先创建一个注解
package com.fchan.hashmapstudy.aspect;
public @interface CheckIng {
}
aop配置类
在需要aop切入的方法中加上这个注解就可以了
package com.fchan.hashmapstudy.aspect;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
@Aspect
@Component
public class CheckIngAspect {
//注解的包名全路径
@Around("@annotation(com.fchan.hashmapstudy.aspect.CheckIng)")
public Object checkIng(ProceedingJoinPoint point) throws Throwable {
//通过 RequestContextHolder 获取 HttpServletRequest
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest();
//从header中获取token
String token = httpServletRequest.getHeader("x-toekn");
//校验toekn,如果校验成功就执行方法,否则就抛异常出去,这里只是为了说明aop配合注解使用,就不多写了
return point.proceed();
}
}
通过RequestContextHolder静态类获取HttpServletRequest
//通过 RequestContextHolder 获取 HttpServletRequest
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
HttpServletRequest httpServletRequest = servletRequestAttributes.getRequest();
通过在自定义注解内传入参数,配合aop做用户角色校验
定义一个可以传入自定义参数的注解,然后在aop中配置拦截
自定义注解中要注意参数的类型是有限制的。
-
A primitive type—基本类型(java的八种基本类型:byte、short、int、long、float、double、char、boolean)
-
String
-
Class
-
An enum type
-
An annotation type
-
An array type :类型为以上任一类型的数组
除了以上标示,其他类型编译都会出错: invalid type of annotation member。
package com.fchan.hashmapstudy.aspect;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@Retention(RetentionPolicy.RUNTIME)
// RetentionPolicy.RUNTIME 表示CheckUserRole这个注解在运行期可以用反射取到
public @interface CheckUserRole {
String value();
}
aop中拦截使用该注解的方法,并且获取注解中配置的参数进行校验
private HttpServletRequest getHttpServletRequest() {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
return servletRequestAttributes.getRequest();
}
@Around("@annotation(com.fchan.hashmapstudy.aspect.CheckUserRole)")
public Object checkUserRole(ProceedingJoinPoint point) throws Throwable {
//获取token
HttpServletRequest httpServletRequest = getHttpServletRequest();
String token = httpServletRequest.getHeader("x-token");
//todo token有效期校验
//获取请求里提交的role
String requestRole = httpServletRequest.getHeader("role");
//获取方法上的注解里的role值,比对看看是否相等,相等则符合要求
MethodSignature signature = ((MethodSignature) point.getSignature());
Method method = signature.getMethod();
// 这里想通过反射获取 CheckUserRole 注解,需要在注解定义的地方加上 @Retention(RetentionPolicy.RUNTIME)
CheckUserRole annotation = method.getAnnotation(CheckUserRole.class);
String annotationRole = annotation.value();
if(!Objects.equals(requestRole, annotationRole)){
throw new SecurityException("用户无权访问");
}
return point.proceed();
}
使用该注解时传入的自定义参数
关于@Retention(RetentionPolicy.RUNTIME)相关的自定义注解可以参考
https://www.cnblogs.com/olmlo/p/3566778.html
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
