使用spring的ProxyFactoryBean来实现权限控制
2012-04-02 17:24
741 查看
一、创建发帖接口及实现类。
1) IPostService:
二、实现MethodInterceptor接口,来拦截对帖子操作的方法(即IPostService里的方法),再增删改查前执行权限认证。
1)PermissionValidator:
2) SecurityManager:
三、配置spring文件:applicationContext.xml。
四、 测试。
1) 测试类,PostServiceImplTest:
2) 测试结果:
五、其他相关类。
1) 各种bean:
1)) 帖子bean:
Post:
2)) 用户bean:
User:
2) 工具类:
SysTools:
1) IPostService:
package com.jian.service.post; import com.jian.beans.Post; public interface IPostService { void read(Post post); void post(Post post); void reply(Post post); void delete(Post post); }2) PostServiceImpl:
package com.jian.service.post.impl; import java.sql.Date; import java.text.SimpleDateFormat; import com.jian.beans.Post; import com.jian.service.post.IPostService; import com.jian.util.Container; /** * <p> * Title: 帖子服務類 * </p> * <p> * Description: * </p> * <p> * Company: 找工作ing * </p> * * @author "xiaolong8" * @version 1.00 2012-3-17 "jian" */ public class PostServiceImpl implements IPostService { @Override public void delete(Post post) { System.out.println("delete: " + post.getId()); } @Override public void post(Post post) { System.out.println("post: " + post.getId()+", content:" + post.getContent()); } @Override public void read(Post post) { System.out.println("read: " + post.getId()); } @Override public void reply(Post post) { System.out.println("reply: "+post.getId()+", content:"+post.getContent()); } }
二、实现MethodInterceptor接口,来拦截对帖子操作的方法(即IPostService里的方法),再增删改查前执行权限认证。
1)PermissionValidator:
package com.jian.security; import java.util.List; import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInvocation; import com.jian.beans.Role; import com.jian.beans.User; import com.jian.util.Container; import com.jian.util.SysTools; /** * <p> * Title: 權限驗證類 * </p> * <p> * Description: 用SPRING AOP來實現權限驗證。原理:通過org.springframework.aop.framework.ProxyFactoryBean來創建動態代理對象,實現對要驗證模組的方法進行攔截,來增加權限驗證功能。 * </p> * <p> * Company: 找工作ing * </p> * * @author "xiaolong8" * @version 1.00 2012-3-17 jian */ public class PermissionValidator implements MethodInterceptor{ @Override public Object invoke(MethodInvocation invocation) throws Throwable { // System.out.println("(被调用方法接口类名: " // + invocation.getMethod().getDeclaringClass().getName() + ")"); // System.out.println("(被调用方法名:" + invocation.getMethod().getName()+ ")"); // String methodName = invocation.getMethod().getDeclaringClass() // .getName() + "." + invocation.getMethod().getName(); // System.out.println("(被调用方法全名:" + methodName + ")"); SecurityManager securityManager = (SecurityManager)Container.getBean("securityManager"); User currentUser = SysTools.getInstance().getCurrentUser(); String currentMethod = invocation.getMethod().getDeclaringClass().getName() + "." + invocation.getMethod().getName(); /** 通過用戶所執行的函數來判斷權限 */ if(!securityManager.checkPermission(currentUser, currentMethod)){ System.out.println("------------------------------------------------------------------------------------------------------------"); System.out.println("- currentUser:"+currentUser); System.out.print("- 不具備權限來執行方法:"); System.out.print(currentMethod+"("); for(int i = 0; i < invocation.getArguments().length; i++){ if(i != 0){ System.out.print(", "); } System.out.print(invocation.getArguments()[i]); } System.out.println(")"); System.out.println("------------------------------------------------------------------------------------------------------------"); return null; } return invocation.proceed(); } }
2) SecurityManager:
package com.jian.security; import java.util.List; import com.jian.beans.Role; import com.jian.beans.User; public class SecurityManager { private static SecurityManager me = null; private SecurityManager(){ } synchronized public static SecurityManager getInstance(){ if(me == null){ me = new SecurityManager(); } return me; } /** 驗證用戶是否有該方法執行權限 * @param user * @param action 用戶執行的函數名 * @return */ public boolean checkPermission(User user, String action){ Role role = user.getRole(); List<String> permissionList = role.getPermissionList(); if(permissionList != null){ return permissionList.contains(action); } return false; } }
三、配置spring文件:applicationContext.xml。
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"> <bean id="postServiceTarget" class="com.jian.service.post.impl.PostServiceImpl" /> <bean id="permissionValidator" class="com.jian.security.PermissionValidator" /> <!--為發帖服務提供權限控制--> <bean id="postService" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value>com.jian.service.post.IPostService</value> </property> <property name="target" ref="postServiceTarget" /> <property name="interceptorNames"> <list> <value>permissionValidator</value> </list> </property> </bean> <!--安全管理器--> <bean id="securityManager" class="com.jian.security.SecurityManager" factory-method="getInstance"></bean> <!--用戶角色配置, 本應在數據庫中讀取并構造角色,為了便于測試,就在這構造幾個供測試用。--> <bean id="adminRole" class="com.jian.beans.Role"> <constructor-arg type="int" value="0" /> <constructor-arg type="java.lang.String" value="管理員" /> <constructor-arg type="java.util.List"> <list> <value>com.jian.service.post.IPostService.delete</value> <value>com.jian.service.post.IPostService.post</value> <value>com.jian.service.post.IPostService.read</value> <value>com.jian.service.post.IPostService.reply</value> </list> </constructor-arg> </bean> <bean id="userRole" class="com.jian.beans.Role"> <constructor-arg type="int" value="1" /> <constructor-arg type="java.lang.String" value="用戶" /> <constructor-arg type="java.util.List"> <list> <value>com.jian.service.post.IPostService.post</value> <value>com.jian.service.post.IPostService.read</value> <value>com.jian.service.post.IPostService.reply</value> </list> </constructor-arg> </bean> <bean id="visitorRole" class="com.jian.beans.Role"> <constructor-arg type="int" value="9" /> <constructor-arg type="java.lang.String" value="訪客" /> <constructor-arg type="java.util.List"> <list> <value>com.jian.service.post.IPostService.read</value> </list> </constructor-arg> </bean> </beans>
四、 测试。
1) 测试类,PostServiceImplTest:
package test.com.jian.service.post.impl; import org.junit.Before; import org.junit.Test; import com.jian.beans.Post; import com.jian.beans.Role; import com.jian.beans.User; import com.jian.service.post.IPostService; import com.jian.util.Container; import com.jian.util.SysTools; public class PostServiceImplTest { IPostService postService = (IPostService)Container.getBean("postService"); Post post = new Post((int)System.currentTimeMillis(), "miss 03", Post.TYPE_POST); @Before public void setup() { /** 構建各種用戶 */ Role adminRole = (Role)Container.getBean("adminRole"); Role userRole = (Role)Container.getBean("userRole"); Role visitorRole = (Role)Container.getBean("visitorRole"); // SysTools.getInstance().setCurrentUser(new User(0, "jian", adminRole)); /** 用普通用戶來進行測試 */ SysTools.getInstance().setCurrentUser(new User(0, "jian", userRole)); // SysTools.getInstance().setCurrentUser(new User(0, "jian", visitorRole)); } @Test public void testRead(){ postService.read(post); }; @Test public void testPost() { postService.post(post); } @Test public void testReply(){ postService.reply(post); }; @Test public void testDelete(){ postService.delete(post); }; }
2) 测试结果:
read: 1918217734 post: 1918217762, content:miss 03 reply: 1918217764, content:miss 03 ------------------------------------------------------------------------------------------------------------ - currentUser:{id:0, name:jian, role:{id:1, name:用戶, permissionList:{com.jian.service.post.IPostService.post,com.jian.service.post.IPostService.read,com.jian.service.post.IPostService.reply}}} - 不具備權限來執行方法:com.jian.service.post.IPostService.delete({id: 1918217767, content: miss 03, type: POST}) ------------------------------------------------------------------------------------------------------------
五、其他相关类。
1) 各种bean:
1)) 帖子bean:
Post:
package com.jian.beans; /** * <p> * Title: 貼子組件 * </p> * <p> * Description: 帖子組件,有兩類:發表帖、回覆帖 * </p> * <p> * Company: 找工作ing * </p> * * @author "xiaolong8" * @version 1.00 2012-3-17 "jian" */ public class Post { /** 發表帖 */ public static final String TYPE_POST = "POST"; /** 回覆帖 */ public static final String TYPE_REPLY = "REPLY"; private int id; private String content; private String type; public Post(int id, String content, String type) { this.id = id; this.content = content; this.type = type; } public int getId() { return id; } public void setId(int id) { this.id = id; } public String getContent() { return content; } public void setContent(String content) { this.content = content; } public String getType() { return type; } public void setType(String type) { this.type = type; } @Override public String toString() { StringBuffer buf = new StringBuffer(); buf.append("{id: ").append(id).append(", content: ").append(content) .append(", type: ").append(type).append("}"); return buf.toString(); } }
2)) 用户bean:
User:
package com.jian.beans; public class User { private Integer id; private String name; private Role role; public User(Integer id, String name, Role role) { this.id = id; this.name = name; this.role = role; } public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public Role getRole() { return role; } public void setRole(Role role) { this.role = role; } @Override public String toString() { StringBuffer buffer = new StringBuffer(); buffer.append("{id:"+id).append(", name:").append(name).append(", role:") .append(role).append("}"); return buffer.toString(); } }Role:
package com.jian.beans; import java.util.List; public class Role { private int id; private String name; List<String> permissionList; public Role(int id, String name, List<String> permissionList) { this.id = id; this.name = name; this.permissionList = permissionList; } public int getId() { return id; } public void setId(int id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public List<String> getPermissionList() { return permissionList; } public void setPermissionList(List<String> permissionList) { this.permissionList = permissionList; } @Override public String toString() { StringBuffer buf = new StringBuffer(); buf.append("{id:").append(id).append(", name:").append(name).append(", permissionList:"); int iMax = permissionList.size() - 1; buf.append("{"); if(iMax >= 0 ){ for (int i = 0; ; i++) { buf.append(permissionList.get(i)); if(i == iMax){ break; } buf.append(","); } } buf.append("}"); buf.append("}"); return buf.toString(); } }
2) 工具类:
SysTools:
package com.jian.util; import com.jian.beans.Role; import com.jian.beans.User; public class SysTools { private static SysTools me = null; private User currentUser; private SysTools(){ } synchronized public static SysTools getInstance(){ if(me == null){ me = new SysTools(); } return me; } public void setCurrentUser(User currentUser) { this.currentUser = currentUser; } /** 獲取當前操作的用戶 * @return */ public User getCurrentUser(){ if(currentUser == null){ //session 等地方獲取到當前用戶 } return currentUser; } }Container:
package com.jian.util; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; public class Container { /** spring配置文件 * */ private static final String SPRING_CONFIG = "applicationContext.xml"; private static ApplicationContext ctx = null; static{ ctx = new ClassPathXmlApplicationContext(SPRING_CONFIG); } /** 獲取bean * @param id bean id * @return */ public static Object getBean(String id){ return ctx.getBean(id); } }
相关文章推荐
- Spring学习笔记 —— AOP(面向切面编程) 之使用ProxyFactoryBean实现AOP
- Spring源码阅读-使用ProxyFactoryBean实现AOP
- spring 直接使用ProxyFactoryBean 实现AOP 流程小结
- 使用BeanNameAutoProxyCreator实现spring的自动代理
- 使用Spring Security、Spring Data Jpa实现的RBAC权限控制
- 在Spring Boot中使用Spring Security实现权限控制
- 使用Shiro 集合Spring来实现权限控制
- spring aop(五)--ProxyFactoryBean创建代理的实现
- SpringBoot中使用Springsecurity实现权限控制
- 在Spring Boot中使用Spring Security实现权限控制
- SpringBoot中使用Spring Security实现权限控制
- Spring源码分析之ProxyFactoryBean方式实现Aop功能的分析
- Spring ProxyFactoryBean 是如何实现所有的AOP proxy都有可能转为Advised接口的?
- 用TransactionProxyFactoryBean实现spring的声明式事务
- 使用BeanNameAutoProxyCreator实现spring的自动代理
- Spring Boot中使用Spring Security实现权限控制
- spring中的beannameautoproxycreator进行权限控制 学到很多
- 8.5.2: Spring的事务---使用TransactionProxyFactoryBean创建事务代理
- Spring的AOP实现方式—ProxyFactoryBean配置方式实现源码剖析
- 用TransactionProxyFactoryBean实现spring的声明式事务