spring aop实现权限控制,路径控制
spring aop 的权限的管理是通过对路径的控制来实现的
现在共有两个角色,经理和员工
经理的权限检查的代码
MgrAuthorityInterceptor.java
Java代码
public class MgrAuthorityInterceptor implements MethodInterceptor
{
public Object invoke(MethodInvocation invocation) throws Throwable
{
HttpServletRequest request = null;
ActionMapping mapping = null;
Object[] args = invocation.getArguments();
//解析目标方法的参数
for (int i = 0 ; i < args.length ; i++ )
{
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
}
//从session中得到用户的级别
String level = (String)request.getSession().getAttribute("level");
//如是经理级别则继续,否则,回到登陆页面
if ( level != null && level.equals("mgr") )
{
return invocation.proceed();
}
else
{
return mapping.findForward("login");
}
}
}
员工的权限的实现,EmpAuthorityInterceptor.java
Java代码
public class EmpAuthorityInterceptor implements MethodInterceptor
{
public Object invoke(MethodInvocation invocation) throws Throwable
{
HttpServletRequest request = null;
ActionMapping mapping = null;
Object[] args = invocation.getArguments();
for (int i = 0 ; i < args.length ; i++ )
{
if (args[i] instanceof HttpServletRequest) request = (HttpServletRequest)args[i];
if (args[i] instanceof ActionMapping) mapping = (ActionMapping)args[i];
}
//从session中得到用户的级别
String level = (String)request.getSession().getAttribute("level");
//如是经理或员工级别则继续,否则,回到登陆页面
if ( level != null && (level.equals("emp") || level.equals("mgr")))
{
return invocation.proceed();
}
else
{
return mapping.findForward("login");
}
}
}
员工,经理权限的实现,在action-servlet.xml中
Xml代码
<!-- 以经理权限拦截器生成代理 -->
<bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property name="beanNames">
<list>
action中的经理的操作
</list>
</property>
<property name="interceptorNames">
<list>
<value>mgrAuthorityInterceptor</value>
</list>
</property>
</bean>
<!-- 以普通员工权限拦截器生成代理 -->
<bean class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property name="beanNames">
<list>
员工中的action操作
</list>
</property>
<property name="interceptorNames">
<list>
<value>empAuthorityInterceptor</value>
</list>
</property>
</bean>
<!-- 定义经理权限检查拦截器,class即前面的MgrAuthorityInterceptor.java-->
<bean id="mgrAuthorityInterceptor" class="org.***.MgrAuthorityInterceptor"/>
<!-- 定义普通员工权限检查拦截器 ,class即前面的EmpAuthorityInterceptor.java-->
<bean id="empAuthorityInterceptor" class="org.***.EmpAuthorityInterceptor"/>