安子我最近在做一个权限控制模块,大抵是有权限的人能从数据库中查到的信息比权限低的人查的多一些。工程用的是JPA hibernate,想做一个过滤器来设置条件过滤。
一开始安子我想过直接用aspectj来做过滤,但是不知道为啥:
@Around("this(net.risesoft.repository.DyGroupRepository)")
不太好使,也不知道为啥不好使比较尴尬,这个问题留给路过的大牛来指导吧。
不太好使,也不知道为啥不好使比较尴尬,这个问题留给路过的大牛来指导吧。
废话到此,言归正传~
首先研习了一下源码,发现jpaRepositoryFactory父类RepositoryFactorySupport里面代理建立repository的时候有这么一段:
@SuppressWarnings({ "unchecked" })
public <T> T getRepository(Class<T> repositoryInterface, Object customImplementation) {
RepositoryMetadata metadata = getRepositoryMetadata(repositoryInterface);
Class<?> customImplementationClass = null == customImplementation ? null : customImplementation.getClass();
RepositoryInformation information = getRepositoryInformation(metadata, customImplementationClass);
validate(information, customImplementation);
Object target = getTargetRepository(information);
// Create proxy
ProxyFactory result = new ProxyFactory();
result.setTarget(target);
result.setInterfaces(new Class[] { repositoryInterface, Repository.class });
result.addAdvice(ExposeInvocationInterceptor.INSTANCE);
if (TRANSACTION_PROXY_TYPE != null) {
result.addInterface(TRANSACTION_PROXY_TYPE);
}
for (RepositoryProxyPostProcessor processor : postProcessors) {
processor.postProcess(result, information);
}
if (IS_JAVA_8) {
result.addAdvice(new DefaultMethodInvokingMethodInterceptor());
}
result.addAdvice(new QueryExecutorMethodInterceptor(information, customImplementation, target));
return (T) result.getProxy(classLoader);
}
着重注意这里:
for (RepositoryProxyPostProcessor processor : postProcessors) {
processor.postProcess(result, information);
}
发现这里有一个List<RepositoryProxyPostProcessor> postProcessors
这个是用来为用ProxyFactory生成的Repository绑定一系列advice(MethodInterceptor拦截器)的一个封装list。
接下来安子就有思路了,只需要把我们
自己的拦截器添加到这个list里面就好了。
无巧不成书,很快发现RepositoryFactorySupport里有这个方法:
public void addRepositoryProxyPostProcessor(RepositoryProxyPostProcessor processor) {
Assert.notNull(processor, "RepositoryProxyPostProcessor must not be null!");
this.postProcessors.add(processor);
}
接下来就可以开始行动了!
写自己的
自定义拦截器逻辑:
public abstract class SubSecrecyFilter {
public static Object dofilter(MethodInvocation Invocation) throws Throwable{
System.out.println("将要执行方法:"+Invocation.getMethod().getName());
Object obj=Invocation.proceed();
System.out.println(Invocation.getMethod().getName()+"已经被执行");
return obj;
}
}
写
RepositoryProxyPostProcessor的实现:
public class SecurecyPostProcessor implements RepositoryProxyPostProcessor{
@Override
public void postProcess(ProxyFactory factory,RepositoryInformation repositoryInformation) {
factory.addAdvice(SecurecyAdvice.instance);
}
static enum SecurecyAdvice implements MethodInterceptor{
instance;
@Override
public Object invoke(MethodInvocation invocation) throws Throwable {
return SubSecrecyFilter.dofilter(invocation);
}
}
}
改一下默认的JpaRepositoryFactoryBean来把我们自己定义的
SecurecyPostProcessor
插入 List<RepositoryProxyPostProcessor> postProcessors :
public class SubRepositoryFactoryBean<R extends JpaRepository<T, I>, T, I extends Serializable>
extends JpaRepositoryFactoryBean<R, T, I> {
protected RepositoryFactorySupport createRepositoryFactory(EntityManager entityManager) {
JpaRepositoryFactory jpaFac = new JpaRepositoryFactory(entityManager);
jpaFac.addRepositoryProxyPostProcessor(new SecurecyPostProcessor());
return jpaFac;
}
}
最后一步也最关键更改
xml配置:
<jpa:repositories factory-class="net.risesoft.repository.factory.SubRepositoryFa
至此大功告成!
安子实测:
安子实测:
将要执行方法:getBindUserBydpmiid
Hibernate: select dybinduser0_.bindid as bindid1_3_, dybinduser0_.dpmiid as dpmiid2_3_, dybinduser0_.personid as personid3_3_ from dy_binduser dybinduser0_ where dybinduser0_.dpmiid=?
getBindUserBydpmiid已经被执行
Hibernate: select acrolenode0_.ID as ID1_3_, acrolenode0_.DN as DN2_3_, acrolenode0_.CREATETIME as CREATETI3_3_, acrolenode0_.CUSTOMID as CUSTOMID4_3_, acrolenode0_.DESCRIPTION as DESCRIPT5_3_, acrolenode0_.NAME as NAME6_3_, acrolenode0_.PARENT_ID as PARENT_I7_3_, acrolenode0_.PROPERTIES as PROPERTI8_3_, acrolenode0_.SHORTDN as SHORTDN9_3_, acrolenode0_.systemCnName as systemC10_3_, acrolenode0_.systemName as systemN11_3_, acrolenode0_.TABINDEX as TABINDE12_3_, acrolenode0_.TYPE as TYPE13_3_ from RC8_AC_ROLENODE acrolenode0_ where acrolenode0_.PARENT_ID=? order by acrolenode0_.TABINDEX asc
Hibernate: select acrolenode0_.ID as ID1_3_, acrolenode0_.DN as DN2_3_, acrolenode0_.CREATETIME as CREATETI3_3_, acrolenode0_.CUSTOMID as CUSTOMID4_3_, acrolenode0_.DESCRIPTION as DESCRIPT5_3_, acrolenode0_.NAME as NAME6_3_, acrolenode0_.PARENT_ID as PARENT_I7_3_, acrolenode0_.PROPERTIES as PROPERTI8_3_, acrolenode0_.SHORTDN as SHORTDN9_3_, acrolenode0_.systemCnName as systemC10_3_, acrolenode0_.systemName as systemN11_3_, acrolenode0_.TABINDEX as TABINDE12_3_, acrolenode0_.TYPE as TYPE13_3_ from RC8_AC_ROLENODE acrolenode0_ where acrolenode0_.PARENT_ID=? order by acrolenode0_.TABINDEX asc
将要执行方法:findgroupbydpmiidandflag
Hibernate: select dygroup0_.groupid as groupid1_5_, dygroup0_.dpmiid as dpmiid2_5_, dygroup0_.dysecrecyid as dysecrec5_5_, dygroup0_.flag as flag3_5_, dygroup0_.senddate as senddate4_5_ from dy_group dygroup0_ where dygroup0_.flag=? and dygroup0_.dpmiid=? order by dygroup0_.groupid asc
findgroupbydpmiidandflag已经被执行
将要执行方法:getArticleBygroup
Hibernate: select dyarticle0_.articleid as articlei1_1_, dyarticle0_.creatdate as creatdat2_1_, dyarticle0_.groupid as groupid3_1_, dyarticle0_.hotnum as hotnum4_1_, dyarticle0_.img as img5_1_, dyarticle0_.num as num6_1_, dyarticle0_.text as text7_1_, dyarticle0_.title as title8_1_, dyarticle0_.zy as zy9_1_ from dy_article dyarticle0_ where dyarticle0_.groupid=?
getArticleBygroup已经被执行
到这里就结束了,如果有不同意见最好留言,因为安子之前在网上也没找到其他方法,倒是有一篇文章:
http://blog.csdn.net/zhongzh86/article/details/54313706
给了我很大的灵感。
接下来附镇文图T-54:
AOP Jpa Hibernate Repository 自定义 过滤 权限控制