Spring-AOP之工作實踐(二)

玉壺冰發表於2020-06-09
Spring

案例二、前端頁面許可權控制

  對controllor控制器中的某寫方法進行增強,如實現頁面的按鈕許可權控制。

 

/**
 * 儲存session的容器
 */
public class SessionContext {
    private static Map<String, HttpSession> sessionMap;

    // 單例
    private SessionContext() { sessionMap = new ConcurrentHashMap<>(); }

    private enum SessionContextSingle {
        INSTANCE;
        private SessionContext sessionContext;
        SessionContextSingle() {
            sessionContext = new SessionContext();
        }
        public SessionContext getInstance() { return sessionContext; }
    }

    public static SessionContext getInstance() {
        return SessionContextSingle.INSTANCE.getInstance();
    }

    // 新增session
    public synchronized void addSession(HttpSession httpSession) {
        if (httpSession != null) {
            sessionMap.put(httpSession.getId(), httpSession);
        }
    }

    // 刪除session
    public synchronized void deleteSession(HttpSession httpSession) {
        if (httpSession != null) {
            sessionMap.remove(httpSession.getId());
        }
    }

    // 根據sessionId獲取session
    public HttpSession getSession(String sessionId) {
        if (StringUtils.isBlank(sessionId)) {
            return null;
        }
        return sessionMap.get(sessionId);
    }
}

 

/**
 * session監聽器
 */
public class SessionListener implements HttpSessionListener {
    private SessionContext sessionContext = SessionContext.getInstance();

    // 在會話中第一次登入時,就呼叫該方法建立session
    @Override
    public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        HttpSession httpSession = httpSessionEvent.getSession();
        httpSession.setMaxInactiveInterval(10);
        sessionContext.addSession(httpSession);
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
        HttpSession httpSession = httpSessionEvent.getSession();
        sessionContext.deleteSession(httpSession);
    }
}

 

/**
 * main方法處理切面
 */
@Component
@Aspect
@Order(-1)
public class MainAspect {
    @Autowired
    private UserService userService;

    // 切入點
    @Pointcut("execution(* com.demo.*.controller.*Controller.*main(String, ..))")
    private void pointCut() {}

    // 前置通知,在執行目標方法之前執行
    @Before("pointCut()")
    public void main(Joinpoint joinpoint) {
        // 獲取sessionid
        String sessionId = (String) joinpoint.getArgs()[0];
        // 獲取當前上下文的session物件
        HttpSession httpSession = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
        // 根據sessionId獲取session物件
        User user = SessionContext.getInstance().getSession(sessionId).getAttribute("user");
        // 對當前上下文的session賦值
        httpSession.setAttribute("user", user);
        // 許可權傳到前端
        ModelAndView modelAndView = (ModelAndView) joinpoint.getArgs()[1];
        Map<String, Object> model = Maps.newHashMap();
        model.put("hasAdminRole", userService.hasRole(NeedRole.ADMIN));
        modelAndView.addAllObjects(model);
    }
}

 

/**
 * 前端處理器
 */
@Controller
public class DemoController {
    @PostMapping("/main")
    public String main(String sessionId, ModelAndView modelAndView) {
        Map<String, Object> model = Maps.newHashMap();
        modelAndView.setViewName("demo/main");;
        return modelAndView;
    }
}

 

<!--頁面:可以使用切面中儲存到request域中的許可權值來判斷,進而實現頁面按鈕角色許可權控制-->
<a th:if="${hasAdminRole}" href="javascript:void(0)" onclick="submit()">提交</a>

 

相關文章