spring aop 攔截業務方法，實現權限控制

 

難點：aop類是普通的java類，session是無法注入的，那么在有狀態的系統中如何獲取用戶相關信息呢，session是必經之路啊，獲取session就變的很重要。思索很久沒有辦法，后來在網上看到了解決辦法。

 

思路是：

 

     i. SysContext  成員變量 request,session,response
    ii. Filter 目的是給 SysContext 中的成員賦值
    iii.然后在AOP中使用這個SysContext的值

 

  要用好，需要理解  ThreadLocal和  和Filter 執行順序

 

 

1.aop獲取request，response，session等

 

public class SysContext {
    private static ThreadLocal<HttpServletRequest> requestLocal=new ThreadLocal<HttpServletRequest>();
    private static ThreadLocal<HttpServletResponse> responseLocal=new ThreadLocal<HttpServletResponse>();

    public static HttpServletRequest getRequest(){
        return requestLocal.get();
    }

    public static void setRequest(HttpServletRequest request){
        requestLocal.set(request);
    }

    public static HttpServletResponse getResponse(){
        return responseLocal.get();
    }

    public static void setResponse(HttpServletResponse response){
        responseLocal.set(response);
    }

    public static HttpSession getSession(){
        return (HttpSession)(getRequest()).getSession();
    }
}

 

2.添加過濾器

public class GetContextFilter implements Filter{

    @Override
    public void destroy() {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        SysContext.setRequest((HttpServletRequest)request);
        SysContext.setResponse((HttpServletResponse)response);
        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig config) throws ServletException {

    }

}

3.配置web.xml

將這部分放置在最前面，這樣可以過濾到所有的請求

<filter>
    <filter-name>sessionFilter</filter-name>
    <filter-class>com.unei.filter.GetContextFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>sessionFilter</filter-name>
    <url-pattern>*</url-pattern>
</filter-mapping>

4.spring aop before

從session中取出用戶名，如果不存在，拋出異常跳轉，將錯誤信息放到request中

@Aspect
public class AdminAspect {
    ActionContext context = ActionContext.getContext();
    HttpServletRequest request;
    HttpServletResponse response;

    @Before("execution(* com.unei.Action.AdminAction.getPrivileges(..))")
    public void adminPrivilegeCheck()
            throws Throwable {
        HttpSession session = SysContext.getSession();
        request = SysContext.getRequest();
        response = SysContext.getResponse();
        String userName = "";

        try {
            userName = session.getAttribute("userName").toString();
            if(userName==null||userName.equals(""))
                throw new Exception("no privilege");
        } catch (Exception ex) {
            request.setAttribute("msg", "{\"res\":\"" + "無權限" + "\"}");
            try {
                request.getRequestDispatcher("/jsp/json.jsp").forward(
                        request, response);
            } catch (ServletException e) {
                e.printStackTrace();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}

 

5.applicationContext.xml

<bean id="adminAspect" class="com.unei.aop.AdminAspect"></bean>