import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* Annotation which indicates the annotated method must be secured.
*/
@Target({ ElementType.METHOD })
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface EnableDataSecurity {
/**
* 启用当前机构条件开关 ON/OFF
* */
public String enableCurrentOrgCondition() default "ON";
/**
* 启用机构货主表关联开关 ON/OFF
* */
public String enableOrgOwnerRelation() default "ON";
/**
* 启用域管理员创建货主 所属域开放权限开关 ON/OFF,只针对域管理员
* */
public String enableOwnerCreateDomainAuth() default "ON";
}
package com.yundaex.common.security.advice;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint;
import org.springframework.stereotype.Component;
import com.yundaex.common.security.annotation.EnableDataSecurity;
import com.yundaex.common.security.context.WMSSecurityContext;
@Aspect
@Component("enableDataSecurityAroundAdvice")
public class EnableDataSecurityAroundAdvice {
//private static final Logger logger = Logger.getLogger(EnableDataSecurityAroundAdvice.class);
/*public EnableDataSecurityAroundAdvice() {
logger.debug("EnableDataSecurityAroundAdvice initial success");
}*/
@Pointcut(value = "@annotation(enableDataSecurity)", argNames = "enableDataSecurity")
protected void enableDataSecurity(EnableDataSecurity enableDataSecurity) {}
/**
* indicate the method should be exeucte the data security operation.
* */
// @SuppressWarnings("rawtypes")
@Before(value = "enableDataSecurity(enableDataSecurity)", argNames="enableDataSecurity")
public void before(JoinPoint joinPoint, EnableDataSecurity enableDataSecurity) throws Throwable {
// Class clazz = joinPoint.getTarget().getClass();
if (MethodInvocationProceedingJoinPoint.class.isAssignableFrom(joinPoint.getClass())) {
MethodInvocationProceedingJoinPoint methodInvocationProceedingJoinPoint = (MethodInvocationProceedingJoinPoint) joinPoint;
final String methodName = methodInvocationProceedingJoinPoint.getSignature().getName();
// String methodSignature = clazz.getName() + methodName;
String enableCurrentOrgCondition = enableDataSecurity.enableCurrentOrgCondition();
String enableOrgOwnerRelation = enableDataSecurity.enableOrgOwnerRelation();
String enableOwnerCreateDomainAuth = enableDataSecurity.enableOwnerCreateDomainAuth();
String methodSignature = methodName.concat("&")
.concat(enableCurrentOrgCondition)
.concat("&").concat(enableOrgOwnerRelation)
.concat("&").concat(enableOwnerCreateDomainAuth);
//set to thread local to proceeding
WMSSecurityContext.getDataSecurityMethodSignature().set(methodSignature);
} else {
//TODO THROW EXCEPTION TO EXPLAIN "Unsupport in the scenario using annotation 'EnableDataSecurity'"
}
}
@After(value = "enableDataSecurity(enableDataSecurity)", argNames="enableDataSecurity")
public void after(JoinPoint joinPoint,EnableDataSecurity enableDataSecurity) throws Throwable {
WMSSecurityContext.getDataSecurityMethodSignature().remove();
}
}
applicationContext.xml
<aop:aspectj-autoproxy proxy-target-class="true"/>
