spring aop 拦截业务方法,实现权限控制示例

网友投稿 232 2023-06-18


spring aop 拦截业务方法,实现权限控制示例

难点:aop类是普通的java类,session是无法注入的,那么在有状态的系统中如何获取用户相关信息呢,session是必经之路啊,获取session就变的很重要。思索很久没有办法,后来在网上看到了解决办法。

思路是:

i. SysContext  成员变量 request,session,response

ii. Filter 目的是给 SysContext 中的成员赋值

iii.然后在AOP中使用这个SysContext的值

要用好,需要理解  ThreadLocal和  和Filter 执行顺序

1.aop获取request,response,session等

public class SysContext {

private static ThreadLocal requestLocal=new ThreadLocal();

private static ThreadLocal responseLocal=new ThreadLocal();

public static HttpServletRequest getRequest(){

return requestLocalget();

}

public static void setRequest(HttpServletRequest request){

requestLocalset(request);

}

public static HttpServletResponse getResponse(){

return responseLocalget();

}

public static void setResponse(HttpServletResponse response){

responseLocalset(response);

}

public static HttpSession getSession(){

return (HttpSession)(getRequest())getSession();

}

}

2.添加过滤器

public class GetConYWsRNVJYQBtextFilter implements Filter{

@Override

public void destroy() {

}

@Override

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

SysContextsetRequest((HttpServletRequest)request);

SysContextsetResponse((HttpServletResponse)resphttp://onse);

chaindoFilter(request, response);

}

@Override

public void init(FilterConfig config) throws ServletException {

}

}

3.配置web.xml

将这部分放置在最前面,这样可以过滤到所有的请求

sessionFilter

comuneifilterGetContextFilter

sessionFilter

*

4.spring aop before

从session中取出用户名,如果不存在,抛出异常跳转,将错误信息放到request中

@Aspect

public class AdminAspect {

ActionContext context = ActionContextgetContext();

HttpServletRequest request;

HttpServletResponse response;

@Before("execution(* comuneiActionAdminActiongetPrivileges())")

public void adminPrivilegeCheck()

throws Throwable {

HttpSession session = SysContextgetSession();

request = SysContextgetRequest();

response = SysContextgetResponse();

String userName = "";

try {

userName = sessiongetAttribute("userName")toString();

if(userName==null||userNameequals(""))

throw new Exception("no privilege");

} catch (Exception ex) {

requestsetAttribute("msg", "{\"res\":\"" + "无权YWsRNVJYQB限" + "\"}");

try {

requestgetRequestDispatcher("/jsp/jsonjsp")forward(

request, response);

} catch (ServletException e) {

eprintStackTrace();

} catch (IOException e) {

eprintStackTrace();

}

}

}

}

5.applicationContext.xml


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:使用Promise链式调用解决多个异步回调的问题
下一篇:Java重写与重载之间的区别
相关文章

 发表评论

暂时没有评论,来抢沙发吧~