spring aop控制权限,想要细到method级别,但是advisor唔用。不明白!!
这是我的一个spring bean配置
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
<!-- 配置这个bean结合action bean的一个属性配置解析method后面带的方法 -->
<bean id="paramResolver"
class="org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver">
<property name="paramName">
<value>method</value>
</property>
<property name="defaultMethodName">
<value>index</value>
</property>
</bean>
<!-- 对view进行处理 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass">
<value>org.springframework.web.servlet.view.JstlView</value>
</property>
</bean>
<!-- 通过下面的2个bean寻找action bean -->
<bean id="defaultHandlerMapping"
class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" />
<bean
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="alwaysUseFullPath">
<value>true</value>
</property>
<property name="interceptors">
<list>
<!--<ref bean="frontEndInterceptor" />,可以实现HandlerInterceptor的3个方法,进行3中操作。-->
</list>
</property>
<property name="mappings">
<props>
<prop key="/login.do">loginAction</prop>
</props>
</property>
</bean>
<!-- 登入action bean -->
<bean id="loginAction" class="net.kingbit.actions.LoginAction">
<property name="methodNameResolver">
<ref bean="paramResolver" />
</property>
<property name="view">
<value>/WEB-INF/jsp/default.jsp</value>
</property>
</bean>
<!-- 管理员的bean -->
<bean name="/manager.do" class="net.kingbit.actions.Manager">
<property name="methodNameResolver">
<ref bean="paramResolver" />
</property>
</bean>
<!-- <aop:config>
<aop:pointcut id="servicePointcut"
expression="execution(** net.kingbit.actions.Manager.list*(HttpServletRequest,HttpServletResponse))" />
<aop:advisor advice-ref="aroundAdvice"
pointcut-ref="servicePointcut" order="0" />
</aop:config>
-->
<!-- 环绕通知,实现一个简单的权限检测 -->
<bean id="aroundAdvice" class="net.kingbit.advice.YkAroundAdvice" />
<bean id="before" class="net.kingbit.advice.PermissionBefore"></bean>
<!-- 将通知advice和pointcut链接在一起 -->
<bean id="managerAdvisor"
class="org.springframework.aop.support.RegexpMethodPointcutAdvisor">
<!-- 通知 -->
<property name="advice" ref="aroundAdvice" />
<!-- pointcut -->
<property name="patterns">
<list>
<value>list</value>
<value>test</value>
</list>
</property>
</bean>
<!-- 自动代理,可以代理多个bean -->
<bean id="autoProxy"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<!-- <property name="proxyTargetClass" value="true"></property> -->
<property name="beanNames">
<list>
<value>/manager*</value>
</list>
</property>
<property name="interceptorNames">
<list>
<!--<value>managerAdvisor</value>--> <!-- 无效的配置?对程序唔任何效果 -->
<value>aroundAdvice</value><!--这个可以拦截到类下面的所有方法,只是不具体 -->
</list>
</property>
</bean>
</beans>
advice是对权限检测,判断是否有权限调用方法
package net.kingbit.advice;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.web.servlet.ModelAndView;
//@Aspect
public class YkAroundAdvice implements MethodInterceptor {
//@Before("execution(*net.kingbit.actions.Manger.list(HttpServletRequest,HttpServletResponse))")
public Object invoke(MethodInvocation invocation) throws Throwable {
System.out.println("ljkjljljklj");
Object[] arg = invocation.getArguments();
System.out.println("length---" + arg.length);
int length=arg.length;
if(length!=0)
{HttpServletRequest request = null;
String name = invocation.getMethod().getDeclaringClass().getName()
+ invocation.getMethod();
System.out.println("method name---" + name);
request = (HttpServletRequest) arg[0];
for (int i = 0; i < arg.length; i++) {
System.out.println("arg[" + i + "]---" + arg[i]);
if (arg[i] instanceof HttpServletRequest) {
request = (HttpServletRequest) arg[i];
}
}
HttpSession session = request.getSession();
String permission = (String) session.getAttribute("permission");
if (permission.equals("admin")) {
return invocation.proceed();
}
return new ModelAndView("/WEB-INF/jsp/login.jsp");//没权限跳转到登入页面
}
return null;
}
}
Manager:
package net.kingbit.actions;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
public class Manager extends MultiActionController {
public ModelAndView test(HttpServletRequest request,HttpServletResponse response)
{
return new ModelAndView("/WEB-INF/jsp/admin.jsp");
}
public ModelAndView list(HttpServletRequest request,HttpServletResponse response)
{
return new ModelAndView("/index.jsp");
}
}
分享到:
相关推荐
博文链接:https://snz.iteye.com/blog/229915
Spring Security 参考 1 第一部分前言 15 1.入门 16 2.介绍 17 2.1什么是Spring Security? 17 2.2历史 19 2.3版本编号 20 2.4获得Spring安全 21 2.4.1使用Maven 21 Maven仓库 21 Spring框架 22 2.4.2 Gradle 23 ...
Spring Security-3.0.1 中文官方文档(翻译版) 这次发布的Spring Security-3.0.1 是一个bug fix 版,主要是对3.0 中存在的一些问题进 行修 正。文档中没有添加新功能的介绍,但是将之前拼写错误的一些类名进行...
5.5. Spring Security中的访问控制(验证) 5.5.1. 安全和AOP建议 5.5.2. 安全对象和AbstractSecurityInterceptor 5.5.2.1. 配置属性是什么? 5.5.2.2. RunAsManager 5.5.2.3. AfterInvocationManager 5.5.2.4...
5.5. Spring Security中的访问控制(验证) 5.5.1. 安全和AOP建议 5.5.2. 安全对象和AbstractSecurityInterceptor 5.5.2.1. 配置属性是什么? 5.5.2.2. RunAsManager 5.5.2.3. AfterInvocationManager ...
访问控制权限继承 多态组合代理 向上转型static final 接口和抽象类接口 抽象类异常 认 识 Exception 什么是 Throwable 常见的 Exception 与 Exception 有关的 Java 关键字 throws 和 throw try 、finally 、catch ...
254 15.3 依赖注入 259 15.3.1 Constructor注入 259 15.3.2 Setter注入 261 15.3.3 Method注入 263 15.4 Spring AOP技术 266 15.4.1 装备(advices) 267 15.4.2 Spring AOP的传统用法 275 15.4.3 基于@AspectJ注释...
Coalesys PanelBar + R.a.d Treeview +Xml 构建的Asp.net 菜单和权限管理模块 突破屏蔽限制,自己的网站使劲弹新IE窗口 对页面SCROLLING的CSS不能生效原因 .Net 中IE使用WinForm控件的使用心得。 动态加载用户控件的...
{5.2.1}将浮点数四舍五入到指定精度}{98}{subsection.5.2.1} {6}Exception}{99}{chapter.6} {6.1}\ttfamily try-catch}{99}{section.6.1} {6.2}\ttfamily finally}{100}{section.6.2} {6.3}\ttfamily throws}{...