代碼片段(4)[全屏查看所有代碼]
1.?[代碼]定義注解?????
| 1 2 3 4 5 6 7 8 9 10 11 12 | @Retention(RetentionPolicy.RUNTIME)@Target({ElementType.METHOD,ElementType.TYPE})@Documented//最高優先級@Order(Ordered.HIGHEST_PRECEDENCE)public @interface RoleControl {????/**?????* ?????* 角色類型,以便決定是否具有相關權限?????*/????String value() default "user";} |
2.?[代碼]在Controller中使用?????
| 1 2 3 4 5 6 7 8 9 10 11 12 | @RoleControl("ADMIN")@Controllerpublic class LoginController {????@Autowired????private UserService uService;????@Autowired????private GlobalConfigService gcService;????@RoleControl("")????@RequestMapping("/login")????public String login(HttpServletRequest request,HttpServletResponse resp, @ModelAttribute("user") UserDto uDto) {???????????return ""} |
3.?[代碼]方式一:使用SpringAOP中的環繞Around?????
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | @Component@Aspectpublic class RoleControlAspect {????/**類上注解情形 *///? @Pointcut("@within(net.xby1993.springmvc.annotation.RoleControl)")????@Pointcut("execution(* net.xby1993.springmvc.controller..*.*(..)) && @within(net.xby1993.springmvc.annotation.RoleControl)")????public void aspect(){?????????????}????/**方法上注解情形 */????@Pointcut("execution(* net.xby1993.springmvc.controller..*.*(..)) && @annotation(net.xby1993.springmvc.annotation.RoleControl)")????public void aspect2(){?????????????}????/**aop實際攔截兩種情形*/????@Around("aspect() || aspect2()")????public Object doBefore(ProceedingJoinPoint point) {????????????????????HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();????????HttpSession session=request.getSession();????????Object target = point.getTarget();????????String method = point.getSignature().getName();????????Class<?> classz = target.getClass();????????Method m = ((MethodSignature) point.getSignature()).getMethod();????????try {????????????if (classz!=null && m != null ) {????????????????boolean isClzAnnotation= classz.isAnnotationPresent(RoleControl.class);????????????????boolean isMethondAnnotation=m.isAnnotationPresent(RoleControl.class);????????????????RoleControl rc=null;????????????????//如果方法和類聲明中同時存在這個注解,那么方法中的會覆蓋類中的設定。????????????????if(isMethondAnnotation){????????????????????rc=m.getAnnotation(RoleControl.class);????????????????}else if(isClzAnnotation){????????????????????rc=classz.getAnnotation(RoleControl.class);????????????????}????????????????String value=rc.value();????????????????Object obj=session.getAttribute(GeneUtil.SESSION_USERTYPE_KEY);????????????????String curUserType=obj==null?"":obj.toString();????????????????//進行角色訪問的權限控制,只有當前用戶是需要的角色才予以訪問。????????????????boolean isEquals=StringUtils.checkEquals(value, curUserType);????????????????if(isEquals){????????????????????try {????????????????????????return point.proceed();????????????????????} catch (Throwable e) {????????????????????????// TODO Auto-generated catch block????????????????????????e.printStackTrace();????????????????????}????????????????}?????????????????????????????}????????}catch(Exception e){?????????????????????}????????return null;????}} |
4.?[代碼]方式二:使用攔截器,推薦?????跳至?[1]?[2]?[3]?[4]?[全屏預覽]
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | import java.lang.reflect.Method;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import net.xby1993.springmvc.annotation.RoleControl;import net.xby1993.springmvc.util.GeneUtil;import net.xby1993.springmvc.util.PathUtil;import net.xby1993.springmvc.util.StringUtils;public class GlobalInterceptor extends HandlerInterceptorAdapter{????private static Logger log=LoggerFactory.getLogger(LoginInterceptor.class);????@Override????public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)????????????throws Exception {????????HttpSession s=request.getSession();????????s.setAttribute("host", PathUtil.getHost());????????s.setAttribute("siteName", GeneUtil.SITE_NAME);????????//角色權限控制訪問????????return roleControl(request,response,handler);????}????/**角色權限控制訪問*/????private boolean roleControl(HttpServletRequest request,HttpServletResponse response, Object handler){????????HttpSession session=request.getSession();????????System.out.println(handler.getClass().getName());????????if(handler instanceof HandlerMethod){????????????HandlerMethod hm=(HandlerMethod)handler;????????????Object target=hm.getBean();????????????Class<?> clazz=hm.getBeanType();????????????Method m=hm.getMethod();????????????try {????????????????if (clazz!=null && m != null ) {????????????????????boolean isClzAnnotation= clazz.isAnnotationPresent(RoleControl.class);????????????????????boolean isMethondAnnotation=m.isAnnotationPresent(RoleControl.class);????????????????????RoleControl rc=null;????????????????????//如果方法和類聲明中同時存在這個注解,那么方法中的會覆蓋類中的設定。????????????????????if(isMethondAnnotation){????????????????????????rc=m.getAnnotation(RoleControl.class);????????????????????}else if(isClzAnnotation){????????????????????????rc=clazz.getAnnotation(RoleControl.class);????????????????????}????????????????????String value=rc.value();????????????????????Object obj=session.getAttribute(GeneUtil.SESSION_USERTYPE_KEY);????????????????????String curUserType=obj==null?"":obj.toString();????????????????????//進行角色訪問的權限控制,只有當前用戶是需要的角色才予以訪問。????????????????????boolean isEquals=StringUtils.checkEquals(value, curUserType);????????????????????if(!isEquals){????????????????????????//401未授權訪問????????????????????????response.setStatus(401);????????????????????????return false;????????????????????}????????????????}????????????}catch(Exception e){?????????????????????????????}????????}?????????????????return true;????} |
 and detectChanges())
阻塞模式)
