基于springboot通过自定义注解和AOP实现权限验证

一、移入依赖

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.6.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-aop</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

二、自定义注解：

/**
 * @Description
 * @Date: 2018/12/13
 */

import java.lang.annotation.*;

@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Admin {
    String value() default "";
}

三、AOP切面配置

package com.hsfw.backyard.web.vo;

/**
 * @Description
 * @Date: 2018/12/13
 */

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;

@Aspect
@Component
public class AdminAspect {
    @Pointcut(value = "@annotation(com.hsfw.backyard.web.vo.Admin)")
    public void annotationPointCut() {
    }

    @Around("annotationPointCut()")
    public Object doAround(ProceedingJoinPoint joinPoint) {
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
        String methodName = signature.getMethod().getName();
        System.out.println("方法名：" + methodName);
        if (!validate()) {
            return "没有权限";
        }
        try {
            return joinPoint.proceed();
        } catch (Throwable throwable) {
            return null;
        }
    }

    private boolean validate() {
        // TODO 实现自己的鉴权功能
        return false;
    }
}

四、controller测试

package com.hsfw.backyard.web.vo;

/**
 * @Description
 * @Date: 2018/12/13
 */

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;


@RestController
/**
 * 访问：http://localhost:8080/login 可以直接访问成功。
 * 访问：http://localhost:8080/refund  由于加了@Admin注解，需要验证权限
 */
public class AdminController {
    @GetMapping("/login")
    public String login() {
        return "登录成功！";
    }

    @RequestMapping("/refund")
    @Admin
    public String refund() {
        return "退款成功";
    }

}

五、启动方法

package com.hsfw.backyard.web.vo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class TestAopApplication {
    public static void main(String[] args) {
        SpringApplication.run(TestAopApplication.class, args);
    }
}