Spring AOP 本质(3)

package org.apache.struts.action; 

public  class Action { 

     public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, ServletRequest servletRequest, ServletResponse servletResponse)  throws java.lang.Exception {  /* compiled code */ } 

     public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, http.HttpServletRequest httpServletRequest, http.HttpServletResponse httpServletResponse)  throws java.lang.Exception {  /* compiled code */ } 

    .... 
} 

public  class CheckAction  extends Action{ 

     public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, http.HttpServletRequest httpServletRequest, http.HttpServletResponse httpServletResponse)  throws java.lang.Exception { 
     //todo: 安全检查逻辑 
     return real(actionMapping,actionForm,httpServletRequest,httpServletResponse); 

    } 

     public  abstract ActionForward real(ActionMapping actionMapping, ActionForm actionForm, http.HttpServletRequest httpServletRequest, http.HttpServletResponse httpServletResponse)  throws java.lang.Exception; 

}

public  class DoSomethingAction  extends CheckAction{ 

     public  abstract ActionForward real(ActionMapping actionMapping, ActionForm actionForm, http.HttpServletRequest httpServletRequest, http.HttpServletResponse httpServletResponse)  throws java.lang.Exception{ 
     //todo: 单纯处理实际的业务请求 
     return ... 
    } 

    .... 
}

/** 
* 用户登录信息载体 
*/ 
public  class UserInfo { 
     private String userName; 

     private String password; 

     public UserInfo(String userName, String password) { 
         this.userName = userName; 
         this.password = password; 
    } 
     
     public String getPassword() { 
         return password; 
    } 
     public String getUserName() { 
         return userName; 
    } 
}

/** 
* 业务组件：被代理的对象 
*/ 
public  class SecureBean { 

     /** 
     * 示范性的业务方法，这个方法将被拦截，加入一些附加逻辑 
     */ 
     public  void businessOperate() { 
        System.out.println( "业务方法businessOperate()被调用了！"); 
    } 
}

/** 
* 安全管理类：检查用户登录和管理用户注销登录的业务逻辑。 
*/ 
public  class SecurityManager { 
     //为每一个SecurityManager创建一个本地线程变量threadLocal，用来保存用户登录信息UserInfo 
     private  static ThreadLocal threadLocal =  new ThreadLocal(); 

     /** 
     * 用户登录方法，允许任何用户登录。 
     * @param userName 
     * @param password 
     */ 
     public  void login(String userName, String password) { 
         // 假定任何的用户名和密码都可以登录 
         // 将用户登录信息封装为UerInfo对象，保存在ThreadLocal类的对象threadLocal里面 
        threadLocal.set( new UserInfo(userName, password)); 
    } 

     public  void logout() { 
         // 设置threadLocal对象为null 
        threadLocal.set( null); 
         int x = 0; 
    } 

     public UserInfo getLoggedOnUser() { 
         // 从本地线程变量中获取用户信息UerInfo对象 
         return (UserInfo) threadLocal.get(); 
    } 
}

import java.lang.reflect.Method; 
import org.springframework.aop.MethodBeforeAdvice; 

/** 
* 前置通知类 
*/ 
public  class SecurityAdvice  implements MethodBeforeAdvice { 

     private SecurityManager securityManager; 

     public SecurityAdvice() { 
         this.securityManager =  new SecurityManager(); 
    } 

     /** 
     * 前置通知的接口方法实现。仅允许robh用户登录，强制设定的。 
     */ 
     public  void before(Method method, Object[] args, Object target) 
             throws Throwable { 
        UserInfo user = securityManager.getLoggedOnUser(); 

         if (user ==  null) { 
            System.out.println( "没有用户凭证信息！，本前置通知仅仅允许robh用户登录，不信你试试看！"); 
             throw  new SecurityException( 
                     "你必须在调用此方法" + method.getName() +  "前进行登录："); 
        }  else  if ( "robh".equals(user.getUserName())) { 
            System.out.println( "用户robh成功登录：OK！"); 
        }  else { 
            System.out.println( "非法用户"+user.getUserName()+ "，请使用robh登录，用户调用的方法是：" + method.getName()); 
             throw  new SecurityException( "用户" + user.getUserName() 
                    +  " 不允许调用" + method.getName() +  "方法！"); 
        } 
    } 
}

import org.springframework.aop.framework.ProxyFactory; 

/** 
* 测试类，客户端 
*/ 
public  class SecurityExample { 

     public  static  void main(String[] args) { 
         //得到一个 security manager 
        SecurityManager mgr =  new SecurityManager(); 

         //获取一个SecureBean的代理对象 
        SecureBean bean = getSecureBean(); 

         //尝试用robh登录 
        mgr.login( "robh",  "pwd");    //检查登录情况 
        bean.businessOperate();      //业务方法调用 
        mgr.logout();                //注销登录 

         //尝试用janm登录 
         try { 
            mgr.login( "janm",  "pwd");        //检查登录情况 
            bean.businessOperate();          //业务方法调用 
        }  catch (SecurityException ex) { 
            System.out.println( "发生了异常: " + ex.getMessage()); 
        }  finally { 
            mgr.logout();                    //注销登录 
        } 

         // 尝试不使用任何用户名身份调用业务方法 
         try { 
            bean.businessOperate();          //业务方法调用 
        }  catch (SecurityException ex) { 
            System.out.println( "发生了异常: " + ex.getMessage()); 
        } 

    } 

     /** 
     * 获取SecureBean的代理对象 
     * 
     * @return SecureBean的代理 
     */ 
     private  static SecureBean getSecureBean() { 
         //创建一个目标对象 
        SecureBean target =  new SecureBean(); 

         //创建一个通知 
        SecurityAdvice advice =  new SecurityAdvice(); 

         //获取代理对象 
        ProxyFactory factory =  new ProxyFactory(); 
        factory.setTarget(target); 
        factory.addAdvice(advice); 
        SecureBean proxy = (SecureBean) factory.getProxy(); 

         return proxy; 
    } 
}

- Using JDK 1.4 collections 
用户robh成功登录：OK！ 
业务方法businessOperate()被调用了！ 
非法用户janm，请使用robh登录，用户调用的方法是：businessOperate 
发生了异常: 用户janm 不允许调用businessOperate方法！ 
没有用户凭证信息！，本前置通知仅仅允许robh用户登录，不信你试试看！ 
发生了异常: 你必须在调用此方法businessOperate前进行登录： 

Process finished with exit code 0