背景:在SpringMVC框架中,对Controller层中的需要相关用户权限的方法,加入Session中用户或管理员的验证。
NeedSession.java -注解类
/**
* 用户Session注解,只能用于方法<br/>
* 默认为value = SessionType.USER
*
* @author Xiadi
* @since 2013-9-10
*/
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface NeedSession {
/**
* Session中用户的类型<br/>
* 默认 USER
*
* @return
*/
SessionType value() default SessionType.USER;
}
SessionType.java -枚举类
/**
* Session中User的类型
*
*/
public enum SessionType {
/**
* 两者任意一个
*/
OR,
/**
* 会员用户
*/
USER,
/**
* 管理员
*/
MANAGER
}
SysContent.java -web请求的上下文类
/**
* Web上下文,保存所有request与response
*
*/
public class SysContent {
private static ThreadLocal<httpservletrequest> requestLocal = new ThreadLocal<httpservletrequest>();
private static ThreadLocal<httpservletresponse> responseLocal = new ThreadLocal<httpservletresponse>();
public static HttpServletRequest getRequest() {
return requestLocal.get();
}
public static void setRequest(HttpServletRequest request) {
requestLocal.set(request);
}
public static HttpServletResponse getResponse() {
return responseLocal.get();
}
public static void setResponse(HttpServletResponse response) {
responseLocal.set(response);
}
public static HttpSession getSession() {
return requestLocal.get().getSession();
}
}
SessionValidateFilter.java -过滤器
/**
* Session过滤器,将所有的请求保存
*
*/
public class SessionValidateFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
SysContent.setRequest((HttpServletRequest) request);
SysContent.setResponse((HttpServletResponse) response);
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
SessionAOP.java -AOP切面业务类
/**
* Session AOP切面
*
*/
@Component
@Aspect
public class SessionAOP {
@Around(value = "@annotation(com.eaglec.plat.hj.aop.NeedSession)")
public Object aroundManager(ProceedingJoinPoint pj) throws Exception {
HttpServletRequest request = SysContent.getRequest();
HttpServletResponse response = SysContent.getResponse();
HttpSession session = SysContent.getSession();
String path = request.getContextPath();
String basePath = request.getScheme() + "://" + request.getServerName()
+ ":" + request.getServerPort() + path + "/";
SessionType type = this.getSessionType(pj);
if (type == null) {
throw new Exception("The value of NeedSession is must.");
}
Object uobj = session.getAttribute("user");
Object mobj = session.getAttribute("manager");
boolean isUser = type == SessionType.USER && uobj != null;
boolean isManager = type == SessionType.MANAGER && mobj != null;
boolean isUserOrManager = type == SessionType.OR&& (mobj != null || uobj != null);
try {
if (isUser || isManager || isUserOrManager) {
return pj.proceed();
} else { // 会话过期或是session中没用户
if (request.getHeader("x-requested-with") != null
&& request.getHeader("x-requested-with").equalsIgnoreCase( //ajax处理
"XMLHttpRequest")) {
response.addHeader("sessionstatus", "timeout");
// 解决EasyUi问题
response.getWriter().print("{\"rows\":[],\"success\":false,\"total\":0}");
}else{//http跳转处理
response.sendRedirect(basePath + "error/nosession");
}
}
} catch (Throwable e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
private SessionType getSessionType(ProceedingJoinPoint pj) {
// 获取切入的 Method
MethodSignature joinPointObject = (MethodSignature) pj.getSignature();
Method method = joinPointObject.getMethod();
boolean flag = method.isAnnotationPresent(NeedSession.class);
if (flag) {
NeedSession annotation = method.getAnnotation(NeedSession.class);
return annotation.value();
}
return null;
}
}
web.xml
<!-- spring session aop -->
<filter>
<filter-name>sessionValidate</filter-name>
<filter-class>com.eaglec.plat.hj.aop.SessionValidateFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sessionValidate</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
servlet-context.xml
<aop:aspectj-autoproxy/>