Spring Aop +自定义注解实现用户权限控制

项目结构：

pom.xml：

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">  <modelVersion>4.0.0</modelVersion>  <groupId>com</groupId>  <artifactId>SpringAop</artifactId>  <version>0.0.1-SNAPSHOT</version>  <packaging>jar</packaging>  <name>SpringAop</name>  <url>http://maven.apache.org</url>  <properties>    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>  </properties>  <dependencies>    <dependency>      <groupId>junit</groupId>      <artifactId>junit</artifactId>      <version>4.10</version>      <scope>test</scope>    </dependency>     <dependency>      <groupId>org.springframework</groupId>      <artifactId>spring-context</artifactId>      <version>4.0.2.RELEASE</version>    </dependency>    <dependency>      <groupId>org.springframework</groupId>      <artifactId>spring-test</artifactId>      <version>4.0.2.RELEASE</version>    </dependency>    <!-- https://mvnrepository.com/artifact/org.springframework/spring-aop --><dependency>    <groupId>org.springframework</groupId>    <artifactId>spring-aop</artifactId>    <version>4.0.2.RELEASE</version></dependency>    <dependency>     <groupId>org.aspectj</groupId>     <artifactId>aspectjweaver</artifactId>     <version>1.6.12</version> </dependency> <dependency>    <groupId>cglib</groupId>    <artifactId>cglib</artifactId>    <version>2.2.2</version></dependency>  </dependencies>  <build>   <plugins>          <plugin>             <groupId>org.apache.maven.plugins</groupId>             <artifactId>maven-compiler-plugin</artifactId>           <version>3.1</version>           <configuration>              <target>1.8</target>           <source>1.8</source>           </configuration>          </plugin>          </plugins>          </build></project>

自定义注解：

package com.Quanxian;import java.lang.annotation.*;@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)public @interface PrivilegeInfo {    String value() default "";}

注解解析器：

package com.Quanxian;import java.lang.reflect.Method;/** * 注解处理器 * @author P1311529 * 这个解析器的主要功能，是解析目标方法上如果有PrivilegeInfo注解，那么解析出这个注解中的value值（权限的值） * */public class PrivilegeAnnotationParse {     public static String parse(Class c1 ,String c1methodName)throws Exception{         String methodAccess ="";         Method method =c1.getMethod(c1methodName);         if(method.isAnnotationPresent(PrivilegeInfo.class)){             PrivilegeInfo privilegeInfo=method.getAnnotation(PrivilegeInfo.class);             methodAccess =privilegeInfo.value();            // System.err.println(methodAccess);         }         return methodAccess;     }}

获取用户权限名：

package com.Quanxian;public class FirmPrivilege {     /**     * 用户权限的名称     */    private String value;    public String getValue() {        return value;    }    public void setValue(String value) {        this.value = value;    }    public FirmPrivilege(String value) {        this.value = value;    }    public FirmPrivilege() {    }}

service 以及实现类：

package com.Quanxian.service;public interface FirmService {        /**         * 在需要权限的目标方法上，使用PrivilegeInfo注解，配置权限为save         */        public void save();        /**         * 在需要权限的目标方法上，使用PrivilegeInfo注解，配置权限为update         */        public void update();        /**         * 不需要权限的目标方法上，则不添加PrivilegeInfo注解         * 在切面中，默认用户拥有权限         */        public void get();}

package com.Quanxian.serviceImpl;import com.Quanxian.PrivilegeInfo;import com.Quanxian.service.FirmService;public class FirmServiceImpl implements FirmService{     /**     * 在需要权限的目标方法上，使用PrivilegeInfo注解，配置权限     */    @Override    @PrivilegeInfo("save")    public void save() {        System.out.println("FirmServiceImpl.save()");    }    /**     * 在需要权限的目标方法上，使用PrivilegeInfo注解，配置权限     */    @Override    @PrivilegeInfo("update")    public void update() {        System.out.println("FirmServiceImpl.update()");    }    /**     * 不需要权限的目标方法上，则不添加PrivilegeInfo注解     * 在切面中，默认用户拥有权限     */    @Override    public void get() {        System.out.println("FirmServiceImpl.get()");    }}

切面类：

package com.Quanxian;import java.util.List;import org.aspectj.lang.ProceedingJoinPoint;public class PrivilegeAspect {  private List<FirmPrivilege> privileges;public List<FirmPrivilege> getPrivileges() {    return privileges;}public void setPrivileges(List<FirmPrivilege> privileges) {    this.privileges = privileges;}/** * aop中的环绕通知 * 在这个方法中检查用户的权限和目标方法的需要的权限是否匹配 * 如果匹配则调用目标方法，不匹配则不调用 * @param joinPoint　连接点 * @throws Throwable */  public void isAccessMethod(ProceedingJoinPoint joinPoint)throws Throwable{      /**       * 1.获取访问目标方法应该具备的权限       *  为解析目标方法的PrivilegeInfo注解，根据我们定义的解析器，需要得到：目标类的class形式　方法的名称       */      Class targetClass =joinPoint.getTarget().getClass();      String methodName=joinPoint.getSignature().getName();      System.out.println(targetClass+ "  " +methodName);    //得到该方法的访问权限      String methodAccess =PrivilegeAnnotationParse.parse(targetClass, methodName);      boolean isAccessed =false;      /*       * 2.遍历用户的权限，看是否拥有目标方法对应的权限       */        System.out.println("privileges :"+privileges);      for(FirmPrivilege firmPrivilege :privileges){          /*           * 如果目标方法没有使用PrivilegeInfo注解，则解析出来的权限字符串就为空字符串           * 则默认用户拥有这个权限           */          if("".equals(methodAccess)){              isAccessed =true;              break;          }          /*           * 用户原有权限列表中有的权限与目标方法上PrivilegeInfo注解配置的权限进行匹配           */          if(firmPrivilege.getValue() !=null &&                   firmPrivilege.getValue().equalsIgnoreCase(methodAccess)){             // System.out.println("not null ------------");              isAccessed =true;              break;          }          /*             * 3.如果用户拥有权限，则调用目标方法　，如果没有，则不调用目标方法，只给出提示             */      }          if(isAccessed){              joinPoint.proceed();//调用目标方法            //  System.out.println("调用目标方法");          }else{              System.out.println("你没有权限");          }  }}

xml文件配置切面：

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xmlns:context="http://www.springframework.org/schema/context"    xmlns:aop="http://www.springframework.org/schema/aop"    xmlns:tx="http://www.springframework.org/schema/tx"    xmlns:jee="http://www.springframework.org/schema/jee"    xmlns:jdbc="http://www.springframework.org/schema/jdbc"    xmlns:jpa="http://www.springframework.org/schema/data/jpa"    xmlns:batch="http://www.springframework.org/schema/batch"    xmlns:mvc="http://www.springframework.org/schema/mvc"    xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.0.xsd        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd        http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa.xsd        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd        http://www.springframework.org/schema/batch http://www.springframework.org/schema/batch/spring-batch.xsd        http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.1.7.xsd">           <aop:aspect id="QuanxianAspect" ref="privilegeAspect">              <aop:pointcut id="perform" expression="execution(* com.Quanxian.serviceImpl.FirmServiceImpl.*(..))"/>               <aop:around method="isAccessMethod" pointcut-ref="perform"/>           </aop:aspect>        </aop:config>        <bean id="firmService" class="com.Quanxian.serviceImpl.FirmServiceImpl"/>        <bean id="privilegeAspect" class="com.Quanxian.PrivilegeAspect"/>        </beans>

Tets:

package com.Quanxain;import java.util.ArrayList;import java.util.List;import org.junit.Before;import org.junit.Test;import org.springframework.context.ApplicationContext;import org.springframework.context.support.ClassPathXmlApplicationContext;import com.Quanxian.FirmPrivilege;import com.Quanxian.PrivilegeAspect;import com.Quanxian.service.FirmService;public class TestQuanxian {    private FirmService firmService;    @Before    public void beFore1(){        ApplicationContext ac=new ClassPathXmlApplicationContext("springaop.xml");         firmService = (FirmService)ac.getBean("firmService");        PrivilegeAspect privilegeAspect=(PrivilegeAspect) ac.getBean("privilegeAspect");        List<FirmPrivilege> privileges=new ArrayList<FirmPrivilege>();        privileges.add(new FirmPrivilege("update"));        privilegeAspect.setPrivileges(privileges);    }    @Test    public void Test1(){        firmService.save();        firmService.update();        firmService.get();    }}

result:

Oct 10, 2017 9:28:58 AM org.springframework.context.support.ClassPathXmlApplicationContext prepareRefreshINFO: Refreshing org.springframework.context.support.ClassPathXmlApplicationContext@6996db8: startup date [Tue Oct 10 09:28:58 CST 2017]; root of context hierarchyOct 10, 2017 9:28:58 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitionsINFO: Loading XML bean definitions from class path resource [springaop.xml]class com.Quanxian.serviceImpl.FirmServiceImpl  saveprivileges :[com.Quanxian.FirmPrivilege@4b5a5ed1]你没有权限class com.Quanxian.serviceImpl.FirmServiceImpl  updateprivileges :[com.Quanxian.FirmPrivilege@4b5a5ed1]FirmServiceImpl.update()class com.Quanxian.serviceImpl.FirmServiceImpl  getprivileges :[com.Quanxian.FirmPrivilege@4b5a5ed1]FirmServiceImpl.get()

privileges :[com.Quanxian.FirmPrivilege@4b5a5ed1] 其实就是你给用户加的update权限 为什么要用List 因为可能需要给用户加多个权限

参考博客：http://blog.csdn.net/minhellic/article/details/51919690