目录
1.前言
在开发过程中,我们想给控制器的某些方法进行控制访问权限,或者我们需要做方法调用日志记录,在每个方法中去实现显然不实际,所以通过自定义注解不失为一种好办法,以下已权限注解为例。
2.自定义一个注解
package org.aaron.framework.common.interceptor;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.annotation.Inherited;
@Target(ElementType.METHOD)//目标是方法
@Retention(RetentionPolicy.RUNTIME)//注解会在class中存在,运行时可通过反射获取
@Documented
@Inherited
public @interface Permission {
/*检查是否有权限
*
*
* @retrurn 默认""
e*/
public String name() default "";
}
2.1 注解说明
2.1.1 Target:表示注解的作用目标
@Target(ElementType.TYPE) //接口、类、枚举、注解
@Target(ElementType.FIELD) //字段、枚举的常量
@Target(ElementType.METHOD) //方法
@Target(ElementType.PARAMETER) //方法参数
@Target(ElementType.CONSTRUCTOR) //构造函数
@Target(ElementType.LOCAL_VARIABLE)//局部变量
@Target(ElementType.ANNOTATION_TYPE)//注解
@Target(ElementType.PACKAGE) ///包
2.1.2 @Documented:说明该注解将被包含在javadoc中;
2.1.3 @Inherited:说明子类可以继承父类中的该注解 ;
2.1.4 @Retention:注解的保留位置;
@Retention(RetentionPolicy.SOURCE) //注解仅存在于源码中,在class字节码文件中不包含
@Retention(RetentionPolicy.CLASS) // 默认的保留策略,注解会在class字节码文件中存在,但运行时无法获得,
@Retention(RetentionPolicy.RUNTIME) // 注解会在class字节码文件中存在,在运行时可以通过反射获取到
3. 定义一个相应的拦截器
package org.aaron.framework.common.interceptor;
import java.lang.reflect.Method;
import java.util.List;
import javax.persistence.PersistenceContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
public class PermissionInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
HandlerMethod method = (HandlerMethod) handler;
Permission permission = method.getMethodAnnotation(Permission.class);
if (permission != null) {
String authority = permission.name();
System.out.println(authority);
boolean hasPermission = checkAuhth(List<SysAuth> sysAuths,authority);
if (hasPermission) {
return true;
}else{
return false;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// TODO Auto-generated method stub
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
// TODO Auto-generated method stub
}
}
4.在springMVC配置文件中进行配置
<mvc:interceptors>
<bean class="org.aaron.framework.common.interceptor.PermissionInterceptor"></bean>
</mvc:interceptors>5.在springMVC controller中使用实例
@Permission(name="/sysUser/delete.do")
@RequestMapping("/delete")
public String delete(HttpServletRequest request ,HttpServletResponse response,String uuid ) {
try {
sysUserService.delete(uuid);
this.ajaxResult(response,1,Constants.SUCCESS);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}