转自:http://zhanghua.1199.blog.163.com/blog/static/464498072011111393634448/
1 首先这是切面类,实现对所有action方法进行拦截
@Aspect
@Component
public class PrivilegeInterceptor {
@Pointcut("execution(java.lang.String com.my.web.action..*.*(..))")
private void actionMethod() {
}
@Around("actionMethod()")
public Object interceptor(ProceedingJoinPoint pjp) throws Throwable {
//System.out.println("开始拦截到了" + pjp.getSignature().getName() + "方法");
HttpServletRequest request=getRequet(pjp);
if(!validate(pjp,request)){
request.setAttribute("message", "您没有执行该操作权限");
request.setAttribute("urlAddress", "/control/right");
return "global-message";
}
return pjp.proceed();
}
/**
* 验证是否有权限执行方法
* true 代表可以执行
* false代表没有权限执行
* @return
*/
private boolean validate(ProceedingJoinPoint pjp,HttpServletRequest request) {
if(!isNeedCheck(request)){
return true;
}
SystemPrivilege methodPrivilege=getExeMethodPower(pjp);
if(methodPrivilege==null){
return true;
}
Employee employee=getEmployee(request);
for(PrivilegeGroup group:employee.getGroups()){
if(group.getPrivileges().contains(methodPrivilege)){
return true;
}
}
return false;
}
/**
* 得到当前登录的员工
* @param request
* @return
*/
private Employee getEmployee(HttpServletRequest request) {
return WebUtil.getEmployee(request.getSession());
}
/**
* 获取当前拦截对象的request请求对象
* @param pjp
* @return
*/
private HttpServletRequest getRequet(ProceedingJoinPoint pjp) {
Object target=pjp.getTarget();
HttpServletRequest retValue;
try {
Method reqMethod=target.getClass().getMethod("getRequest");
retValue=(HttpServletRequest) reqMethod.invoke(target);
} catch (Exception e) {
return null;
}
return retValue;
}
/**
* 获取路经,以判断是否需要进行权限验证
* true 需要验证
* false 不需要验证
* @param request
* @return
*/
private boolean isNeedCheck(HttpServletRequest request){
if(WebUtil.getRequestURI(request).startsWith("/control/")){
return true;
}
return false;
}
/**
* 获取执行目标方法所需要的权限
* @return
*/
private SystemPrivilege getExeMethodPower(ProceedingJoinPoint pjp){
MethodSignature joinPointObject=(MethodSignature) pjp.getSignature();
Method method = joinPointObject.getMethod();
Permission permi=method.getAnnotation(Permission.class);
if(permi==null){
return null;
}
SystemPrivilege methodPrivilege=new SystemPrivilege();
SystemPrivilegePK spk=new SystemPrivilegePK(permi.module(), permi.privilege());
methodPrivilege.setId(spk);
return methodPrivilege;
}
}
详细介绍以上获得来源
// 获取连接点的方法签名对象
MethodSignature joinPointObject = (MethodSignature) jp.getSignature();
// 连接点对象的方法
Method method = joinPointObject.getMethod();
// 连接点方法方法名
String name = method.getName();
Class<?>[] parameterTypes = method.getParameterTypes();
// 获取连接点所在的目标对象
Object target = jp.getTarget();
// 获取目标方法
method = target.getClass().getMethod(name, parameterTypes);
// 返回@AroundPointCut的注释对象
AroundPointCut joinPoint = method.getAnnotation(AroundPointCut.class);
注解代替表
@Retention(RetentionPolicy.RUNTIME)//表进运行时仍然有这个注解
@Target(ElementType.METHOD)//表示只能放在方法上
public @interface Permission {
String module();//要执行的模块
String privilege();//执行模块具体动作
}
3.一定要在struts2里的xml配置文件里加入以下几句,否则spring无法帮你注入
<constant name="struts.ui.theme" value="simple"></constant>
4.要在spring文件里配置spring容器支持注解切面
<aop:aspectj-autoproxy />
、但这样我的程程序还是报错了,我想可能是版本的问题,如果级别高的话就应该不用了,要加上一句,
完整写法:
<aop:aspectj-autoproxy proxy-target-class="true"/>