spring aop实现权限控制
2017-11-09 22:41
471 查看
spring aop 拦截业务方法,实现权限控制
ii. Filter 目的是给 SysContext 中的成员赋值
iii.然后在AOP中使用这个SysContext的值
1.aop获取request,response,session等
[java] viewplain copy
public class SysContext {
private static ThreadLocal<HttpServletRequest> requestLocal=new ThreadLocal<HttpServletRequest>();
private static ThreadLocal<HttpServletResponse> responseLocal=new ThreadLocal<HttpServletResponse>();
public static HttpServletRequest getRequest(){
return requestLocal.get();
}
public static void setRequest(HttpServletRequest request){
requestLocal.set(request);
}
public static HttpServletResponse getResponse(){
return responseLocal.get();
}
public static void setResponse(HttpServletResponse response){
responseLocal.set(response);
}
public static HttpSession getSession(){
return (HttpSession)(getRequest()).getSession();
}
}
2.添加过滤器
[java] viewplain copy
public class GetContextFilter implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
SysContext.setRequest((HttpServletRequest)request);
SysContext.setResponse((HttpServletResponse)response);
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig config) throws ServletException {
}
}
3.配置web.xml
将这部分放置在最前面,这样可以过滤到所有的请求[html] view
plain copy
<filter>
<filter-name>sessionFilter</filter-name>
<filter-class>com.unei.filter.GetContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
4.spring aop before
从session中取出用户名,如果不存在,抛出异常跳转,将错误信息放到request中[java] view
plain copy
@Aspect
public class AdminAspect {
ActionContext context = ActionContext.getContext();
HttpServletRequest request;
HttpServletResponse response;
@Before("execution(* com.unei.Action.AdminAction.getPrivileges(..))")
public void adminPrivilegeCheck()
throws Throwable {
HttpSession session = SysContext.getSession();
request = SysContext.getRequest();
response = SysContext.getResponse();
String userName = "";
try {
userName = session.getAttribute("userName").toString();
if(userName==null||userName.equals(""))
throw new Exception("no privilege");
} catch (Exception ex) {
request.setAttribute("msg", "{\"res\":\"" + "无权限" + "\"}");
try {
request.getRequestDispatcher("/jsp/json.jsp").forward(
request, response);
} catch (ServletException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
5.applicationContext.xml
[html] viewplain copy
<bean id="adminAspect" class="com.unei.aop.AdminAspect"></bean>
分类: JAVA
WEB总结
相关文章推荐
- spring aop 拦截业务方法,实现权限控制示例
- spring AOP + 自定义注解实现权限控制小例子
- spring AOP + 自定义注解实现权限控制小例子
- 基于SSH2增删改查_控制层Action_Spring Aop权限控制基本实现(6)
- springAOP与自定义注解实现细粒度权限控制管理
- 在Spring Boot中使用Spring Security实现权限控制
- AOP 下的权限控制实现
- AOP下的权限控制实现
- AOP下的权限控制实现
- AOP与权限控制实现
- Spring AOP 实现用户权限验证
- AOP下的权限控制实现
- Spring AOP做权限控制
- AOP下的权限控制实现
- springboot+shiro+mybatis实现角色权限控制
- 使用spring的aop实现权限拦截后出现依赖注入为空的问题
- spring aop实现用户权限管理的示例
- 从零开始学 Java - Spring AOP 实现用户权限验证
- Spring Boot+Spring Security+JWT 实现 RESTful Api 权限控制
- AOP下的权限控制实现