示例:
@Documented //说明该注解将被包含在javadoc中
@Inherited //说明子类可以继承父类中的该注解
@Target({ElementType.METHOD}) //作用于方法、不能是构造方法
@Retention(RetentionPolicy.RUNTIME) // 在运行时可以通过反射获取到,JVM会读取注解,同时保存在class文件中
public @interface ResourceValidate {
/**
* 资源编号数组{"01000000", "02000000"}
*/
String[] resourcesNos();
}
使用:
@Aspect
@Component
@Order(1)
public class ResourceValidateAspect {
@Pointcut("execution (* com.kexin.finance.register.system.rest..*.*(..))")
public void restAspect() {
}
// @Around("restAspect()") // TODO: 2018/8/23 放开权限/关闭权限
public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
/** 目标接口 */
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
/** 目标方法 */
Method method = signature.getMethod();
/** 权限验证注解 */
ResourceValidate resourceValidate = method.getAnnotation(ResourceValidate.class);//表示得到目标接口方法的某个注解的的信息
if (resourceValidate == null) {
/** 不需要权限验证 */
return joinPoint.proceed();
}
HttpServletRequest request = this.getHttpServletRequest();
HttpServletResponse response = this.getHttpServletResponse();
String[] resourcesNos = resourceValidate.resourcesNos();
if (resourcesNos.length <= 0) {
request.setAttribute(ForwardUrlConstant.UN_AUTHORITY_REQUEST_URL, request.getRequestURL());
/** 未配置可用资源编号 拦截请求 返回无权限信息 */
request.getRequestDispatcher(ForwardUrlConstant.UN_AUTHORITY).forward(request, response);
return null;
}
List<String> resourcesNoList = UserTokenUtil.getResourcesNoList();
if (resourcesNoList == null || resourcesNoList.isEmpty()) {
/** 无资源编号权限集合 请求拦截 返回无权限信息 */
// 将请求 url 设置到 request 中,以便在接口方法中获取,放在返回到前端的提示信息中
request.setAttribute(ForwardUrlConstant.UN_AUTHORITY_REQUEST_URL, request.getRequestURL());
// 请求转发到“无权限”(/unAuthority)接口
request.getRequestDispatcher(ForwardUrlConstant.UN_AUTHORITY).forward(request, response);
return null;
}
/** 比对接口需要权限和用户具有的权限 */
for (String resourceNo : resourcesNos) {
if (resourcesNoList.contains(resourceNo)) {
/** 具有接口权限 通过 */
return joinPoint.proceed();
}
}
/** 对比结束 无权限 */
request.setAttribute(ForwardUrlConstant.UN_AUTHORITY_REQUEST_URL, request.getRequestURL());
request.getRequestDispatcher(ForwardUrlConstant.UN_AUTHORITY).forward(request, response);
return null;
}
private HttpServletRequest getHttpServletRequest() {
return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
}
private HttpServletResponse getHttpServletResponse() {
return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse();
}
}
@GetMapping(value = "/pageData")
@ApiOperation(value = "登记信息分页查询数据", notes = "登记信息分页查询数据")
@ResourceValidate(resourcesNos = "0201010000")
public ResultResponse pageData(@ModelAttribute RegisterInfoVO query, @ModelAttribute PageData pageData) {
// 登记信息分页查询数据
pageData.setTotalRecords(registerInfoService.findRegisterInfoPageCount(query));
pageData.setQuery(query);
pageData.setData(registerInfoService.findRegisterInfoPageData(pageData));
return ResultResponse.successDataHiddenMsg(pageData);
}
其中
/** 权限验证注解 */
ResourceValidate resourceValidate = method.getAnnotation(ResourceValidate.class);
是定义的自定义注解的实例,其从接口方法中获取到所需要的权限代码对象:
@ResourceValidate(resourcesNos = "0201010000")
然后得到对象的属性:即接口所拥有的所有的资源编码的数组:
String[] resourcesNos = resourceValidate.resourcesNos();
然后就可以验证用户的权限是否正确了。