spring aop 拦截业务方法，实现权限控制示例

难点：aop类是普通的java类，session是无法注入的，那么在有状态的系统中如何获取用户相关信息呢，session是必经之路啊，获取session就变的很重要。思索很久没有办法，后来在网上看到了解决办法。

思路是：

i. SysContext  成员变量 request,session,response 

ii. Filter 目的是给 SysContext 中的成员赋值 

iii.然后在AOP中使用这个SysContext的值

要用好，需要理解  ThreadLocal和  和Filter 执行顺序

1.aop获取request，response，session等

public class SysContext { 
  private static ThreadLocal requestLocal=new ThreadLocal(); 
  private static ThreadLocal responseLocal=new ThreadLocal(); 
  
  public static HttpServletRequest getRequest(){ 
   return requestLocalget(); 
  } 
  
  public static void setRequest(HttpServletRequest request){ 
   requestLocalset(request); 
  } 
  
  public static HttpServletResponse getResponse(){ 
   return responseLocalget(); 
  } 
  
  public static void setResponse(HttpServletResponse response){ 
   responseLocalset(response); 
  } 
  
  public static HttpSession getSession(){ 
   return (HttpSession)(getRequest())getSession(); 
  } 
 } 

2.添加过滤器

public class GetContextFilter implements Filter{ 
 
  @Override 
  public void destroy() { 
   
  } 
 
  @Override 
  public void doFilter(ServletRequest request, ServletResponse response, 
    FilterChain chain) throws IOException, ServletException { 
   SysContextsetRequest((HttpServletRequest)request); 
   SysContextsetResponse((HttpServletResponse)response); 
   chaindoFilter(request, response); 
  } 
 
  @Override 
  public void init(FilterConfig config) throws ServletException { 
   
  } 
 
 } 
 

3.配置web.xml 

将这部分放置在最前面，这样可以过滤到所有的请求

 
  sessionFilter 
  comuneifilterGetContextFilter 
  
 
  
  sessionFilter 
  * 
  

4.spring aop before

从session中取出用户名，如果不存在，抛出异常跳转，将错误信息放到request中

@Aspect 
 public class AdminAspect { 
  ActionContext context = ActionContextgetContext(); 
  HttpServletRequest request; 
  HttpServletResponse response; 
 
  @Before("execution(* comuneiActionAdminActiongetPrivileges())") 
  public void adminPrivilegeCheck() 
    throws Throwable { 
   HttpSession session = SysContextgetSession(); 
   request = SysContextgetRequest(); 
   response = SysContextgetResponse(); 
   String userName = ""; 
   
   try { 
    userName = sessiongetAttribute("userName")toString(); 
    if(userName==null||userNameequals("")) 
     throw new Exception("no privilege"); 
   } catch (Exception ex) { 
    requestsetAttribute("msg", "{"res":"" + "无权限" + ""}"); 
    try { 
     requestgetRequestDispatcher("/jsp/jsonjsp")forward( 
request, response); 
    } catch (ServletException e) { 
     eprintStackTrace(); 
    } catch (IOException e) { 
     eprintStackTrace(); 
    } 
   } 
  } 
 } 

5.applicationContext.xml

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持考高分网。