package com.stu.aoppermission.anno;
import java.lang.annotation.*;
/**
* desc: 自定義註解
* create 2020-02-27 16:27
* version 1.0.0
*
* @author cdn
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Permission {
String authorities() default "默認值";
}
package com.stu.aoppermission.aspect;
import com.stu.aoppermission.anno.Permission;
import com.stu.aoppermission.service.UserService;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ResponseBody;
import java.lang.reflect.Method;
@Aspect
@Component
public class PermissionAspect {
@Autowired
private UserService userService;
/**
* 定義切點
*/
@Pointcut("execution(public * com.stu.aoppermission.controller.*.*(..))")
public void privilege() {
}
/**
* 權限環繞通知
*
* @param joinPoint
* @throws Throwable
*/
@ResponseBody
@Around(value = "privilege() && @annotation(permission)")
public Object isAccessMethod(ProceedingJoinPoint joinPoint, Permission permission) throws Throwable {
//獲取訪問目標方法
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
Method targetMethod = methodSignature.getMethod();
//如果該方法上沒有權限註解,直接調用目標方法
if (StringUtils.isEmpty(permission)) {
return joinPoint.proceed();
} else {
//獲取當前用戶
Object[] args = joinPoint.getArgs();
if (args == null || args[0] == null) {
return ("無法獲取當前用戶信息");
}
String currentUser = args[0].toString();
System.out.println("訪問用戶:" + currentUser);
if (!userService.isAdmin(currentUser)) {
return "您不是管理員";
} else {
System.out.println("您是管理員");
//是管理員時,才返回所需要的信息
return joinPoint.proceed();
}
}
}
/**
* 前置通知
*
* @param joinPoint
* @param p
*/
@Before("privilege()&& @annotation(p)")
public void Before(JoinPoint joinPoint, Permission p) {
System.out.println(p);
}
/**
* 正常情況返回
*
* @param joinPoint 切入點
* @param obj 正常返回結果
*/
@AfterReturning(pointcut = "privilege()&& @annotation(p)", returning = "obj")
public void doAfter(JoinPoint joinPoint, Permission p, Object obj) {
System.out.println(p);
}
/**
* 異常信息攔截
*
* @param joinPoint
* @param e
*/
@AfterThrowing(pointcut = "privilege()", throwing = "e")
public void doAfter(JoinPoint joinPoint, Exception e) throws Exception {
System.out.println("出現異常");
e.printStackTrace();
}
}
package com.stu.aoppermission.controller;
import com.stu.aoppermission.anno.Permission;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* desc:
* author CDN
* create 2020-02-27 17:18
* version 1.0.0
*/
@RestController
public class PermissionController {
@RequestMapping("testAop")
@Permission
public Object testAop(StringBuffer name) {
if (name == null || name.length() == 0) {
return "用戶名不能爲空";
}
return name.append("有管理員權限");
}
@RequestMapping("noTestAop")
public Object noTestAop(StringBuffer name) {
if (name == null || name.length() == 0) {
return "用戶名不能爲空";
}
return ("沒有Permission註解");
}
}
package com.stu.aoppermission.service;
/**
* desc:
* author CDN
* create 2020-02-27 16:37
* version 1.0.0
*/
public interface UserService {
boolean isAdmin(String currentUser);
}
package com.stu.aoppermission.serviceImpl;
import com.stu.aoppermission.service.UserService;
import org.springframework.stereotype.Service;
import java.util.Arrays;
import java.util.List;
/**
* desc:
* create 2020-02-27 16:39
* version 1.0.0
*
* @author cdn
*/
@Service
public class UserServiceImpl implements UserService {
// 管理員名單或者權限集合,此處爲了方便,常規應該寫在數據庫
private List<String> admins = Arrays.asList("zs", "ls", "ww");
@Override
public boolean isAdmin(String currentUser) {
return admins.contains(currentUser);
}
}
測試:
2、訪問無註解的方法
