Spring AOP根据执行的时间点可以分为around、before和after几种方式。
around为方法前后均执行
before为方法前执行
after为方法后执行
这里只对around的方式进行介绍。本文只是摘录相应的思路,许多辅助类和方法不一一给出。因此下述方法并不能正常运行。
定义忽略权限检查注解类
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface IgnorePermission {
}
定义需要权限检查的类及方法
@RestController
@RequestMapping(value = "/api/test")
public class TestController extends BaseController {
@RequestMapping(value="", method= RequestMethod.POST)
public ResponseEntity postTest(@RequestParam(name = "accessToken") String accessToken) {
ResponseEntity responseEntity = new ResponseEntity();
return responseEntity;
}
@RequestMapping(value = "/delete", method = RequestMethod.POST)
public ResponseEntity deleteTest(@RequestParam(name = "accessToken") String accessToken) {
ResponseEntity responseEntity = new ResponseEntity();
return responseEntity;
}
/**
* 带了IgnorePermission注解,不进行权限检查。
*/
@IgnorePermission
@RequestMapping(value = "/list", method = RequestMethod.GET)
public ResponseEntity getTestList(@RequestParam(name = "accessToken") String accessToken) {
ResponseEntity responseEntity = new ResponseEntity();
return responseEntity;
}
}
定义切面aop类
public class PermissionAspect {
private Logger logger = LoggerFactory.getLogger(PermissionAspect.class);
private static final String DEFAULT_TOKEN_NAME = "accessToken";
private TokenManager tokenManager;
private String tokenName;
private boolean processing = true;
@Autowired
private BasicService BasicService;
public void setTokenManager(TokenManager tokenManager) {
this.tokenManager = tokenManager;
}
public void setTokenName(String tokenName) {
if (StringUtils.isEmpty(tokenName)) {
tokenName = DEFAULT_TOKEN_NAME;
}
this.tokenName = tokenName;
}
//ProceedingJoinPoint只有around的方式才可用
//JoinPoint则around、before和after均可用
public Object execute(ProceedingJoinPoint joinPoint) throws Throwable {
processing = true;
ResponseEntity responseEntity = new ResponseEntity();
// 从切点上获取目标方法
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
Method method = methodSignature.getMethod();
// 若目标方法忽略权限检查,则直接调用目标方法
if (method.isAnnotationPresent(IgnorePermission.class)) {
return joinPoint.proceed();
}
// 检查 该用户是否已经开通
// System.out.println("******************* PermissionAspect start ************************");
logger.info("******************* PermissionAspect start ************************");
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
// 从 request header 中获取当前 token
String token = StringUtils.isBlank(request.getHeader(tokenName)) ? request.getParameter("accessToken") : request.getHeader(tokenName);
String userId = tokenManager.getUserId(token);
TestBasic TestBasic = BasicService.findByUserId(userId);
try {
if (null == TestBasic) {
String message = String.format("Test basic userId [%s] is not exist.", userId);
responseEntity.failure(ResponseConstant.CODE_000, "尚未申请开通功能。");
processing = false;
throw new Exception(message);
}
if (TestConstant.Test_BASIC_IS_PASS_PASSED != TestBasic.getIsPass()) {
String message = String.format("Test basic userId [%s] has no permission.", userId);
String tips = "不具备权限功能。";
if (TestConstant.Test_BASIC_IS_PASS_PROCESSING == TestBasic.getIsPass()) {
tips = "权限正在审核中。";
} else if (TestConstant.Test_BASIC_IS_PASS_DENY == TestBasic.getIsPass()) {
tips = "不具备权限。";
}
responseEntity.failure(ResponseConstant.CODE_000, tips);
processing = false;
throw new Exception(message);
}
} catch (Exception e) {
throw new Exception(e);
} finally {
// System.out.println("******************* PermissionAspect end ************************");
logger.info("******************* PermissionAspect end ************************");
if (processing) {
return joinPoint.proceed();//如果具备权限则执行相应的方法
} else {
return responseEntity;//如果不具备权限返回相应的json数据
}
}
}
}
配置文件的配置
开启切面支持
springMvc-context.xml中开启如下配置
<!-- 开启aspectj切面支持 -->
<aop:aspectj-autoproxy proxy-target-class="true" />
定义 bean
applicationContext.xml中添加如下配置
<!--Test权限检查-->
<bean id="permissionAspect" class="com.test.api.test.PermissionAspect">
<property name="tokenManager" ref="tokenManager" />
<property name="tokenName" value="accessToken" />
</bean>
AOP配置
applicationContext.xml中添加如下配置
<aop:config>
<!--其他切面配置-->
... ...
<!--问题权限切面检查-->
<aop:aspect ref="permissionAspect" order="2">
<aop:around method="execute" pointcut="execution( * com.test.api.test.controller.TestController.*(..) )"/>
</aop:aspect>
</aop:config>
注:上述代码只是实现思路的摘录,代码不能直接运行。
本文转自秋楓博客园博客,原文链接:http://www.cnblogs.com/rwxwsblog/p/5844904.html,如需转载请自行联系原作者
