基于springboot通过自定义注解和AOP实现权限验证

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/Moneywa/article/details/83241569

这篇文章主要介绍自定义注解配合AOP的使用来完成一个简单的权限验证的功能。

一、移入依赖

<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.0.6.RELEASE</version>
		<relativePath/> <!-- lookup parent from repository -->
	</parent>

	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-aop</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

二、自定义注解：

package com.wgq.annotation;

import java.lang.annotation.*;

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Admin {

    String value() default "";
}

三、AOP切面配置

package com.wgq.aspect;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;



@Aspect
@Component
public class AdminAspect {

    @Pointcut(value = "@annotation(com.wgq.annotation.Admin)")
    public void annotationPointCut() {
    }

    @Around("annotationPointCut()")
    public Object doAround(ProceedingJoinPoint joinPoint) {
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        String methodName = signature.getMethod().getName();
        System.out.println("方法名：" + methodName);

        if(!validate()){
            return "没有权限";
        }
        try {
            return joinPoint.proceed();
        } catch (Throwable throwable) {
            return null;
        }
    }

    private boolean validate(){
        // TODO 实现自己的鉴权功能
        return false;
    }

}

四、controller测试

package com.wgq.controller;

import com.wgq.annotation.Admin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.websocket.server.PathParam;


@RestController
public class TestController {

    @GetMapping("/login")
    public String login(){
        return "登录成功！";
    }

    @RequestMapping("/refund")
    @Admin
    public String refund() {

        return "退款成功";
    }

}

五、启动方法

package com.wgq;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class TestAopApplication {

	public static void main(String[] args) {
		SpringApplication.run(TestAopApplication.class, args);
	}
}

结果：

访问：http://localhost:8080/login 可以直接访问成功。

访问：http://localhost:8080/refund  由于加了@Admin注解，需要验证权限