欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

spring aop 拦截业务方法,实现权限控制示例

程序员文章站 2024-03-08 21:19:22
难点:aop类是普通的java类,session是无法注入的,那么在有状态的系统中如何获取用户相关信息呢,session是必经之路啊,获取session就变的很重要。思索很...

难点:aop类是普通的java类,session是无法注入的,那么在有状态的系统中如何获取用户相关信息呢,session是必经之路啊,获取session就变的很重要。思索很久没有办法,后来在网上看到了解决办法。

思路是:

i. syscontext  成员变量 request,session,response 

ii. filter 目的是给 syscontext 中的成员赋值 

iii.然后在aop中使用这个syscontext的值

要用好,需要理解  threadlocal和  和filter 执行顺序

1.aop获取request,response,session等

public class syscontext { 
  private static threadlocal<httpservletrequest> requestlocal=new threadlocal<httpservletrequest>(); 
  private static threadlocal<httpservletresponse> responselocal=new threadlocal<httpservletresponse>(); 
  
  public static httpservletrequest getrequest(){ 
   return requestlocalget(); 
  } 
  
  public static void setrequest(httpservletrequest request){ 
   requestlocalset(request); 
  } 
  
  public static httpservletresponse getresponse(){ 
   return responselocalget(); 
  } 
  
  public static void setresponse(httpservletresponse response){ 
   responselocalset(response); 
  } 
  
  public static httpsession getsession(){ 
   return (httpsession)(getrequest())getsession(); 
  } 
 } 

2.添加过滤器

public class getcontextfilter implements filter{ 
 
  @override 
  public void destroy() { 
   
  } 
 
  @override 
  public void dofilter(servletrequest request, servletresponse response, 
    filterchain chain) throws ioexception, servletexception { 
   syscontextsetrequest((httpservletrequest)request); 
   syscontextsetresponse((httpservletresponse)response); 
   chaindofilter(request, response); 
  } 
 
  @override 
  public void init(filterconfig config) throws servletexception { 
   
  } 
 
 } 
 

3.配置web.xml 

将这部分放置在最前面,这样可以过滤到所有的请求

<filter> 
  <filter-name>sessionfilter</filter-name> 
  <filter-class>comuneifiltergetcontextfilter</filter-class> 
 </filter> 
 
 <filter-mapping> 
  <filter-name>sessionfilter</filter-name> 
  <url-pattern>*</url-pattern> 
 </filter-mapping> 

4.spring aop before

从session中取出用户名,如果不存在,抛出异常跳转,将错误信息放到request中

@aspect 
 public class adminaspect { 
  actioncontext context = actioncontextgetcontext(); 
  httpservletrequest request; 
  httpservletresponse response; 
 
  @before("execution(* comuneiactionadminactiongetprivileges())") 
  public void adminprivilegecheck() 
    throws throwable { 
   httpsession session = syscontextgetsession(); 
   request = syscontextgetrequest(); 
   response = syscontextgetresponse(); 
   string username = ""; 
   
   try { 
    username = sessiongetattribute("username")tostring(); 
    if(username==null||usernameequals("")) 
     throw new exception("no privilege"); 
   } catch (exception ex) { 
    requestsetattribute("msg", "{\"res\":\"" + "无权限" + "\"}"); 
    try { 
     requestgetrequestdispatcher("/jsp/jsonjsp")forward( 
       request, response); 
    } catch (servletexception e) { 
     eprintstacktrace(); 
    } catch (ioexception e) { 
     eprintstacktrace(); 
    } 
   } 
  } 
 } 

5.applicationcontext.xml

<bean id="adminaspect" class="comuneiaopadminaspect"></bean> 

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。