前些日子整理代码,把一直没弄得日志 和 权限 整理了下。废话不多说,直接上代码。
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- https://mvnrepository.com/artifact/org.mybatis/mybatis -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.4.4</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.9.1</version>
</dependency>
<!-- log4j -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-log4j</artifactId>
<version>1.3.8.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.6</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
log4j.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration SYSTEM "http://toolkit.alibaba-inc.com/dtd/log4j/log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<appender name="CONSOLE-APPENDER" class="org.apache.log4j.ConsoleAppender">
<param name="encoding" value="UTF-8"/>
<param name="threshold" value="debug"></param>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p %-32t - %m%n"/>
</layout>
</appender>
<appender name="DEFAULT-APPENDER" class="org.apache.log4j.DailyRollingFileAppender">
<param name="file" value="./logs/default.log"/>
<param name="append" value="true"/>
<param name="encoding" value="UTF-8"/>
<param name="threshold" value="debug"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p %-32t - %m%n"/>
</layout>
</appender>
<appender name="ERROR-APPENDER" class="org.apache.log4j.DailyRollingFileAppender">
<param name="file" value="./logs/error.log"/>
<param name="append" value="true"/>
<param name="encoding" value="UTF-8"/>
<param name="threshold" value="error"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p %-32t - %m%n"/>
</layout>
</appender>
<appender name="HOSPITAL-WEB" class="org.apache.log4j.DailyRollingFileAppender">
<param name="file" value="./logs/web.log"/>
<param name="append" value="true"/>
<param name="encoding" value="UTF-8"/>
<param name="threshold" value="debug"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p %-32t - %m%n"/>
</layout>
</appender>
<!-- 包名 -->
<logger name="com.example.demo.*" additivity="false">
<!-- debug日志太多了可以改成info级别打印日志 -->
<level value="debug"/>
<appender-ref ref="HOSPITAL-WEB"/>
<appender-ref ref="ERROR-APPENDER"/>
</logger>
<!-- <logger name="com.example.demo" additivity="false">
<level value="debug" />
<appender-ref ref="CONSOLE-APPENDER" />
<appender-ref ref="ERROR-APPENDER" />
<appender-ref ref="DEFAULT-APPENDER" />
</logger> -->
<root>
<level value="debug"/>
<appender-ref ref="CONSOLE-APPENDER"/>
<appender-ref ref="ERROR-APPENDER"/>
<appender-ref ref="DEFAULT-APPENDER"/>
</root>
</log4j:configuration>
日志存放位置
注解方式权限拦截和访问
1、定义权限控制的注解
import java.lang.annotation.*;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Inherited
public @interface InterceptCheck {
String depict();
}
2、定义AOP切面
Spring 中声明 AspectJ 切面, 只需要在 IOC 容器中将切面声明为 Bean 实例. 当在 Spring IOC 容器中初始化 AspectJ 切面之后, Spring IOC 容器就会为那些与 AspectJ 切面相匹配的 Bean 创建代理。
在切面类中需要定义切面方法用于响应响应的目标方法,切面方法即为通知方法,通知方法需要用注解标识,AspectJ 支持 5 种类型的通知注解:
- @Before: 前置通知, 在方法执行之前执行
- @After: 后置通知, 在方法执行之后执行
- @AfterRunning: 返回通知, 在方法返回结果之后执行
- @AfterThrowing: 异常通知, 在方法抛出异常之后
- @Around: 环绕通知, 围绕着方法执行
import com.example.demo.common.AuthCheck;
import org.apache.log4j.Logger;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
@Component
@Aspect
public class AopLogger {
private Logger logger = Logger.getLogger(this.getClass());
@Pointcut("@annotation(org.springframework.web.bind.annotation.RequestMapping)")
public void point() {
}
@Before("point()")
public void doBefore(JoinPoint joinPoint) {
String head = "【" + joinPoint.getSignature().getDeclaringTypeName() + "." + joinPoint.getSignature().getName() + "】";
logger.info(head + "<<<--- 欢迎访问 --->>>");
Object[] args = joinPoint.getArgs();
StringBuffer content = new StringBuffer();
for (Object obj : args) {
content.append(obj);
}
logger.info("<<<--- Request:--->>>" + content.toString());
}
@AfterReturning(returning = "response", pointcut = "point()")
public void doAfterReturning(JoinPoint joinPoint, Object response) {
String head = "【" + joinPoint.getSignature().getDeclaringTypeName() + "." + joinPoint.getSignature().getName() + "】";
logger.info("<<<--- Response:--->>>" + response.toString());
logger.info(head + "<<<--- 结束访问 --->>>");
}
@Around("point()&&@annotation(com.example.demo.common.AuthCheck)&& @annotation(authCheck)")
public Object doAround(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
//先拿到Request请求体
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
logger.info("此次请求的路径:" + request.getRequestURL());
logger.info("此次业务操作的权限ID:" + authCheck.authId());
//真实环境下应该是从session或Redis中拿到登录的用户信息,再去与权限ID做匹配
logger.info("模拟查询数据库或其他存储介质,验证当前用户是否有权限");
// 根据链接来判断是否要做权限处理
String[] requestURI = request.getRequestURI().split("/");
if ("api".equals(requestURI[1])) {
return "{message:no auth,code:403}";
}
return joinPoint.proceed();
}
}
3、在控制层使用注解进行拦截
import com.example.demo.common.InterceptCheck;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MainController {
Logger logger = Logger.getLogger(this.getClass());
@ResponseBody
@RequestMapping(value = "api/info", method = RequestMethod.GET, produces = "application/json; charset=utf-8")
@InterceptCheck(depict = "信息")
public String getApiInfo(String content) {
return content;
}
@ResponseBody
@RequestMapping(value = "/info", method = RequestMethod.GET, produces = "application/json; charset=utf-8")
@InterceptCheck(depict = "信息")
public String getInfo(String content) {
return content;
}
}
4、运行结果
当访问 api 来定义是否要进行拦截
-此次请求的路径:http://127.0.0.1:8080/info
-此次业务操作的权限ID:信息
-模拟查询数据库或其他存储介质,验证当前用户是否有权限
-【com.example.demo.controller.MainController.getInfo】<<<— 欢迎访问 —>>>
祝愿各位,技术成长的道路上,不断摸索,不断创新,不断成长、
活着就是为了改变世界