1、权限评论类
import Java.lang.annotation.documented; 导入Java.lang.annotation.element type; import Java.lang.annotation.retention; import Java.lang.annotation.retention policy; import Java.lang.annotation.target; /** *系统权限侦听注释**/@target(elementtype.method ) retentionpolicy.runtime ) documented public @ interfirfact /** *权限说明* @return */String description () default ' ); ) 2、实现权限屏蔽
import java.lang.reflect.Method; import javax.servlet.http.http servlet请求; importorg.AspectJ.lang.proceeding join point; importorg.AspectJ.lang.signature; importorg.AspectJ.lang.annotation.around; importorg.AspectJ.lang.annotation.aspect; importorg.AspectJ.lang.annotation.pointcut; importorg.AspectJ.lang.reflect.methodsignature; import org.slf4j.Logger; import org.slf4j.LoggerFactory; importorg.spring framework.beans.factory.annotation.auto wired; importorg.spring framework.stereotype.com ponent; import com.com mon.annotation.permission; import com.core.exception.baseruntimeexception; import com.core.exception.user.accountnotfoundexception; import com.core.exception.user.unauthorized exception; import com.core.web.CmsUtils; import com.core.web.servlet utils; import com.coupon.entity.merchant user; import com.coupon.service.permission service; /** *权限侦听检查*@Aspect:的作用是将当前类标识为一个片并装入容器中*@Pointcut:Pointcut是嵌入Advice的触发条件。 每个Pointcut的定义有两部分:表达式和方法签名。 方法签名必须是公共和语音类型。 可以将Pointcut中的方法视为Advice引用的助记符。 表达式不直观,因此可以通过方法签名来命名此表达式。 因此,Pointcut中的方法只需要方法签名,而不需要在方法中编写实际代码。 *@Around :环绕声增强相当于方法中断器* @ after returning :后置增强相当于AfterReturningAdvice,在方法成功结束时执行*@Before 作为相当于BeforeAdvice的相似功能,*@AfterThrowing :相当于异常缓慢增强、ThrowsAdvice *@After: final增强,无论是抛出异常、正常结束、*/@ aspect @ componentpublicclasspermissionaspect { privatestaticfinalloggerlog=logger factory.getlogger (permatestaticfinalal //日志切口@ pointcut (@ annotation (@ com.com mon.annotation.permission ) ) public void logPointCut ) }{} @around ) ) llo und publicobjectaround (处理joinpointjoinpoint ) throwsthrowable ) log.info ('=======)
Signature signature = joinPoint.getSignature(); String className = joinPoint.getTarget().getClass().getSimpleName(); String methodName = signature.getName(); log.info("className:{},methodName:{}",className,methodName); //2.角色权限校验 MethodSignature methodSignature = (MethodSignature)signature; Method targetMethod = methodSignature.getMethod(); if(targetMethod.isAnnotationPresent(Permission.class)){ Permission permission = targetMethod.getAnnotation(Permission.class); HttpServletRequest request = ServletUtils.getRequest(); //验证是否有权限 String url = permission.url(); MerchantUser merchantUser = CmsUtils.getMerchantUser(request); if(merchantUser==null) { throw new AccountNotFoundException("用户不存在"); } if(!permissionService.isHaveOperationAuthority(merchantUser, url)) { //抛出权限异常 throw new UnauthorizedException("用户没有权限"); }else { //3.执行业务逻辑,放行 return joinPoint.proceed(); } } throw new BaseRuntimeException("未配置业务权限校验");}}3、xml配置
<!-- aop 权限拦截 --> <bean id="permissionAspect" class="com.aspect.PermissionAspect"/> <!-- 启动对@AspectJ注解的支持 --> <aop:aspectj-autoproxy proxy-target-class="true" />4、注解使用
@Permission(title="用户模块",url="/user/v_list.do")@RequestMapping("/v_list.do")public String list(HttpServletRequest request, ModelMap model, Integer pageNo, Integer pageSize, String userName,Integer state, String realName, String mobile, Integer isSuper, Integer type) { //业务代码return "/merchant_tpl/user/list";}登录入口
@RequestMapping(value = "/login.do", method = RequestMethod.POST) @ResponseBodypublic ApiResult login(HttpServletRequest request, HttpServletResponse response, String userName, String password,String captcha, HttpSession httpSession) {JSONObject data = new JSONObject();String msg = "";if (StringUtils.isBlank(userName) || StringUtils.isBlank(password)) {msg = "用户名、密码未填写";return ApiResultUtil.tips(msg);} else {try {//完成用户认证,日志记录、授权业务MerchantUser merchantUser = userAuthService.doAuthentication(request, response, userName, password);if (merchantUser != null) {// 跳转到首页data.put("redirectUrl", "/store/index.do");return ApiResultUtil.success(data);}} catch (LockedException e) {System.out.println(e.getMessage());return ApiResultUtil.tips(e.getMessage());} catch (UsernameNotFoundException e) {System.out.println(e.getMessage());return ApiResultUtil.tips("用户名或密码错误");} catch (DisabledException e) {System.out.println(e.getMessage());return ApiResultUtil.tips(e.getMessage());} catch (IncorrectCredentialsException e) {System.out.println(e.getMessage());return ApiResultUtil.tips(e.getMessage());} catch (Exception e) {e.printStackTrace();return ApiResultUtil.error();}return ApiResultUtil.error();}}登录认证
jar 依赖
aspectjrt-1.9.6.jar
aspectjweaver-1.8.9.jar
spring-aspects-4.3.18.RELEASE.jar