思路:不同的人登录后,访问某个接口,先判断此人有没有接口权限,然后让他访问接口,如果没有则抛出异常没有权限.
数据库建两张表
power
user_power
自定义注解
package com.power.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface power {
boolean isNeedPower() default false;
}
创建切面
package com.power.config;
import com.power.annotation.power;
import com.power.pojo.Power;
import com.power.pojo.UserPower;
import com.power.service.PowerService;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.List;
/*
* @ClassName: powerInterceptor
* @author: 鹏
* @date: 2022/9/30 9:12
*/
@Component
@Aspect
public class powerInterceptor {
@Resource
private PowerService powerService;
@Pointcut("execution(* com.power.controller..*(..))")
private void open(){
}
@Around("open()")
public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = requestAttributes.getRequest();
System.out.println("URI:" + request.getRequestURI());
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
// 获取方法@UserSecurityAnnotation注解
Boolean need = false;
power annotation = methodSignature.getMethod().getAnnotation(power.class);
if (annotation != null) {
need = annotation.isNeedPower();
}
if (need){
HttpSession session = request.getSession();
String userId = session.getAttribute("userId").toString();
Power power = new Power();
power.setPowerName(request.getRequestURI());
power.setUserId(userId);
List<UserPower> powers = powerService.getPower(power);
if (powers.size()>0){
return joinPoint.proceed();
}else {
throw new PowerException("无权限访问");
}
}else {
return joinPoint.proceed();
}
}
}
接口controller,这里简单测试先调用/set接口传入一个用户userId
package com.power.controller;
import com.power.annotation.power;
import com.power.service.PowerService;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.List;
/**
* @ClassName: PowerController
* @author: 鹏
* @date: 2022/9/30 10:03
*/
@RestController
public class PowerController {
@Resource
private PowerService powerService;
@power(isNeedPower = false)
@RequestMapping("/set")
public String setSession(String userId){
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = requestAttributes.getRequest();
HttpSession session = request.getSession();
session.setAttribute("userId",userId);
session.setMaxInactiveInterval(300);
System.out.println(userId);
return session.getAttribute("userId").toString();
}
@power(isNeedPower = true)
@GetMapping("/eat")
public String eat(){
return "吃饭";
}
@power(isNeedPower = true)
@GetMapping("/swim")
public String swimming(){
return "游泳";
}
@power(isNeedPower = true)
@GetMapping("/speak")
public String speak(){
return "说话";
}
@power(isNeedPower = true)
@GetMapping("/shout")
public String shout(){
return "叫";
}
}