Spring-AOP之工作实践(二)
案例二、前端页面权限控制
对controllor控制器中的某写方法进行增强,如实现页面的按钮权限控制。
/** * 保存session的容器 */ public class SessionContext { private static Map<String, HttpSession> sessionMap; // 单例 private SessionContext() { sessionMap = new ConcurrentHashMap<>(); } private enum SessionContextSingle { INSTANCE; private SessionContext sessionContext; SessionContextSingle() { sessionContext = new SessionContext(); } public SessionContext getInstance() { return sessionContext; } } public static SessionContext getInstance() { return SessionContextSingle.INSTANCE.getInstance(); } // 添加session public synchronized void addSession(HttpSession httpSession) { if (httpSession != null) { sessionMap.put(httpSession.getId(), httpSession); } } // 删除session public synchronized void deleteSession(HttpSession httpSession) { if (httpSession != null) { sessionMap.remove(httpSession.getId()); } } // 根据sessionId获取session public HttpSession getSession(String sessionId) { if (StringUtils.isBlank(sessionId)) { return null; } return sessionMap.get(sessionId); } }
/** * session监听器 */ public class SessionListener implements HttpSessionListener { private SessionContext sessionContext = SessionContext.getInstance(); // 在会话中第一次登录时,就调用该方法创建session @Override public void sessionCreated(HttpSessionEvent httpSessionEvent) { HttpSession httpSession = httpSessionEvent.getSession(); httpSession.setMaxInactiveInterval(10); sessionContext.addSession(httpSession); } @Override public void sessionDestroyed(HttpSessionEvent httpSessionEvent) { HttpSession httpSession = httpSessionEvent.getSession(); sessionContext.deleteSession(httpSession); } }
/** * main方法处理切面 */ @Component @Aspect @Order(-1) public class MainAspect { @Autowired private UserService userService; // 切入点 @Pointcut("execution(* com.demo.*.controller.*Controller.*main(String, ..))") private void pointCut() {} // 前置通知,在执行目标方法之前执行 @Before("pointCut()") public void main(Joinpoint joinpoint) { // 获取sessionid String sessionId = (String) joinpoint.getArgs()[0]; // 获取当前上下文的session对象 HttpSession httpSession = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession(); // 根据sessionId获取session对象 User user = SessionContext.getInstance().getSession(sessionId).getAttribute("user"); // 对当前上下文的session赋值 httpSession.setAttribute("user", user); // 权限传到前端 ModelAndView modelAndView = (ModelAndView) joinpoint.getArgs()[1]; Map<String, Object> model = Maps.newHashMap(); model.put("hasAdminRole", userService.hasRole(NeedRole.ADMIN)); modelAndView.addAllObjects(model); } }
/** * 前端处理器 */ @Controller public class DemoController { @PostMapping("/main") public String main(String sessionId, ModelAndView modelAndView) { Map<String, Object> model = Maps.newHashMap(); modelAndView.setViewName("demo/main");; return modelAndView; } }
<!--页面:可以使用切面中保存到request域中的权限值来判断,进而实现页面按钮角色权限控制--> <a th:if="${hasAdminRole}" href="javascript:void(0)" onclick="submit()">提交</a>
