import org.apache.shiro.subject.Subject; //导入方法依赖的package包/类
/**
* 前置通知 用于拦截Controller层是否有某种权限操作
* @param joinPoint 切点
* @throws InterruptedException
* @throws IOException
*/
/*
@Before("controllerAspect()")
public void doBefore(JoinPoint joinPoint) throws InterruptedException, IOException{
//读取session中的用户
HttpSession session = request.getSession();
User user = (User) session.getAttribute("userInfo");
if(user != null){
String permissionInfo = getControllerMethodPemissionInfo(joinPoint);
Subject currentUser = SecurityUtils.getSubject();
try{
currentUser.checkPermission(permissionInfo);
}catch (Exception e) {
System.out.println("没有"+permissionInfo+"权限");
//throw new UnauthorizedException(permissionInfo);
}
}
}*/
@Around("controllerAspect()")
public Object doAround(ProceedingJoinPoint pjp) throws Throwable{
String permissionInfo = getControllerMethodPemissionInfo(pjp);
Subject currentUser = SecurityUtils.getSubject();
try{
if(currentUser!=null){
currentUser.checkPermission(permissionInfo);
SystemContext.setAuthStatus(3);//-- 享有授权
}
}catch (Exception e) {
System.out.println("没有"+permissionInfo+"权限");
SystemContext.setAuthStatus(2);//-- 无授权
return "{message:unauthorized}";//-- 这种写法相当于给MV.setViewName(); 如何写成"redirect:/exception/unauthorized"相当于调用Controller
}
return pjp.proceed();
}
扫一扫
484
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
