aop(权限控制)
创建sysContext (管理请求)
package com.tp.soft.common.util; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class SysContext { private static ThreadLocal<HttpServletRequest> reqLocal = new ThreadLocal<HttpServletRequest>(); private static ThreadLocal<HttpServletResponse> resLocal = new ThreadLocal<HttpServletResponse>(); public static void setRequest(HttpServletRequest request){ reqLocal.set(request); } public static HttpServletRequest getRequest(){ return reqLocal.get(); } public static void setResponse(HttpServletResponse response){ resLocal.set(response); } public static HttpServletResponse getResponse(){ return resLocal.get(); } public static HttpSession getSession(){ return getRequest().getSession(); } }
创建拦截器,通过每次请求就创建httpServletRequest
GetContextFilter.java
package com.tp.soft.common.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.tp.soft.common.util.SysContext; public class GetContextFilter implements Filter{ public void destroy() { // TODO Auto-generated method stub } public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { // TODO Auto-generated method stub SysContext.setRequest((HttpServletRequest) arg0); SysContext.setResponse((HttpServletResponse) arg1); arg2.doFilter(arg0, arg1); } public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } }
web.xml 拦截器配置
<filter> <filter-name>sessionFilter</filter-name> <filter-class>com.tp.soft.common.filter.GetContextFilter</filter-class> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>*</url-pattern> </filter-mapping>
aop切面对象 判断权限
package com.tp.soft.aop; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import com.tp.soft.common.util.SysContext; import com.tp.soft.entity.User; @Aspect public class AdminAspect { @Before("execution(* com.tp.soft.service..*.*(..)) && !execution(* com.tp.soft.service..LoginSvc.*(..))") public void dealPrivilege() throws Throwable{ HttpSession session = SysContext.getSession(); HttpServletRequest request = SysContext.getRequest(); HttpServletResponse response = SysContext.getResponse(); User user = (User) session.getAttribute("user"); if(user == null){ request.getRequestDispatcher("noPower.jsp").forward(request, response); } } }
UserController.java
当访问dologin 再访问toQueryUser即已经存在session 则表示有操作权限,
否则直接访问toQueryUser 则会通过aop 跳转到noPower.jsp
@RequestMapping(value="/doLogin") @ResponseBody public void doLogin(){ User user = new User(); user.setLogin_name("zs"); user.setLogin_pwd("1234"); loginSvc.doLogin("zs", "123"); SysContext.getSession().setAttribute("user", user); } @RequestMapping(value="/toQueryUser") public ModelAndView toQueryUser(){ User user = userSvc.getUser(21); Map<String, Object> map = new HashMap<String, Object>(); map.put("user", user); return new ModelAndView("/pc/userTest", map); }