spring aop 拦截业务方法,实现权限控制示例
难点:aop类是普通的java类,session是无法注入的,那么在有状态的系统中如何获取用户相关信息呢,session是必经之路啊,获取session就变的很重要。思索很久没有办法,后来在网上看到了解决办法。
思路是:
i. SysContext 成员变量 request,session,response
ii. Filter 目的是给 SysContext 中的成员赋值
iii.然后在AOP中使用这个SysContext的值
要用好,需要理解 ThreadLocal和 和Filter 执行顺序
1.aop获取request,response,session等
public class SysContext { private static ThreadLocal<HttpServletRequest> requestLocal=new ThreadLocal<HttpServletRequest>(); private static ThreadLocal<HttpServletResponse> responseLocal=new ThreadLocal<HttpServletResponse>(); public static HttpServletRequest getRequest(){ return requestLocalget(); } public static void setRequest(HttpServletRequest request){ requestLocalset(request); } public static HttpServletResponse getResponse(){ return responseLocalget(); } public static void setResponse(HttpServletResponse response){ responseLocalset(response); } public static HttpSession getSession(){ return (HttpSession)(getRequest())getSession(); } }
2.添加过滤器
public class GetContextFilter implements Filter{ @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { SysContextsetRequest((HttpServletRequest)request); SysContextsetResponse((HttpServletResponse)response); chaindoFilter(request, response); } @Override public void init(FilterConfig config) throws ServletException { } }
3.配置web.xml
将这部分放置在最前面,这样可以过滤到所有的请求
<filter> <filter-name>sessionFilter</filter-name> <filter-class>comuneifilterGetContextFilter</filter-class> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>*</url-pattern> </filter-mapping>
4.spring aop before
从session中取出用户名,如果不存在,抛出异常跳转,将错误信息放到request中
@Aspect public class AdminAspect { ActionContext context = ActionContextgetContext(); HttpServletRequest request; HttpServletResponse response; @Before("execution(* comuneiActionAdminActiongetPrivileges())") public void adminPrivilegeCheck() throws Throwable { HttpSession session = SysContextgetSession(); request = SysContextgetRequest(); response = SysContextgetResponse(); String userName = ""; try { userName = sessiongetAttribute("userName")toString(); if(userName==null||userNameequals("")) throw new Exception("no privilege"); } catch (Exception ex) { requestsetAttribute("msg", "{\"res\":\"" + "无权限" + "\"}"); try { requestgetRequestDispatcher("/jsp/jsonjsp")forward( request, response); } catch (ServletException e) { eprintStackTrace(); } catch (IOException e) { eprintStackTrace(); } } } }
5.applicationContext.xml
<bean id="adminAspect" class="comuneiaopAdminAspect"></bean>
上一篇:在IntelliJ IDEA中创建和运行java/scala/spark程序的方法
栏 目:JAVA代码
本文标题:spring aop 拦截业务方法,实现权限控制示例
本文地址:http://www.codeinn.net/misctech/6464.html
阅读排行
- 1Java Swing组件BoxLayout布局用法示例
- 2java中-jar 与nohup的对比
- 3Java邮件发送程序(可以同时发给多个地址、可以带附件)
- 4Caused by: java.lang.ClassNotFoundException: org.objectweb.asm.Type异常
- 5Java中自定义异常详解及实例代码
- 6深入理解Java中的克隆
- 7java读取excel文件的两种方法
- 8解析SpringSecurity+JWT认证流程实现
- 9spring boot里增加表单验证hibernate-validator并在freemarker模板里显示错误信息(推荐)
- 10深入解析java虚拟机