我有一个控制器:
@Authorised(id = "{personId}")
@RequestMapping(value = {"{personId}"}, method = GET)
public void test(@PathVariable PersonId personId) {
System.out.println(personId); //gets personId
}
注解:
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Authorised {
String id() default "";
}
切入点:
@Pointcut("@annotation(Authorised)")
private void AuthorisedMethod() {}
并且必须获取{personId}值而不是字符串“{personId}”的方法:
@Before("AuthorisedMethod()")
public void checkIfIsCurrentlyAuthenticated(JoinPoint joinPoint) throws NoSuchMethodException {
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
String methodName = signature.getMethod().getName();
Class<?>[] parameterTypes = signature.getMethod().getParameterTypes();
Parameter[] parameters = signature.getMethod().getParameters();
Authorised annotations = joinPoint.getTarget().getClass().getMethod(methodName, parameterTypes).getAnnotation(Authorised.class);
String id = annotations.id();
System.out.println(id); // prints: "{personId}"
// do the chekcing
throw new UnauthenticatedUserException();
}
可以实现吗?如何实现?
更新:但是如果方法参数参数号与切入点args()不匹配怎么办?我的意思是如果具体方法有参数@PathVariable PersonId personId和更多,但poincut需要只知道PersonId personId?
就像@statut一样,你必须像这样编写args():args(personId,..)
您可以修改@Before()注释以具有PersonId值并将此值传递给aspect,例如
@Before("AuthorisedMethod() && args(personId)")
public void checkIfIsCurrentlyAuthenticated(JoinPoint joinPoint, PersonId personId) throws NoSuchMethodException {}
为了测试它,我有以下方面:
@Aspect
@Component
public class SomeAspect {
@Pointcut("@annotation(Authorised)")
private void AuthorisedMethod() {
}
@Before("AuthorisedMethod() && args(personId)")
public void checkIfIsCurrentlyAuthenticated(JoinPoint joinPoint, PersonId personId) throws NoSuchMethodException {
System.out.println("aspect " + personId.getId());
}
}
配置类:
@Configuration
@ComponentScan(basePackages = {"test"})
@EnableAspectJAutoProxy(proxyTargetClass = true)
public class Config {
}
测试组件:
@Component
public class Test {
@Authorised(id = "{personId}")
public void test(PersonId personId) {
System.out.println("component " + personId.getId()); //gets personId
}
}
和testNG的跑步者:
@ContextConfiguration(classes = Config.class)
public class TestRunner extends AbstractTestNGSpringContextTests {
@Autowired
test.Test test;
@Test
public void testName() {
test.test(new PersonId("id"));
}
}
当我运行它时,我从方面和"aspect id"打印"component id"从被调用的方法。
如果可以,您还可以使用HandlerInterceptor在RequestMapping URL中获取PathVariable的值。
编写一个截取此请求的Handler类。
public class AuthorisedHandler extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if (!isResourceHandler(handler) && (handler instanceof HandlerMethod)) {
HandlerMethod hm = (HandlerMethod) handler;
Method method = hm.getMethod();
Authorised authAnnotation = method.getAnnotation(Authorised.class);
if (authAnnotation != null) {
String personId = getPersonId(request);
//Do all your validations Here
}
}
return true;
}
@SuppressWarnings("rawtypes")
private String getPersonId(HttpServletRequest request) throws IOException {
String personId = request.getParameter("personId");
if(personId == null || personId.equals("")){
Map pathVariables = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
personId = (String) pathVariables.get("personId");
}
return personId;
}
private boolean isResourceHandler(Object handler) {
return handler instanceof ResourceHttpRequestHandler;
}
}
您必须在spring config xml或Spring Java Config中配置此Handler bean。
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<bean class="com.**.AuthorisedHandler" />
</mvc:interceptor>
</mvc:interceptors>
现在,所有请求都将通过此拦截器。只有使用@Authorised注释的才能通过。