假设有这么一个情况,有个执行插入的方法是需要管理员权限才可以执行的,那么普通的做法是如下
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.spring.demo</groupId>
<artifactId>ss-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<spring.version>4.3.8.RELEASE</spring.version>
<springmvc.version>4.3.8.RELEASE</springmvc.version>
<servlet.version>3.1.0</servlet.version>
<jsp.version>2.2</jsp.version>
<junit.version>4.12</junit.version>
<aspect.version>1.6.11</aspect.version>
</properties>
<dependencies>
<dependency>
<groupId>org.quartz-scheduler</groupId>
<artifactId>quartz</artifactId>
<version>2.2.3</version>
</dependency>
<!-- Spring的依赖 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- springmvc的依赖 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${springmvc.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${springmvc.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>${springmvc.version}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>${aspect.version}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>${aspect.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${springmvc.version}</version>
</dependency>
<!-- servlet依赖的jar包 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>${servlet.version}</version>
<scope>provided</scope>
</dependency>
<!-- JSP依赖的jar包 -->
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>${jsp.version}</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<!-- 配置插件 -->
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<configuration>
<port>8080</port> <!-- 端口号 -->
<path>/ss-demo</path> <!-- 访问路径 -->
</configuration>
</plugin>
</plugins>
</build>
</project>
aop-test.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd">
<context:component-scan base-package="com.spring.aop.test"></context:component-scan>
<!-- 启动aop -->
<aop:aspectj-autoproxy></aop:aspectj-autoproxy>
</beans>
Product.java 类
package com.spring.aop.test;
public class Product {
private Integer id;
private String name;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
ProductService.java 类
package com.spring.aop.test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class ProductService {
@Autowired
private RoleService roleService;
public void insert(Product product) {
roleService.checkAccess(); //检查是否有权限
System.out.println("插入成功");
}
}
RoleService.java 类
package com.spring.aop.test;
import org.springframework.stereotype.Service;
@Service
public class RoleService {
public void checkAccess() {
String roleName = GetUserService.getRole();
if(!"admin".equals(roleName)) {
throw new RuntimeException("你不是管理员!");
}
}
}
GetUserService.java 类
package com.spring.aop.test;
import org.springframework.stereotype.Service;
public class GetUserService {
private static String role;
public static String getRole() {
return role;
}
public static void setRole(String role) {
GetUserService.role = role;
}
}
测试类
package com.spring.aop.test;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
public class Main {
@Before
public void before() {
ApplicationContext context = new ClassPathXmlApplicationContext("aop-test.xml");
productService = context.getBean(ProductService.class);
}
private ProductService productService;
@Test
public void testAnno() {
GetUserService.setRole("anno");
productService.insert(new Product());
}
@Test
public void testAdmin() {
GetUserService.setRole("admin");
productService.insert(new Product());
}
}
这样只需要在每个方法之前添加判断权限的方法就可以了,但是这样做的话可能会导致每个方法都需要加这个,而且后期维护不是很方便,使用
aop来实现这个功能,新添加两个类
AdminOnly.java 注解
package com.spring.aop.test;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AdminOnly {
}
AdminAspect.java 切面
package com.spring.aop.test;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
@Aspect
public class AdminAspect {
@Autowired
private RoleService roleService;
//标记有 com.spring.aop.test.AdminOnly 注解的方法
@Pointcut("@annotation(com.spring.aop.test.AdminOnly)")
public void adminOnly() {}
@Before("adminOnly()")
public void before() {
System.out.println("执行检查操作");
roleService.checkAccess();
}
}
然后把productService 类修改为
package com.spring.aop.test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class ProductService {
@Autowired
private RoleService roleService;
@AdminOnly
public void insert(Product product) {
System.out.println("插入成功");
}
}
不再需要执行权限检查,都交给那个切面来处理,再执行就会看到效果,很明显,这样做对后期的维护比较有帮助
pointcut 支持的类型