背景:在SpringMVC框架中,对Controller层中的需要相关用户权限的方法,加入Session中用户或管理员的验证。
NeedSession.java -注解类
/** * 用户Session注解,只能用于方法<br/> * 默认为value = SessionType.USER * * @author Xiadi * @since 2013-9-10 */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface NeedSession { /** * Session中用户的类型<br/> * 默认 USER * * @return */ SessionType value() default SessionType.USER; }
SessionType.java -枚举类
/** * Session中User的类型 * */ public enum SessionType { /** * 两者任意一个 */ OR, /** * 会员用户 */ USER, /** * 管理员 */ MANAGER }
SysContent.java -web请求的上下文类
/** * Web上下文,保存所有request与response * */ public class SysContent { private static ThreadLocal<httpservletrequest> requestLocal = new ThreadLocal<httpservletrequest>(); private static ThreadLocal<httpservletresponse> responseLocal = new ThreadLocal<httpservletresponse>(); public static HttpServletRequest getRequest() { return requestLocal.get(); } public static void setRequest(HttpServletRequest request) { requestLocal.set(request); } public static HttpServletResponse getResponse() { return responseLocal.get(); } public static void setResponse(HttpServletResponse response) { responseLocal.set(response); } public static HttpSession getSession() { return requestLocal.get().getSession(); } }
SessionValidateFilter.java -过滤器
/** * Session过滤器,将所有的请求保存 * */ public class SessionValidateFilter implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { SysContent.setRequest((HttpServletRequest) request); SysContent.setResponse((HttpServletResponse) response); chain.doFilter(request, response); } @Override public void destroy() { } }
SessionAOP.java -AOP切面业务类
/** * Session AOP切面 * */ @Component @Aspect public class SessionAOP { @Around(value = "@annotation(com.eaglec.plat.hj.aop.NeedSession)") public Object aroundManager(ProceedingJoinPoint pj) throws Exception { HttpServletRequest request = SysContent.getRequest(); HttpServletResponse response = SysContent.getResponse(); HttpSession session = SysContent.getSession(); String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/"; SessionType type = this.getSessionType(pj); if (type == null) { throw new Exception("The value of NeedSession is must."); } Object uobj = session.getAttribute("user"); Object mobj = session.getAttribute("manager"); boolean isUser = type == SessionType.USER && uobj != null; boolean isManager = type == SessionType.MANAGER && mobj != null; boolean isUserOrManager = type == SessionType.OR&& (mobj != null || uobj != null); try { if (isUser || isManager || isUserOrManager) { return pj.proceed(); } else { // 会话过期或是session中没用户 if (request.getHeader("x-requested-with") != null && request.getHeader("x-requested-with").equalsIgnoreCase( //ajax处理 "XMLHttpRequest")) { response.addHeader("sessionstatus", "timeout"); // 解决EasyUi问题 response.getWriter().print("{\"rows\":[],\"success\":false,\"total\":0}"); }else{//http跳转处理 response.sendRedirect(basePath + "error/nosession"); } } } catch (Throwable e) { // TODO Auto-generated catch block e.printStackTrace(); } return null; } private SessionType getSessionType(ProceedingJoinPoint pj) { // 获取切入的 Method MethodSignature joinPointObject = (MethodSignature) pj.getSignature(); Method method = joinPointObject.getMethod(); boolean flag = method.isAnnotationPresent(NeedSession.class); if (flag) { NeedSession annotation = method.getAnnotation(NeedSession.class); return annotation.value(); } return null; } }
web.xml
<!-- spring session aop --> <filter> <filter-name>sessionValidate</filter-name> <filter-class>com.eaglec.plat.hj.aop.SessionValidateFilter</filter-class> </filter> <filter-mapping> <filter-name>sessionValidate</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
servlet-context.xml
<aop:aspectj-autoproxy/>