package app; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @Retention(RetentionPolicy.RUNTIME) public @interface PrivilegeAnnotation { String model(); //模块 String pivilegeValue();//权限名 }
使用注解:
public class StudentAction { //student 模板中的add方法 @PrivilegeAnnotation(model="student",pivilegeValue="add") public void add() { System.out.println("add student......"); } @PrivilegeAnnotation(model="student",pivilegeValue="update") public void update() { System.out.println("update student......."); } @PrivilegeAnnotation(model="student",pivilegeValue="delete") public void delete() { System.out.println("delete ..............."); } //select 为所有用户都能查看 public void select() { System.out.println("select..............."); } }
创建一个Privilege类,存放用户访问信息
public class Privilege { private String uname; //用户名 private String model; ////模块 private String privilegeValue; //权限名 ..... get set 方法 }
public class PrivilegeService { //获得用户的所有权限 public static ArrayList<Privilege> getPrivilege(String uname){ ArrayList<Privilege> list=new ArrayList<Privilege>(); if("admin".equals(uname)){ list.add(new Privilege("admin", "student", "add")); list.add(new Privilege("admin", "student", "update")); list.add(new Privilege("admin", "student", "delete")); }else { list.add(new Privilege("andy", "student", "add")); } return list; } }
/** * 进行权限管理 * @author zhou * */ public class PrivilegeManager { private StudentAction action; //------------------------------------------------------------- //b/s模式中不需要传action 接收一个StudentAction类 public PrivilegeManager(StudentAction action) { this.action=action; } //------------------------------------------------------------- //权限验证,b/s不需要传name uname:用户名 methodName:方法名 public void validate(String uname,String methodName){ //1. Method method=this.getMethod(methodName); //------------------------------------------------------------- //2. PrivilegeAnnotation annotation=this.getAnnotation(method); //------------------------------------------------------------- if(annotation!=null){ //3.根据注解和传入的用户名,得到Privilege对象 //根据注解和传入的用户名,得到Privilege对象 Privilege privilege=new Privilege(); privilege.setUname(uname); privilege.setModel(annotation.model()); //获得注解中的模块名称 privilege.setPrivilegeValue(annotation.pivilegeValue());//获得注解中的访问操作 //------------------------------------------------------------- //得到该用户的所有权限 ArrayList<Privilege> list=PrivilegeService.getPrivilege(uname); //判断该用户是否有权限 //contains list中是否存在指定对象 if(list.contains(privilege)){ //存在 this.doMethod(method); //调用方法 }else{ //不存在 System.out.println("没有权限"); } }else{ this.doMethod(method); //调用方法 } } //------------------------------------------------------------- //得到方法名对应的Method对象 private Method getMethod(String methodName){ Method method=null; try { //从StudentAction类中得到对应的方法 method=this.action.getClass ().getDeclaredMethod(methodName); } catch (SecurityException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchMethodException e) { // TODO Auto-generated catch block e.printStackTrace(); } return method; } //------------------------------------------------------------- //再将方法传入进来 得到注解对象 private PrivilegeAnnotation getAnnotation(Method method){ PrivilegeAnnotation annotation=null; if (method.isAnnotationPresent (PrivilegeAnnotation.class)){ annotation=method.getAnnotation (PrivilegeAnnotation.class); } return annotation; } }
public class Demo { public static void main(String[] args) { StudentAction action=new StudentAction(); PrivilegeManager manager=new PrivilegeManager(action); manager.validate("admin","select"); manager.validate("admin","update"); manager.validate("admin","delete"); manager.validate("admin","add"); System.out.println("------andy--------------"); manager.validate("andy","select"); manager.validate("andy","update"); manager.validate("andy","delete"); manager.validate("andy","add"); System.out.println("------jack--------------"); manager.validate("jack","select"); manager.validate("jack","update"); manager.validate("jack","delete"); manager.validate("jack","add"); } }
输出结果:
select............... update student....... delete ............... add student...... ------andy-------------- select............... 没有权限 没有权限 add student...... ------jack-------------- select............... 没有权限 没有权限 没有权限
用b/s模式做的话,则是跳转各页面,自行参考。