自定义注解 检查权限

@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
public @interface CheckPower {//请求路径参数String api() default "";//api相对地址String name() default "";//权限名称String remark() default "";//api描述
}

切面类 定义切点和增强方法

@Component
@Aspect
public class CheckPowerAspect {@Resourceprivate GetTokenUtil getTokenUtil;@Resourceprivate RedisService redisService;@Autowiredprivate ThreadService threadService;@Resourceprivate SkyPowerListMapper powerListMapper;/*** 定义切点*/@Pointcut("@annotation(com.example.sky_world.annotation.CheckPower)")private void pointcut() {}/*** 增强方法 进行权限判断* 1.超级管理员 直接放行* 2.遍历用户权限集合 存在权限则放行* 3.不存在权限 返回无权限信息* <p>* 判断有权限 放行前重置token的时效* l** @param jp* @param cp* @return*/@Around("pointcut() && @annotation(cp)")public Object advice(ProceedingJoinPoint jp, CheckPower cp) {//统一jp.proceed返回结果ResultVoUtils proceed = new ResultVoUtils();try {//api相对地址String requestApi = cp.api();//权限名称String name = cp.name();//api描述String remark = cp.remark();/*** 接口路径不存在于 sky_power_list表中时自动加入表中*///调用线程池执行新增操作threadService.insertPowerList(requestApi,name,remark);//获取请求方法入参 requestObject[] args = jp.getArgs();HttpServletRequest request = (HttpServletRequest) args[0];//获取tokenString token = getTokenUtil.getToken(request);//根据token从redis中获取用户信息SkyUserPower skyUserPower = (SkyUserPower) redisService.getObject(token);//redis中没有用户if (skyUserPower == null) {return new ResultVoUtils(ResponseCode.ERROR3.getCode(), "登陆超时，请重新登录");}/*** 超级管理员* 无视所有权限*/if (skyUserPower.getSuperadmin() != null) {redisService.setTimeOutToken(token, skyUserPower);//重置token时效proceed = (ResultVoUtils) jp.proceed();//放行return proceed;}/*** 游客(token为空)* 给默认权限*/if (token == null || "0".equals(token)) {redisService.setDbIndex(1);Map<String, String> GuestPowerMap = (Map<String, String>) redisService.getHash("group0");redisService.setDbIndex(0);for (String apiPath : GuestPowerMap.keySet()) {if (apiPath.equals(requestApi)) {//游客有权限proceed = (ResultVoUtils) jp.proceed();//放行return proceed;} else {//游客无权限return new ResultVoUtils(ResponseCode.ERROR3.getCode(), "没有权限！");}}}/*** 普通用户* 根据用户权限列表判断*///获取用户权限列表Map<String, String> powerMap = skyUserPower.getPowerMap();//遍历并判断是否有权限for (String apiPath : powerMap.keySet()) {if (apiPath.equals(requestApi)) {//请求路径存在于权限集合中redisService.setTimeOutToken(token, skyUserPower);//重置token时效proceed = (ResultVoUtils) jp.proceed();//放行return proceed;}}} catch (Throwable e) {e.printStackTrace();//如果接口有返回参数，返回该参数if (proceed.getCode() != 0) {return proceed;}return new ResultVoUtils(ResponseCode.ERROR3.getCode(), "获取权限异常，请重试！");}//以上判断均无结果 没有权限return new ResultVoUtils(ResponseCode.ERROR3.getCode(), "没有权限！");}
}

前端控制器

@CheckPower(api = "sky-article-list_queryArticle",name ="文章:根据id查询文章",remark = "根据id查询文章")@PostMapping("/queryArticle")public ResultVoUtils queryArticleByIds(HttpServletRequest request) throws IOException {//获取tokenString token = GetTokenUtil.getToken(request);byte[] bytes = StreamUtils.copyToByteArray(request.getInputStream());String s = new String(bytes, request.getCharacterEncoding());JSONObject jsonObject = JSONObject.fromObject(s);String ids = (String) jsonObject.get("ids");return skyArticleListService.selectSkyArticleList(ids,token);}

Redis

 /*** 设置用户登录权限列表hash* @param key* @param powerMap*/public void setTimeOutUserPowerMap(String key,Map powerMap){redisTemplate.opsForHash().putAll(key,powerMap);redisTemplate.expire(key,params.getTimetoken(),TimeUnit.HOURS);}