spring aop 拦截业务方法，实现权限控制示例

spring aop 拦截业务方法，实现权限控制示例

难点：aop类是普通的java类，session是无法注入的，那么在有状态的系统中如何获取用户相关信息呢，session是必经之路啊，获取session就变的很重要。思索很久没有办法，后来在网上看到了解决办法。

思路是：

i. SysContext  成员变量 request,session,response

ii. Filter 目的是给 SysContext 中的成员赋值

iii.然后在AOP中使用这个SysContext的值

要用好，需要理解  ThreadLocal和  和Filter 执行顺序

1.aop获取request，response，session等

public class SysContext {

private static ThreadLocal requestLocal=new ThreadLocal();

private static ThreadLocal responseLocal=new ThreadLocal();

public static HttpServletRequest getRequest(){

return requestLocalget();

}

public static void setRequest(HttpServletRequest request){

requestLocalset(request);

}

public static HttpServletResponse getResponse(){

return responseLocalget();

}

public static void setResponse(HttpServletResponse response){

responseLocalset(response);

}

public static HttpSession getSession(){

return (HttpSession)(getRequest())getSession();

}

}

2.添加过滤器

public class GetConYWsRNVJYQBtextFilter implements Filter{

@Override

public void destroy() {

}

@Override

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

SysContextsetRequest((HttpServletRequest)request);

SysContextsetResponse((HttpServletResponse)resphttp://onse);

chaindoFilter(request, response);

}

@Override

public void init(FilterConfig config) throws ServletException {

}

}

3.配置web.xml

将这部分放置在最前面，这样可以过滤到所有的请求

sessionFilter

comuneifilterGetContextFilter

sessionFilter

*

4.spring aop before

从session中取出用户名，如果不存在，抛出异常跳转，将错误信息放到request中

@Aspect

public class AdminAspect {

ActionContext context = ActionContextgetContext();

HttpServletRequest request;

HttpServletResponse response;

@Before("execution(* comuneiActionAdminActiongetPrivileges())")

public void adminPrivilegeCheck()

throws Throwable {

HttpSession session = SysContextgetSession();

request = SysContextgetRequest();

response = SysContextgetResponse();

String userName = "";

try {

userName = sessiongetAttribute("userName")toString();

if(userName==null||userNameequals(""))

throw new Exception("no privilege");

} catch (Exception ex) {

requestsetAttribute("msg", "{\"res\":\"" + "无权YWsRNVJYQB限" + "\"}");

try {

requestgetRequestDispatcher("/jsp/jsonjsp")forward(

request, response);

} catch (ServletException e) {

eprintStackTrace();

} catch (IOException e) {

eprintStackTrace();

}

}

}

}

5.applicationContext.xml

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。