基于AOP的简单鉴权:
注解Auth:
@Documented
@Target({ElementType.METHOD,ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface Auth {
RoleEnum[] value();
}
返回类型RoleEnum数组;注解可以在类上页可以在具体方法上,优先方法注解生效;
RoleEnum
/**
* @ClassName RoleEnum
* @Description TODO
* @Author liuzetian
* @Date 2019/6/4 7:41 PM
* @Version 1.0
**/
public enum RoleEnum {
MANAGER("ROLE_manager", "xxxx"),
PERSONNEL("ROLE_personnel", "xxxx"),
RECRUITER("ROLE_recruiter", "xxxx"),
TRAIN("ROLE_train", "xxxx"),
SALARY("ROLE_salary", "xxxx"),
ADMIN("ROLE_admin", "xxxx"),
SOCIAL_FUND("ROLE_social_fund", "xxxx"),
PROVIDENT("ROLE_provident", "xxxx"),
TAX("ROLE_tax", "xxxx"),
PERFORMANCE("ROLE_performance", "xxxx");
private String name;
private String nameZh;
RoleEnum(String name, String nameZh) {
this.name = name;
this.nameZh = nameZh;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getNameZh() {
return nameZh;
}
public void setNameZh(String nameZh) {
this.nameZh = nameZh;
}
}
Aspect 切面
/**
* @ClassName AuthFilterAspect
* @Description 权限校验
* @Author liuzetian
* @Date 2019/6/4 5:43 PM
* @Version 1.0
**/
@Component
@Aspect
public class AuthFilterAspect {
@Pointcut("within(com.xx.xx.xx.controller.*)")
public void pointCut() {
}
@Around("pointCut()")
public Object checkAuth(ProceedingJoinPoint joinPoint) throws Throwable {
// HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
// String method = request.getMethod();
RoleEnum[] roleEnums;
MethodSignature joinPointObject = (MethodSignature) joinPoint.getSignature();
Method method = joinPointObject.getMethod();
boolean isMethodHaveAuth = method.isAnnotationPresent(Auth.class);
//如果方法有权限设置则获取方法的权限 否则获取类上的权限
if (isMethodHaveAuth) {
Auth annotation = method.getAnnotation(Auth.class);
roleEnums = annotation.value();
} else {
//获取类上@Auth注解
Auth classAnnotation = AnnotationUtils.findAnnotation(joinPointObject.getMethod().getDeclaringClass(), Auth.class);
if (classAnnotation != null) {
roleEnums = classAnnotation.value();
} else {
//没有权限设置则默认都可访问
return joinPoint.proceed();
}
}
if (check(roleEnums)) {
return joinPoint.proceed();
}
return ResponseHelper.validationFailure("权限不足,请联系管理员.");
}
private boolean check(RoleEnum[] roleEnums) {
AdminUser user = AdminUtils.getCurrentAdmin();
List<Role> roles = user.getRoles();
for (RoleEnum roleEnum : roleEnums) {
for (Role role : roles) {
//默认管理员有全部权限
if (RoleEnum.ADMIN.getName().equals(role.getName())) {
return true;
}
if (roleEnum.getName().equals(role.getName())) {
return true;
}
}
}
return false;
}
}
例:
打在类上
import java.util.List;
@Auth({RoleEnum.ADMIN})
@RestController
@RequestMapping("/system/admin")
public class AdminUserController {
}
/**
* @author peifeng.lzt@raycloud.com
* @since 2019-04-11
*/
@Auth({RoleEnum.TAX,RoleEnum.SOCIAL_FUND,RoleEnum.PROVIDENT})
@Log4j2
@RestController
@RequestMapping("/period-summ-company")
public class PeriodSummaryAmmountCompanyController {
}
打在方法上:
/**
*
* @author peifeng.lzt@raycloud.com
* @since 2019-04-17
*/
@Log4j2
@RestController
@RequestMapping("/personal-incometax")
public class PersonalIncomeTaxController {
private final Logger logger = LoggerFactory.getLogger(PersonalIncomeTaxController.class);
@Autowired
public IPersonalIncomeTaxService iPersonalIncomeTaxService;
@Autowired
public IStaffService iStaffService;
/**
* 分页查询数据
*
* @param page 分页信息
* @param query 查询条件
* @return
*/
@Auth({RoleEnum.TAX})
@GetMapping("/getPersonalIncomeTaxPageList")
public ResponseModel<Page<PersonalIncomeTaxVO>> getPersonalIncomeTaxList(Page page, PersonalIncomeTaxQuery query) {
}
}
