实现sessionfilter_Spring AOP + 自定义注解实现Session的验证

http://blog.csdn.net/xiadi934/article/details/18258961

背景：在SpringMVC框架中，对Controller层中的需要相关用户权限的方法，加入Session中用户或管理员的验证。

NeedSession.java -注解类

/**

* 用户Session注解，只能用于方法

* 默认为value = SessionType.USER

*

* @author Xiadi

* @since 2013-9-10

*/

@Retention(RetentionPolicy.RUNTIME)

@Target(ElementType.METHOD)

public @interface NeedSession {

/**

* Session中用户的类型

* 默认 USER

*

* @return

*/

SessionType value() default SessionType.USER;

}

SessionType.java -枚举类

/**

* Session中User的类型

*

*/

public enum SessionType {

/**

* 两者任意一个

*/

OR,

/**

* 会员用户

*/

USER,

/**

* 管理员

*/

MANAGER

}

SysContent.java -web请求的上下文类

/**

* Web上下文，保存所有request与response

*

*/

public class SysContent {

private static ThreadLocal requestLocal = new ThreadLocal();

private static ThreadLocal responseLocal = new ThreadLocal();

public static HttpServletRequest getRequest() {

return requestLocal.get();

}

public static void setRequest(HttpServletRequest request) {

requestLocal.set(request);

}

public static HttpServletResponse getResponse() {

return responseLocal.get();

}

public static void setResponse(HttpServletResponse response) {

responseLocal.set(response);

}

public static HttpSession getSession() {

return requestLocal.get().getSession();

}

}

SessionValidateFilter.java -过滤器

/**

* Session过滤器,将所有的请求保存

*

*/

public class SessionValidateFilter implements Filter{

@Override

public void init(FilterConfig filterConfig) throws ServletException {

}

@Override

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

SysContent.setRequest((HttpServletRequest) request);

SysContent.setResponse((HttpServletResponse) response);

chain.doFilter(request, response);

}

@Override

public void destroy() {

}

}

SessionAOP.java -AOP切面业务类

/**

* Session AOP切面

*

*/

@Component

@Aspect

public class SessionAOP {

@Around(value = "@annotation(com.eaglec.plat.hj.aop.NeedSession)")

public Object aroundManager(ProceedingJoinPoint pj) throws Exception {

HttpServletRequest request = SysContent.getRequest();

HttpServletResponse response = SysContent.getResponse();

HttpSession session = SysContent.getSession();

String path = request.getContextPath();

String basePath = request.getScheme() + "://" + request.getServerName()

+ ":" + request.getServerPort() + path + "/";

SessionType type = this.getSessionType(pj);

if (type == null) {

throw new Exception("The value of NeedSession is must.");

}

Object uobj = session.getAttribute("user");

Object mobj = session.getAttribute("manager");

boolean isUser = type == SessionType.USER && uobj != null;

boolean isManager = type == SessionType.MANAGER && mobj != null;

boolean isUserOrManager = type == SessionType.OR&& (mobj != null || uobj != null);

try {

if (isUser || isManager || isUserOrManager) {

return pj.proceed();

} else { // 会话过期或是session中没用户

if (request.getHeader("x-requested-with") != null

&& request.getHeader("x-requested-with").equalsIgnoreCase( //ajax处理

"XMLHttpRequest")) {

response.addHeader("sessionstatus", "timeout");

// 解决EasyUi问题

response.getWriter().print("{\"rows\":[],\"success\":false,\"total\":0}");

}else{//http跳转处理

response.sendRedirect(basePath + "error/nosession");

}

}

} catch (Throwable e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

return null;

}

private SessionType getSessionType(ProceedingJoinPoint pj) {

// 获取切入的 Method

MethodSignature joinPointObject = (MethodSignature) pj.getSignature();

Method method = joinPointObject.getMethod();

boolean flag = method.isAnnotationPresent(NeedSession.class);

if (flag) {

NeedSession annotation = method.getAnnotation(NeedSession.class);

return annotation.value();

}

return null;

}

}

web.xml

sessionValidate

com.eaglec.plat.hj.aop.SessionValidateFilter

sessionValidate

/*

servlet-context.xml

分享到：

2015-08-11 08:44

浏览 3249

评论