1、权限注解类
import java.lang.annotation.Documented;import java.lang.annotation.ElementType;import java.lang.annotation.Retention;import java.lang.annotation.RetentionPolicy;import java.lang.annotation.Target;/*** 系统权限拦截注解**/@Target(ElementType.METHOD)@Retention(RetentionPolicy.RUNTIME)@Documentedpublic @interface Permission {/*** 权限模块 */public String title() default "";/*** 权限路径* */public String url() default "";/*** 权限描述* @return*/String description() default "";}
2、权限拦截实现
import java.lang.reflect.Method;import javax.servlet.http.HttpServletRequest;import org.aspectj.lang.ProceedingJoinPoint;import org.aspectj.lang.Signature;import org.aspectj.lang.annotation.Around;import org.aspectj.lang.annotation.Aspect;import org.aspectj.lang.annotation.Pointcut;import org.aspectj.lang.reflect.MethodSignature;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.ponent;import mon.annotation.Permission;import com.core.exception.BaseRuntimeException;import com.core.exception.user.AccountNotFoundException;import com.core.exception.user.UnauthorizedException;import com.core.web.CmsUtils;import com.core.web.ServletUtils;import com.coupon.entity.MerchantUser;import com.coupon.service.PermissionService;/*** 权限拦截校验*@Aspect:作用是把当前类标识为一个切面供容器读取*@Pointcut:Pointcut是植入Advice的触发条件。每个Pointcut的定义包括2部分,一是表达式,二是方法签名。方法签名必须是 public及void型。可以将Pointcut中的方法看作是一个被Advice引用的助记符,因为表达式不直观,因此我们可以通过方法签名的方式为 此表达式命名。因此Pointcut中的方法只需要方法签名,而不需要在方法体内编写实际代码。*@Around:环绕增强,相当于MethodInterceptor*@AfterReturning:后置增强,相当于AfterReturningAdvice,方法正常退出时执行*@Before:标识一个前置增强方法,相当于BeforeAdvice的功能,相似功能的还有*@AfterThrowing:异常抛出增强,相当于ThrowsAdvice*@After: final增强,不管是抛出异常或者正常退出都会执行*/@Aspect@Componentpublic class PermissionAspect {private static final Logger log = LoggerFactory.getLogger(PermissionAspect.class);@Autowiredprivate PermissionService permissionService;//日志切入点@Pointcut("@annotation(mon.annotation.Permission)")public void logPointCut() {}@Around("logPointCut()")public Object around(ProceedingJoinPoint joinPoint) throws Throwable {log.info("==========进入业务权限校验============================");//1.记录日志信息Signature signature = joinPoint.getSignature();String className = joinPoint.getTarget().getClass().getSimpleName();String methodName = signature.getName();log.info("className:{},methodName:{}",className,methodName);//2.角色权限校验MethodSignature methodSignature = (MethodSignature)signature;Method targetMethod = methodSignature.getMethod();if(targetMethod.isAnnotationPresent(Permission.class)){Permission permission = targetMethod.getAnnotation(Permission.class);HttpServletRequest request = ServletUtils.getRequest();//验证是否有权限String url = permission.url();MerchantUser merchantUser = CmsUtils.getMerchantUser(request);if(merchantUser==null) {throw new AccountNotFoundException("用户不存在");}if(!permissionService.isHaveOperationAuthority(merchantUser, url)) {//抛出权限异常throw new UnauthorizedException("用户没有权限");}else {//3.执行业务逻辑,放行return joinPoint.proceed();}}throw new BaseRuntimeException("未配置业务权限校验");}}
3、xml配置
<!-- aop 权限拦截 --><bean id="permissionAspect" class="com.aspect.PermissionAspect"/><!-- 启动对@AspectJ注解的支持 --> <aop:aspectj-autoproxy proxy-target-class="true" />
4、注解使用
@Permission(title="用户模块",url="/user/v_list.do")@RequestMapping("/v_list.do")public String list(HttpServletRequest request, ModelMap model, Integer pageNo, Integer pageSize, String userName,Integer state, String realName, String mobile, Integer isSuper, Integer type) {//业务代码return "/merchant_tpl/user/list";}
登录入口
@RequestMapping(value = "/login.do", method = RequestMethod.POST)@ResponseBodypublic ApiResult login(HttpServletRequest request, HttpServletResponse response, String userName, String password,String captcha, HttpSession httpSession) {JSONObject data = new JSONObject();String msg = "";if (StringUtils.isBlank(userName) || StringUtils.isBlank(password)) {msg = "用户名、密码未填写";return ApiResultUtil.tips(msg);} else {try {//完成用户认证,日志记录、授权业务MerchantUser merchantUser = userAuthService.doAuthentication(request, response, userName, password);if (merchantUser != null) {// 跳转到首页data.put("redirectUrl", "/store/index.do");return ApiResultUtil.success(data);}} catch (LockedException e) {System.out.println(e.getMessage());return ApiResultUtil.tips(e.getMessage());} catch (UsernameNotFoundException e) {System.out.println(e.getMessage());return ApiResultUtil.tips("用户名或密码错误");} catch (DisabledException e) {System.out.println(e.getMessage());return ApiResultUtil.tips(e.getMessage());} catch (IncorrectCredentialsException e) {System.out.println(e.getMessage());return ApiResultUtil.tips(e.getMessage());} catch (Exception e) {e.printStackTrace();return ApiResultUtil.error();}return ApiResultUtil.error();}}
登录认证
jar 依赖
aspectjrt-1.9.6.jar
aspectjweaver-1.8.9.jar
spring-aspects-4.3.18.RELEASE.jar
