The scenarios used by AOP in actual projects are mainly Authority Management, Transaction Management, Security Management, Logging and Debugging.
The problem stems from project development
Recently, a permission management module is needed in the project. According to the previous colleague's approach, it is to make logical judgments before each interface in the controller layer call. There is nothing wrong with doing this, but the code repetition rate is too high, and it is physical labor. So, as mentioned in the title, use spring aop to make a slit point to achieve the permission management of general functions, which reduces the scalability of the later development of the project.
Code implementation and configuration files for permission management
With the minimum degree of code modification, aop is undoubtedly the ideal choice. There are various permissions in the project, and the logic complexity is relatively high, so we will take it step by step. Because permissions involve calls to the backend interface, the author chooses to make a section in the controller layer code, and the tangent point is the various method blocks in the controller. For general access permissions, we use the execution expression to exclude them.
Implementation of read-only administrator permissions and point-cut selection
For the controller that implements the general exclusion, the author uses execution expression logic operation. Because the read-only administrator has global read permissions, and for the permissions of adding, deleting and modifying, the author uses the method of adding, deleting and modifying using point-cutting. So, the standardized method naming is very important at this time. For various administrators who are compounded with read-only administrators, we can make special judgments in the code. The following is the configuration file configuration method of spring aop.
<bean id="usersPermissionsAdvice" /> <aop:config> <!--Define the section--> <aop:aspect id="authAspect" ref="usersPermissionsAdvice"> <!--Define the entry point (configured under com.thundersoft.metadata.web.controller.*.edit*(..)) or execution(* com.thundersoft.metadata.web.controller.*.edit*(..)) or execution(* com.thundersoft.metadata.web.controller.*.edit*(..))) or execution(* com.thundersoft.metadata.web.controller.*.del*(..)) or execution(* com.thundersoft.metadata.web.controller.*.update*(..)) or execution(* com.thundersoft.metadata.web.controller.*.insert*(..)) or execution(* com.thundersoft.metadata.web.controller.*.modif*(..)))) or execution(* com.thundersoft.metadata.web.controller.*.down*(..)))) and ( !execution(* com.thundersoft.metadata.web.controller.FindPasswordController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.SelfServiceController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.HomeController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.UserStatusController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.UserStatusController.*(..))) and !execution(* com.thundersoft.metadata.web.controller.DashboardController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.MainController.*(..))))" id="authPointCut"/> <!--Execution before the method is called --> <aop:before method="readOnly" pointcut-ref="authPointCut"/> </aop:aspect> </aop:config>
Read-only administrator permission management code implementation
I have said so much above, and I won’t say much nonsense. Below is a sectional code implementation that controls read-only permissions and various compound permissions.
/** * AOP interception judgment is performed on read-only administrators and their compound administrators. * @param joinPoint entry point. * @throws IOException */ public void readOnly(JoinPoint joinPoint) throws IOException { /** * Get the intercepted method. */ String methodName = joinPoint.getSignature().getName(); /** * Get the intercepted object. */ Object object = joinPoint.getTarget(); logger.info("Permission management aop, method name" + methodName); HttpServletRequest request =((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); HttpServletResponse response =((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse(); String roleFlag = GetLoginUserInfor.getLoginUserRole(request); /** * Super Administrator*/ if (PermissionsLabeled.super_Admin.equals(roleFlag)) { return; } /** * The judgment of read-only administrators to make data changes to permissions*/ if (PermissionsLabeled.reader_Admin.equals(roleFlag)) { logger.error("Readonly administrator has no operation permission!"); response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } /** * Department administrator, and is a read-only administrator, */ if (PermissionsLabeled.dept_reader_Admin.equals(roleFlag)) { if (object instanceof DepartmentController) { return; } if (object instanceof UserController) { if (methodName.contains("addAdmin")) { response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } if (methodName.contains("deleteAdmin")) { response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } if (methodName.contains("updateAdmin")) { response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } if (methodName.contains("updateAdmin")) { response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } if (methodName.contains("updateAdmin")) { response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } return; } if (object instanceof GroupController) { return; } logger.error("Department Administrator, and no operation permissions for read-only administrator!"); response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } /** * Application Administrator, and read-only administrator*/ if (PermissionsLabeled.app_reader_Admin.equals(roleFlag)) { if (object instanceof AppController) { return; } if (object instanceof AppPolicyController) { return; } logger.error("Application administrator, and no operation permissions for read-only administrator!"); response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } /** * Department administrator, and application administrator, and read-only administrator*/ if (PermissionsLabeled.dept_app_reader_Admin.equals(roleFlag)) { if (object instanceof DepartmentController) { return; } if (object instanceof UserController) { return; } if (object instanceof GroupController) { return; } if (object instanceof AppController) { return; } if (object instanceof AppPolicyController) { return; } logger.error("Department administrator, and application administrator, and read-only administrator have no operation permissions"); response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } }Point-cut selection with dedicated administrator privilege control
Because it is quite special to have special administrator rights, the author uses the controller in addition to general access rights. In special circumstances, it can be implemented in the code logic. The configuration file code is as follows:
<aop:config> <!--Define the section--> <aop:aspect id="authAspect" ref="usersPermissionsAdvice"> <!-- Define the entry point (configured under com.thundersoft.metadata.web.controller is intercepted before being called) --> <aop:pointcut expression="(execution(* com.thundersoft.metadata.web.controller.*.*(..)) and ( !execution(* com.thundersoft.metadata.web.controller.FindPasswordController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.FindPasswordController.*(..))) and !execution(* com.thundersoft.metadata.web.controller.SelfServiceController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.HomeController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.DashboardController.*(..)) and !execution(* com.thundersoft.metadata.web.controller.DashboardController.*(..))) and !execution(* com.thundersoft.metadata.web.controller.DashboardController.*(..))) and !execution(* com.thundersoft.metadata.web.controller.MainController.*(..))))" id="appAuthPointCut"/> <!--Execute before the method is called --> <aop:before method="appDeptAuth" pointcut-ref="appAuthPointCut"/> </aop:aspect> </aop:config>
##Address code implementation of permission management
/** * Make arbitrary interception judgment on the application administrator and department administrator. * @param joinPoint entry point. * @throws IOException */ public void appDeptAuth(JoinPoint joinPoint) throws IOException { /** * Get the intercepted method. */ String methodName = joinPoint.getSignature().getName(); /** * Get the intercepted object. */ Object object = joinPoint.getTarget(); logger.info("Permission management aop, method name", methodName); HttpServletRequest request =((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); HttpServletResponse response =((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse(); String roleFlag = GetLoginUserInfor.getLoginUserRole(request); /** * Super Administrator*/ if (PermissionsLabeled.super_Admin.equals(roleFlag)) { return; } /** * The judgment of application administrators to make data changes permissions*/ if (PermissionsLabeled.app_Admin.equals(roleFlag)) { if (object instanceof AppController) { return; } if (object instanceof AppPolicyController) { return; } logger.error("Application Administrator has no operation permissions"); response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } else if (PermissionsLabeled.dept_Admin.equals(roleFlag)) { if (object instanceof DepartmentController) { return; } if (object instanceof UserController) { return; } if (object instanceof GroupController) { return; } if ("getAllDepartments".equals(methodName)) { return; } logger.error("Application Administrator has no operation permissions"); response.sendRedirect(request.getContextPath() + "/auth/readOnly"); } else { return; } }The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.