思路:不同的人登录后,访问某个接口,先判断此人有没有接口权限,然后让他访问接口,如果没有则抛出异常没有权限.
数据库建两张表
power
user_power
自定义注解
package com.power.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface power { boolean isNeedPower() default false; }
创建切面
package com.power.config; import com.power.annotation.power; import com.power.pojo.Power; import com.power.pojo.UserPower; import com.power.service.PowerService; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; import org.aspectj.lang.reflect.MethodSignature; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.util.List; /* * @ClassName: powerInterceptor * @author: 鹏 * @date: 2022/9/30 9:12 */ @Component @Aspect public class powerInterceptor { @Resource private PowerService powerService; @Pointcut("execution(* com.power.controller..*(..))") private void open(){ } @Around("open()") public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable { ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); HttpServletRequest request = requestAttributes.getRequest(); System.out.println("URI:" + request.getRequestURI()); MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature(); // 获取方法@UserSecurityAnnotation注解 Boolean need = false; power annotation = methodSignature.getMethod().getAnnotation(power.class); if (annotation != null) { need = annotation.isNeedPower(); } if (need){ HttpSession session = request.getSession(); String userId = session.getAttribute("userId").toString(); Power power = new Power(); power.setPowerName(request.getRequestURI()); power.setUserId(userId); List<UserPower> powers = powerService.getPower(power); if (powers.size()>0){ return joinPoint.proceed(); }else { throw new PowerException("无权限访问"); } }else { return joinPoint.proceed(); } } }
接口controller,这里简单测试先调用/set接口传入一个用户userId
package com.power.controller; import com.power.annotation.power; import com.power.service.PowerService; import org.springframework.web.bind.annotation.*; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.util.List; /** * @ClassName: PowerController * @author: 鹏 * @date: 2022/9/30 10:03 */ @RestController public class PowerController { @Resource private PowerService powerService; @power(isNeedPower = false) @RequestMapping("/set") public String setSession(String userId){ ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); HttpServletRequest request = requestAttributes.getRequest(); HttpSession session = request.getSession(); session.setAttribute("userId",userId); session.setMaxInactiveInterval(300); System.out.println(userId); return session.getAttribute("userId").toString(); } @power(isNeedPower = true) @GetMapping("/eat") public String eat(){ return "吃饭"; } @power(isNeedPower = true) @GetMapping("/swim") public String swimming(){ return "游泳"; } @power(isNeedPower = true) @GetMapping("/speak") public String speak(){ return "说话"; } @power(isNeedPower = true) @GetMapping("/shout") public String shout(){ return "叫"; } }
