自定义注解
Authorization.java
package cn.zdfy.blogsystem.authorization.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 在Controller的方法上使用此注解,该方法在映射时会检查用户鉴权
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authorization {
}
创建aop拦截
package cn.zdfy.blogsystem.authorization.handler;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import cn.zdfy.blogsystem.authorization.annotation.Authorization;
import cn.zdfy.blogsystem.config.ResultStatus;
import cn.zdfy.blogsystem.model.ResultModel;
@Aspect
@Component
public class AuthHandle {
@Pointcut(value = "execution(public * cn.zdfy.blogsystem.controller..*.*(..))")
public void start() {
}
@Around("start()")
public ResponseEntity<ResultModel> access(ProceedingJoinPoint joinPoint) {
MethodSignature joinPointObject = (MethodSignature) joinPoint.getSignature();
//获得请求的方法
Method method = joinPointObject.getMethod();
if (hasAnnotationOnMethod(method, Authorization.class)) {
String token = (String) getParams("token");
System.out.println("token ====================== " + token);
if (token.equals("123456")) {
System.out.println("token is ok");
} else {
return new ResponseEntity<>(ResultModel.error(ResultStatus.TOKEN_ERROR), HttpStatus.OK);
}
}
ResponseEntity obj = null;
try {
obj = (ResponseEntity) joinPoint.proceed();
} catch (Throwable throwable) {
throwable.printStackTrace();
}
return obj;
}
/**
* 获取参数
*
* @param key
* @return
*/
private Object getParams(String key) {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
HttpServletRequest request = servletRequestAttributes.getRequest();
return request.getParameter(key);
}
/**
* 判断某方法上是否含有某注解
*
* @param method
* @param annotationClazz
* @return
*/
private boolean hasAnnotationOnMethod(Method method, Class annotationClazz) {
//使用反射获取注解信息
Annotation a = method.getAnnotation(annotationClazz);
if (a == null) {
return false;
}
return true;
}
}
这里token check简单做个字符串比较说明一下 问题
看一下测试结果
token 正确的
token 错误的