spring Aop权限。 -

hongwei3344661

浏览: 29625 次
性别:

最近访客更多访客>>

hui963966800

罗正波

qingyilei

zhangly2011

博主相关

博客

微博

相册

留言

关于我

文章分类

全部博客 (66)

社区版块

存档分类

spring Aop权限。

背景：在SpringMVC框架中，对Controller层中的需要相关用户权限的方法，加入Session中用户或管理员的验证。

NeedSession.Java -注解类

[java] view plain copy

/**
 * 用户Session注解，只能用于方法<br/>
 * 默认为value = SessionType.USER
 * 
 * @author Xiadi
 * @since 2013-9-10
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface NeedSession {
	/**
	 * Session中用户的类型<br/>
	 * 默认 USER
	 * 
	 * @return
	 */
	SessionType value() default SessionType.USER;
}

SessionType.java -枚举类

[java] view plain copy

/**
 * Web上下文，保存所有request与response
 * 
 */
public class SysContent {
	private static ThreadLocal<httpservletrequest> requestLocal = new ThreadLocal<httpservletrequest>();
	private static ThreadLocal<httpservletresponse> responseLocal = new ThreadLocal<httpservletresponse>();

	public static HttpServletRequest getRequest() {
		return requestLocal.get();
	}

	public static void setRequest(HttpServletRequest request) {
		requestLocal.set(request);
	}

	public static HttpServletResponse getResponse() {
		return responseLocal.get();
	}

	public static void setResponse(HttpServletResponse response) {
		responseLocal.set(response);
	}

	public static HttpSession getSession() {
		return requestLocal.get().getSession();
	}
}
</httpservletresponse></httpservletresponse></httpservletrequest></httpservletrequest>

SessionValidateFilter.java -过滤器

[java] view plain copy

/**
 * Session过滤器,将所有的请求保存
 * 
 */
public class SessionValidateFilter implements Filter{
	
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {		
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {		
		 SysContent.setRequest((HttpServletRequest) request);
		 SysContent.setResponse((HttpServletResponse) response);
		 chain.doFilter(request, response); 
	}

	@Override
	public void destroy() {
	}
}

SessionAOP.java -AOP切面业务类

[java] view plain copy

/**
 * Session AOP切面 
 * 
 */
@Component
@Aspect
public class SessionAOP {
	
	@Around(value = "@annotation(com.eaglec.plat.hj.aop.NeedSession)")
	public Object aroundManager(ProceedingJoinPoint pj) throws Exception {
		HttpServletRequest request = SysContent.getRequest();
		HttpServletResponse response = SysContent.getResponse();
		HttpSession session = SysContent.getSession();

		String path = request.getContextPath();
		String basePath = request.getScheme() + "://" + request.getServerName()
				+ ":" + request.getServerPort() + path + "/";

		SessionType type = this.getSessionType(pj);
		if (type == null) {
			throw new Exception("The value of NeedSession is must.");
		}

		Object uobj = session.getAttribute("user");
		Object mobj = session.getAttribute("manager");
		
		boolean isUser = type == SessionType.USER && uobj != null;
		boolean isManager = type == SessionType.MANAGER && mobj != null;
		boolean isUserOrManager = type == SessionType.OR&& (mobj != null || uobj != null);
		try {
			if (isUser || isManager || isUserOrManager) {				
				return pj.proceed();
			} else { // 会话过期或是session中没用户
				if (request.getHeader("x-requested-with") != null    
				        && request.getHeader("x-requested-with").equalsIgnoreCase(    //ajax处理     
				                "XMLHttpRequest")) {     
				    response.addHeader("sessionstatus", "timeout"); 
				    // 解决EasyUi问题
				    response.getWriter().print("{\"rows\":[],\"success\":false,\"total\":0}");     
				}else{//http跳转处理     
					response.sendRedirect(basePath + "error/nosession");
				}  
			}
		} catch (Throwable e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return null;
	}

	private SessionType getSessionType(ProceedingJoinPoint pj) {
		// 获取切入的 Method
		Class actionClass =  pj.getTarget().getClass();

		Method method = actionClass .getMethod(joinPoint.getSignature().getName());
		boolean flag = method.isAnnotationPresent(NeedSession.class);
		if (flag) {
			NeedSession annotation = method.getAnnotation(NeedSession.class);
			return annotation.value();
		}
		return null;
	}

}

web.xml

[html] view plain copy

<!-- spring session aop -->
	<filter>
		<filter-name>sessionValidate</filter-name>
		<filter-class>com.eaglec.plat.hj.aop.SessionValidateFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>sessionValidate</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

servlet-context.xml

[html] view plain copy

print?