRoleName()).append("无权执行");
stringBuilder.append(resultRole.getRoleName()).append("等级的方法");
stringBuilder.append(method.getName());
return stringBuilder.toString();
}else {
return invocation.proceed();
}
}
/**
* 为了从cookie中拿数据
* @param invocation
* @return
*/
private HttpServletRequest getRequestInMethod(MethodInvocation invocation) {
Preconditions.checkNotNull(invocation, "传入参数错误");
HttpServletRequest request = null;
Object args[] = invocation.getArguments();
for (Object argValue : args) {
if(argValue instanceof HttpServletRequest) {
request = (HttpServletRequest) argValue;
return request;
} else {
continue;
}
}
return request;
}
}
l Spring aop文件配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd">
<!--设置 Controller 中方法的拦截器 -->
<bean id="PermissionInterceptor"
class="com.interceptor.PermissionInterceptor" />
<aop:config>
<aop:pointcut id="controllerPoint"
expression="execution(public * com.controller.*.*(..))" />
<aop:advisor pointcut-ref="controllerPoint" advice-ref="PermissionInterceptor" />
</aop:config>
</beans>