pmm的AOP范例

最新推荐文章于 2022-08-30 10:45:05 发布

wind_gogo

最新推荐文章于 2022-08-30 10:45:05 发布

阅读量166

点赞数

分类专栏： java

本文链接：https://blog.csdn.net/qq_26597927/article/details/81030321

版权

java 专栏收录该内容

38 篇文章 0 订阅

订阅专栏

package com.weichat.permissions;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.weichat.mapper.PmmMapper;
import org.apache.log4j.Logger;
import org.apache.shiro.authc.AuthenticationException;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Enumeration;

/**
 * Created by Administrator on 2018/5/28 0028.
 */
@Aspect
@Component
public class Permissionsfiltering {

    private Logger logger = Logger.getLogger(getClass());

    private String[] excludePaths = new String[]{"/wxLoginUserNumber","/wxLogin","/errorCatch"};

    private String[] specialPaths = new String[]{"/getPhotoUrl"};

    @Autowired
    private PmmMapper pmmMapper;
    @Pointcut("execution(public * com.weichat.controller..*.*(..))")
    public void permissions() {
    }

    @Before("permissions()")
    public void doBefore(JoinPoint joinPoint) throws Throwable {

        // 接收到请求，记录请求内容
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attributes.getRequest();

        // 只记录post方法
        if("POST".equals(request.getMethod())){
            // 记录下请求内容
            logger.info("请求URL : " + request.getRequestURL());
            String path = request.getServletPath();
            if (excludePath(path)) {
                logger.info("登录或错误记录接口");
            }else if(specialPath(path)){
                String openid=request.getParameter("openid");
                String userIsExist= pmmMapper.selectUserInfo(openid);
                if(null != userIsExist && userIsExist.length() != 0){
                    logger.info("权限通过");
                }else{
                    throw new AuthenticationException("权限异常，用户权限不通过");
                }
            }else{
                // 获取参数, 只取自定义的参数, 自带的HttpServletRequest, HttpServletResponse不管
                if (joinPoint.getArgs().length > 0) {
                    for (Object o : joinPoint.getArgs()) {
                        if (o instanceof HttpServletRequest || o instanceof HttpServletResponse) {
                            continue;
                        }
                        JSONObject jsStr = JSONObject.parseObject(JSON.toJSONString(o));

                        logger.info("请求参数:"+jsStr);

                        String openid=jsStr.get("openid").toString();
                        String userIsExist= pmmMapper.selectUserInfo(openid);
                        if(null != userIsExist && userIsExist.length() != 0){
                            logger.info("权限通过");
                        }else{
                            throw new AuthenticationException("权限不通过");
                        }
                    }
                }else{
                    throw new AuthenticationException("权限不通过，请求参数问题");
                }
            }
        }else {
            throw new AuthenticationException("权限不通过,非POST请求");
        }
    }

    private boolean excludePath(String path) {
        for (int i = 0; i < excludePaths.length; i++) {
            if (path.equals(excludePaths[i]))
                return true;
        }
        return false;
    }

    private boolean specialPath(String path) {
        for (int i = 0; i < specialPaths.length; i++) {
            if (path.equals(specialPaths[i]))
                return true;
        }
        return false;
    }
}