转:spring aop 拦截业务方法，实现权限控制

难点：aop类是普通的java类，session是无法注入的，那么在有状态的系统中如何获取用户相关信息呢，session是必经之路啊，获取session就变的很重要。思索很久没有办法，后来在网上看到了解决办法。

 

思路是：

 

     i. SysContext  成员变量 request,session,response 
    ii. Filter 目的是给 SysContext 中的成员赋值 
    iii.然后在AOP中使用这个SysContext的值

 

  要用好，需要理解  ThreadLocal和  和Filter 执行顺序

 

 

1.aop获取request，response，session等

public class SysContext {
    private static ThreadLocal<HttpServletRequest> requestLocal=new ThreadLocal<HttpServletRequest>();
    private static ThreadLocal<HttpServletResponse> responseLocal=new ThreadLocal<HttpServletResponse>();

    public static HttpServletRequest getRequest(){
        return requestLocal.get();
    }

    public static void setRequest(HttpServletRequest request){
        requestLocal.set(request);
    }

    public static HttpServletResponse getResponse(){
        return responseLocal.get();
    }

    public static void setResponse(HttpServletResponse response){
        responseLocal.set(response);
    }

    public static HttpSession getSession(){
        return (HttpSession)(getRequest()).getSession();
    }
}

 

2.添加过滤器

public class GetContextFilter implements Filter{

    @Override
    public void destroy() {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        SysContext.setRequest((HttpServletRequest)request);
        SysContext.setResponse((HttpServletResponse)response);
        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig config) throws ServletException {

    }

}

3.配置web.xml

将这部分放置在最前面，这样可以过滤到所有的请求

<filter>
    <filter-name>sessionFilter</filter-name>
    <filter-class>com.unei.filter.GetContextFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>sessionFilter</filter-name>
    <url-pattern>*</url-pattern>
</filter-mapping>

4.spring aop before

从session中取出用户名，如果不存在，抛出异常跳转，将错误信息放到request中

@Aspect
public class AdminAspect {
    ActionContext context = ActionContext.getContext();
    HttpServletRequest request;
    HttpServletResponse response;

    @Before("execution(* com.unei.Action.AdminAction.getPrivileges(..))")
    public void adminPrivilegeCheck()
            throws Throwable {
        HttpSession session = SysContext.getSession();
        request = SysContext.getRequest();
        response = SysContext.getResponse();
        String userName = "";

        try {
            userName = session.getAttribute("userName").toString();
            if(userName==null||userName.equals(""))
                throw new Exception("no privilege");
        } catch (Exception ex) {
            request.setAttribute("msg", "{"res":"" + "无权限" + ""}");
            try {
                request.getRequestDispatcher("/jsp/json.jsp").forward(
                        request, response);
            } catch (ServletException e) {
                e.printStackTrace();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}

 

5.applicationContext.xml

<bean id="adminAspect" class="com.unei.aop.AdminAspect"></bean>