基于springboot通过自定义注解和AOP实现权限验证
一、移入依赖
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
/** * @Description * @Date: 2018/12/13 */ import java.lang.annotation.*; @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface Admin { String value() default ""; }
package com.hsfw.backyard.web.vo; /** * @Description * @Date: 2018/12/13 */ import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; import org.aspectj.lang.reflect.MethodSignature; import org.springframework.stereotype.Component; @Aspect @Component public class AdminAspect { @Pointcut(value = "@annotation(com.hsfw.backyard.web.vo.Admin)") public void annotationPointCut() { } @Around("annotationPointCut()") public Object doAround(ProceedingJoinPoint joinPoint) { MethodSignature signature = (MethodSignature) joinPoint.getSignature(); String methodName = signature.getMethod().getName(); System.out.println("方法名:" + methodName); if (!validate()) { return "没有权限"; } try { return joinPoint.proceed(); } catch (Throwable throwable) { return null; } } private boolean validate() { // TODO 实现自己的鉴权功能 return false; } }
package com.hsfw.backyard.web.vo; /** * @Description * @Date: 2018/12/13 */ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @RestController /** * 访问:http://localhost:8080/login 可以直接访问成功。 * 访问:http://localhost:8080/refund 由于加了@Admin注解,需要验证权限 */ public class AdminController { @GetMapping("/login") public String login() { return "登录成功!"; } @RequestMapping("/refund") @Admin public String refund() { return "退款成功"; } }
package com.hsfw.backyard.web.vo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class TestAopApplication { public static void main(String[] args) { SpringApplication.run(TestAopApplication.class, args); } }
