有些時候我們不想讓一些權限不足的人看到一些敏感字段,因此我們可以使用注解+AOP+反射來實現將返回的對象中的敏感字段設置為null值。
1. 編寫一個注解,在屬性上使用,用來控制字段的權限
@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
public @interface ShowField {
String value();
}
2. 編寫一個切面,用來實現具體控制字段的邏輯
- 下面的代碼是將前端傳入的字段和返回給前端的字段設置為null
@Aspect
public class FiledAspect {
@Pointcut("execution(public * com.zkane.controller.*.*(..))")
public void field() {}
@Before("field()")
public void doBefore(JoinPoint joinPoint) throws Throwable {
Object[] args = joinPoint.getArgs();
for (Object obj : args) {
filterField(obj);
}
}
@AfterReturning(returning = "obj", pointcut = "field()")
public void doAfterReturning(Object obj) throws Throwable {
filterField(obj);
}
private void filterField(Object obj) throws IllegalAccessException {
Field[] fields = obj.getClass().getDeclaredFields();
for (Field field: fields) {
field.setAccessible(true);
ShowField showField = field.getAnnotation(ShowField.class);
if (showField != null && showField.value().equals("Admin")) {
field.set(obj, null);
}
}
}
}
3. 在啟動類將bean添加到ApplicationContext的容器中
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Bean
public FiledAspect filedAspect() {
return new FiledAspect();
}
}
4. 在需要進行權限控制的字段上添加注解
public class User {
private String name;
@ShowField("Admin")
private Integer age;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
@Override
public String toString() {
return "User{" +
"name='" + name + '\'' +
", age=" + age +
'}';
}
}