代码片段(4)[全屏查看所有代码]
1. [代码]定义注解
| 1 2 3 4 5 6 7 8 9 10 11 12 | @Retention(RetentionPolicy.RUNTIME)@Target({ElementType.METHOD,ElementType.TYPE})@Documented//最高优先级@Order(Ordered.HIGHEST_PRECEDENCE)public @interface RoleControl { /** * * 角色类型,以便决定是否具有相关权限 */ String value() default "user";} |
2. [代码]在Controller中使用
| 1 2 3 4 5 6 7 8 9 10 11 12 | @RoleControl("ADMIN")@Controllerpublic class LoginController { @Autowired private UserService uService; @Autowired private GlobalConfigService gcService; @RoleControl("") @RequestMapping("/login") public String login(HttpServletRequest request,HttpServletResponse resp, @ModelAttribute("user") UserDto uDto) { return ""} |
3. [代码]方式一:使用SpringAOP中的环绕Around
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | @Component@Aspectpublic class RoleControlAspect { /**类上注解情形 */// @Pointcut("@within(net.xby1993.springmvc.annotation.RoleControl)") @Pointcut("execution(* net.xby1993.springmvc.controller..*.*(..)) && @within(net.xby1993.springmvc.annotation.RoleControl)") public void aspect(){ } /**方法上注解情形 */ @Pointcut("execution(* net.xby1993.springmvc.controller..*.*(..)) && @annotation(net.xby1993.springmvc.annotation.RoleControl)") public void aspect2(){ } /**aop实际拦截两种情形*/ @Around("aspect() || aspect2()") public Object doBefore(ProceedingJoinPoint point) { HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest(); HttpSession session=request.getSession(); Object target = point.getTarget(); String method = point.getSignature().getName(); Class<?> classz = target.getClass(); Method m = ((MethodSignature) point.getSignature()).getMethod(); try { if (classz!=null && m != null ) { boolean isClzAnnotation= classz.isAnnotationPresent(RoleControl.class); boolean isMethondAnnotation=m.isAnnotationPresent(RoleControl.class); RoleControl rc=null; //如果方法和类声明中同时存在这个注解,那么方法中的会覆盖类中的设定。 if(isMethondAnnotation){ rc=m.getAnnotation(RoleControl.class); }else if(isClzAnnotation){ rc=classz.getAnnotation(RoleControl.class); } String value=rc.value(); Object obj=session.getAttribute(GeneUtil.SESSION_USERTYPE_KEY); String curUserType=obj==null?"":obj.toString(); //进行角色访问的权限控制,只有当前用户是需要的角色才予以访问。 boolean isEquals=StringUtils.checkEquals(value, curUserType); if(isEquals){ try { return point.proceed(); } catch (Throwable e) { // TODO Auto-generated catch block e.printStackTrace(); } } } }catch(Exception e){ } return null; }} |
4. [代码]方式二:使用拦截器,推荐 跳至 [1] [2] [3] [4] [全屏预览]
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | import java.lang.reflect.Method;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import net.xby1993.springmvc.annotation.RoleControl;import net.xby1993.springmvc.util.GeneUtil;import net.xby1993.springmvc.util.PathUtil;import net.xby1993.springmvc.util.StringUtils;public class GlobalInterceptor extends HandlerInterceptorAdapter{ private static Logger log=LoggerFactory.getLogger(LoginInterceptor.class); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { HttpSession s=request.getSession(); s.setAttribute("host", PathUtil.getHost()); s.setAttribute("siteName", GeneUtil.SITE_NAME); //角色权限控制访问 return roleControl(request,response,handler); } /**角色权限控制访问*/ private boolean roleControl(HttpServletRequest request,HttpServletResponse response, Object handler){ HttpSession session=request.getSession(); System.out.println(handler.getClass().getName()); if(handler instanceof HandlerMethod){ HandlerMethod hm=(HandlerMethod)handler; Object target=hm.getBean(); Class<?> clazz=hm.getBeanType(); Method m=hm.getMethod(); try { if (clazz!=null && m != null ) { boolean isClzAnnotation= clazz.isAnnotationPresent(RoleControl.class); boolean isMethondAnnotation=m.isAnnotationPresent(RoleControl.class); RoleControl rc=null; //如果方法和类声明中同时存在这个注解,那么方法中的会覆盖类中的设定。 if(isMethondAnnotation){ rc=m.getAnnotation(RoleControl.class); }else if(isClzAnnotation){ rc=clazz.getAnnotation(RoleControl.class); } String value=rc.value(); Object obj=session.getAttribute(GeneUtil.SESSION_USERTYPE_KEY); String curUserType=obj==null?"":obj.toString(); //进行角色访问的权限控制,只有当前用户是需要的角色才予以访问。 boolean isEquals=StringUtils.checkEquals(value, curUserType); if(!isEquals){ //401未授权访问 response.setStatus(401); return false; } } }catch(Exception e){ } } return true; } |
 and detectChanges())
阻塞模式)
