基于AOP的权限控制
1.在启动类上添加aop注解
@SpringBootApplication
@EnableAspectJAutoProxy
public class SpringAopDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringAopDemoApplication.class, args);
}
}
2.自定义注解
@Target(ElementType.METHOD)
@Retention( RetentionPolicy.RUNTIME )
@Documented
public @interface Permission {
}
3.aop权限控制核心代码
@Aspect
@Component
@ResponseBody
public class PermissionAspect {
private Logger logger = LoggerFactory.getLogger(PermissionAspect.class);
@Autowired
private CheckService checkService;
@Around(value = "@annotation(permission)")
public Response permissionCheck(ProceedingJoinPoint joinPoint, Permission permission) throws Exception {
logger.info("==========开始全新校验======");
//1.获取请求参数
Object [] objects = joinPoint.getArgs();
for(Object obj : objects){
if(obj instanceof RequestVO){
Long adminId = ((RequestVO) obj).getAdminId();
String authority = ((RequestVO) obj).getAuthrity();
//若校验失败,抛出自定义异常
if(checkService.check(adminId,authority)){
logger.info("=====权限校验失败!========");
throw new Exception("抱歉,您没有该操作权限");
}
logger.info("=====权限校验成功!====");
//若校验成功,继续方法执行,并获取返回结果,返回给前端
try{
Object object = joinPoint.proceed();
if(object instanceof Response){
return (Response) object;
}
}catch (Throwable throwable){
throw new Exception("11111");
}
}
}
return new Response();
}
}
4.Response返回实体类
public class Response<T> {
public Response(){
this(HttpStatus.OK.name(),null);
}
public Response(T body){
this(HttpStatus.OK.name(),body);
}
public Response(String code,T body){
this(code,null,body);
}
public Response(String code, String message, T body) {
this.code = code;
this.data = body;
this.message = message;
}
private String code;
private String message;
private String updateTime;
private T data;
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public String getUpdateTime() {
return updateTime;
}
public void setUpdateTime(String updateTime) {
this.updateTime = updateTime;
}
public T getData() {
return data;
}
public void setData(T data) {
this.data = data;
}
public Response code(String code){
this.code = code;
return this;
}
public Response body(T body){
this.data = body;
return this;
}
public Response message(String message){
this.message = message;
return this;
}
public Response time(String time){
this.updateTime = time;
return this;
}
}
5. 权限实体类
public class RequestVO {
public RequestVO(){
}
/**
* 权限标识符
*/
private String authrity;
/**
* 操作人员ID
*/
private Long adminId;
public String getAuthrity() {
return authrity;
}
public void setAuthrity(String authrity) {
this.authrity = authrity;
}
public Long getAdminId() {
return adminId;
}
public void setAdminId(Long adminId) {
this.adminId = adminId;
}
}
5.定义一个controller
@RestController
@RequestMapping(value = "/login")
public class LongUserController {
@Permission
@RequestMapping(value = "/index",method = RequestMethod.POST)
public Response login(@RequestBody AddUserRequestVO vo){
System.out.println("哈哈哈哈哈");
return new Response("200","登录成功!",null);
}
}
AddUserRequestVO需要继承RequestVO
public class AddUserRequestVO extends RequestVO {
public String getUser() {
return user;
}
public void setUser(String user) {
this.user = user;
}
private String user;
}
