aop(权限控制)
2024-10-18 18:50:12
创建sysContext (管理请求)
package com.tp.soft.common.util; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; public class SysContext {
private static ThreadLocal<HttpServletRequest> reqLocal = new ThreadLocal<HttpServletRequest>();
private static ThreadLocal<HttpServletResponse> resLocal = new ThreadLocal<HttpServletResponse>(); public static void setRequest(HttpServletRequest request){
reqLocal.set(request);
} public static HttpServletRequest getRequest(){
return reqLocal.get();
} public static void setResponse(HttpServletResponse response){
resLocal.set(response);
} public static HttpServletResponse getResponse(){
return resLocal.get();
} public static HttpSession getSession(){
return getRequest().getSession();
}
}
创建拦截器,通过每次请求就创建httpServletRequest
GetContextFilter.java
package com.tp.soft.common.filter; import java.io.IOException; import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import com.tp.soft.common.util.SysContext; public class GetContextFilter implements Filter{ public void destroy() {
// TODO Auto-generated method stub } public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
// TODO Auto-generated method stub
SysContext.setRequest((HttpServletRequest) arg0);
SysContext.setResponse((HttpServletResponse) arg1);
arg2.doFilter(arg0, arg1);
} public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub } }
web.xml 拦截器配置
<filter>
<filter-name>sessionFilter</filter-name>
<filter-class>com.tp.soft.common.filter.GetContextFilter</filter-class>
</filter> <filter-mapping>
<filter-name>sessionFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
aop切面对象 判断权限
package com.tp.soft.aop; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before; import com.tp.soft.common.util.SysContext;
import com.tp.soft.entity.User; @Aspect
public class AdminAspect { @Before("execution(* com.tp.soft.service..*.*(..)) && !execution(* com.tp.soft.service..LoginSvc.*(..))")
public void dealPrivilege() throws Throwable{
HttpSession session = SysContext.getSession();
HttpServletRequest request = SysContext.getRequest();
HttpServletResponse response = SysContext.getResponse();
User user = (User) session.getAttribute("user");
if(user == null){
request.getRequestDispatcher("noPower.jsp").forward(request, response);
} }
}
UserController.java
当访问dologin 再访问toQueryUser即已经存在session 则表示有操作权限,
否则直接访问toQueryUser 则会通过aop 跳转到noPower.jsp
@RequestMapping(value="/doLogin")
@ResponseBody
public void doLogin(){
User user = new User();
user.setLogin_name("zs");
user.setLogin_pwd("1234");
loginSvc.doLogin("zs", "123");
SysContext.getSession().setAttribute("user", user);
} @RequestMapping(value="/toQueryUser")
public ModelAndView toQueryUser(){
User user = userSvc.getUser(21);
Map<String, Object> map = new HashMap<String, Object>();
map.put("user", user);
return new ModelAndView("/pc/userTest", map);
}
最新文章
- java笔记--反射机制之基础总结与详解
- C#控制台->;>;四则运算
- Spring MVC的启动过程
- STM32使用以下规则对过滤器编号:
- assert使用
- PHP上传文件详解
- 1.4.2.4. SAVING(Core Data 应用程序实践指南)
- 开启新模式WinForm
- database.properties数据源
- docker的安装和技巧
- day 25-1 接口类、抽象类、多态
- linux系统安全设置策略
- C#基础之Assembly
- Android Handler、Message、MessageQueue和Looper官方说明
- Python将科学计数法数值转换为指定精度浮点数
- sql删除数据库所有表
- ArcGIS 编程中对接口的理解
- rails中发送ajax请求
- java设计模式之模板方法
- JAMstack 技术要点
热门文章
- DCDC参数测量及方法
- ES6新特性-函数的简写(箭头函数)
- raise error
- try catch的使用场景
- weixin://connectToFreeWifi/?apKey=协议如何跳转到微信客户端打开在wifi指定任意网页?
- Leetcode: Number Complement
- List、Set、Map集合
- 论文阅读(Lukas Neumann——【ICCV2017】Deep TextSpotter_An End-to-End Trainable Scene Text Localization and Recognition Framework)
- Django session/cookie
- 2017-2018-2 20155228 《网络对抗技术》 实验九:Web安全基础