最近基于AOP做了一个拦截并能够返回错误信息到前端的示例程序,目标
1.通过自定义注解所带参数,进入切面判断是否合法
2.合法的继续访问
3.不合法的通过自定义异常向前端返回错误信息
我能想到的有三个思路
1.filter实现
2.基于HttpServletResponse,也可以重定向
[email protected]
第一种方法,类似SpringSecurity,我没那么做。
第二种方法,无法在切面里获取HttpServletResponse对象,或是HttpServletResponse为null,所以我放弃了,我尝试了如下方法
ServletWebRequest servletContainer =(ServletWebRequest)RequestContextHolder.getRequestAttributes();
HttpServletResponse response= servletContainer.getResponse();
HttpServletRequest request =((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
ServletWebRequest servletWebRequest=newServletWebRequest(request);
HttpServletResponse response=servletWebRequest.getResponse();
都不行
第三种方法,调通了,自己还无法评估优劣
源代码地址如下:https://github.com/flyingJiang/InterceptorDemo
接下来我挑主要的说,顺便各位帮忙看看这样做是否有缺陷
首先,是切面。我希望实现,满足条件就禁止用户进入api,[email protected],用Before能实现吗?我没能实现,是不是我太纠结return?
packagecom.flying.aspect;importcom.flying.annotation.Auth;importcom.flying.exception.MyException;importorg.aspectj.lang.ProceedingJoinPoint;importorg.aspectj.lang.annotation.Around;importorg.aspectj.lang.annotation.Aspect;importorg.aspectj.lang.reflect.MethodSignature;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Component;
@Aspect
@Componentpublic classAuthInterceptor {private static final Logger LOGGER = LoggerFactory.getLogger(AuthInterceptor.class);private static final String NO_AUTH = "没有权限哦!这是一个切面!";
@Autowired
ControllerExceptionHandler controllerExceptionHandler;
@Around("execution(public * com.flying.controller.*.*(..)) && @annotation(auth)")public Object checkAuth(ProceedingJoinPoint pjp, Auth auth) throwsThrowable{
MethodSignature signature=(MethodSignature) pjp.getSignature();
String authString=auth.value();
LOGGER.info("checkAuth,method: {}, clientCode={}", signature.getMethod().getName(), authString);//Assume that only yes and no permissions are required for authentication
if (authString.equals("yes")){
LOGGER.warn("checkAuth,{}", NO_AUTH);return controllerExceptionHandler.handleNoAuthException(newMyException(NO_AUTH));
}else{returnpjp.proceed();
}
}
}
再者就是我引入切面异常,这样做是不是不好,还有什么号方法吗?
packagecom.flying.aspect;importcom.flying.constant.HttpCodeEnum;importcom.flying.entity.Result;importcom.flying.exception.MyException;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importorg.springframework.web.bind.annotation.ControllerAdvice;importorg.springframework.web.bind.annotation.ExceptionHandler;importorg.springframework.web.bind.annotation.ResponseBody;
@ControllerAdvicepublic classControllerExceptionHandler {private static final Logger LOGGER = LoggerFactory.getLogger(ControllerExceptionHandler.class);
@ExceptionHandler({ MyException.class})
@ResponseBodypublicResult handleNoAuthException(MyException e) {
LOGGER.error("handle handleNoAuthException, ex={}", e.getMessage(), e);
Result result=Result.build(HttpCodeEnum.CODE_401.getValue(),e.getMessage());returnresult;
}
}
结果截图
这是bug吗,这个怎么删除?
原文:https://www.cnblogs.com/jianfeijiang/p/12177219.html